Hi, we discovered the same issue. Being able to violate the permission is definitely concerning.
BR, Aubrey [email protected] wrote: > Hi All, > > Whilst experimenting with naive apps etc I realized that there are no > restrictions on reading /proc or /sys/. From /sys/class/power_supply/ > battery/capacity I can get the amount of charge because all users have > read permission. > > ls -l /sys/class/power_supply/battery/capacity > -r--r--r-- root root 4096 2008-11-21 23:05 capacity > > Whilst this is not a direct security threat it appears this should be > prohibited by android.permission.BATTERY_STATS. i.e. It's a violation > of the permission system. > > Also being able to gather information from /proc/net it appears that > some read aspects of android.permission.ACCESS_NETWORK_STATE and > android.permission.ACCESS_WIFI_STATE are being violated. > > $ ls -l /proc/net/tcp > -r--r--r-- root root 0 2008-11-23 13:16 tcp > $ cat /proc/net/tcp > sl local_address rem_address st tx_queue rx_queue tr tm->when > retrnsmt uid timeout > inode > 0: 6900A8C0:887C 0100A8C0:0050 > 1: 6900A8C0:DD8F 0100A8C0:0050 > 2: 6900A8C0:ACFB 0100A8C0:0050 > 3: 6900A8C0:C734 0100A8C0:0050 > where c0 = 192, a8 = 198, 00 = 0, 01 = 1. and 50 = tcp port 80. > > $ cat /proc/net/dev > tiwlan0: 366602 314 0 0 0 0 0 0 > 28948 339 (WiFi enabled) > rmnet0: 67757 168 0 0 0 0 0 0 > 128781 193 (GPRS enabled) > > If I wrote a service with android.permission.RECEIVE_BOOT_COMPLETED > and android.permission.INTERNET I could continually monitor /proc > these and gather information about what sites a user visits, without > permission, and then export the info using the internet. Obviously > this is not a huge security threat, but I think there are some issues > here. > > What do you think? > > Chris > >
