Hi all,
I am looking for some advice in getting the "Digitales Amt" app to work. This is the official government and citizen ID (eID) app in Austria.
When trying to log in with an eID, the app errors out claiming to not be allowed to run on a rooted or otherwise modified device.
I have narrowed the error down quite a bit. I think it tries to verify some memory integrity (like the bootloader maybe?) and for that it tries to access the block device dm-12, which SELinux prevents it from doing. This is the error I get using logcat:
JavaBridge: type=1400 audit(0.0:39486): avc: denied { read } for name="cache" dev="dm-12" ino=16 scontext=u:r:untrusted_app:s0:c198,c256,c526,c768 tcontext=u:object_r:cache_file:s0 tclass=lnk_file permissive=0
The app is using RootBeer for root checking and then doing something custom to verify the "BootState". I am quite convinced that is where the problem lies.
I have reached out to the government office responsible for the app, but they do not seem to be interested in helping fix the problem.
Patching the app itself is possible, but cumbersome and agains TOS...
I have been working as an embedded systems developer with embedded Linux, but debugging Android is pretty new for me.
Any advice or guidance in how to go about fixing this in GrapheneOS would be appreciated.