File system changes in Android Nougat

怎甘沉沦 提交于 2019-12-02 17:30:57

There were two groups of changes reducing access to /proc.

The procfs filesystem is now mounted with hidepid=2, eliminating access to the /proc/PID directories of other users. This change was implemented in CopperheadOS and was then adopted upstream based on it. There's a group for making exceptions but it's not exposed as a permission. It's only used to make exceptions for some processes in the base system. It could be exposed as a 'dangerous' permission and it's what I expected Google would end up doing but they decided that users wouldn't understand the implications of it.

https://android-review.googlesource.com/#/c/181345/

SELinux policies also became much stricter. For apps, there's no baseline access to /proc at all anymore, although that only applies to files other than the /proc/PID directories. There's still access to a few files with labels not falling under the general proc policy, but it's mostly gone. This has been gradual and there are many relevant commits. One of the big ones:

https://android-review.googlesource.com/#/c/105337/

This not only removes a lot of obvious information, but it also closes some more blatant security holes involving side channels allowing things like logging keyboard input:

SELinux policies have also become a lot stricter in general over time. You can see the rest of that in the platform/system/sepolicy repository. Note that it was at platform/external/sepolicy for a long time but it was recently moved.

This was done for security and privacy reasons. From the bug report:

In the case of the root (/) and /sys filesystems, a directory listing is not possible.

The official answer from Google:

The behavior you're describing is working as intended. Android provides strict sandboxes that applications must run in. These sandboxes protect application data from other applications, including application metadata such as process state.

/sys and /proc are well known for leaking side channel information about processes, information which can be used to infer state about the processes. For instance, it's been documented for years that /proc access can be used to monitor for app launching, enabling phishing attacks.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!