projects / GitHub / Stricted / sm-g903f-system.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
update to G903WVLU1CQH4
[GitHub/Stricted/sm-g903f-system.git] / etc / security / audit_filter_table
CommitLineData
83dc35bd
S		 1#
2# usage : auditfilter source(group) target(group):class(group) permission(group); [dev|path|name|comm|mlscheck]=value(including " character) - each item should be devided by ' ' or '\t'.
3# ex) auditfilter { system_app platform_app } { app_data_file system_app_data_file }:{ dir file } { read write }; dev="proc" name="com.sec.android.inputmethod" path="/data/system/users/100.xml" mlscheck=2
4#
5# ex) auditfilter * * *: *; //this means will be filtered all of denials
6# please don't use * value on the scontexts as possible.
7#
8# mlscheck = 0 - don't compare security level
9# 1 - will be filtered when source and target security level are same.
10# 2 - will be filtered when source and target security level are NOT same.
11#
12#
13########### WARNING ###########
14#
15# 1. source and target SHOULD be TYPE, not ATTRIBUTE.
16# 2. SHOULD NOT use '~' character and '{ domain -domain }' statement.
17# 3. count(source) * count(target) * count(class) * count(perm) MUST BE LESS THAN THRESHOLD(100000)
18#
19
8c8508f8 20########### TG issue : Remove it after Fix ###########
83dc35bd 21########### appdomain ###########
83dc35bd 22### system_app ###
8c8508f8
S		 23# N_P160907-05477 : smart manager
24# avc: denied { execute } for pid=10169 comm="sung.android.sm" path="/data/data/com.samsung.android.sm/files/lib/liblzma.so" dev="sda18" ino=590976 scontext=u:r:system_app:s0 tcontext=u:object_r:system_app_data_file:s0 tclass=file permissive=0
25auditfilter system_app system_app_data_file:file execute; comm="sung.android.sm"
26
27# P160913-03874 : smart manager
28# avc: denied { write } for pid=9604 comm="oid.sm.provider" name="misc" dev="sda22" ino=131073 scontext=u:r:system_app:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
29auditfilter system_app system_data_file:dir write; comm="oid.sm.provider" name="misc"
30
31# P160926-03387 : com.android.system
32# avc: denied { write } for pid=11437 comm="RenderThread" name="data" dev="dm-1" ino=262145 scontext=u:r:system_app:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
33auditfilter system_app system_data_file:dir write; comm="RenderThread" name="data"
34
35# P160929-02477 : com.wssyncmldm
36# NRfaccessat avc: denied { write } for pid=22235 comm="Thread-2" name="/" dev="sda18" ino=2 scontext=u:r:system_app:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
37auditfilter system_app system_data_file:dir write; name="/"
38
39# log from SEA_site_N_OS@72
40# com.sec.android.app.sysscope
41# this direct access is not allowed by MLS restriction.
42# avc: denied { getattr } for pid=8178 comm="pool-2-thread-1" path="/proc/4024" dev="proc" ino=19174 scontext=u:r:system_app:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=dir permissive=1
43# avc: denied { search } for pid=8178 comm="pool-2-thread-1" name="4024" dev="proc" ino=19174 scontext=u:r:system_app:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=dir permissive=1
44# avc: denied { read } for pid=8178 comm="pool-2-thread-1" name="statm" dev="proc" ino=38250 scontext=u:r:system_app:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=file permissive=1
45# avc: denied { getattr } for pid=8178 comm="pool-2-thread-1" path="/proc/4472/statm" dev="proc" ino=38250 scontext=u:r:system_app:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=file permissive=1
46auditfilter system_app { platform_app priv_app untrusted_app sec_untrusted_app trustonicpartner_app }:dir { search getattr };
47
48# seandroid/board/N_review_request/view/21686514/
49# avc: denied { call } for pid=24774 comm="dumpsys" scontext=u:r:system_app:s0 tcontext=u:r:fingerprintd:s0 tclass=binder permissive=0 SEPF_SECMOBILE_7.0_0004
50# avc: denied { use } for pid=5744 comm="dumpsys" path="pipe:[371717]" dev="pipefs" ino=371717 scontext=u:r:fingerprintd:s0 tcontext=u:r:system_app:s0 tclass=fd
51auditfilter system_app fingerprintd:binder call;
52auditfilter fingerprintd system_app:fd use;
53
54# P170315-03872
55# avc: denied { search } for pid=17257 comm=4173796E635461736B20233133 name="com.aasa.askschecker" dev="dm-1" ino=326561 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.0_DD02 unfiltered
56# avc: denied { read } for pid=19565 comm="lient_spdupdate" name="ASKSB.xml" dev="dm-1" ino=326423 scontext=u:r:system_app:s0 tcontext=u:object_r:aasa_data_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_DD02 unfiltered
57auditfilter system_app aasa_data_file:file read;
58auditfilter priv_app system_app_data_file:dir search; name="com.aasa.askschecker"
83dc35bd 59
8c8508f8
S		 60### platform_app ###
61# log from P160921-01434
62# avc: denied { execute } for pid=5538 comm="ktailbarservice" path="/data/data/com.samsung.android.app.cocktailbarservice/cache/Generated1725786881.dex" dev="sda22" ino=66007 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0
63# seandroid/board/N_review_request/view/22026056
64# avc: denied { execute } for pid=14739 comm="xiaoyuan-ipool1" path="/data/data/com.samsung.android.app.sreminder/app_outdex/OnlineUpdateCycleConfig_69.dex" dev="dm-0" ino=524961 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0
65# avc: denied { execute } for pid=14678 comm="Thread-10" path="/data/data/com.samsung.android.app.sreminder/app_outdex/parseUtilMain_81.dex" dev="dm-0" ino=524951 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0
66auditfilter platform_app app_data_file:file execute;
83dc35bd
S		 67
68
69### untrusted_app ###
8c8508f8
S		 70# P160927-04739 com.facebook.katana
71# avc: denied { read } for pid=1466 comm="facebook.katana" name="1466-0" dev="debugfs" ino=506785 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0
72auditfilter untrusted_app debugfs:file read;
