On 12/01/2016 07:07 AM, ני ס wrote: > I have a java service app running as system. it tries to open > /proc/<PID>/stat file of an untrusted_app using it, > and I get this error: > *type=1400 audit(1464336899.711:510): avc: denied { search } for > pid=9929 comm="Binder_3" name="9886" dev="proc" ino=104925 > scontext=u:r:system_app:s0 tcontext=u:r:untrusted_app:s0:c512,c768 > tclass=dir permissive=0 > *It seems that system_app lacks the permissions to view the > untrusted_app dir. > How can it be? > Did I miss something? > Note that when I connect as system (su system) I am able to read the > file /proc/PID/stat of the untrusted_app
su system doesn't put you into the system_app domain, so it isn't reflective of what is allowed to a system app. The first question is why is your app trying to read /proc/PID/stat of an untrusted app, since that may itself reflect a security problem. I believe that the above would be denied by both the default TE policy (i.e. there is no allow system_app untrusted_app:dir search; rule in system_app.te, nor any allow system_app untrusted_app:file r_file_perms;), and the MLS constraints (i.e. the system app runs at s0 while the untrusted app runs at s0:c512,c768, so the system app cannot read or write to the /proc/pid files of the untrusted app under the rules specified in the mls file; to do so, you would need to make system_app a mlstrustedsubject, which should be avoided if possible). Also, this would also be denied by DAC in current Android due to /proc being mounted with hidepid=2 unless your app also has AID_READPROC in its group set. You didn't mention your Android version. _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.