Commit | Line | Data |
---|---|---|
83dc35bd S |
1 | # |
2 | # usage : auditfilter source(group) target(group):class(group) permission(group); [dev|path|name|comm|mlscheck]=value(including " character) - each item should be devided by ' ' or '\t'. | |
3 | # ex) auditfilter { system_app platform_app } { app_data_file system_app_data_file }:{ dir file } { read write }; dev="proc" name="com.sec.android.inputmethod" path="/data/system/users/100.xml" mlscheck=2 | |
4 | # | |
5 | # ex) auditfilter * * *: *; //this means will be filtered all of denials | |
6 | # please don't use * value on the scontexts as possible. | |
7 | # | |
8 | # mlscheck = 0 - don't compare security level | |
9 | # 1 - will be filtered when source and target security level are same. | |
10 | # 2 - will be filtered when source and target security level are NOT same. | |
11 | # | |
12 | # | |
13 | ########### WARNING ########### | |
14 | # | |
15 | # 1. source and target SHOULD be TYPE, not ATTRIBUTE. | |
16 | # 2. SHOULD NOT use '~' character and '{ domain -domain }' statement. | |
17 | # 3. count(source) * count(target) * count(class) * count(perm) MUST BE LESS THAN THRESHOLD(100000) | |
18 | # | |
19 | ||
8c8508f8 | 20 | ########### TG issue : Remove it after Fix ########### |
83dc35bd | 21 | ########### appdomain ########### |
83dc35bd | 22 | ### system_app ### |
8c8508f8 S |
23 | # N_P160907-05477 : smart manager |
24 | # avc: denied { execute } for pid=10169 comm="sung.android.sm" path="/data/data/com.samsung.android.sm/files/lib/liblzma.so" dev="sda18" ino=590976 scontext=u:r:system_app:s0 tcontext=u:object_r:system_app_data_file:s0 tclass=file permissive=0 | |
25 | auditfilter system_app system_app_data_file:file execute; comm="sung.android.sm" | |
26 | ||
27 | # P160913-03874 : smart manager | |
28 | # avc: denied { write } for pid=9604 comm="oid.sm.provider" name="misc" dev="sda22" ino=131073 scontext=u:r:system_app:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 | |
29 | auditfilter system_app system_data_file:dir write; comm="oid.sm.provider" name="misc" | |
30 | ||
31 | # P160926-03387 : com.android.system | |
32 | # avc: denied { write } for pid=11437 comm="RenderThread" name="data" dev="dm-1" ino=262145 scontext=u:r:system_app:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 | |
33 | auditfilter system_app system_data_file:dir write; comm="RenderThread" name="data" | |
34 | ||
35 | # P160929-02477 : com.wssyncmldm | |
36 | # NRfaccessat avc: denied { write } for pid=22235 comm="Thread-2" name="/" dev="sda18" ino=2 scontext=u:r:system_app:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 | |
37 | auditfilter system_app system_data_file:dir write; name="/" | |
38 | ||
39 | # log from SEA_site_N_OS@72 | |
40 | # com.sec.android.app.sysscope | |
41 | # this direct access is not allowed by MLS restriction. | |
42 | # avc: denied { getattr } for pid=8178 comm="pool-2-thread-1" path="/proc/4024" dev="proc" ino=19174 scontext=u:r:system_app:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=dir permissive=1 | |
43 | # avc: denied { search } for pid=8178 comm="pool-2-thread-1" name="4024" dev="proc" ino=19174 scontext=u:r:system_app:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=dir permissive=1 | |
44 | # avc: denied { read } for pid=8178 comm="pool-2-thread-1" name="statm" dev="proc" ino=38250 scontext=u:r:system_app:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=file permissive=1 | |
45 | # avc: denied { getattr } for pid=8178 comm="pool-2-thread-1" path="/proc/4472/statm" dev="proc" ino=38250 scontext=u:r:system_app:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=file permissive=1 | |
46 | auditfilter system_app { platform_app priv_app untrusted_app sec_untrusted_app trustonicpartner_app }:dir { search getattr }; | |
47 | ||
48 | # seandroid/board/N_review_request/view/21686514/ | |
49 | # avc: denied { call } for pid=24774 comm="dumpsys" scontext=u:r:system_app:s0 tcontext=u:r:fingerprintd:s0 tclass=binder permissive=0 SEPF_SECMOBILE_7.0_0004 | |
50 | # avc: denied { use } for pid=5744 comm="dumpsys" path="pipe:[371717]" dev="pipefs" ino=371717 scontext=u:r:fingerprintd:s0 tcontext=u:r:system_app:s0 tclass=fd | |
51 | auditfilter system_app fingerprintd:binder call; | |
52 | auditfilter fingerprintd system_app:fd use; | |
53 | ||
54 | # P170315-03872 | |
55 | # avc: denied { search } for pid=17257 comm=4173796E635461736B20233133 name="com.aasa.askschecker" dev="dm-1" ino=326561 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.0_DD02 unfiltered | |
56 | # avc: denied { read } for pid=19565 comm="lient_spdupdate" name="ASKSB.xml" dev="dm-1" ino=326423 scontext=u:r:system_app:s0 tcontext=u:object_r:aasa_data_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_DD02 unfiltered | |
57 | auditfilter system_app aasa_data_file:file read; | |
58 | auditfilter priv_app system_app_data_file:dir search; name="com.aasa.askschecker" | |
83dc35bd | 59 | |
8c8508f8 S |
60 | ### platform_app ### |
61 | # log from P160921-01434 | |
62 | # avc: denied { execute } for pid=5538 comm="ktailbarservice" path="/data/data/com.samsung.android.app.cocktailbarservice/cache/Generated1725786881.dex" dev="sda22" ino=66007 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0 | |
63 | # seandroid/board/N_review_request/view/22026056 | |
64 | # avc: denied { execute } for pid=14739 comm="xiaoyuan-ipool1" path="/data/data/com.samsung.android.app.sreminder/app_outdex/OnlineUpdateCycleConfig_69.dex" dev="dm-0" ino=524961 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0 | |
65 | # avc: denied { execute } for pid=14678 comm="Thread-10" path="/data/data/com.samsung.android.app.sreminder/app_outdex/parseUtilMain_81.dex" dev="dm-0" ino=524951 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0 | |
66 | auditfilter platform_app app_data_file:file execute; | |
83dc35bd S |
67 | |
68 | ||
69 | ### untrusted_app ### | |
8c8508f8 S |
70 | # P160927-04739 com.facebook.katana |
71 | # avc: denied { read } for pid=1466 comm="facebook.katana" name="1466-0" dev="debugfs" ino=506785 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 | |