83dc35bd 73
8c8508f8
S		 74# P161122-01529 com.drweb:monitor
75#avc: denied { setattr } for pid=14122 comm="m.drweb:monitor" name="libDRWScanPSLib.so" dev="dm-1" ino=131994 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0002
76auditfilter untrusted_app apk_data_file:file setattr;
83dc35bd 77
8c8508f8
S		 78# P170529-01321 - net.pulsesecure.pulsesecure:remote
79# type=1400 audit(1496643125.377:2007): avc: denied { setattr } for pid=26557 comm="sesecure:remote" name="user" dev="dm-0" ino=1109762 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
80auditfilter untrusted_app system_data_file:lnk_file setattr; comm="sesecure:remote"
81# P170620-04574 proctitle="net.pulsesecure.pulsesecure:remote"
82# avc: denied { setattr } for pid=17498 comm="sesecure:remote" name="user" dev="dm-0" ino=1179650 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
83auditfilter untrusted_app system_data_file:dir setattr; comm="sesecure:remote"
83dc35bd
S		 84
85########### non-appdomain ###########
8c8508f8
S		 86### adsprpcd ###
87# PLM P160916-00376 G930V_NN
88# NRopen avc: denied { read } for pid=776 comm="adsprpcd" name="fluence_voiceplus_module.so.1" dev="sdd7" ino=27 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
89# NRopen avc: denied { read } for pid=776 comm="adsprpcd" name="mmecns_module.so.1" dev="sdd7" ino=31 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
90auditfilter adsprpcd unlabeled:file read;
91
92### cameraserver ###
93# avc: denied { read } for pid=20457 comm="CAM_stMachine" name="fastrpc_shell_0" dev="sdd7" ino=26 scontext=u:r:cameraserver:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
94auditfilter cameraserver unlabeled:file read;
95
96### debuggerd ###
97# P160929-04387 heroltexx/herolte:7.0/NRD90M/G930FXXU1ZPIF
98# when debuggerd dump the app prcess, it has the direct open to app data files.
99# avc: denied { search } for pid=1316 comm="debuggerd" name="com.ahzs.hggoogle" dev="sda18" ino=462694 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0
100auditfilter debuggerd app_data_file:dir search;
101
102# P170209-03477
103# avc: denied { read } for pid=20901 comm="debuggerd" path="/data/knox/data/150/com.funshion.video.mobile/app_bin/daemon" dev="dm-1" ino=522740 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c662,c768 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0004 unfiltered
104auditfilter debuggerd app_data_file:file read;
105
106### drmserver ###
107# PLM P160916-00376 G930V_NN
108# NRopen avc: denied { create } for pid=713 comm="drmserver" name="playReadyTimeDiff.dat" scontext=u:r:drmserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
109auditfilter drmserver system_data_file:file create;
110
111### energyawareness ###
112# log from P160921-01434
113# avc: denied { write } for pid=630 comm="energy-awarenes" name="ptable" dev="debugfs" ino=17704 scontext=u:r:energyawareness:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0
114auditfilter energyawareness debugfs:file write;
115
116### priv_app ###
117# P170323-05389 com.google.android.gms.persistent
118# avc: denied { read } for pid=2938 comm="GoogleLocationS" name="gpu_memory" dev="debugfs" ino=9432 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0005 unfiltered
119auditfilter priv_app debugfs:file read; comm="GoogleLocationS" name="gpu_memory"
83dc35bd 120
8c8508f8
S		 121### init ###
122# PLM P160916-00376 G930V_NN
123auditfilter init efsblk_device:blk_file relabelfrom;
124auditfilter init system_block_device:blk_file relabelfrom;
125auditfilter init userdata_block_device:blk_file relabelfrom;
126# avc: denied { relabelfrom } for pid=2933 comm="init" name="dm-0" dev="tmpfs" ino=3714 scontext=u:r:init:s0 tcontext=u:object_r:dm_device:s0 tclass=blk_file permissive=0
127auditfilter init dm_device:blk_file relabelfrom;
128
129# P161004-01513 heroqltetmo/heroqltetmo:7.0/NRD90M/G930TUVU4ZPIF
130# avc: denied { relabelfrom } for pid=1 comm="init" name="icd" dev="tmpfs" ino=15737 scontext=u:r:init:s0 tcontext=u:object_r:icd_device:s0 tclass=file permissive=0
131# avc: denied { relabelfrom } for pid=1 comm="init" name="icdr" dev="tmpfs" ino=15738 scontext=u:r:init:s0 tcontext=u:object_r:icd_device:s0 tclass=file permissive=0
132auditfilter init icd_device:file relabelfrom;
133
134# P170411-07025
135# SM-G615F
136# avc: denied { relabelfrom } for pid=1 comm="init" name="trace_marker" dev="tracefs" ino=2096 scontext=u:r:init:s0 tcontext=u:object_r:debugfs_trace_marker:s0 tclass=file permissive=0 SEPF_SM-G615F_7.0_0008 unfiltered
137auditfilter init debugfs_trace_marker:file relabelfrom;
83dc35bd 138
8c8508f8
S		 139### qti_init_shell ###
140# P161021-02976
141# avc: denied { write } for pid=2789 comm="sh" name="interactive" dev="sysfs" ino=39397 scontext=u:r:qti_init_shell:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.0_0002
142auditfilter qti_init_shell sysfs:dir write; name="interactive"
83dc35bd 143
8c8508f8
S		 144### system_server ###
145# P160928-04340
146# TG: ActivityManagerService.java handleApplicationCrash
147# /system/bin/sh /system/bin/am dumpheap 918(callingPID) /data/log/hprof-oom.hprof
148# avc: denied { execute } for pid=1403 comm="am" name="app_process64" dev="sda14" ino=750 scontext=u:r:system_server:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=0
149auditfilter system_server zygote_exec:file execute; comm="am"
150
151# P161004-03127 SM-G935F_EUR_NN_XX
152# avc: denied { read } for pid=12343 comm="Binder:4430_5" path="/storage/emulated/0/wiz/bell/사계겨울2악장-비발디_후렴.mp3" dev="fuse" ino=2899 scontext=u:r:system_server:s0 tcontext=u:object_r:fuse:s0 tclass=file permissive=0
153auditfilter system_server fuse:file read;
154
155
156### toolbox ###
157# service umount_cpdump /system/bin/umount /cpdump
158# service umount_service /system/bin/umount -D /preload -> TG : vold, onegun.lee(in progressing)
159# avc: denied { sys_admin } for pid=7001 comm="umount" capability=21 scontext=u:r:toolbox:s0 tcontext=u:r:toolbox:s0 tclass=capability permissive=0
160auditfilter toolbox toolbox:capability sys_admin; comm="umount"
161
162### tunman ###
163# PLM P161002-00091 SM-G9350_CHN_NN_CHC
164# tunman open with write/create mode some file in tunman folder(ex: /data/tunman/xxx)
165# TG should fix this denial. TG : jiaba.chen@samsung.com, yuanheng.lan@samsung.com
166# NRopenat avc: denied { write } for pid=19310 comm="tunman" name="tunman" dev="dm-1" ino=393223 scontext=u:r:tunman:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
167auditfilter tunman system_data_file:dir write; name="tunman"
168
169### vcsFPService ###
170# N Booting Denials G955F_NN
171# temporary code(~10/8)
172# avc: denied { write } for pid=3057 comm="vcsFPService" name="/" dev="tmpfs" ino=11034 scontext=u:r:vcsFPService:s0 tcontext=u:object_r:device:s0 tclass=dir permissive=0
173auditfilter vcsFPService device:dir write; comm="vcsFPService"
83dc35bd 174
8c8508f8
S		 175### vold ###
176# P161004-03127 sysfs_android_usbfd inherit denial
177auditfilter fsck sec_efs_file:file read;
178auditfilter sdcardd sec_efs_file:file read;
83dc35bd 179
8c8508f8
S		 180### radio ###
181# P170208-00207, P170324-00135
182# avc: denied { execute } for pid=16455 comm="androidmapsapi-" path="/data/data/com.google.android.gms/app_chimera/m/00000000/oat/arm64/DynamiteModulesA_GmsCore_prodmnc_alldpi_release.odex" dev="dm-1" ino=1179706 scontext=u:r:radio:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0004 unfiltered
183# avc: denied { execute } for pid=16987 comm="m.samsung.crane" path="/data/user_de/0/com.google.android.gms/app_chimera/m/00000002/oat/arm/DynamiteModulesB_GmsCore_prodmnc_xhdpi_release.odex" dev="dm-1" ino=131933 scontext=u:r:radio:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0005 unfiltered
184auditfilter radio app_data_file:file execute; comm="androidmapsapi-"
185auditfilter radio app_data_file:file execute; comm="m.samsung.crane"
83dc35bd 186
8c8508f8
S		 187# P170118-03851, P161220-02605
188# avc: denied { read } for pid=3261 comm="sgdisk" path="/dev/block/sda4" dev="tmpfs" ino=19720 scontext=u:r:sgdisk:s0 tcontext=u:object_r:paramblk_device:s0 tclass=blk_file permissive=0 SEPF_SECMOBILE_7.0_0004
189auditfilter sgdisk paramblk_device:blk_file read; comm="sgdisk"
83dc35bd 190
8c8508f8
S		 191### perfd ###
192# http://mobilerndhub.sec.samsung.net/hub/site/seandroid/board/N_review_request/view/22289595
193# avc: denied { sys_ptrace } for pid=4522 comm="perfd" capability=19 scontext=u:r:perfd:s0 tcontext=u:r:perfd:s0 tclass=capability permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
194auditfilter perfd perfd:capability sys_ptrace;
83dc35bd 195
8c8508f8 196########### End of TG issue : Remove it after Fix ###########
83dc35bd 197
83dc35bd 198
83dc35bd 199
8c8508f8
S		 200########### appdomain ###########
201### system_app ###
202# P160921-01434 : denial from UEventObserver
203# avc: denied { net_admin } for pid=7898 comm="UEventObserver" capability=12 scontext=u:r:system_app:s0 tcontext=u:r:system_app:s0 tclass=capability permissive=0
204auditfilter system_app system_app:capability net_admin;
83dc35bd 205
8c8508f8 206### platform_app ###
83dc35bd 207
8c8508f8
S		 208### untrusted_app ###
209# PLM P160926-03920
210# avc: denied { ioctl } for pid=1448 comm="LongWork-0" path="socket:[1232276]" dev="sockfs" ino=1232276 ioctlcmd=8927 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=tcp_socket permissive=0
211auditfilter untrusted_app untrusted_app:{ tcp_socket udp_socket } ioctl; dev="sockfs"
83dc35bd 212
8c8508f8
S		 213# avc: denied { ioctl } for pid=16612 comm=".android.smcard" path="socket:[692802]" dev="sockfs" ino=692802 ioctlcmd=8927 scontext=u:r:trustonicpartner_app:s0:c512,c768 tcontext=u:r:trustonicpartner_app:s0:c512,c768 tclass=udp_socket permissive=0 SEPF_SECMOBILE_7.0_0004 unfiltered
214auditfilter trustonicpartner_app trustonicpartner_app:{ tcp_socket udp_socket } ioctl; dev="sockfs"
215
216# avc: denied { read } for pid=8328 comm=637269747465726369736D20646174 name="mem" dev="debugfs" ino=610909 scontext=u:r:trustonicpartner_app:s0:c512,c768 tcontext=u:object_r:sec_debugfs:s0 tclass=file permissive=0
217auditfilter trustonicpartner_app sec_debugfs:file read;
218
219# P160927-01063 com.smc.mobile.pguidea
220# thread(find/-name su) avc: denied { getattr } for pid=16027 comm="find" path="/dev/hw_random" dev="tmpfs" ino=3683 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:hw_random_device:s0 tclass=chr_file permissive=0
221# avc: denied { getattr } for pid=16027 comm="find" path="/dev/fuse" dev="tmpfs" ino=3626 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:fuse_device:s0 tclass=chr_file permissive=0
222# avc: denied { getattr } for pid=16027 comm="find" path="/dev/block/sda11" dev="tmpfs" ino=3500 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:frp_block_device:s0 tclass=blk_file permissive=0
223auditfilter untrusted_app { fuse_device hw_random_device }:chr_file getattr;
224auditfilter untrusted_app frp_block_device:blk_file getattr;
225
226# P160927-01063 com.smc.mobile.pguidea
227# avc: denied { getattr } for pid=3548 comm="find" path="/dev/__properties__/u:object_r:mmc_prop:s0" dev="tmpfs" ino=2519 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:mmc_prop:s0 tclass=file permissive=0
228# avc: denied { getattr } for pid=3548 comm="find" path="/dev/__properties__/u:object_r:device_logging_prop:s0" dev="tmpfs" ino=2520 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:device_logging_prop:s0 tclass=file permissive=0
229auditfilter untrusted_app { device_logging_prop mmc_prop }:file getattr;
230
231# WORKWROUND FOR CTS --t android.permission.cts.FileSystemPermissionTest#testAllCharacterDevicesAreSecure
232# pmsg_device is worldwritable, but can be PASS with removing getattr perms.
