在规则文件中增加permission字段来检查权限滥用 #57

firmianay · 2023-11-03T03:36:11Z

APIMode现在只是单纯的找API，是不是可以根据API-Permission的映射关系，如果扫描结果为空，但权限清单中包含该permission，就判断存在权限滥用

{
  "获取蓝牙设备信息": {
    "desc": {
      "category": "camille",
      "detail": "获取蓝牙设备信息",
      "name": "获取蓝牙设备信息",
      "complianceCategory": "ComplianceInfo"
    },
    "permission": "android.permission.BLUETOOTH_CONNECT", // 新增
    "sink": {
      "<android.bluetooth.BluetoothAdapter: * getName(*)>": {},
      "<android.bluetooth.BluetoothDevice: * getAddress(*)>": {},
      "<android.bluetooth.BluetoothDevice: * getName(*)>": {}
    },
    "APIMode": true
  }
}

The text was updated successfully, but these errors were encountered:

nkbai · 2023-11-03T05:47:10Z

已合并

firmianay · 2023-11-03T06:12:47Z

好像被误关了QAQ

nkbai · 2023-11-16T05:52:33Z

APIMode现在只是单纯的找API，是不是可以根据API-Permission的映射关系，如果扫描结果为空，但权限清单中包含该permission，就判断存在权限滥用

{
  "获取蓝牙设备信息": {
    "desc": {
      "category": "camille",
      "detail": "获取蓝牙设备信息",
      "name": "获取蓝牙设备信息",
      "complianceCategory": "ComplianceInfo"
    },
    "permission": "android.permission.BLUETOOTH_CONNECT", // 新增
    "sink": {
      "<android.bluetooth.BluetoothAdapter: * getName(*)>": {},
      "<android.bluetooth.BluetoothDevice: * getAddress(*)>": {},
      "<android.bluetooth.BluetoothDevice: * getName(*)>": {}
    },
    "APIMode": true
  }
}

对于输出结果的影响呢？文档描述，解释一下？

firmianay · 2023-11-16T06:52:57Z

结果像这样，UsePermissions从数组改成了字典，每个权限标记为"used""unused""unknown"这三种。其中最重要的工作就是维护API-Permission的映射关系

    "UsePermissions": {
        "com.example.myvultest.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION": "unknown",
        "android.permission.ACCESS_WIFI_STATE": "used",
        "android.permission.READ_EXTERNAL_STORAGE": "unused"
    },

nkbai · 2023-11-16T08:28:09Z

这个映射关系不需要appshark来维护？规则里面明确指明api关联的权限？感觉这样意义不大。

firmianay · 2023-11-16T09:02:18Z

不需要，appshark只是引擎，因为还有些是自定义权限，不好公开，放在规则里就行。
相当于一次性加载上百条这种规则，扫出所有命中的函数，如果不改引擎，最终的results.json可能会很大很大，但其实我们想要的只是标记出多余申请的权限，这些命中的函数打印出来没用。
如果permission这个字段为空，一切行为还跟以前一样。

nkbai · 2023-11-16T09:16:13Z

如果是这样，直接对appshark的结果进行二次处理可能更合适

nkbai closed this as completed Nov 3, 2023

nkbai reopened this Nov 3, 2023

firmianay mentioned this issue Nov 14, 2023

add api-permission check #61

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

在规则文件中增加permission字段来检查权限滥用 #57

在规则文件中增加permission字段来检查权限滥用 #57

firmianay commented Nov 3, 2023

nkbai commented Nov 3, 2023 •

edited

Loading

firmianay commented Nov 3, 2023

nkbai commented Nov 16, 2023

firmianay commented Nov 16, 2023

nkbai commented Nov 16, 2023

firmianay commented Nov 16, 2023

nkbai commented Nov 16, 2023

在规则文件中增加permission字段来检查权限滥用 #57

在规则文件中增加permission字段来检查权限滥用 #57

Comments

firmianay commented Nov 3, 2023

nkbai commented Nov 3, 2023 • edited Loading

firmianay commented Nov 3, 2023

nkbai commented Nov 16, 2023

firmianay commented Nov 16, 2023

nkbai commented Nov 16, 2023

firmianay commented Nov 16, 2023

nkbai commented Nov 16, 2023

nkbai commented Nov 3, 2023 •

edited

Loading