From c3dc4174fc76c9878e0064e3a4da90833fcfea67 Mon Sep 17 00:00:00 2001
From: Tek <tek@randhome.io>
Date: Mon, 26 Sep 2022 12:17:09 +0200
Subject: [PATCH] Adds detection for disabled security packages in Android
 (#306)

* Adds detection for disabled security packages in Android

* Update detection of disabled security packages
---
 mvt/android/modules/adb/packages.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/mvt/android/modules/adb/packages.py b/mvt/android/modules/adb/packages.py
index 412dea8..b5e7678 100644
--- a/mvt/android/modules/adb/packages.py
+++ b/mvt/android/modules/adb/packages.py
@@ -66,6 +66,13 @@ ROOT_PACKAGES = [
     "com.kingouser.com",
     "com.topjohnwu.magisk",
 ]
+SECURITY_PACKAGES = [
+    "com.policydm",
+    "com.samsung.android.app.omcagent",
+    "com.samsung.android.securitylogagent",
+    "com.sec.android.soagent",
+    "com.wssyncmldm",
+]
 
 
 class Packages(AndroidExtraction):
@@ -122,6 +129,10 @@ class Packages(AndroidExtraction):
                 self.detected.append(result)
                 continue
 
+            if result["package_name"] in SECURITY_PACKAGES and result["disabled"]:
+                self.log.warning("Found a security package disabled: \"%s\"",
+                                 result["package_name"])
+
             if not self.indicators:
                 continue