72 | auditfilter untrusted_app debugfs:file read; | |
83dc35bd | 73 | |
8c8508f8 S |
74 | # P161122-01529 com.drweb:monitor |
75 | #avc: denied { setattr } for pid=14122 comm="m.drweb:monitor" name="libDRWScanPSLib.so" dev="dm-1" ino=131994 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0002 | |
76 | auditfilter untrusted_app apk_data_file:file setattr; | |
83dc35bd | 77 | |
8c8508f8 S |
78 | # P170529-01321 - net.pulsesecure.pulsesecure:remote |
79 | # type=1400 audit(1496643125.377:2007): avc: denied { setattr } for pid=26557 comm="sesecure:remote" name="user" dev="dm-0" ino=1109762 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
80 | auditfilter untrusted_app system_data_file:lnk_file setattr; comm="sesecure:remote" | |
81 | # P170620-04574 proctitle="net.pulsesecure.pulsesecure:remote" | |
82 | # avc: denied { setattr } for pid=17498 comm="sesecure:remote" name="user" dev="dm-0" ino=1179650 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
83 | auditfilter untrusted_app system_data_file:dir setattr; comm="sesecure:remote" | |
83dc35bd S |
84 | |
85 | ########### non-appdomain ########### | |
8c8508f8 S |
86 | ### adsprpcd ### |
87 | # PLM P160916-00376 G930V_NN | |
88 | # NRopen avc: denied { read } for pid=776 comm="adsprpcd" name="fluence_voiceplus_module.so.1" dev="sdd7" ino=27 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0 | |
89 | # NRopen avc: denied { read } for pid=776 comm="adsprpcd" name="mmecns_module.so.1" dev="sdd7" ino=31 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0 | |
90 | auditfilter adsprpcd unlabeled:file read; | |
91 | ||
92 | ### cameraserver ### | |
93 | # avc: denied { read } for pid=20457 comm="CAM_stMachine" name="fastrpc_shell_0" dev="sdd7" ino=26 scontext=u:r:cameraserver:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0 | |
94 | auditfilter cameraserver unlabeled:file read; | |
95 | ||
96 | ### debuggerd ### | |
97 | # P160929-04387 heroltexx/herolte:7.0/NRD90M/G930FXXU1ZPIF | |
98 | # when debuggerd dump the app prcess, it has the direct open to app data files. | |
99 | # avc: denied { search } for pid=1316 comm="debuggerd" name="com.ahzs.hggoogle" dev="sda18" ino=462694 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0 | |
100 | auditfilter debuggerd app_data_file:dir search; | |
101 | ||
102 | # P170209-03477 | |
103 | # avc: denied { read } for pid=20901 comm="debuggerd" path="/data/knox/data/150/com.funshion.video.mobile/app_bin/daemon" dev="dm-1" ino=522740 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c662,c768 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0004 unfiltered | |
104 | auditfilter debuggerd app_data_file:file read; | |
105 | ||
106 | ### drmserver ### | |
107 | # PLM P160916-00376 G930V_NN | |
108 | # NRopen avc: denied { create } for pid=713 comm="drmserver" name="playReadyTimeDiff.dat" scontext=u:r:drmserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0 | |
109 | auditfilter drmserver system_data_file:file create; | |
110 | ||
111 | ### energyawareness ### | |
112 | # log from P160921-01434 | |
113 | # avc: denied { write } for pid=630 comm="energy-awarenes" name="ptable" dev="debugfs" ino=17704 scontext=u:r:energyawareness:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 | |
114 | auditfilter energyawareness debugfs:file write; | |
115 | ||
116 | ### priv_app ### | |
117 | # P170323-05389 com.google.android.gms.persistent | |
118 | # avc: denied { read } for pid=2938 comm="GoogleLocationS" name="gpu_memory" dev="debugfs" ino=9432 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0005 unfiltered | |
119 | auditfilter priv_app debugfs:file read; comm="GoogleLocationS" name="gpu_memory" | |
83dc35bd | 120 | |
8c8508f8 S |
121 | ### init ### |
122 | # PLM P160916-00376 G930V_NN | |
123 | auditfilter init efsblk_device:blk_file relabelfrom; | |
124 | auditfilter init system_block_device:blk_file relabelfrom; | |
125 | auditfilter init userdata_block_device:blk_file relabelfrom; | |
126 | # avc: denied { relabelfrom } for pid=2933 comm="init" name="dm-0" dev="tmpfs" ino=3714 scontext=u:r:init:s0 tcontext=u:object_r:dm_device:s0 tclass=blk_file permissive=0 | |
127 | auditfilter init dm_device:blk_file relabelfrom; | |
128 | ||
129 | # P161004-01513 heroqltetmo/heroqltetmo:7.0/NRD90M/G930TUVU4ZPIF | |
130 | # avc: denied { relabelfrom } for pid=1 comm="init" name="icd" dev="tmpfs" ino=15737 scontext=u:r:init:s0 tcontext=u:object_r:icd_device:s0 tclass=file permissive=0 | |
131 | # avc: denied { relabelfrom } for pid=1 comm="init" name="icdr" dev="tmpfs" ino=15738 scontext=u:r:init:s0 tcontext=u:object_r:icd_device:s0 tclass=file permissive=0 | |
132 | auditfilter init icd_device:file relabelfrom; | |
133 | ||
134 | # P170411-07025 | |
135 | # SM-G615F | |
136 | # avc: denied { relabelfrom } for pid=1 comm="init" name="trace_marker" dev="tracefs" ino=2096 scontext=u:r:init:s0 tcontext=u:object_r:debugfs_trace_marker:s0 tclass=file permissive=0 SEPF_SM-G615F_7.0_0008 unfiltered | |
137 | auditfilter init debugfs_trace_marker:file relabelfrom; | |
83dc35bd | 138 | |
8c8508f8 S |
139 | ### qti_init_shell ### |
140 | # P161021-02976 | |
141 | # avc: denied { write } for pid=2789 comm="sh" name="interactive" dev="sysfs" ino=39397 scontext=u:r:qti_init_shell:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.0_0002 | |
142 | auditfilter qti_init_shell sysfs:dir write; name="interactive" | |
83dc35bd | 143 | |
8c8508f8 S |
144 | ### system_server ### |
145 | # P160928-04340 | |
146 | # TG: ActivityManagerService.java handleApplicationCrash | |
147 | # /system/bin/sh /system/bin/am dumpheap 918(callingPID) /data/log/hprof-oom.hprof | |
148 | # avc: denied { execute } for pid=1403 comm="am" name="app_process64" dev="sda14" ino=750 scontext=u:r:system_server:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=0 | |
149 | auditfilter system_server zygote_exec:file execute; comm="am" | |
150 | ||
151 | # P161004-03127 SM-G935F_EUR_NN_XX | |
152 | # avc: denied { read } for pid=12343 comm="Binder:4430_5" path="/storage/emulated/0/wiz/bell/사계겨울2악장-비발디_후렴.mp3" dev="fuse" ino=2899 scontext=u:r:system_server:s0 tcontext=u:object_r:fuse:s0 tclass=file permissive=0 | |
