Hi Kasun, This is removing internet permission from an app and completely blocking it from accessing the internet. A firewall means, certain traffic to a certain host is allowed and to another maybe disallowed. How can this be achieved?
Regards, Inosh On Wed, Mar 30, 2016 at 9:34 AM, Kasun Dananjaya Delgolla <kas...@wso2.com> wrote: > Hi Inosh, > > Refer[1]. > > [1] - > https://github.com/googlesamples/android-testdpc/blob/master/TestDPC_UserGuide.pdf > <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fgooglesamples%2Fandroid-testdpc%2Fblob%2Fmaster%2FTestDPC_UserGuide.pdf&sa=D&sntz=1&usg=AFQjCNHpFKQuX3EAThcGXZ7tcQSvYQjHhg> > > Thanks > > On Wed, Mar 30, 2016 at 9:15 AM, Inosh Perera <ino...@wso2.com> wrote: > >> Hi Kasun, >> >> Could you point me to the Google API doc for this method? >> >> Regards, >> Inosh >> >> On Wed, Mar 30, 2016 at 8:46 AM, Kasun Dananjaya Delgolla < >> kas...@wso2.com> wrote: >> >>> Hi Inosh, >>> >>> I have already used this to create VPN connections. But problem occurs >>> when trying to block access. >>> >>> There's another method in Device policy manager to restrict internet >>> access (revoke internet permission) from apps. What I suggested is to use >>> that. >>> >>> Thanks >>> On Mar 30, 2016 8:43 AM, "Inosh Perera" <ino...@wso2.com> wrote: >>> >>>> Hi Kasun, >>>> >>>> App restrictions imply that the app we are trying to block has an app >>>> restriction profile implemented. AFAIK, currently, this is only implemented >>>> in Google chrome. In that case how do we restrict other applications? Just >>>> wondering is it possible to use this[1] API for VPN >>>> >>>> [1]. >>>> https://developer.android.com/intl/zh-cn/reference/android/net/VpnService.html >>>> >>>> Regards, >>>> Inosh >>>> >>>> On Wed, Mar 30, 2016 at 8:13 AM, Kasun Dananjaya Delgolla < >>>> kas...@wso2.com> wrote: >>>> >>>>> Hi All, >>>>> >>>>> I have implemented the $subject with VPN. When testing this, I noticed >>>>> that there are some issues in some devices when blocking the connection. >>>>> >>>>> What I do here is, making a local VPN via agent app (needs user >>>>> permission), and direct other app traffic through this. And detect the app >>>>> which we wanna block using the package manager and block access with the >>>>> help of a local service (capable of listening other app connectivity) I >>>>> have implemented. >>>>> >>>>> I have tested this on 2 devices. It worked on one and failed on the >>>>> other. When I did some further digging, I got to know that some devices >>>>> are >>>>> not allowing app traffic blocking. So I believe that this mechanism >>>>> wouldn't be a global solution. I suggest that we should go with >>>>> Marshmallow's app restrictions API. As the device owner, we should be able >>>>> to restrict apps from accessing internet with this. WDYT? >>>>> >>>>> Thanks >>>>> On Mar 23, 2016 11:27 AM, "Dilshan Edirisuriya" <dils...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> IMO the kiosk mode approach is wrong. Kiosk mode solely for use cases >>>>>> where you have just one single app in foreground such as having a STB in >>>>>> airport, when conducting exams etc. Inorder to cater your requirement we >>>>>> can go for VPN. But we need support generic VPN types like L2TP, PPTP, >>>>>> IPSec etc. and to add firewall rules around them. Another thing we can do >>>>>> is if they come up with their own enterprise applications, applications >>>>>> should be able to establish the VPN connection on its own which we call >>>>>> it >>>>>> as per app VPN. Either way it has to go towards that approach. Otherwise >>>>>> we >>>>>> may have to look for firewall type operations in Android SDK. >>>>>> >>>>>> Regards, >>>>>> >>>>>> Dilshan >>>>>> >>>>>> On Tue, Mar 22, 2016 at 8:46 PM, Kasun Dananjaya Delgolla < >>>>>> kas...