233auditfilter untrusted_app pmsg_device:chr_file getattr;
234
235# P160929-04387 herolte:7.0/NRD90M/G930FXXU1ZPIF
236# com.legogo.browser executed a new process, /data/user/0/com.legogo.browser/files/daemon com.legogo.browser/com.doit.aar.applock.service.AppLockService
237# N OS neverallow rule.
238auditfilter untrusted_app properties_serial:file execute;
239
240# P160927-04739 com.dianxinos.dxbs
241# avc: denied { read } for pid=10674 comm="pool-6-thread-1" name="u:object_r:system_security_prop:s0" dev="tmpfs" ino=2415 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_security_prop:s0 tclass=file permissive=0
242auditfilter untrusted_app system_security_prop:file read;
243
244# P161004-01832 SM-G935F_EUR_NN_XX
245# com.ebcard.bustago
246# avc: denied { read } for pid=27244 comm="find" name="subsystem" dev="sysfs" ino=18665 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs_hwrandom:s0 tclass=lnk_file permissive=0
247# avc: denied { read } for pid=25825 comm="find" name="bdi" dev="sysfs" ino=20465 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs_zram:s0 tclass=lnk_file permissive=0
248# P170614-04846
249# avc: denied { read } for pid=6383 comm="Thread-266" name="subsystem" dev="sysfs" ino=34720 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs_hwrandom:s0 tclass=lnk_file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
250auditfilter untrusted_app sysfs_hwrandom:lnk_file read;
251auditfilter untrusted_app sysfs_zram:lnk_file read; comm="find"
252
253# P161004-04042 SM-G935F_EUR_NN_XX 3rd party app denial
254# jp.co.johospace.jorte avc: denied { search } for pid=3301 comm="Thread-13" name="com.skms.android.agent" dev="dm-1" ino=262190 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
255auditfilter untrusted_app system_app_data_file:dir search;
256
257# P170124-07845
258# when untrusted_app search directories under /data/data, if some package directory has 644 permission, then below denials are occurred.
259auditfilter untrusted_app radio_data_file:dir search;
260auditfilter untrusted_app aasa_service_app_data_file:dir search;
261
262# P161004-04042 SM-G935F_EUR_NN_XX neverallow rule, anr_data_file
263# com.ningso.samsung - avc: denied { read } for pid=26344 comm=".ningso.samsung" name="anr" dev="dm-1" ino=524291 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:anr_data_file:s0 tclass=dir permissive=0
264auditfilter untrusted_app anr_data_file:dir read;
265
266# P170112-01702 neverallow rule
267# com.amazon.kindle
268auditfilter untrusted_app anr_data_file:file read;
269
270# PL(woohui.kim) request : OneStoreService denied (com.skt.skaf.OA00018282)
271# avc: denied { read } for pid=6197 comm="skaf.OA00018282" name="default.prop" dev="rootfs" ino=8630 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0002
272auditfilter untrusted_app rootfs:file read; comm="skaf.OA00018282"
273
274# P161124-02548 com.smc.mobile.pguidea
275# avc: denied { getattr } for pid=29288 comm="find" path="/dev/__properties__/u:object_r:recovery_prop:s0" dev="tmpfs" ino=13154 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:recovery_prop:s0 tclass=file permissive=0
276# avc: denied { getattr } for pid=29288 comm="find" path="/dev/__properties__/u:object_r:safemode_prop:s0" dev="tmpfs" ino=13165 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:safemode_prop:s0 tclass=file permissive=0
277# avc: denied { getattr } for pid=29288 comm="find" path="/dev/__properties__/u:object_r:user_prop:s0" dev="tmpfs" ino=13152 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:user_prop:s0 tclass=file permissive=0
278# avc: denied { getattr } for pid=29288 comm="find" path="/dev/mem" dev="tmpfs" ino=3476 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:kmem_device:s0 tclass=chr_file permissive=0
279# avc: denied { read } for pid=29288 comm="find" name="bdi" dev="sysfs" ino=28447 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs_vnswap:s0 tclass=lnk_file permissive=0
280# P170614-04846
281# avc: denied { read } for pid=6383 comm="Thread-266" name="bdi" dev="sysfs" ino=44104 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs_vnswap:s0 tclass=lnk_file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
282auditfilter untrusted_app { recovery_prop safemode_prop user_prop }:file getattr; comm="find"
283auditfilter untrusted_app kmem_device:chr_file getattr; comm="find"
284auditfilter untrusted_app sysfs_vnswap:lnk_file read;
285
286#P161228-02118 com.smc.mobile.pguidea / find -name su
287#avc: denied { read } for pid=20817 comm="find" name="midi.0" dev="configfs" ino=19543 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:configfs:s0 tclass=lnk_file permissive=0 SEPF_SECMOBILE_7.0_0002
288auditfilter untrusted_app configfs:lnk_file read; comm="find"
289
290# P161213-04558, P161214-01624
291# This rule can make sluggish
292auditfilter zygote untrusted_app:process ptrace;
83dc35bd 293
8c8508f8
S		 294# P161219-04736
295# neverallow untrusted_app file_type:file link;
296# avc: denied { link } for pid=4452 comm=".android.reader" name="3336a65c52528c9c368e942d3dd307f8-le32d4.cache-3.TMP-17CUwn" dev="sda25" ino=393785 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0
297auditfilter untrusted_app app_data_file:file link;
83dc35bd 298
8c8508f8
S		 299# P170418-03798
300# It is cmcc operater customered app
