Hi everyone, I would like to present to people the SEAL (SEAndroid live device analysis) tool that we have started to develop at Aalto University as part of the Intel Collaborative Research Institute for Secure Computing (ICRI-SC) <http://www.icri-sc.org>.
The tool location and docs are at https://github.com/seandroid-analytics/seal Currently the tool is quite simple: it has functionality to fetch the device seandroid policy (either from a real device or an emulator) and then you can make convenient queries with regards to this policy and device state. Queries can either be made via command line interface or via GUI. Types of queries currently supported: - given a certain process name (or pid) display all the files (and access types) that this process can access on a target device (real existing files at this moment) - given a certain filesystem path, show a list of processes that have any type of access to this path We have plans to start working on extending and enhancing the tool functionality starting from beginning of autumn, so if you have ideas/suggestions on what you would like the tool to do, please raise your voice! I am quite sure people in this list can find things that would be nice to have but nobody ever has time to do it :) Also, if you have any troubles, bug reports, please file it to the project. The main author, Filippo Bonazzi is on vacation now, but we should be able to handle the fixes even without him. However, new feature requests will be only possible to satisfy in the autumn timeframe. So far we have been thinking on doing smth like: - Create a visualization option that would allow to display the policy (types, attributes, hierarchies) in a comprehensible manner - Create a policy de-compiler option that would attempt to produce a similar to AOSP policy structure out of binary sepolicy file. This can be very convenient for security researchers when trying to analyse the policy for which they don't have sources. Apol tool can also parse it and you can execute many different queries, but we have figured out that for some things (and especially if you want to run on top different analytics) it would be easier to have a decompiler tool. Best Regards, Elena.
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