153 | auditfilter system_server fuse:file read; | |
154 | ||
155 | ||
156 | ### toolbox ### | |
157 | # service umount_cpdump /system/bin/umount /cpdump | |
158 | # service umount_service /system/bin/umount -D /preload -> TG : vold, onegun.lee(in progressing) | |
159 | # avc: denied { sys_admin } for pid=7001 comm="umount" capability=21 scontext=u:r:toolbox:s0 tcontext=u:r:toolbox:s0 tclass=capability permissive=0 | |
160 | auditfilter toolbox toolbox:capability sys_admin; comm="umount" | |
161 | ||
162 | ### tunman ### | |
163 | # PLM P161002-00091 SM-G9350_CHN_NN_CHC | |
164 | # tunman open with write/create mode some file in tunman folder(ex: /data/tunman/xxx) | |
165 | # TG should fix this denial. TG : jiaba.chen@samsung.com, yuanheng.lan@samsung.com | |
166 | # NRopenat avc: denied { write } for pid=19310 comm="tunman" name="tunman" dev="dm-1" ino=393223 scontext=u:r:tunman:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 | |
167 | auditfilter tunman system_data_file:dir write; name="tunman" | |
168 | ||
169 | ### vcsFPService ### | |
170 | # N Booting Denials G955F_NN | |
171 | # temporary code(~10/8) | |
172 | # avc: denied { write } for pid=3057 comm="vcsFPService" name="/" dev="tmpfs" ino=11034 scontext=u:r:vcsFPService:s0 tcontext=u:object_r:device:s0 tclass=dir permissive=0 | |
173 | auditfilter vcsFPService device:dir write; comm="vcsFPService" | |
83dc35bd | 174 | |
8c8508f8 S |
175 | ### vold ### |
176 | # P161004-03127 sysfs_android_usbfd inherit denial | |
177 | auditfilter fsck sec_efs_file:file read; | |
178 | auditfilter sdcardd sec_efs_file:file read; | |
83dc35bd | 179 | |
8c8508f8 S |
180 | ### radio ### |
181 | # P170208-00207, P170324-00135 | |
182 | # avc: denied { execute } for pid=16455 comm="androidmapsapi-" path="/data/data/com.google.android.gms/app_chimera/m/00000000/oat/arm64/DynamiteModulesA_GmsCore_prodmnc_alldpi_release.odex" dev="dm-1" ino=1179706 scontext=u:r:radio:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0004 unfiltered | |
183 | # avc: denied { execute } for pid=16987 comm="m.samsung.crane" path="/data/user_de/0/com.google.android.gms/app_chimera/m/00000002/oat/arm/DynamiteModulesB_GmsCore_prodmnc_xhdpi_release.odex" dev="dm-1" ino=131933 scontext=u:r:radio:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0005 unfiltered | |
184 | auditfilter radio app_data_file:file execute; comm="androidmapsapi-" | |
185 | auditfilter radio app_data_file:file execute; comm="m.samsung.crane" | |
83dc35bd | 186 | |
8c8508f8 S |
187 | # P170118-03851, P161220-02605 |
188 | # avc: denied { read } for pid=3261 comm="sgdisk" path="/dev/block/sda4" dev="tmpfs" ino=19720 scontext=u:r:sgdisk:s0 tcontext=u:object_r:paramblk_device:s0 tclass=blk_file permissive=0 SEPF_SECMOBILE_7.0_0004 | |
189 | auditfilter sgdisk paramblk_device:blk_file read; comm="sgdisk" | |
83dc35bd | 190 | |
8c8508f8 S |
191 | ### perfd ### |
192 | # http://mobilerndhub.sec.samsung.net/hub/site/seandroid/board/N_review_request/view/22289595 | |
193 | # avc: denied { sys_ptrace } for pid=4522 comm="perfd" capability=19 scontext=u:r:perfd:s0 tcontext=u:r:perfd:s0 tclass=capability permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
194 | auditfilter perfd perfd:capability sys_ptrace; | |
83dc35bd | 195 | |
8c8508f8 | 196 | ########### End of TG issue : Remove it after Fix ########### |
83dc35bd | 197 | |
83dc35bd | 198 | |
83dc35bd | 199 | |
8c8508f8 S |
200 | ########### appdomain ########### |
201 | ### system_app ### | |
202 | # P160921-01434 : denial from UEventObserver | |
203 | # avc: denied { net_admin } for pid=7898 comm="UEventObserver" capability=12 scontext=u:r:system_app:s0 tcontext=u:r:system_app:s0 tclass=capability permissive=0 | |
204 | auditfilter system_app system_app:capability net_admin; | |
83dc35bd | 205 | |
8c8508f8 | 206 | ### platform_app ### |
83dc35bd | 207 | |
8c8508f8 S |
208 | ### untrusted_app ### |
209 | # PLM P160926-03920 | |
210 | # avc: denied { ioctl } for pid=1448 comm="LongWork-0" path="socket:[1232276]" dev="sockfs" ino=1232276 ioctlcmd=8927 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=tcp_socket permissive=0 | |
211 | auditfilter untrusted_app untrusted_app:{ tcp_socket udp_socket } ioctl; dev="sockfs" | |
83dc35bd | 212 | |
8c8508f8 S |
213 | # avc: denied { ioctl } for pid=16612 comm=".android.smcard" path="socket:[692802]" dev="sockfs" ino=692802 ioctlcmd=8927 scontext=u:r:trustonicpartner_app:s0:c512,c768 tcontext=u:r:trustonicpartner_app:s0:c512,c768 tclass=udp_socket permissive=0 SEPF_SECMOBILE_7.0_0004 unfiltered |
214 | auditfilter trustonicpartner_app trustonicpartner_app:{ tcp_socket udp_socket } ioctl; dev="sockfs" | |
215 | ||
216 | # avc: denied { read } for pid=8328 comm=637269747465726369736D20646174 name="mem" dev="debugfs" ino=610909 scontext=u:r:trustonicpartner_app:s0:c512,c768 tcontext=u:object_r:sec_debugfs:s0 tclass=file permissive=0 | |
217 | auditfilter trustonicpartner_app sec_debugfs:file read; | |
218 | ||
219 | # P160927-01063 com.smc.mobile.pguidea | |
220 | # thread(find/-name su) avc: denied { getattr } for pid=16027 comm="find" path="/dev/hw_random" dev="tmpfs" ino=3683 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:hw_random_device:s0 tclass=chr_file permissive=0 | |
221 | # avc: denied { getattr } for pid=16027 comm="find" path="/dev/fuse" dev="tmpfs" ino=3626 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:fuse_device:s0 tclass=chr_file permissive=0 | |
222 | # avc: denied { getattr } for pid=16027 comm="find" path="/dev/block/sda11" dev="tmpfs" ino=3500 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:frp_block_device:s0 tclass=blk_file permissive=0 | |
223 | auditfilter untrusted_app { fuse_device hw_random_device }:chr_file getattr; | |
224 | auditfilter untrusted_app frp_block_device:blk_file getattr; | |
225 | ||
226 | # P160927-01063 com.smc.mobile.pguidea | |
227 | # avc: denied { getattr } for pid=3548 comm="find" path="/dev/__properties__/u:object_r:mmc_prop:s0" dev="tmpfs" ino=2519 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:mmc_prop:s0 tclass=file permissive=0 | |
