On 12/01/2016 07:07 AM, ני ס wrote:
> I have a java service app running as system. it tries to open
> /proc/<PID>/stat file of an untrusted_app using it,
> and I get this error:
> *type=1400 audit(1464336899.711:510): avc: denied { search } for
> pid=9929 comm="Binder_3" name="9886" dev="proc" ino=104925
> scontext=u:r:system_app:s0 tcontext=u:r:untrusted_app:s0:c512,c768
> tclass=dir permissive=0
> *It seems that system_app lacks the permissions to view the
> untrusted_app dir.
> How can it be?
> Did I miss something?
> Note that when I connect as system (su system) I am able to read the
> file /proc/PID/stat of the untrusted_app

su system doesn't put you into the system_app domain, so it isn't
reflective of what is allowed to a system app.

The first question is why is your app trying to read /proc/PID/stat of
an untrusted app, since that may itself reflect a security problem.

I believe that the above would be denied by both the default TE policy
(i.e. there is no allow system_app untrusted_app:dir search; rule in
system_app.te, nor any allow system_app untrusted_app:file
r_file_perms;), and the MLS constraints (i.e. the system app runs at s0
while the untrusted app runs at s0:c512,c768, so the system app cannot
read or write to the /proc/pid files of the untrusted app under the
rules specified in the mls file; to do so, you would need to make
system_app a mlstrustedsubject, which should be avoided if possible).

Also, this would also be denied by DAC in current Android due to /proc
being mounted with hidepid=2 unless your app also has AID_READPROC in
its group set.  You didn't mention your Android version.
Seandroid-list mailing list
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 

Reply via email to