selinux on enforcement mode did not mitigate the exploit when I tested today on fedora coreos :(
replyTo even get the su binary on Android you have to patch the OS. So this exploit can't work on Android. Because there is no su binary to target.
replyUpdate: Just tried it on Termux and as expected even creating an AF_ALG socket requires root access.
The specific exploit payload for the POC relies on a su binary. The vuln is ambivalent and other non-su paths will exist.
replyI assume that wouldn't help here but I could easily be wrong. (Assuming if you're asking if SELinux would block this exploit).
reply