228 | # avc: denied { getattr } for pid=3548 comm="find" path="/dev/__properties__/u:object_r:device_logging_prop:s0" dev="tmpfs" ino=2520 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:device_logging_prop:s0 tclass=file permissive=0 | |
229 | auditfilter untrusted_app { device_logging_prop mmc_prop }:file getattr; | |
230 | ||
231 | # WORKWROUND FOR CTS --t android.permission.cts.FileSystemPermissionTest#testAllCharacterDevicesAreSecure | |
232 | # pmsg_device is worldwritable, but can be PASS with removing getattr perms. | |
233 | auditfilter untrusted_app pmsg_device:chr_file getattr; | |
234 | ||
235 | # P160929-04387 herolte:7.0/NRD90M/G930FXXU1ZPIF | |
236 | # com.legogo.browser executed a new process, /data/user/0/com.legogo.browser/files/daemon com.legogo.browser/com.doit.aar.applock.service.AppLockService | |
237 | # N OS neverallow rule. | |
238 | auditfilter untrusted_app properties_serial:file execute; | |
239 | ||
240 | # P160927-04739 com.dianxinos.dxbs | |
241 | # avc: denied { read } for pid=10674 comm="pool-6-thread-1" name="u:object_r:system_security_prop:s0" dev="tmpfs" ino=2415 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_security_prop:s0 tclass=file permissive=0 | |
242 | auditfilter untrusted_app system_security_prop:file read; | |
243 | ||
244 | # P161004-01832 SM-G935F_EUR_NN_XX | |
245 | # com.ebcard.bustago | |
246 | # avc: denied { read } for pid=27244 comm="find" name="subsystem" dev="sysfs" ino=18665 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs_hwrandom:s0 tclass=lnk_file permissive=0 | |
247 | # avc: denied { read } for pid=25825 comm="find" name="bdi" dev="sysfs" ino=20465 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs_zram:s0 tclass=lnk_file permissive=0 | |
248 | # P170614-04846 | |
249 | # avc: denied { read } for pid=6383 comm="Thread-266" name="subsystem" dev="sysfs" ino=34720 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs_hwrandom:s0 tclass=lnk_file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
250 | auditfilter untrusted_app sysfs_hwrandom:lnk_file read; | |
251 | auditfilter untrusted_app sysfs_zram:lnk_file read; comm="find" | |
252 | ||
253 | # P161004-04042 SM-G935F_EUR_NN_XX 3rd party app denial | |
254 | # jp.co.johospace.jorte avc: denied { search } for pid=3301 comm="Thread-13" name="com.skms.android.agent" dev="dm-1" ino=262190 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0 | |
255 | auditfilter untrusted_app system_app_data_file:dir search; | |
256 | ||
257 | # P170124-07845 | |
258 | # when untrusted_app search directories under /data/data, if some package directory has 644 permission, then below denials are occurred. | |
259 | auditfilter untrusted_app radio_data_file:dir search; | |
260 | auditfilter untrusted_app aasa_service_app_data_file:dir search; | |
261 | ||
262 | # P161004-04042 SM-G935F_EUR_NN_XX neverallow rule, anr_data_file | |
263 | # com.ningso.samsung - avc: denied { read } for pid=26344 comm=".ningso.samsung" name="anr" dev="dm-1" ino=524291 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:anr_data_file:s0 tclass=dir permissive=0 | |
264 | auditfilter untrusted_app anr_data_file:dir read; | |
265 | ||
266 | # P170112-01702 neverallow rule | |
267 | # com.amazon.kindle | |
268 | auditfilter untrusted_app anr_data_file:file read; | |
269 | ||
270 | # PL(woohui.kim) request : OneStoreService denied (com.skt.skaf.OA00018282) | |
271 | # avc: denied { read } for pid=6197 comm="skaf.OA00018282" name="default.prop" dev="rootfs" ino=8630 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0002 | |
272 | auditfilter untrusted_app rootfs:file read; comm="skaf.OA00018282" | |
273 | ||
274 | # P161124-02548 com.smc.mobile.pguidea | |
275 | # avc: denied { getattr } for pid=29288 comm="find" path="/dev/__properties__/u:object_r:recovery_prop:s0" dev="tmpfs" ino=13154 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:recovery_prop:s0 tclass=file permissive=0 | |
276 | # avc: denied { getattr } for pid=29288 comm="find" path="/dev/__properties__/u:object_r:safemode_prop:s0" dev="tmpfs" ino=13165 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:safemode_prop:s0 tclass=file permissive=0 | |
277 | # avc: denied { getattr } for pid=29288 comm="find" path="/dev/__properties__/u:object_r:user_prop:s0" dev="tmpfs" ino=13152 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:user_prop:s0 tclass=file permissive=0 | |
278 | # avc: denied { getattr } for pid=29288 comm="find" path="/dev/mem" dev="tmpfs" ino=3476 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:kmem_device:s0 tclass=chr_file permissive=0 | |
279 | # avc: denied { read } for pid=29288 comm="find" name="bdi" dev="sysfs" ino=28447 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs_vnswap:s0 tclass=lnk_file permissive=0 | |
280 | # P170614-04846 | |
281 | # avc: denied { read } for pid=6383 comm="Thread-266" name="bdi" dev="sysfs" ino=44104 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs_vnswap:s0 tclass=lnk_file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
282 | auditfilter untrusted_app { recovery_prop safemode_prop user_prop }:file getattr; comm="find" | |
283 | auditfilter untrusted_app kmem_device:chr_file getattr; comm="find" | |
284 | auditfilter untrusted_app sysfs_vnswap:lnk_file read; | |
285 | ||
286 | #P161228-02118 com.smc.mobile.pguidea / find -name su | |
287 | #avc: denied { read } for pid=20817 comm="find" name="midi.0" dev="configfs" ino=19543 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:configfs:s0 tclass=lnk_file permissive=0 SEPF_SECMOBILE_7.0_0002 | |
288 | auditfilter untrusted_app configfs:lnk_file read; comm="find" | |
289 | ||
290 | # P161213-04558, P161214-01624 | |
291 | # This rule can make sluggish | |
292 | auditfilter zygote untrusted_app:process ptrace; | |
83dc35bd | 293 | |
8c8508f8 S |
294 | # P161219-04736 |
295 | # neverallow untrusted_app file_type:file link; | |
296 | # avc: denied { link } for pid=4452 comm=".android.reader" name="3336a65c52528c9c368e942d3dd307f8-le32d4.cache-3.TMP-17CUwn" dev="sda25" ino=393785 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0 | |
