On 03/26/2013 04:10 PM, Persaud, Ryan K. wrote:
Hello,
We ran our testing framework with the seandroid-4.2 branch on a Nexus 7
tablet against 126 popular free apps from the Google Play store. A
denial that occurred for 11 applications can be seen below (1). Based on
some investigation, it looks like these applications are trying to
determine the number of CPU cores on a device
(http://stackoverflow.com/questions/7962155/how-can-you-detect-a-dual-core-cpu-on-an-android-device-from-code).
Given that it appears that a not insignificant number of applications
regularly examine /sys/devices/system/cpu, should a policy be added to
allow this? As far as I can tell, none of the applications crashed due
to the denial, but I’m not sure what the performance implications are.
The same denial (2) also occurred 23 times for ActivityManager during
testing. Our investigation of the ActivityManager sources and
documentation did not lead to any obvious culprits. Any idea why
ActivityManager would be also be causing these denials? Is it possible
that the denials are being misattributed to the ActivityManager? Once
testing stopped, and the device was idle, the ActivityManager denials
ceased.
1)audit(1363573739.308:52): avc: denied { search } for pid=7762
comm="t.cartooncamera" name="cpu" dev=sysfs ino=26
scontext=u:r:untrusted_app:s0:c44,c256
tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir
2)audit(1363572507.738:40): avc: denied { search } for pid=495
comm="ActivityManager" name="cpu" dev=sysfs ino=26
scontext=u:r:system:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0
tclass=dir
Thanks for the information,
I think these should be resolved by recent changes to the group project.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
