Skip to content
This repository has been archived by the owner on Sep 6, 2019. It is now read-only.

Restricting IPC to certain processes #2379

Open
T-vK opened this issue Oct 9, 2016 · 14 comments
Open

Restricting IPC to certain processes #2379

T-vK opened this issue Oct 9, 2016 · 14 comments
Labels
enhancement lowprio

Comments

@T-vK
Copy link

T-vK commented Oct 9, 2016
edited by M66B
Loading

Some apps require permission to make use of IPC (Inter Process Communication). From my understanding this could be abused to use another app as a sort of proxy to access the Internet, bypassing firewalls and Internet access privileges.

So I would like to see an option to blacklist or whitelist certain apps. Or maybe (no idea if that's possible) an option to disallow making use of certain privileges when operating through another process.
@Gitoffthelawn
Copy link
Contributor

Gitoffthelawn commented Oct 9, 2016
edited
Loading

+1

To my understanding, your understand is correct. :-)

@Magissia
Copy link

Putting a bounty of 50€ on this

@MarkoIndaco
Copy link

I also notice that IPC request, sometimes. So, it's suggested to always deny? Sorry for silly question but i notice that every time it happens the background is red, and so denied it could/should result in a crash of the app...?

@T-vK
Copy link
Author

T-vK commented Sep 18, 2017

Personally I deny every permission and see if it works. If it crashes I check in Xprivacy which permissions it has recently denied for this app. Then I decide if I get rid of the app or if I grant the permission.
I've found that you always need to allow the IPC permission IPackageManager:getPackageInfo. And you can always deny the Identification permission SERIAL.

@8alucard8
Copy link

8alucard8 commented Sep 18, 2017 via email

@8alucard8
Copy link

8alucard8 commented Sep 18, 2017 via email

@T-vK
Copy link
Author

T-vK commented Sep 19, 2017

I was just taking about IPackageManager:getPackageInfo not IPC in general. I usually deny all IPC prompts. The only exeption is IPackageManager:getPackageInfo. And shell is usually not a big deal. You just have to pay attention which shell command the app wats to access. If it wants to access su for instance and you allow it, then the app could happily bypass Xprivacy. If it's just trying to access a sound library or similar stuff, then you should be fine.
Just be sure to never allow an app to access a whole category just because it needs one function of that category.

@MarkoIndaco
Copy link

Thank you for you're explanations @T-vK , for this I select IPC and checked all the apps, just in case. They were few and for what I can say, also blocking IPC they works as well.
Greetings

@8alucard8
Copy link

8alucard8 commented Sep 20, 2017 via email

@MarkoIndaco
Copy link

MarkoIndaco commented Sep 22, 2017
edited
Loading

Yes @8alucard8 sometimes seems mandatory for run some app as well. Btw I notice that, in sporadic cases, blocking IPC (or others commands) app soon crash, but if you relaunch it in some cases it works.
For this case i have an idea, but needs the help of enthusiast users. And i don't know what @M66B might think.
My idea is to open a dedicated page where report all that permission that, if blocked, crash the app without solution to restart it, especially those with the red background, which are the most critical. Something like:

  • Android (number or name)
  • name of the app
  • name of the permission
  • screenshot (optional)

@T-vK
Copy link
Author

T-vK commented Sep 23, 2017

@MarkoIndaco If an app crashes because of Xprivacy, you can just open up Xprivacy, select the app that crashed, open the menu and tap on Usage Data. This will bring up a list of the most recent permissions that an app has been granted or denied. For instance if the Usage Data looks like this, then the app most likely crashed because it was denied permission for phone/getSimOperator. (The red circle icon with the white minus in the middle indicates the permission was denied. Just look for top-most entry with that icon. That should be the problem.)

@MarkoIndaco
Copy link

MarkoIndaco commented Sep 30, 2017
edited
Loading

Thank you for explanation. I take a look at the Usage Data menu and yes, I notice some of that "denied" indicator related to the sim-restrictions, by the way they are not so many, and the apps that I block on "getSimOperator" they don't need at all of that function. Indeed they works as well also with that restriction.
Well, already I am here I can say Xprivacy still working good, except for a message that appear every time I run Xprivacy. But closing the message don't affect the app, that indeed start to loading the app-list like always. I tested some app and seems all good.
@M66B damn you 😝 you don't really understand what you've done. With Xprivacy you create a mass of addicted people who can't use no more a phone without it (I'm kidding... but it's true) 😁
Greetings

@sarahuribe242
Copy link

sarahuribe242 commented Oct 1, 2017 via email

@nicky140586
Copy link

nicky140586 commented Oct 1, 2017 via email

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement lowprio
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@M66B @Magissia @Gitoffthelawn @T-vK @MarkoIndaco @8alucard8 @nicky140586 @sarahuribe242