301# avc: denied { write } for pid=28698 comm="c10086.activity" name="com.greenpoint.android.mc10086.activity" dev="mmcblk1p1" ino=1171 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:vfat:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
302auditfilter untrusted_app vfat:dir write; comm="c10086.activity" name="com.greenpoint.android.mc10086.activity"
303
304# P161221-03251, P161221-00307
305# avc: denied { set } for property=ro.dbg.coresight.cfg_file pid=944 uid=0 gid=0 scontext=u:r:qti_init_shell:s0 tcontext=u:object_r:coresight_prop:s0 tclass=property_service permissive=0
306# avc: denied { write } for pid=844 comm="sh" name="wdog_trace_enable" dev="debugfs" ino=8892 scontext=u:r:qti_init_shell:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0002
307# N MR1 Booting Denial
308# /system/bin/sh /persist/coresight/qdss.agent.shpost-boot /system/etc/init.qcom.debug.sh
309# avc: denied { open } for pid=8617 comm="sh" path="/sys/kernel/debug/osm/pwrcl_clk/wdog_trace_enable" dev="debugfs" ino=9320 scontext=u:r:qti_init_shell:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=1 SEPF_SECMOBILE_7.1.1_0000 unfiltered
310# P170510-01440
311# avc: denied { write } for pid=631 comm="sh" name="tracing_on" dev="tracefs" ino=5231 scontext=u:r:qti_init_shell:s0 tcontext=u:object_r:debugfs_tracing:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
312auditfilter qti_init_shell coresight_prop:property_service set;
313auditfilter qti_init_shell debugfs:file { write open };
314auditfilter qti_init_shell debugfs_tracing:file write;
315
316# P170118-07453
317# request by sunmi00.kwon@samsung.com
318# It dosen't effect to real function.
319# type=1400 audit(1484583190.680:306): avc: denied { search } for pid=15861 comm=".filterprovider" name="com.samsung.android.provider.filterprovider" dev="dm-1" ino=262150 scontext=u:r:platform_app:s0:c522,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0 SEPF_SECMOBILE_7.0_0004
320auditfilter platform_app app_data_file:dir search; comm=".filterprovider" name="com.samsung.android.provider.filterprovider"
321
322# P170128-00710
323# avc: denied { read } for pid=28608 comm="e.android.phone" name="mem" dev="debugfs" ino=820875 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sec_debugfs:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0004 unfiltered
324# P170128-00246
325# avc: denied { read } for pid=22732 comm="ErrorReportingT" name="mem" dev="debugfs" ino=1802446 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sec_debugfs:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0004 unfiltered
326# P170127-00631
327# avc: denied { read } for pid=25733 comm="Thread-5" name="mem" dev="debugfs" ino=383382 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sec_debugfs:s0 tclass=file permissive=0 type=1327 audit(1485386676.855:552): proctitle="co.rottz.realkakuro"
328# neverallow untrusted_app debugfs_type:file read;
329auditfilter untrusted_app sec_debugfs:file read;
330
331# P170127-00630
332# avc: denied { write } for pid=11989 comm="iop" path="/data/knox/data/100/EN.FYbjLm6ubBY1ZUYxJ5OVcAyCeynel0ezMl0ku6l.IQx.PzZY7DSZoSFGHuPTOFAekqmkDQUqUO2ibkxJEDOmyTHJh0GYMqozuTeE/EN.FWbjLm6ubBY1ZUYxJ5OVcAyCeynel0ezMl0kYp.wbvq8rQcYx2oupoDjoU--/EN.FXbjLm6ubBY1ZUYxJ5OVcAyCeynel0ezMl0kA.-sbdoSNTbiuzbFZ2-atlBN6TVFfsrfWZRrVInKY3E-" dev="sda25" ino=1440114 scontext=u:r:dumpstate:s0 tcontext=u:object_r:app_data_file:s0:c612,c768 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0004
333auditfilter dumpstate app_data_file:file write;
334
335# P170213-02015
336# avc: denied { write } for pid=16455 comm="iop" path="/data/knox/data/100/EN.FXZZSXPkzIIoF-ZSNSg-BxO31KCYbNsflS2JCP1i4ZCRV0ZQuP4Gt54qIKZEPhmp9wb55k2sYGFqukk-/EN.FWZZSXPkzIIoF-ZSNSg-BxO31KCYbNsflS2JOKK46uuBUXtPBZi9Mv3W6U--/EN.FYZZSXPkzIIoF-ZSNSg-BxO31KCYbNsflS2JCP1i4ZCRV0ZQuP4Gt54qIKZEPhmp9wb55k2sYGFquknv54I0oYZRiBlGGGsHfVUL" dev="dm-1" ino=1245655 scontext=u:r:dumpstate:s0 tcontext=u:object_r:system_app_data_file:s0 tclass=file permissive=0
337auditfilter dumpstate system_app_data_file:file write;
338
339# board/N_review_request/view/21974971
340# avc: denied { read } for pid=19807 comm="iop" name="com.android.nfc" dev="dm-0" ino=131258 scontext=u:r:dumpstate:s0 tcontext=u:object_r:nfc_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
341auditfilter dumpstate nfc_data_file:dir read; comm="iop" name="com.android.nfc"
342
343# http://mobilerndhub.sec.samsung.net/hub/site/seandroid/board/N_review_request/view/22117527
344# requester : jae.kim@samsung.com
345# avc: denied { search } for pid=15422 comm="iop" name="DAK" dev="sda6" ino=122 scontext=u:r:dumpstate:s0 tcontext=u:object_r:prov_efs_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
346auditfilter dumpstate prov_efs_file:dir search; comm="iop" name="DAK"
347
348# P170130-00994
349# com.nhnent.payapp
350# neverallow { appdomain -system_app -shell } kernel:system syslog_read;
351# avc: denied { syslog_read } for pid=9654 comm="dmesg" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:kernel:s0 tclass=system permissive=0 SEPF_SECMOBILE_7.0_0004 unfiltered
352auditfilter untrusted_app kernel:system syslog_read;
83dc35bd 353
8c8508f8
S		 354# board/N_review_request/view/21733557
355# board/N_review_request/view/21735670
356# some system_app's dex is not updated after FOTA, it will be re-made by dex2oat after next re-boot or after 72 min. so it can be ignored.
