Restrict reading /proc data

[Tungstwenty]

Under /proc there's a lot of information that can be read without root access and is likely to include privacy-related info.

Some examples:

• "cat /proc/*/cmdline" will likely show at least a hostname for the dhcpd process.
• /proc/cpuinfo can disclose the CPU serial number (it does in one of the devices I checked, the other reports 000000....)

All this can be read from any app using the standard java IO apis.
Note that the structure of /proc can vary a lot between devices, so a restriction on file access to /proc/* might be needed (shell commands can be restricted through the existing option).

[M66B]

./libcore/luni/src/main/java/libcore/io/IoBridge.java
public static FileDescriptor open(String path, int flags) throws FileNotFoundException

[M66B]

Will be fixed in the next release

[norbertc]

/proc are necessary component read by android from the kernel so restricting access to it may cause bootloops.

[M66B]

Maybe if the category ID for Android itself was restricted, but my best guess is that there is also an open method without parameters, but I have to look into this. Else calling isRestricted may have side effects in some environments.

[unclefab]

I installed it this night and got a bootloop, so I had to downgrade back to 1.5...

[M66B]

@unclefab version 1.6.1 should solve the problem.
Can you please contact me through XDA PM for some tests, so I can pinpoint the problem?

[unclefab]

Sure!! But I'm back to V 1.5 (see my comment in the bootloop issue).

[M66B]

Will be fixed and work in the next release.