I'm currently researching Android security model and trying to develop the following feature:
*Motivation:* - As Android user, I want to be aware of what applications inside my device do regarding internet connections (not just know that they use INTERNET permission); - I want to know if a simple game app is trying to access an external server "exemple.com" through port "1234"; - Ultimately, I want a firewall like *Little Snitch<http://www.obdev.at/products/littlesnitch/index.html> *. *What the feature does:* Intercepts outgoing internet requests. Based on a set of rules, the user is notified in order to *allow* or *deny* the connection. No, the user is not bothered any time a socket request is launched by an application. For those who are not familiar with *Little Snitch*, there are rules that grant certain connections by default, and the user is able to assign time tags to new connections. *Development:* - The main challenge is to refuse a socket connection if, for instance, the user does not want that simple game app to access "example.com"; - After some research I was able to implement a Linux Security Module that intercepts every socket request at kernel level (*LSM defines access policies to kernel objects, as sockets*, which is precisely what I want); - I use my own hook functions to *socket_create kernel function* (and * socket_listen*). I use a socket client (unix domain sockets) in the LSM to send socket data to user space (and to receive the answer - *accept* or * reject* the connection); - In user space there is an application that runs as deamon (Android Service), acting as socket server that receives the info sent by the LSM. The application checks the rules and according to the socket data, it either knows what to do and sends the answer to the LSM or asks the user what to do and sends his answer to the LSM. That's it! *Main issues:* LSM are installed in the kernel at compile time. To take advantage of this feature I need to use a custom kernel :-( Question 1 - Is it possible to integrate with Cyanogen ROM (because ROMs have their own custom kernel)? Question 2 - Is there any other way to implement this feature? Thanks for your attention. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
