search

Gedsh / InviZible

Android application for online privacy and security
https://invizible.net
GNU General Public License v3.0
1.49k stars 103 forks source link

ARP Scanning Conflicts With SELinux Policy? #79

Closed rhclayto closed 3 years ago

rhclayto commented 3 years ago

Running logcat on my device, I find the following the the logs, repeating every ten seconds:

2021-03-24 10:58:12.573 1822-1822/? D/InterruptionStateProvider: No bubble up: not allowed to bubble: 0|pan.alexander.tordnscrypt.stable|101102|null|10174
2021-03-24 10:58:12.575 1822-1822/? D/InterruptionStateProvider: No pulsing: disabled by setting: 0|pan.alexander.tordnscrypt.stable|101102|null|10174
2021-03-24 10:58:12.806 5633-5834/? W/pan.alexander.TPDCLogs: ArpScanner onCommandResult exitCode:1 commandCode:100
2021-03-24 10:58:12.799 5290-5290/? W/ip: type=1400 audit(0.0:16816): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c174,c256,c512,c768 tcontext=u:r:untrusted_app:s0:c174,c256,c512,c768 tclass=netlink_route_socket permissive=0 b/155595000 app=pan.alexander.tordnscrypt.stable

I have no experience debugging Android, but a quick DuckDuckGo search says that avc: denied { bind } indicates an SELinux policy denial. As this always comes after the ArpScanner onCommandResult line, I wonder if ARP Scanning (which I have enabled in InviZible) conflicts with the SELinux policy of my device (GrapheneOS ROM on Google Pixel 4 XL).

Is this something to be concerned about? Should I disable ARP Scanning?

Edit: Disabling ARP spoofing detection in InviZible settings eliminates the log messages. Is it a problem to have it enabled? I don't care about the log messages, but I wonder if they indicate something is not working.

Edit2: After re-enabling ARP spoofing detection, the messages are gone. Mysterious.

Gedsh commented 3 years ago

Is this something to be concerned about?

Your android denies access to the sh linux shell. This is required to obtain the default gateway address for your network.

Should I disable ARP Scanning?

If you see this message, it means that the ARP scanner is not actually working. You can turn it off.

After re-enabling ARP spoofing detection, the messages are gone. Mysterious.

Yep. This is strange. The best way is to check the ARP scanner if you know how. Or you should see your gateway address and MAC in the InviZible logs.

rhclayto commented 3 years ago

The aforementioned log entries returned after some time. The gateway address & MAC address are not found in the logs, so I will disabled ARP spoofing detection.