One of the most commonly exploited ways to escalate privileges from within a local context is to abuse discrepancies and inadequacies in the way filesystem permissions—or access rights—are set up in an operating system. There are countless instances of vulnerabilities and privilege escalation attack methods that abuse file permissions, be it the
setuid flag on a globally executable vulnerable binary, such as
symlink, or the race condition attack on a file that is globally readable and written to by a superuser-owned application; for example, pulse audio CVE-2009-1894.
Being able to clearly identify any potential entry points presented by the filesystem is a good place to start defining the Android native attack ...