Hi Rui Gonçalo, Your idea is very interesting, and due to the fact that I'm working on a similar feature, but for the use of Intent. Hence, I want to share my point of view and maybe can help you (I hope)... :)
For my purpose I want to use the SELinux feature included in each kernel from android 4.3. SELinux is A LSM that permits to enforce Mandatory Access Control (MAC). Basically, you can write a fine-grained policy, for instance you can allow/deny the creation of sockets, files, etc. You can also configure iptables. Thus, regarding your issues the use of SELinux can help you (it is already integrated in the kernel), try to take a look on it and give me your feedback if you want, of course. p.s. hint for your research: - http://selinuxproject.org/page/SEAndroid Best, Simone Il giorno mercoledì 6 novembre 2013 11:36:50 UTC+1, Rui Gonçalo ha scritto: > > I'm currently researching Android security model and trying to develop the > following feature: > > *Motivation:* > - As Android user, I want to be aware of what applications inside my > device do regarding internet connections (not just know that they use > INTERNET permission); > - I want to know if a simple game app is trying to access an external > server "exemple.com" through port "1234"; > - Ultimately, I want a firewall like *Little Snitch > <http://www.obdev.at/products/littlesnitch/index.html>*. > > *What the feature does:* > > Intercepts outgoing internet requests. Based on a set of rules, the user > is notified in order to *allow* or *deny* the connection. No, the user is > not bothered any time a socket request is launched by an application. For > those who are not familiar with *Little Snitch*, there are rules that > grant certain connections by default, and the user is able to assign time > tags to new connections. > > *Development:* > - The main challenge is to refuse a socket connection if, for instance, > the user does not want that simple game app to access "example.com"; > - After some research I was able to implement a Linux Security Module that > intercepts every socket request at kernel level (*LSM defines access > policies to kernel objects, as sockets*, which is precisely what I want); > - I use my own hook functions to *socket_create kernel function* (and > *socket_listen*). I use a socket client (unix domain sockets) in the LSM > to send socket data to user space (and to receive the answer - *accept*or > *reject* the connection); > - In user space there is an application that runs as deamon (Android > Service), acting as socket server that receives the info sent by the LSM. > The application checks the rules and according to the socket data, it > either knows what to do and sends the answer to the LSM or asks the user > what to do and sends his answer to the LSM. > > That's it! > > *Main issues:* > LSM are installed in the kernel at compile time. To take advantage of this > feature I need to use a custom kernel :-( > > Question 1 - Is it possible to integrate with Cyanogen ROM (because ROMs > have their own custom kernel)? > > Question 2 - Is there any other way to implement this feature? > > Thanks for your attention. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
