Originally Posted by Chainfire
Android 4.2 has per-process mount separation ... this complicates things. Not sure if/when I'll be able to fix that.
With this, and perhaps some other SELinux stuff coming down the pipe, it seems that (stock) Android may leave us with a rootless root
: UID 0, but still not able to pwn the device.
That's a pain in the butt, and one that I hope custom ROMs will disable. Or perhaps this can be disabled in stock ROMs by tweaking a props file? This won't just be a problem for stickmount, but also for things like "adb remount" that will be unable to make their read/write view of /system be visible to other processes/applications.
Any idea what granularity Android is using for creating the mount namespaces: are the namespaces being split on every fork(), or only when a new APK is launched, or what?