@wso2.com> wrote: >>>>>> >>>>>>> Hi Milan, >>>>>>> >>>>>>> The scenario you described is anyways covered via blacklisting + >>>>>>> whitelisting. So as I said before, we should carefully decide on the >>>>>>> approach to provide the best solution to this. >>>>>>> >>>>>>> Thanks >>>>>>> >>>>>>> On Tue, Mar 22, 2016 at 8:05 PM, Milan Perera <mi...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Kasun, >>>>>>>> >>>>>>>> In that case most organizations need to give access only to a >>>>>>>>> certain app which they would allow the end user to use. We can >>>>>>>>> achieve that >>>>>>>>> in Kiosk mode cleanly. Kiosk mode will enable us to enable a *certain >>>>>>>>> app* in a certain time interval disabling all other apps from >>>>>>>>> usage. >>>>>>>>> >>>>>>>> >>>>>>>> We cannot assume that an organization will only use "*a certain >>>>>>>> app*". Because most of the time, they use more than one. For an >>>>>>>> example, lets say they have in house built enterprise apps which all >>>>>>>> should >>>>>>>> be allowed to access network. But enabling only one app as in Kiosk >>>>>>>> mode >>>>>>>> will not address the issue. >>>>>>>> However if we are to use Kiosk mode in that way, then we should >>>>>>>> have to use some other method like creating a new Launcher App for >>>>>>>> Android >>>>>>>> and enable only white-listed apps in the launcher. In that way we can >>>>>>>> restrict the use of other apps. >>>>>>>> >>>>>>>> Regards, >>>>>>>> -- >>>>>>>> *Milan Perera *| Software Engineer >>>>>>>> WSO2, Inc | lean. enterprise. middleware. >>>>>>>> #20, Palm Grove, Colombo 03, Sri Lanka >>>>>>>> Mobile: +94 77 309 7088 | Work: +94 11 214 5345 >>>>>>>> Email: mi...@wso2.com <ar...@wso2.com> | Web: www.wso2.com >>>>>>>> <http://lk.linkedin.com/in/milanharinduperera> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Kasun Dananjaya Delgolla >>>>>>> >>>>>>> Software Engineer >>>>>>> WSO2 Inc.; http://wso2.com >>>>>>> lean.enterprise.middleware >>>>>>> Tel: +94 11 214 5345 >>>>>>> Fax: +94 11 2145300 >>>>>>> Mob: + 94 771 771 015 >>>>>>> Blog: http://kddcodingparadise.blogspot.com >>>>>>> Linkedin: *http://lk.linkedin.com/in/kasundananjaya >>>>>>> <http://lk.linkedin.com/in/kasundananjaya>* >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Dilshan Edirisuriya >>>>>> Senior Software Engineer - WSO2 >>>>>> Mob: + 94 777878905 >>>>>> http://wso2.com/ >>>>>> https://www.linkedin.com/profile/view?id=50486426 >>>>>> >>>>> >>>> >>>> >>>> -- >>>> Inosh Perera >>>> Software Engineer, WSO2 Inc. >>>> Tel: 077813 7285, 0785293686 >>>> >>> >> >> >> -- >> Inosh Perera >> Software Engineer, WSO2 Inc. >> Tel: 077813 7285, 0785293686 >> > > > > -- > Kasun Dananjaya Delgolla > > Software Engineer > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > Tel: +94 11 214 5345 > Fax: +94 11 2145300 > Mob: + 94 771 771 015 > Blog: http://kddcodingparadise.blogspot.com > Linkedin: *http://lk.linkedin.com/in/kasundananjaya > <http://lk.linkedin.com/in/kasundananjaya>* > -- Inosh Perera Software Engineer, WSO2 Inc. Tel: 077813 7285, 0785293686
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture