Sandboxing?

I think that's not possible because of hardware decoders, which need access to more than just the media bitstream. In this case there's a driver at /dev/bigwave that accelerates some AV1 decoding, so that has to be accessible from the mediacodec process. The vulnerable UDC codec runs in the same mediacodec process, and there's a separate vulnerability in /dev/bigwave that allows arbitrary writes to kernel memory, and the two exploits can be chained together.

They say the mediacodec process does have a seccomp policy on many Android devices, but not on Pixel 9 for unknown reasons. But they don't think that would have prevented the exploit, it would have just required a few more weeks of effort.