357# normal app cases might be blocked DAC side.
358# avc: denied { write } for pid=20472 comm="id.smartfitting" name="system@app@SmartFittingService@SmartFittingService.apk@classes.dex" dev="dm-1" ino=607 scontext=u:r:system_app:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file
359# avc: denied { write } for pid=26042 comm="oid.sm.provider" name="system@priv-app@SmartManager_v5@SmartManager_v5.apk@classes.dex" dev="dm-1" ino=733 scontext=u:r:system_app:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file
360auditfilter system_app dalvikcache_data_file:file write;
361
362# P170414-00369
363# avc: denied { search } for pid=25568 comm="t.event.handler" name="com.dsi.ant.server" dev="dm-1" ino=655744 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:bluetooth_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.0_0007 unfiltered
364# proctitle="com.glassdoor.app" unfiltered
365# P170612-03254
366# avc: denied { search } for pid=557 comm="Thread-42" name="com.dsi.ant.server" dev="dm-1" ino=570 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:bluetooth_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
367auditfilter untrusted_app bluetooth_data_file:dir search; name="com.dsi.ant.server"
368
369# P170612-03254
370# avc: denied { search } for pid=557 comm="Thread-42" name="com.qualcomm.location.XT" dev="dm-1" ino=827 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:location_app_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
371auditfilter untrusted_app location_app_data_file:dir search; name="com.qualcomm.location.XT"
372
373# P170417-03694
374# avc: denied { create } for pid=14955 comm="Thread-16" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=netlink_tcpdiag_socket permissive=0 SEPF_SM-G615F_7.0_0008 unfiltered
375# proctitle="com.opera.max.oem"
376auditfilter untrusted_app untrusted_app:netlink_tcpdiag_socket create;
377
378# P170413-00278
379# avc: denied { create } for pid=11829 comm="tv.dvrscheduler" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=netlink_kobject_uevent_socket permissive=0 SEPF_SECMOBILE_7.0_0007 unfiltered
380auditfilter untrusted_app untrusted_app:netlink_kobject_uevent_socket create;
83dc35bd 381
8c8508f8
S		 382# P170605-01226
383# avc: denied { read } for pid=11941 comm="Thread-56" name="info.extra" dev="mmcblk0p19" ino=2264 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:info_extra_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0009 unfiltered
384# avc: denied { read } for pid=18964 comm="Thread-60" name=4F7665722074686520486F72697A6F6E2E6D7033 dev="mmcblk0p21" ino=20 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:hidden_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0009 unfiltered
385# proctitle="com.estsoft.alyac"
386auditfilter untrusted_app info_extra_file:file read;
387auditfilter untrusted_app hidden_file:file read;
83dc35bd 388
8c8508f8 389########### non-appdomain ###########
83dc35bd 390
8c8508f8
S		 391# P170211-00326
392# avc: denied { open } for pid=12369 comm="main" path="/mnt/asec/com.samsung.context.hwlogcollector-1/base.apk" dev="dm-2" ino=12 scontext=u:r:dex2oat:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file permissive=0
393auditfilter dex2oat asec_apk_file:file open; path="/mnt/asec/com.samsung.context.hwlogcollector-1/base.apk"
394
395# P170606-00237
396# avc: denied { open } for pid=9153 comm="main" path="/mnt/asec/com.samsung.android.bixby.report-1/base.apk" dev="dm-2" ino=12 scontext=u:r:dex2oat:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
397# P170718-03491
398# avc: denied { open } for pid=18765 comm="main" path="/mnt/asec/com.samsung.android.bixby.report-2/base.apk" dev="dm-2" ino=12 scontext=u:r:dex2oat:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
399# P170714-02442
400# avc: denied { open } for pid=30252 comm="main" path="/mnt/asec/com.samsung.android.bixby.report-2/base.apk" dev="dm-2" ino=12 scontext=u:r:dex2oat:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
401auditfilter dex2oat asec_apk_file:file open; comm="main"
402
403# P170417-03700
404# There is no one who in charge of md_monitor.
