-
Notifications
You must be signed in to change notification settings - Fork 164
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
adding new and updating linux / android rules (#903)
* adding new and updating linux / android rules * fix lints
- Loading branch information
1 parent
c0de9d7
commit ded2744
Showing
6 changed files
with
79 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,6 +4,7 @@ rule: | |
| namespace: host-interaction/file-system | ||
| authors: | ||
| - [email protected] | ||
| - [email protected] | ||
| scopes: | ||
| static: basic block | ||
| dynamic: call | ||
|
|
@@ -13,9 +14,14 @@ rule: | |
| - 7351f8a40c5450557b24622417fc478d:0x407C68 | ||
| features: | ||
| - and: | ||
| - os: linux | ||
| - or: | ||
| - os: android | ||
| - os: linux | ||
| - or: | ||
| - api: chown | ||
| - api: fchown | ||
| - api: lchown | ||
| - api: fchownat | ||
| - api: chmod | ||
| - api: fchmod | ||
| - api: fchmodat | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,6 +4,7 @@ rule: | |
| namespace: host-interaction/process/create | ||
| authors: | ||
| - [email protected] | ||
| - [email protected] | ||
| scopes: | ||
| static: basic block | ||
| dynamic: call | ||
|
|
@@ -27,3 +28,4 @@ rule: | |
| - api: posix_spawn | ||
| - api: posix_spawnp | ||
| - api: popen | ||
| - api: fork | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| rule: | ||
| meta: | ||
| name: change memory permission on Linux | ||
| namespace: host-interaction/memory | ||
| authors: | ||
| - [email protected] | ||
| scopes: | ||
| static: function | ||
| dynamic: call | ||
| features: | ||
| - and: | ||
| - or: | ||
| - os: linux | ||
| - os: android | ||
| - or: | ||
| - api: mprotect | ||
| - api: pkey_mprotect |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| rule: | ||
| meta: | ||
| name: check file permission on Linux | ||
| namespace: host-interaction/file-system | ||
| authors: | ||
| - [email protected] | ||
| scopes: | ||
| static: function | ||
| dynamic: call | ||
| features: | ||
| - and: | ||
| - or: | ||
| - os: android | ||
| - os: linux | ||
| - or: | ||
| - api: access | ||
| - api: faccessat |
19 changes: 19 additions & 0 deletions
19
nursery/check-if-process-is-running-under-android-emulator-on-android.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| rule: | ||
| meta: | ||
| name: check if process is running under Android emulator on Android | ||
| namespace: anti-analysis/anti-emulation/android | ||
| authors: | ||
| - [email protected] | ||
| scopes: | ||
| static: function | ||
| dynamic: call | ||
| references: | ||
| - https://github.com/happylishang/AntiFakerAndroidChecker/blob/master/antifake/src/main/jni/emulator/emcheck64.c | ||
| features: | ||
| - and: | ||
| - or: | ||
| - os: linux | ||
| - os: android | ||
| - string: "com/snail/antifake/jni/EmulatorDetectUtil" | ||
| - optional: | ||
| - string: "getSystemArch" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| rule: | ||
| meta: | ||
| name: map or unmap memory on Linux | ||
| namespace: host-interaction/memory | ||
| authors: | ||
| - [email protected] | ||
| scopes: | ||
| static: function | ||
| dynamic: call | ||
| features: | ||
| - and: | ||
| - or: | ||
| - os: linux | ||
| - os: android | ||
| - or: | ||
| - api: mmap | ||
| - api: munmap |