I would like to implement a global file access controller. Each file call (for example open an image by an app) should be checked by a policy-controller. Example: Pictures, which are made from 09pm to 08am should not be displayed to the current user - not important if the picture is used in a gallery app or as an in-game resource of a mobile game.
I know, there is the UserManager api in the framework code on the top of the architecture stack. But I like to share pictures between users, if the current read-condition allows it. The context switch should be go "on the fly", without changing the user. At first, I thought I have to edit/extend the Android framework source code (or the Java api source code) like the FileInputStream or Java File api. But now I know that there are some NDK libraries, which have their own file access by the bionic library <https://android.googlesource.com/platform/bionic/>. My question is now: Is it possible and enough to edit the bionic library (for example the function fopen(3) ) or do I have to edit the read syscall on kernel level to reach a global access controller? Or is the right way to have a look in the vfs? I also read something about AppArmor <https://wiki.ubuntu.com/AppArmor>, a LSM for MAC - but is this a possible solution? The big important point is to get the dynamic policies from a self-written system app. This could also be a challenge. I hope that some people here have some tips for me where I have to look for it. Also ideas or hints for possibilities are welcome! -- -- unsubscribe: android-kernel+unsubscr...@googlegroups.com website: http://groups.google.com/group/android-kernel --- You received this message because you are subscribed to the Google Groups "Android Linux Kernel Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-kernel+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