405# avc: denied { open } for pid=431 comm="md_monitor" path="/data/md_mon/mdlog_mon1_config" dev="dm-1" ino=524298 scontext=u:r:md_monitor:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0 SEPF_SM-G615F_7.0_0008 unfiltered
406auditfilter md_monitor system_data_file:file open; path="/data/md_mon/mdlog_mon1_config"
407
408# P170420-02771
409# avc: denied { write } for pid=9436 comm="Chrome_InProcGp" name="property_service" dev="tmpfs" ino=11331 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 SEPF_SM-G615F_7.0_0008 unfiltered
410# neverallow rule
411auditfilter untrusted_app property_socket:sock_file write;
412
413# P170419-03510, P170424-02725
414# avc: denied { read } for pid=26584 comm=4A6F62202335 name="ueventd.qcom.rc" dev="rootfs" ino=2991 scontext=u:r:untrusted_app:s0:c612,c768 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0007 unfiltered
415auditfilter untrusted_app rootfs:file read; dev="rootfs"
416
417# P170527-01911
418# avc: denied { read } for pid=25851 comm="Thread-52" name="iSerial" dev="sysfs" ino=27407 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs_android_usb:s0 tclass=file permissive=0 SEPF_SM-C7100_7.1.1_0001 unfiltered
419auditfilter untrusted_app sysfs_android_usb:file read; comm="Thread-52" name="iSerial"
420
421# P170506-00817
422# avc: denied { call } for pid=9225 comm="dumpsys" scontext=u:r:dumpstate:s0 tcontext=u:r:update_engine:s0 tclass=binder permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
423auditfilter dumpstate update_engine:binder call; comm="dumpsys"
424
425# http://mobilerndhub.sec.samsung.net/hub/site/seandroid/board/N_review_request/view/22050903
426# Requester : jm_0512.park@samsung.com
427# avc: denied { use } for pid=21413 comm="dumpsys" path="pipe:[749571]" dev="pipefs" ino=749571 scontext=u:r:remotedisplay:s0 tcontext=u:r:system_app:s0 tclass=fd permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
428auditfilter remotedisplay system_app:fd use; comm="dumpsys"
429
430# P170621-00931, P170707-01709
431# avc: denied { read } for pid=15397 comm="Thread-12" name="rtt_dump.txt" dev="dm-1" ino=1310729 scontext=u:r:system_app:s0 tcontext=u:object_r:sf_rtt_file:s0 tclass=file permissive=0 SEPF_SM-C7100_7.1.1_0001 unfiltered
432auditfilter system_app sf_rtt_file:file read; name="rtt_dump.txt"
433
434# P170529-02761
435# avc: denied { call } for pid=30767 comm=4173796E635461736B20233133 scontext=u:r:system_app:s0 tcontext=u:r:update_engine:s0 tclass=binder permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
436auditfilter system_app update_engine:binder call; comm="4173796E635461736B20233133"
437
438# P170613-04684
439# avc: denied { getattr } for pid=13669 comm="generateLogThre" path="/data/anr" dev="dm-1" ino=194310 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:anr_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
440auditfilter untrusted_app anr_data_file:dir getattr;
441
442# P170614-04074
443# avc: denied { search } for pid=10201 comm="roid.phrasebook" name="com.nhn.android.phrasebook" dev="dm-1" ino=261993 scontext=u:r:untrusted_app:s0:c522,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
444# P170614-04378
445# avc: denied { search } for pid=10741 comm=4173796E635461736B202331 name="com.imbc.mini" dev="dm-1" ino=261927 scontext=u:r:untrusted_app:s0:c522,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
446auditfilter untrusted_app app_data_file:dir search;
447
448# P170614-03245
449# avc: denied { search } for pid=30434 comm=4173796E635461736B202331 name="com.yandex.browser" dev="dm-1" ino=992 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
450auditfilter isolated_app app_data_file:dir search; name="com.yandex.browser"
451
452# P170614-04846
453# avc: denied { getattr } for pid=6383 comm="Thread-272" path="socket:[300517]" dev="sockfs" ino=300517 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:zygote:s0 tclass=unix_dgram_socket permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
454auditfilter untrusted_app zygote:unix_dgram_socket getattr;
455
456# http://mobilerndhub.sec.samsung.net/hub/site/seandroid/board/N_review_request/view/22072962
457# avc: denied { write } for pid=29264 comm="ndroid.settings" path="/data/knox/data/150" dev="dm-1" ino=1638436 scontext=u:r:system_app:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
458# avc: denied { write } for pid=1073 comm="ecryptfs-kthrea" path="/data/knox/data/150" dev="dm-1" ino=1638436 scontext=u:r:kernel:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
459auditfilter system_app system_data_file:dir write; comm="ndroid.settings"
460auditfilter kernel system_data_file:dir write; comm="ecryptfs-kthrea"
461
462# P170617-02163
463# avc: denied { execmod } for pid=4067 comm="weshare.jiekuan" path="/system/lib/libart.so" dev="dm-0" ino=1668 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 SEPF_SM-C7100_7.1.1_0001 unfiltered
464auditfilter untrusted_app system_file:file execmod;
465
466# P170617-02122 P170617-02112
467# avc: denied { execmod } for pid=29204 comm="m.youba.barcode" path="/system/lib/libart.so" dev="dm-0" ino=1668 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 SEPF_SM-C7100_7.1.1_0001 unfiltered
468# avc: denied { getattr } for pid=8544 comm=557365725461736B202331 path="/data/anr/traces.txt" dev="dm-1" ino=1310726 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:anr_data_file:s0 tclass=file permissive=0 SEPF_SM-C7100_7.1.1_0001 unfiltered
469auditfilter untrusted_app anr_data_file:file getattr;
470
471# P170617-01398 P170617-01381
472# avc: denied { write } for pid=16604 comm=4173796E635461736B202332 name="fd" dev="proc" ino=223680 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=dir permissive=0 SEPF_SM-C7100_7.1.1_0001 unfiltered
473auditfilter untrusted_app untrusted_app:dir write;
474
475# P170620-03360
476# avc: denied { read } for pid=14485 comm="sai.mediaplayer" name="accessory.0" dev="configfs" ino=11771 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:configfs:s0 tclass=lnk_file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
477auditfilter untrusted_app configfs:lnk_file read;
478
479# P170623-01454
480# avc: denied { read } for pid=16048 comm="Thread-60" name="iSerial" dev="sysfs" ino=27450 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs_android_usb:s0 tclass=file permissive=0 SEPF_SM-C7100_7.1.1_0001 unfiltered
481auditfilter untrusted_app sysfs_android_usb:file read;
482
483# P170627-00416
484# avc: denied { setattr } for pid=25964 comm="highpool[0]" name="libAppDataSearch.so" dev="dm-1" ino=65771 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
485auditfilter priv_app apk_data_file:file setattr;
