On 12/01/2016 07:07 AM, ני ס wrote:
> I have a java service app running as system. it tries to open
> /proc/<PID>/stat file of an untrusted_app using it,
> and I get this error:
> *type=1400 audit(1464336899.711:510): avc: denied { search } for
> pid=9929 comm="Binder_3" name="9886" dev="proc" ino=104925
> scontext=u:r:system_app:s0 tcontext=u:r:untrusted_app:s0:c512,c768
> tclass=dir permissive=0
> *It seems that system_app lacks the permissions to view the
> untrusted_app dir.
> How can it be?
> Did I miss something?
> Note that when I connect as system (su system) I am able to read the
> file /proc/PID/stat of the untrusted_appsu system doesn't put you into the system_app domain, so it isn't reflective of what is allowed to a system app. The first question is why is your app trying to read /proc/PID/stat of an untrusted app, since that may itself reflect a security problem. I believe that the above would be denied by both the default TE policy (i.e. there is no allow system_app untrusted_app:dir search; rule in system_app.te, nor any allow system_app untrusted_app:file r_file_perms;), and the MLS constraints (i.e. the system app runs at s0 while the untrusted app runs at s0:c512,c768, so the system app cannot read or write to the /proc/pid files of the untrusted app under the rules specified in the mls file; to do so, you would need to make system_app a mlstrustedsubject, which should be avoided if possible). Also, this would also be denied by DAC in current Android due to /proc being mounted with hidepid=2 unless your app also has AID_READPROC in its group set. You didn't mention your Android version. _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
