Hello,
We ran our testing framework with the seandroid-4.2 branch on a Nexus 7 tablet
against 126 popular free apps from the Google Play store. A denial that
occurred for 11 applications can be seen below (1). Based on some
investigation, it looks like these applications are trying to determine the
number of CPU cores on a device
(http://stackoverflow.com/questions/7962155/how-can-you-detect-a-dual-core-cpu-on-an-android-device-from-code).
Given that it appears that a not insignificant number of applications
regularly examine /sys/devices/system/cpu, should a policy be added to allow
this? As far as I can tell, none of the applications crashed due to the
denial, but I'm not sure what the performance implications are.
The same denial (2) also occurred 23 times for ActivityManager during testing.
Our investigation of the ActivityManager sources and documentation did not lead
to any obvious culprits. Any idea why ActivityManager would be also be causing
these denials? Is it possible that the denials are being misattributed to the
ActivityManager? Once testing stopped, and the device was idle, the
ActivityManager denials ceased.
1) audit(1363573739.308:52): avc: denied { search } for pid=7762
comm="t.cartooncamera" name="cpu" dev=sysfs ino=26
scontext=u:r:untrusted_app:s0:c44,c256
tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir
2) audit(1363572507.738:40): avc: denied { search } for pid=495
comm="ActivityManager" name="cpu" dev=sysfs ino=26 scontext=u:r:system:s0
tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir
Thanks for the information,
-Ryan
