Connection confirm dialog - feature proposal #269
Comments
|
Thanks for the detail description. I saw your post on stackexchange. Have a look at our log service code which will give the reference of uid in real time which is blocked by afwall. From there we need to have a activity/dialog which ask user with a prompt and perform accordingly. in Log service, everything is driven by klogripper which reads the kernel log. Just have a look as a starting point. |
|
@ukanth thanks for the info, however i'm afraid that iptables are not capable of what we are talking about, i'd have to redirect all traffic into some kind of proxy in iptables, and then on proxy block/allow connections on per-rule basis. I'm thinking about either kernel module which would block creating socket (both incoming and outgoing) or using squid proxy or similar to apply the rules on traffic. As I said rules consist of host, port (local/remote), app process id and time-interval defining the rule. |
|
@ukanth i'm looking into this topic again, what you do have is after-the-fact working with nflog, do i understand that correctly? If so, that would mean every connection would fail at first, and after being set by user, it would be allowed or disallowed per decision. I've also thought about using netlink-firewall to get callbacks from kernel about attempted connections, but it doesn't seem to be available widely in android linux kernel builds. Thanks |
|
It would be great to have a prompt for only a certain white-listed apps, (I do not think it necessary to have it per-connection, though), to temporarily enable internet access for X amount of time. Are you still planning to implement this feature? |
|
Duplicate of #10 |
|
Maybe it looks like it's so long list of requirements, but I feel differently.
I think that if we just start with a simple dialog of confirmation derived from LogService as @ukanth suggested, and the dialog offer these options:
After that we can enhance it and expand it with and while Android been developing and involve closer to proposal bone, I guess that we are not so far. I prefer xPrivacy way of dialog, it may serve us well. Thanks
|
Hi,
thanks for great project.
Anyway, I'd be willing to implement this, just wanted to start wider discussion.
I really like Little Snitch user-flow feature, which creates rules per application (by it's path), user id (by process identifier) and per connection (each time application requests to open connection, it will lookup in white/black-list, and without rule applicable to current situation, will throw user dialog to confirm what to do.
To illustrate the situation, i include few screenshots of LS3
It would be really handy to get confirmation dialog on each connection, where rules are made per application uid/guid
Rules (per app)
Time based
Application should then provide permanent service notification, where the user could quickly access list of allowed/denied connections (eg. over last 15 minutes) and rules editor, where you could review and debug requests made by application (some short backlog) and see what rules are denying those requests, to easily fix wrongly set rules.
Possibly could be extended by accepting URL patterns similar to AdAway/AdBlock,
white/black-listing allowed underlying network type (cellular,wireless,tethered,vpn,...) and (which is really crazy detailed option) for HTTP requests types (such as GET,PUT,POST,DELETE,UPDATE,...)
So if you please could discuss over this proposal, what would fit your idea, as I said, I'm willing to implement this in open-source, because it would be really good privacy feature, which could possibly replace various adblock solutions and if divided into profiles (home,work,traveling) and user account specific (for multi-user android devices), make really solid user-friendly firewalling solution.
The text was updated successfully, but these errors were encountered: