Our original example policy assigned unique levels/category sets to each app (via levelFrom=app in seapp_contexts), and therefore prevented apps from reading one another's /proc/pid entries. However, levelFrom=app was disabled in Samsung's policy (and likewise in AOSP) because it posed compatibility problems. As far as I know, different levels/categories are only assigned to different KNOX containers on Samsung devices, and not at all in AOSP currently.
On Sat, Aug 16, 2014 at 4:01 AM, Wasa Bee <[email protected]> wrote: > Hi all > > a paper to be presented this month at Usenix Security "Peeking into Your App > without Actually Seeing It: UI State Inference and Novel Android Attacks" > ([0,1]) reads various profcs files to infer a victim app's Activity > displayed to a user. They can then launch their own Activity (in foreground) > to impersonate as the victim's app. The procfs files they read are: > > /proc/net/tcp6 > /proc/pid/statm > /proc/pid/stat > /proc/uid_stat/uid/tcp_snd > > where pid is the victim app's pid, not the attacker's app. They have used a > Galaxy S3, but do not tell the android version. In their Countermeasure > section, they do not mention SEandroid... so I am left puzzled: have they > purposely omitted it? Or is SEandroid still vulnerable to it? For example, > they claim that on the S3, /proc/pid/statm "can be freely accessed without > any privileges". > > Can anyone elaborate? I thought SEandroid DID make procfs no longer readable > to apps? > > [0] http://web.eecs.umich.edu/~alfchen/alfred_sec14.pdf > [1] https://sites.google.com/site/uistateinferenceattack/demos > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