297 | auditfilter untrusted_app app_data_file:file link; | |
83dc35bd | 298 | |
8c8508f8 S |
299 | # P170418-03798 |
300 | # It is cmcc operater customered app | |
301 | # avc: denied { write } for pid=28698 comm="c10086.activity" name="com.greenpoint.android.mc10086.activity" dev="mmcblk1p1" ino=1171 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:vfat:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
302 | auditfilter untrusted_app vfat:dir write; comm="c10086.activity" name="com.greenpoint.android.mc10086.activity" | |
303 | ||
304 | # P161221-03251, P161221-00307 | |
305 | # avc: denied { set } for property=ro.dbg.coresight.cfg_file pid=944 uid=0 gid=0 scontext=u:r:qti_init_shell:s0 tcontext=u:object_r:coresight_prop:s0 tclass=property_service permissive=0 | |
306 | # avc: denied { write } for pid=844 comm="sh" name="wdog_trace_enable" dev="debugfs" ino=8892 scontext=u:r:qti_init_shell:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0002 | |
307 | # N MR1 Booting Denial | |
308 | # /system/bin/sh /persist/coresight/qdss.agent.shpost-boot /system/etc/init.qcom.debug.sh | |
309 | # avc: denied { open } for pid=8617 comm="sh" path="/sys/kernel/debug/osm/pwrcl_clk/wdog_trace_enable" dev="debugfs" ino=9320 scontext=u:r:qti_init_shell:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=1 SEPF_SECMOBILE_7.1.1_0000 unfiltered | |
310 | # P170510-01440 | |
311 | # avc: denied { write } for pid=631 comm="sh" name="tracing_on" dev="tracefs" ino=5231 scontext=u:r:qti_init_shell:s0 tcontext=u:object_r:debugfs_tracing:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
312 | auditfilter qti_init_shell coresight_prop:property_service set; | |
313 | auditfilter qti_init_shell debugfs:file { write open }; | |
314 | auditfilter qti_init_shell debugfs_tracing:file write; | |
315 | ||
316 | # P170118-07453 | |
317 | # request by sunmi00.kwon@samsung.com | |
318 | # It dosen't effect to real function. | |
319 | # type=1400 audit(1484583190.680:306): avc: denied { search } for pid=15861 comm=".filterprovider" name="com.samsung.android.provider.filterprovider" dev="dm-1" ino=262150 scontext=u:r:platform_app:s0:c522,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0 SEPF_SECMOBILE_7.0_0004 | |
320 | auditfilter platform_app app_data_file:dir search; comm=".filterprovider" name="com.samsung.android.provider.filterprovider" | |
321 | ||
322 | # P170128-00710 | |
323 | # avc: denied { read } for pid=28608 comm="e.android.phone" name="mem" dev="debugfs" ino=820875 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sec_debugfs:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0004 unfiltered | |
324 | # P170128-00246 | |
325 | # avc: denied { read } for pid=22732 comm="ErrorReportingT" name="mem" dev="debugfs" ino=1802446 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sec_debugfs:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0004 unfiltered | |
326 | # P170127-00631 | |
327 | # avc: denied { read } for pid=25733 comm="Thread-5" name="mem" dev="debugfs" ino=383382 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sec_debugfs:s0 tclass=file permissive=0 type=1327 audit(1485386676.855:552): proctitle="co.rottz.realkakuro" | |
328 | # neverallow untrusted_app debugfs_type:file read; | |
329 | auditfilter untrusted_app sec_debugfs:file read; | |
330 | ||
331 | # P170127-00630 | |
332 | # avc: denied { write } for pid=11989 comm="iop" path="/data/knox/data/100/EN.FYbjLm6ubBY1ZUYxJ5OVcAyCeynel0ezMl0ku6l.IQx.PzZY7DSZoSFGHuPTOFAekqmkDQUqUO2ibkxJEDOmyTHJh0GYMqozuTeE/EN.FWbjLm6ubBY1ZUYxJ5OVcAyCeynel0ezMl0kYp.wbvq8rQcYx2oupoDjoU--/EN.FXbjLm6ubBY1ZUYxJ5OVcAyCeynel0ezMl0kA.-sbdoSNTbiuzbFZ2-atlBN6TVFfsrfWZRrVInKY3E-" dev="sda25" ino=1440114 scontext=u:r:dumpstate:s0 tcontext=u:object_r:app_data_file:s0:c612,c768 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0004 | |
333 | auditfilter dumpstate app_data_file:file write; | |
334 | ||
335 | # P170213-02015 | |
336 | # avc: denied { write } for pid=16455 comm="iop" path="/data/knox/data/100/EN.FXZZSXPkzIIoF-ZSNSg-BxO31KCYbNsflS2JCP1i4ZCRV0ZQuP4Gt54qIKZEPhmp9wb55k2sYGFqukk-/EN.FWZZSXPkzIIoF-ZSNSg-BxO31KCYbNsflS2JOKK46uuBUXtPBZi9Mv3W6U--/EN.FYZZSXPkzIIoF-ZSNSg-BxO31KCYbNsflS2JCP1i4ZCRV0ZQuP4Gt54qIKZEPhmp9wb55k2sYGFquknv54I0oYZRiBlGGGsHfVUL" dev="dm-1" ino=1245655 scontext=u:r:dumpstate:s0 tcontext=u:object_r:system_app_data_file:s0 tclass=file permissive=0 | |
337 | auditfilter dumpstate system_app_data_file:file write; | |
338 | ||
339 | # board/N_review_request/view/21974971 | |
340 | # avc: denied { read } for pid=19807 comm="iop" name="com.android.nfc" dev="dm-0" ino=131258 scontext=u:r:dumpstate:s0 tcontext=u:object_r:nfc_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
341 | auditfilter dumpstate nfc_data_file:dir read; comm="iop" name="com.android.nfc" | |
342 | ||
343 | # http://mobilerndhub.sec.samsung.net/hub/site/seandroid/board/N_review_request/view/22117527 | |
344 | # requester : jae.kim@samsung.com | |
345 | # avc: denied { search } for pid=15422 comm="iop" name="DAK" dev="sda6" ino=122 scontext=u:r:dumpstate:s0 tcontext=u:object_r:prov_efs_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
346 | auditfilter dumpstate prov_efs_file:dir search; comm="iop" name="DAK" | |
347 | ||
348 | # P170130-00994 | |
349 | # com.nhnent.payapp | |
350 | # neverallow { appdomain -system_app -shell } kernel:system syslog_read; | |
351 | # avc: denied { syslog_read } for pid=9654 comm="dmesg" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:kernel:s0 tclass=system permissive=0 SEPF_SECMOBILE_7.0_0004 unfiltered | |
352 | auditfilter untrusted_app kernel:system syslog_read; | |
83dc35bd | 353 | |
8c8508f8 S |
354 | # board/N_review_request/view/21733557 |
355 | # board/N_review_request/view/21735670 | |
356 | # some system_app's dex is not updated after FOTA, it will be re-made by dex2oat after next re-boot or after 72 min. so it can be ignored. | |
357 | # normal app cases might be blocked DAC side. | |
358 | # avc: denied { write } for pid=20472 comm="id.smartfitting" name="system@app@SmartFittingService@SmartFittingService.apk@classes.dex" dev="dm-1" ino=607 scontext=u:r:system_app:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file | |
