This repository contains code for exploiting CVE-2020-0041, a bug we reported to Google in Decmeber 2019 and was fixed in the Android Security Bulletin from March 2020.
You can find the sandbox escape exploit in sandbox/. The analysis of the bug and exploitation approach can be found at https://labs.bluefrostsecurity.de/blog/2020/03/31/cve-2020-0041-part-1-sandbox-escape/ .
Similarly, you can find the privilege escalation exploit in lpe/. The exploitation approach for this part can be found at https://labs.bluefrostsecurity.de/blog/2020/04/08/cve-2020-0041-part-2-escalating-to-root/ .