joeyjiaojg / seal Goto Github PK

SEAL is a SEAndroid live device analysis tool. It can perform policy analysis on Android devices (real or emulated) connected through ADB. Devices must be rooted or running a debug build. Running the tool on a non-rooted production device will yield incomplete results.

usage: seal [-h] [--adb ADB] [--device <DEVICE>]
               {polinfo,files,processes} ...

positional arguments:
  {polinfo,files,processes}
                        sub-command help
    polinfo             Show policy info from device
    files               List all files on the device
    processes           List all processes on the device

optional arguments:
  -h, --help            show this help message and exit
  --adb ADB             Path to your local root adb if not in your $PATH
  --device <DEVICE>     Specify a device to work with

The tool offers functionality through a set of subcommands. The current ones are:

• polinfo - view policy statistics from a connected device
• files - list files on the device, optionally filtering to show only files a specific process has access to
• processes - list processes on the device, optionally filtering to show only processes that have access to a specific file/path

A graphical frontend to the SEALv1 tool is available as SEALX. An equivalent graphical tool for SEALv2 is in the works.

SEAL is available in two versions, SEALv1 and SEALv2. SEALv2 is the current version. SEALv1 can deal with SELinux policies up to version 29, and with Android up to version 5.1; for more recent Android and SELinux policy versions, SEALv2 is required.

###SEALv2 SEALv2 may be obtained by cloning this repository. From the command line, do:

$ git clone [email protected]:seandroid-analytics/seal.git

The SEALv2 library requires the setools library from SEToolsv4. The setools library is also distributed as part of the AOSP tree, where it is distributed as a prebuilt. After downloading the AOSP tree in $WORKING_DIRECTORY, the setools package will be in

$WORKING_DIRECTORY/prebuilts/python/linux-x86/2.7.5/lib/python2.7/site-packages

To use this package, add this path to your $PYTHONPATH; for example, on Ubuntu 14.04 LTS add this to your .profile:

export PYTHONPATH="$WORKING_DIRECTORY/prebuilts/python/linux-x86/2.7.5/lib/python2.7/site-packages:$PYTHONPATH"

SEALv2 also requires the Android Debug Bridge to be installed and in your $PATH. You may use the ADB which comes with the Android SDK (recommended), or install it through your distribution's package manager.

###SEALv1 SEALv1 is no longer being developed. SEALv1 can be downloaded from GitHub as a release.

The SEALv1 library requires the Python bindings to libapol and libqpol from SEToolsv3. These can be obtained on Ubuntu 14.04 LTS by installing the python-setools package. SEALv1 also requires the Android Debug Bridge to be installed and in your $PATH. You may use the ADB which comes with the Android SDK (recommended), or install it through your distribution's package manager.

From the resulting directory, run:

$ python seal.py [GLOBAL OPTIONS] <subcommand> [OPTIONS]

You can report bugs in the project issue tracker.

Copyright (C) 2015 Aalto University

SEAL is licensed under the Apache License 2.0 (see LICENSE).

SEAL is an open source project being developed at Aalto University as part of the Intel Collaborative Research Institute for Secure Computing (ICRI-SC).