359 | # avc: denied { write } for pid=26042 comm="oid.sm.provider" name="system@priv-app@SmartManager_v5@SmartManager_v5.apk@classes.dex" dev="dm-1" ino=733 scontext=u:r:system_app:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file | |
360 | auditfilter system_app dalvikcache_data_file:file write; | |
361 | ||
362 | # P170414-00369 | |
363 | # avc: denied { search } for pid=25568 comm="t.event.handler" name="com.dsi.ant.server" dev="dm-1" ino=655744 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:bluetooth_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.0_0007 unfiltered | |
364 | # proctitle="com.glassdoor.app" unfiltered | |
365 | # P170612-03254 | |
366 | # avc: denied { search } for pid=557 comm="Thread-42" name="com.dsi.ant.server" dev="dm-1" ino=570 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:bluetooth_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
367 | auditfilter untrusted_app bluetooth_data_file:dir search; name="com.dsi.ant.server" | |
368 | ||
369 | # P170612-03254 | |
370 | # avc: denied { search } for pid=557 comm="Thread-42" name="com.qualcomm.location.XT" dev="dm-1" ino=827 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:location_app_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
371 | auditfilter untrusted_app location_app_data_file:dir search; name="com.qualcomm.location.XT" | |
372 | ||
373 | # P170417-03694 | |
374 | # avc: denied { create } for pid=14955 comm="Thread-16" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=netlink_tcpdiag_socket permissive=0 SEPF_SM-G615F_7.0_0008 unfiltered | |
375 | # proctitle="com.opera.max.oem" | |
376 | auditfilter untrusted_app untrusted_app:netlink_tcpdiag_socket create; | |
377 | ||
378 | # P170413-00278 | |
379 | # avc: denied { create } for pid=11829 comm="tv.dvrscheduler" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=netlink_kobject_uevent_socket permissive=0 SEPF_SECMOBILE_7.0_0007 unfiltered | |
380 | auditfilter untrusted_app untrusted_app:netlink_kobject_uevent_socket create; | |
83dc35bd | 381 | |
8c8508f8 S |
382 | # P170605-01226 |
383 | # avc: denied { read } for pid=11941 comm="Thread-56" name="info.extra" dev="mmcblk0p19" ino=2264 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:info_extra_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0009 unfiltered | |
384 | # avc: denied { read } for pid=18964 comm="Thread-60" name=4F7665722074686520486F72697A6F6E2E6D7033 dev="mmcblk0p21" ino=20 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:hidden_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0009 unfiltered | |
385 | # proctitle="com.estsoft.alyac" | |
386 | auditfilter untrusted_app info_extra_file:file read; | |
387 | auditfilter untrusted_app hidden_file:file read; | |
83dc35bd | 388 | |
8c8508f8 | 389 | ########### non-appdomain ########### |
83dc35bd | 390 | |
8c8508f8 S |
391 | # P170211-00326 |
392 | # avc: denied { open } for pid=12369 comm="main" path="/mnt/asec/com.samsung.context.hwlogcollector-1/base.apk" dev="dm-2" ino=12 scontext=u:r:dex2oat:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file permissive=0 | |
393 | auditfilter dex2oat asec_apk_file:file open; path="/mnt/asec/com.samsung.context.hwlogcollector-1/base.apk" | |
394 | ||
395 | # P170606-00237 | |
396 | # avc: denied { open } for pid=9153 comm="main" path="/mnt/asec/com.samsung.android.bixby.report-1/base.apk" dev="dm-2" ino=12 scontext=u:r:dex2oat:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
397 | # P170718-03491 | |
398 | # avc: denied { open } for pid=18765 comm="main" path="/mnt/asec/com.samsung.android.bixby.report-2/base.apk" dev="dm-2" ino=12 scontext=u:r:dex2oat:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
399 | # P170714-02442 | |
400 | # avc: denied { open } for pid=30252 comm="main" path="/mnt/asec/com.samsung.android.bixby.report-2/base.apk" dev="dm-2" ino=12 scontext=u:r:dex2oat:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
401 | auditfilter dex2oat asec_apk_file:file open; comm="main" | |
402 | ||
403 | # P170417-03700 | |
404 | # There is no one who in charge of md_monitor. | |
405 | # avc: denied { open } for pid=431 comm="md_monitor" path="/data/md_mon/mdlog_mon1_config" dev="dm-1" ino=524298 scontext=u:r:md_monitor:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0 SEPF_SM-G615F_7.0_0008 unfiltered | |
406 | auditfilter md_monitor system_data_file:file open; path="/data/md_mon/mdlog_mon1_config" | |
407 | ||
408 | # P170420-02771 | |
409 | # avc: denied { write } for pid=9436 comm="Chrome_InProcGp" name="property_service" dev="tmpfs" ino=11331 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 SEPF_SM-G615F_7.0_0008 unfiltered | |
410 | # neverallow rule | |
411 | auditfilter untrusted_app property_socket:sock_file write; | |
412 | ||
413 | # P170419-03510, P170424-02725 | |
414 | # avc: denied { read } for pid=26584 comm=4A6F62202335 name="ueventd.qcom.rc" dev="rootfs" ino=2991 scontext=u:r:untrusted_app:s0:c612,c768 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0007 unfiltered | |
415 | auditfilter untrusted_app rootfs:file read; dev="rootfs" | |
416 | ||
417 | # P170527-01911 | |
418 | # avc: denied { read } for pid=25851 comm="Thread-52" name="iSerial" dev="sysfs" ino=27407 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs_android_usb:s0 tclass=file permissive=0 SEPF_SM-C7100_7.1.1_0001 unfiltered | |
419 | auditfilter untrusted_app sysfs_android_usb:file read; comm="Thread-52" name="iSerial" | |
420 | ||
421 | # P170506-00817 | |
422 | # avc: denied { call } for pid=9225 comm="dumpsys" scontext=u:r:dumpstate:s0 tcontext=u:r:update_engine:s0 tclass=binder permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
423 | auditfilter dumpstate update_engine:binder call; comm="dumpsys" | |
424 | ||
425 | # http://mobilerndhub.sec.samsung.net/hub/site/seandroid/board/N_review_request/view/22050903 | |
426 | # Requester : jm_0512.park@samsung.com | |
