On 05/13/2015 10:31 AM, Datta, Souvik wrote: > Hello Stephen, > > Regarding your reply on my following query (in the mail below) : > >> b) If there is another platform app, say X, which shares the same UI >> as "com.example.contentprovideruser" but belongs to a different >> domain say the default domain for platform apps, (assumption here is >> that I have successfully modified the domain and database that belongs >> to "com.example.contentprovideruser" to "hm_phonebookaccess_app" and >> "hm_phonebookaccess_data_file" respectively) would platform app X, be >> able to do a raw binary access of the database which belongs to >> "com.example.contentprovideruser". > > > You had mentioned - Not if it runs in a separate process in its own domain. > > But I am facing an issue here. The platform app X is running a HTTP server. > Another application which is knowing about this HTTP server that the app X is > running, is able to make a http request to app X and passing an URI : > http://127.0.0.1/<path of the database>/database file and getting the entire > database file through app X. > How do I prevent app X from accessing the database.
Why are you running a http server, and why are you exposing the database via http over a tcp socket? Why not just create a Unix/local domain socket or a binder service and offer access that way? Then it will only be accessible locally (not over the network), will support direct kernel access control over who can connect to the socket or call via binder, and will support passing of the sender credentials to the recipient, so that your app can implement its own finer-grained permission checks over what services are provided to each client. If you want to isolate network sockets, you'd need to configure and use SECMARK or NetLabel. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
