Thank you for your suggestions Stephen! We will look into switching to setools4. If you have more ideas on what useful things new tool can do please share with us!
On Thu, 25 Jun 2015 at 05:47 Stephen Smalley <[email protected]> wrote: > On 06/24/2015 05:36 PM, Elena Reshetova wrote: > > Hi everyone, > > > > I would like to present to people the SEAL (SEAndroid live device > > analysis) tool that we have started to develop at Aalto University as > > part of the Intel Collaborative Research Institute for Secure Computing > > (ICRI-SC) <http://www.icri-sc.org>. > > > > The tool location and docs are at > > https://github.com/seandroid-analytics/seal > > > > Currently the tool is quite simple: it has functionality to fetch the > > device seandroid policy (either from a real device or an emulator) and > > then you can make convenient queries with regards to this policy and > > device state. Queries can either be made via command line interface or > > via GUI. > > > > Types of queries currently supported: > > > > - given a certain process name (or pid) display all the files (and > > access types) that this process can access on a target device (real > > existing files at this moment) > > - given a certain filesystem path, show a list of processes that have > > any type of access to this path > > > > We have plans to start working on extending and enhancing the tool > > functionality starting from beginning of autumn, so if you have > > ideas/suggestions on what you would like the tool to do, please raise > > your voice! I am quite sure people in this list can find things that > > would be nice to have but nobody ever has time to do it :) > > > > Also, if you have any troubles, bug reports, please file it to the > > project. The main author, Filippo Bonazzi is on vacation now, but we > > should be able to handle the fixes even without him. However, new > > feature requests will be only possible to satisfy in the autumn > timeframe. > > > > So far we have been thinking on doing smth like: > > > > - Create a visualization option that would allow to display the policy > > (types, attributes, hierarchies) in a comprehensible manner > > - Create a policy de-compiler option that would attempt to produce a > > similar to AOSP policy structure out of binary sepolicy file. This can > > be very convenient for security researchers when trying to analyse the > > policy for which they don't have sources. Apol tool can also parse it > > and you can execute many different queries, but we have figured out that > > for some things (and especially if you want to run on top different > > analytics) it would be easier to have a decompiler tool. > > Haven't looked at it yet, but a quick suggestion: I'd encourage you to > look at switching to using setools4, > https://github.com/TresysTechnology/setools, because setools3 is no > longer maintained (and it should be easier for you to use setools4 > anyway, as it is a re-implementation in python). AOSP master now > includes a prebuilt copy of setools4 for Ubuntu 14.04 LTS (see > > prebuilts/python/linux-x86/2.7.5/lib/python2.7/site-packages/{setools,setoolsgui} > and external/selinux/prebuilts). Those along with sepolgen and > audit2allow were added so that Android developers can use these tools > with the Android SELinux policy version, which may be more modern than > what is supported by the Ubuntu LTS version of libsepol and may also > diverge at times from upstream. This is the case in Android M, where > Android has switched to policy version 30 for ioctl whitelisting > support, which is not supported by the Ubuntu 14.04 LTS libsepol > package, and further there is unfortunately a temporary divergence in > policy 30 format between Android and upstream, so you need the version > from the AOSP master tree in order to correctly parse Android M SELinux > policies. >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