486
487# P170627-02414
488# avc: denied { node_bind } for pid=20418 comm="Thread-70" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:node:s0 tclass=rawip_socket permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
489auditfilter untrusted_app node:rawip_socket node_bind;
490
491# P170701-01202
492# avc: denied { read } for pid=27965 comm="Binder:27927_3" name="u:object_r:vpn_prop:s0" dev="tmpfs" ino=21530 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:vpn_prop:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
493auditfilter untrusted_app vpn_prop:file read;
494
495# P170703-00252
496# avc: denied { read } for pid=5951 comm=".katana:browser" name="core_pattern" dev="proc" ino=2896567 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:usermodehelper:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
497auditfilter untrusted_app usermodehelper:file read;
498
499# P170630-04179
500# Requester : joongmin.ahn@samsung.com
501# avc: denied { append } for pid=2924 comm="Thread-2" name="mhs.log" dev="dm-0" ino=457675 scontext=u:r:zygote:s0 tcontext=u:object_r:sec_wifi_data_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.0_0009 unfiltered
502auditfilter zygote sec_wifi_data_file:file append; name="mhs.log"
503
504# P170705-00101
505# avc: denied { read } for pid=25772 comm="CTION_IDLE_MODE" name="authorize.xml" dev="dm-0" ino=1284 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:security_system_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
506auditfilter priv_app security_system_file:file read; comm="CTION_IDLE_MODE"
507
508# P170707-03498
509# avc: denied { getattr } for pid=25574 comm="android.bankabc" path="/data/misc/profiles/cur/0/foreign-dex/@system@app@WebViewGoogle@WebViewGoogle.apk" dev="dm-1" ino=1704462 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:user_profile_foreign_dex_data_file:s0:c512,c768 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
510# avc: denied { search } for pid=7140 comm="er:bdservice_v1" name="com.baidu.BaiduMap" dev="dm-1" ino=1180187 scontext=u:r:system_app:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
511auditfilter untrusted_app user_profile_foreign_dex_data_file:file getattr;
512auditfilter system_app app_data_file:dir search; comm="er:bdservice_v1" name="com.baidu.BaiduMap"
513
514# P170701-00755, P170705-00092
515# avc: denied { read } for pid=22008 comm="insthk" name="sfs" dev="sda6" ino=25 scontext=u:r:system_app:s0 tcontext=u:object_r:efs_file:s0 tclass=dir permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
516auditfilter system_app efs_file:dir read; comm="insthk"
517
518# P170714-00576
519# avc: denied { read } for pid=8244 comm="Thread-7" name="authorize.xml" dev="dm-0" ino=382 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:security_system_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
520auditfilter untrusted_app security_system_file:file read;
521
522# P170714-00557
523# avc: denied { getattr } for pid=4086 comm="pool-1-thread-1" path="/dev/__properties__/u:object_r:device_logging_prop:s0" dev="tmpfs" ino=11769 scontext=u:r:trustonicpartner_app:s0:c512,c768 tcontext=u:object_r:device_logging_prop:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
524# avc: denied { getattr } for pid=4086 comm="pool-1-thread-1" path="/dev/__properties__/u:object_r:logpersistd_logging_prop:s0" dev="tmpfs" ino=11768 scontext=u:r:trustonicpartner_app:s0:c512,c768 tcontext=u:object_r:logpersistd_logging_prop:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
525# avc: denied { getattr } for pid=4086 comm="pool-1-thread-1" path="/dev/__properties__/u:object_r:mmc_prop:s0" dev="tmpfs" ino=11767 scontext=u:r:trustonicpartner_app:s0:c512,c768 tcontext=u:object_r:mmc_prop:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
526# avc: denied { getattr } for pid=4086 comm="pool-1-thread-1" path="/dev/__properties__/u:object_r:safemode_prop:s0" dev="tmpfs" ino=11766 scontext=u:r:trustonicpartner_app:s0:c512,c768 tcontext=u:object_r:safemode_prop:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
527# avc: denied { getattr } for pid=4086 comm="pool-1-thread-1" path="/dev/__properties__/u:object_r:recovery_prop:s0" dev="tmpfs" ino=11755 scontext=u:r:trustonicpartner_app:s0:c512,c768 tcontext=u:object_r:recovery_prop:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
528auditfilter trustonicpartner_app device_logging_prop:file getattr;
529auditfilter trustonicpartner_app logpersistd_logging_prop:file getattr;
530auditfilter trustonicpartner_app mmc_prop:file getattr;
531auditfilter trustonicpartner_app safemode_prop:file getattr;
532auditfilter trustonicpartner_app recovery_prop:file getattr;
533
534# P170714-05427
535# avc: denied { create } for pid=11475 comm="Chrome_libJingl" scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:r:isolated_app:s0:c512,c768 tclass=udp_socket permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
536auditfilter isolated_app isolated_app:udp_socket create;
537
538# P170720-00250
539# http://mobilerndhub.sec.samsung.net/hub/site/seandroid/board/N_review_request/view/22192704
540# avc: denied { read } for pid=10904 comm="clatd" path="/proc/3155/cmdline" dev="proc" ino=196525 scontext=u:r:clatd:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
541# Requester : ansik.shin
542auditfilter clatd platform_app:file read; comm="clatd"
543
544# P170720-03498
545# avc: denied { read write } for pid=22352 comm="clatd" path="socket:[5128116]" dev="sockfs" ino=5128116 scontext=u:r:clatd:s0 tcontext=u:r:system_server:s0 tclass=udp_socket permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
546# P170720-03465
547# avc: denied { read write } for pid=23029 comm="clatd" path="socket:[4127978]" dev="sockfs" ino=4127978 scontext=u:r:clatd:s0 tcontext=u:r:system_server:s0 tclass=udp_socket permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
548# Requester : ansik.shin
549auditfilter clatd system_server:udp_socket { read write }; comm="clatd"
550
551# P170726-06137, P170726-06093
552avc: denied { write } for pid=16037 comm="com.policydm" name="system@priv-app@SPDClient@SPDClient.apk@classes.dex" dev="dm-1" ino=738 scontext=u:r:policyloader_app:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
553auditfilter policyloader_app dalvikcache_data_file:file write; comm="com.policydm"
554
555# http://mobilerndhub.sec.samsung.net/hub/site/seandroid/board/N_review_request/view/22232201
556# avc: denied { call } for pid=1221 comm="Binder:780_1" scontext=u:r:audioserver:s0 tcontext=u:r:audiod:s0 tclass=binder permissive=0 SEPF_SECMOBILE_7.1.1_0001 unfiltered
557auditfilter audioserver audiod:binder call;