427 | # avc: denied { use } for pid=21413 comm="dumpsys" path="pipe:[749571]" dev="pipefs" ino=749571 scontext=u:r:remotedisplay:s0 tcontext=u:r:system_app:s0 tclass=fd permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
428 | auditfilter remotedisplay system_app:fd use; comm="dumpsys" | |
429 | ||
430 | # P170621-00931, P170707-01709 | |
431 | # avc: denied { read } for pid=15397 comm="Thread-12" name="rtt_dump.txt" dev="dm-1" ino=1310729 scontext=u:r:system_app:s0 tcontext=u:object_r:sf_rtt_file:s0 tclass=file permissive=0 SEPF_SM-C7100_7.1.1_0001 unfiltered | |
432 | auditfilter system_app sf_rtt_file:file read; name="rtt_dump.txt" | |
433 | ||
434 | # P170529-02761 | |
435 | # avc: denied { call } for pid=30767 comm=4173796E635461736B20233133 scontext=u:r:system_app:s0 tcontext=u:r:update_engine:s0 tclass=binder permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
436 | auditfilter system_app update_engine:binder call; comm="4173796E635461736B20233133" | |
437 | ||
438 | # P170613-04684 | |
439 | # avc: denied { getattr } for pid=13669 comm="generateLogThre" path="/data/anr" dev="dm-1" ino=194310 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:anr_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
440 | auditfilter untrusted_app anr_data_file:dir getattr; | |
441 | ||
442 | # P170614-04074 | |
443 | # avc: denied { search } for pid=10201 comm="roid.phrasebook" name="com.nhn.android.phrasebook" dev="dm-1" ino=261993 scontext=u:r:untrusted_app:s0:c522,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
444 | # P170614-04378 | |
445 | # avc: denied { search } for pid=10741 comm=4173796E635461736B202331 name="com.imbc.mini" dev="dm-1" ino=261927 scontext=u:r:untrusted_app:s0:c522,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
446 | auditfilter untrusted_app app_data_file:dir search; | |
447 | ||
448 | # P170614-03245 | |
449 | # avc: denied { search } for pid=30434 comm=4173796E635461736B202331 name="com.yandex.browser" dev="dm-1" ino=992 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
450 | auditfilter isolated_app app_data_file:dir search; name="com.yandex.browser" | |
451 | ||
452 | # P170614-04846 | |
453 | # avc: denied { getattr } for pid=6383 comm="Thread-272" path="socket:[300517]" dev="sockfs" ino=300517 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:zygote:s0 tclass=unix_dgram_socket permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
454 | auditfilter untrusted_app zygote:unix_dgram_socket getattr; | |
455 | ||
456 | # http://mobilerndhub.sec.samsung.net/hub/site/seandroid/board/N_review_request/view/22072962 | |
457 | # avc: denied { write } for pid=29264 comm="ndroid.settings" path="/data/knox/data/150" dev="dm-1" ino=1638436 scontext=u:r:system_app:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
458 | # avc: denied { write } for pid=1073 comm="ecryptfs-kthrea" path="/data/knox/data/150" dev="dm-1" ino=1638436 scontext=u:r:kernel:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
459 | auditfilter system_app system_data_file:dir write; comm="ndroid.settings" | |
460 | auditfilter kernel system_data_file:dir write; comm="ecryptfs-kthrea" | |
461 | ||
462 | # P170617-02163 | |
463 | # avc: denied { execmod } for pid=4067 comm="weshare.jiekuan" path="/system/lib/libart.so" dev="dm-0" ino=1668 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 SEPF_SM-C7100_7.1.1_0001 unfiltered | |
464 | auditfilter untrusted_app system_file:file execmod; | |
465 | ||
466 | # P170617-02122 P170617-02112 | |
467 | # avc: denied { execmod } for pid=29204 comm="m.youba.barcode" path="/system/lib/libart.so" dev="dm-0" ino=1668 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 SEPF_SM-C7100_7.1.1_0001 unfiltered | |
468 | # avc: denied { getattr } for pid=8544 comm=557365725461736B202331 path="/data/anr/traces.txt" dev="dm-1" ino=1310726 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:anr_data_file:s0 tclass=file permissive=0 SEPF_SM-C7100_7.1.1_0001 unfiltered | |
469 | auditfilter untrusted_app anr_data_file:file getattr; | |
470 | ||
471 | # P170617-01398 P170617-01381 | |
472 | # avc: denied { write } for pid=16604 comm=4173796E635461736B202332 name="fd" dev="proc" ino=223680 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=dir permissive=0 SEPF_SM-C7100_7.1.1_0001 unfiltered | |
473 | auditfilter untrusted_app untrusted_app:dir write; | |
474 | ||
475 | # P170620-03360 | |
476 | # avc: denied { read } for pid=14485 comm="sai.mediaplayer" name="accessory.0" dev="configfs" ino=11771 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:configfs:s0 tclass=lnk_file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
477 | auditfilter untrusted_app configfs:lnk_file read; | |
478 | ||
479 | # P170623-01454 | |
480 | # avc: denied { read } for pid=16048 comm="Thread-60" name="iSerial" dev="sysfs" ino=27450 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs_android_usb:s0 tclass=file permissive=0 SEPF_SM-C7100_7.1.1_0001 unfiltered | |
481 | auditfilter untrusted_app sysfs_android_usb:file read; | |
482 | ||
483 | # P170627-00416 | |
484 | # avc: denied { setattr } for pid=25964 comm="highpool[0]" name="libAppDataSearch.so" dev="dm-1" ino=65771 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
485 | auditfilter priv_app apk_data_file:file setattr; | |
486 | ||
487 | # P170627-02414 | |
488 | # avc: denied { node_bind } for pid=20418 comm="Thread-70" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:node:s0 tclass=rawip_socket permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
489 | auditfilter untrusted_app node:rawip_socket node_bind; | |
490 | ||
491 | # P170701-01202 | |
492 | # avc: denied { read } for pid=27965 comm="Binder:27927_3" name="u:object_r:vpn_prop:s0" dev="tmpfs" ino=21530 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:vpn_prop:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
493 | auditfilter untrusted_app vpn_prop:file read; | |
494 | ||
495 | # P170703-00252 | |
496 | # avc: denied { read } for pid=5951 comm=".katana:browser" name="core_pattern" dev="proc" ino=2896567 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:usermodehelper:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
497 | auditfilter untrusted_app usermodehelper:file read; | |
498 | ||
499 | # P170630-04179 | |
500 | # Requester : joongmin.ahn@samsung.com | |
501 | # avc: denied { append } for pid=2924 comm="Thread-2" name="mhs.log" dev="dm-0" ino=457675 scontext=u:r:zygote:s0 tcontext=u:object_r:sec_wifi_data_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0009 unfiltered | |
502 | auditfilter zygote sec_wifi_data_file:file append; name="mhs.log" | |
503 | ||
504 | # P170705-00101 | |
505 | # avc: denied { read } for pid=25772 comm="CTION_IDLE_MODE" name="authorize.xml" dev="dm-0" ino=1284 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:security_system_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
506 | auditfilter priv_app security_system_file:file read; comm="CTION_IDLE_MODE" | |
507 | ||
508 | # P170707-03498 | |
509 | # avc: denied { getattr } for pid=25574 comm="android.bankabc" path="/data/misc/profiles/cur/0/foreign-dex/@system@app@WebViewGoogle@WebViewGoogle.apk" dev="dm-1" ino=1704462 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:user_profile_foreign_dex_data_file:s0:c512,c768 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
510 | # avc: denied { search } for pid=7140 comm="er:bdservice_v1" name="com.baidu.BaiduMap" dev="dm-1" ino=1180187 scontext=u:r:system_app:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
511 | auditfilter untrusted_app user_profile_foreign_dex_data_file:file getattr; | |
512 | auditfilter system_app app_data_file:dir search; comm="er:bdservice_v1" name="com.baidu.BaiduMap" | |
513 | ||
514 | # P170701-00755, P170705-00092 | |
515 | # avc: denied { read } for pid=22008 comm="insthk" name="sfs" dev="sda6" ino=25 scontext=u:r:system_app:s0 tcontext=u:object_r:efs_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
516 | auditfilter system_app efs_file:dir read; comm="insthk" | |
517 | ||
518 | # P170714-00576 | |
519 | # avc: denied { read } for pid=8244 comm="Thread-7" name="authorize.xml" dev="dm-0" ino=382 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:security_system_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
520 | auditfilter untrusted_app security_system_file:file read; | |
521 | ||
522 | # P170714-00557 | |
523 | # avc: denied { getattr } for pid=4086 comm="pool-1-thread-1" path="/dev/__properties__/u:object_r:device_logging_prop:s0" dev="tmpfs" ino=11769 scontext=u:r:trustonicpartner_app:s0:c512,c768 tcontext=u:object_r:device_logging_prop:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
524 | # avc: denied { getattr } for pid=4086 comm="pool-1-thread-1" path="/dev/__properties__/u:object_r:logpersistd_logging_prop:s0" dev="tmpfs" ino=11768 scontext=u:r:trustonicpartner_app:s0:c512,c768 tcontext=u:object_r:logpersistd_logging_prop:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
525 | # avc: denied { getattr } for pid=4086 comm="pool-1-thread-1" path="/dev/__properties__/u:object_r:mmc_prop:s0" dev="tmpfs" ino=11767 scontext=u:r:trustonicpartner_app:s0:c512,c768 tcontext=u:object_r:mmc_prop:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
526 | # avc: denied { getattr } for pid=4086 comm="pool-1-thread-1" path="/dev/__properties__/u:object_r:safemode_prop:s0" dev="tmpfs" ino=11766 scontext=u:r:trustonicpartner_app:s0:c512,c768 tcontext=u:object_r:safemode_prop:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
527 | # avc: denied { getattr } for pid=4086 comm="pool-1-thread-1" path="/dev/__properties__/u:object_r:recovery_prop:s0" dev="tmpfs" ino=11755 scontext=u:r:trustonicpartner_app:s0:c512,c768 tcontext=u:object_r:recovery_prop:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
528 | auditfilter trustonicpartner_app device_logging_prop:file getattr; | |
529 | auditfilter trustonicpartner_app logpersistd_logging_prop:file getattr; | |
530 | auditfilter trustonicpartner_app mmc_prop:file getattr; | |
531 | auditfilter trustonicpartner_app safemode_prop:file getattr; | |
532 | auditfilter trustonicpartner_app recovery_prop:file getattr; | |
533 | ||
534 | # P170714-05427 | |
535 | # avc: denied { create } for pid=11475 comm="Chrome_libJingl" scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:r:isolated_app:s0:c512,c768 tclass=udp_socket permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
536 | auditfilter isolated_app isolated_app:udp_socket create; | |
537 | ||
538 | # P170720-00250 | |
539 | # http://mobilerndhub.sec.samsung.net/hub/site/seandroid/board/N_review_request/view/22192704 | |
540 | # avc: denied { read } for pid=10904 comm="clatd" path="/proc/3155/cmdline" dev="proc" ino=196525 scontext=u:r:clatd:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
541 | # Requester : ansik.shin | |
542 | auditfilter clatd platform_app:file read; comm="clatd" | |
543 | ||
544 | # P170720-03498 | |
545 | # avc: denied { read write } for pid=22352 comm="clatd" path="socket:[5128116]" dev="sockfs" ino=5128116 scontext=u:r:clatd:s0 tcontext=u:r:system_server:s0 tclass=udp_socket permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
546 | # P170720-03465 | |
547 | # avc: denied { read write } for pid=23029 comm="clatd" path="socket:[4127978]" dev="sockfs" ino=4127978 scontext=u:r:clatd:s0 tcontext=u:r:system_server:s0 tclass=udp_socket permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
548 | # Requester : ansik.shin | |
549 | auditfilter clatd system_server:udp_socket { read write }; comm="clatd" | |
550 | ||
551 | # P170726-06137, P170726-06093 | |
552 | avc: denied { write } for pid=16037 comm="com.policydm" name="system@priv-app@SPDClient@SPDClient.apk@classes.dex" dev="dm-1" ino=738 scontext=u:r:policyloader_app:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
553 | auditfilter policyloader_app dalvikcache_data_file:file write; comm="com.policydm" | |
554 | ||
555 | # http://mobilerndhub.sec.samsung.net/hub/site/seandroid/board/N_review_request/view/22232201 | |
556 | # avc: denied { call } for pid=1221 comm="Binder:780_1" scontext=u:r:audioserver:s0 tcontext=u:r:audiod:s0 tclass=binder permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered | |
557 | auditfilter audioserver audiod:binder call; |