search

M66B / XPrivacy

XPrivacy - The ultimate, yet easy to use, privacy manager
http://forum.xda-developers.com/xposed/modules/xprivacy-ultimate-android-privacy-app-t2320783
GNU General Public License v3.0
2.08k stars 526 forks source link

Restricting IPC to certain processes #2379

Open T-vK opened 7 years ago

T-vK commented 7 years ago

Some apps require permission to make use of IPC (Inter Process Communication). From my understanding this could be abused to use another app as a sort of proxy to access the Internet, bypassing firewalls and Internet access privileges.

So I would like to see an option to blacklist or whitelist certain apps. Or maybe (no idea if that's possible) an option to disallow making use of certain privileges when operating through another process.

Gitoffthelawn commented 7 years ago

+1

To my understanding, your understand is correct. :-)

Magissia commented 7 years ago

Putting a bounty of 50€ on this

MarkoIndaco commented 7 years ago

I also notice that IPC request, sometimes. So, it's suggested to always deny? Sorry for silly question but i notice that every time it happens the background is red, and so denied it could/should result in a crash of the app...?

T-vK commented 7 years ago

Personally I deny every permission and see if it works. If it crashes I check in Xprivacy which permissions it has recently denied for this app. Then I decide if I get rid of the app or if I grant the permission.
I've found that you always need to allow the IPC permission IPackageManager:getPackageInfo. And you can always deny the Identification permission SERIAL.

8alucard8 commented 7 years ago

That's right. In many cases Shell is also required. Really frightening what permissions most of them want...

Von: T-vK notifications@github.com Gesendet: Montag, 18. September 2017 08:08 An: M66B/XPrivacy Cc: Subscribed Betreff: Re: [M66B/XPrivacy] Restricting IPC to certain processes (#2379)

Personally I deny every permission and see if it works. If it crashes I check in Xprivacy which permissions it has recently denied for this app. Then I decide if I get rid of the app or if I grant the permission. I've found that you always need to allow the IPC permission IPackageManager:getPackageInfo. And you can always deny the Identification permission SERIAL.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/M66B/XPrivacy/issues/2379#issuecomment-330153001, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AWP-GfzS8sROAVBFkGnvYZN5ay_LRqtsks5sjiT5gaJpZM4KSD_5.

8alucard8 commented 7 years ago

Always allow IPC. Now that you say it I am gonna need to default this.

Von: Marko notifications@github.com Gesendet: Sonntag, 17. September 2017 15:41 An: M66B/XPrivacy Cc: Subscribed Betreff: Re: [M66B/XPrivacy] Restricting IPC to certain processes (#2379)

I also notice that IPC request, sometimes. So, it's suggested to always deny? Sorry for silly question but i notice that every time it happens the background is red, and so denied it could/should result in a crash of the app...?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/M66B/XPrivacy/issues/2379#issuecomment-330057423, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AWP-GaCv-ekkrY4NEnlnTkCYtMLqRdYRks5sjT2ZgaJpZM4KSD_5.

T-vK commented 7 years ago

I was just taking about IPackageManager:getPackageInfo not IPC in general. I usually deny all IPC prompts. The only exeption is IPackageManager:getPackageInfo. And shell is usually not a big deal. You just have to pay attention which shell command the app wats to access. If it wants to access su for instance and you allow it, then the app could happily bypass Xprivacy. If it's just trying to access a sound library or similar stuff, then you should be fine. Just be sure to never allow an app to access a whole category just because it needs one function of that category.

MarkoIndaco commented 7 years ago

Thank you for you're explanations @T-vK , for this I select IPC and checked all the apps, just in case. They were few and for what I can say, also blocking IPC they works as well. Greetings

8alucard8 commented 7 years ago

As far as I remember nothing worked for me without IPC thats why I said it.

LONG LIVE XPRIVACY!

Von: Marko notifications@github.com Gesendet: Dienstag, 19. September 2017 15:53 An: M66B/XPrivacy Cc: 8alucard8; Comment Betreff: Re: [M66B/XPrivacy] Restricting IPC to certain processes (#2379)

Thank you for you're explanations @T-vKhttps://github.com/t-vk , for this I select IPC and checked all the apps, just in case. They were few and for what I can say, also blocking IPC they works as well. Greetings

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/M66B/XPrivacy/issues/2379#issuecomment-330583584, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AWP-GX37dajTtdcdQf0pjttzW7MoJas2ks5sj-KRgaJpZM4KSD_5.

MarkoIndaco commented 7 years ago

Yes @8alucard8 sometimes seems mandatory for run some app as well. Btw I notice that, in sporadic cases, blocking IPC (or others commands) app soon crash, but if you relaunch it in some cases it works. For this case i have an idea, but needs the help of enthusiast users. And i don't know what @M66B might think. My idea is to open a dedicated page where report all that permission that, if blocked, crash the app without solution to restart it, especially those with the red background, which are the most critical. Something like:

T-vK commented 7 years ago

@MarkoIndaco If an app crashes because of Xprivacy, you can just open up Xprivacy, select the app that crashed, open the menu and tap on Usage Data. This will bring up a list of the most recent permissions that an app has been granted or denied. For instance if the Usage Data looks like this, then the app most likely crashed because it was denied permission for phone/getSimOperator. (The red circle icon with the white minus in the middle indicates the permission was denied. Just look for top-most entry with that icon. That should be the problem.)

MarkoIndaco commented 7 years ago

Thank you for explanation. I take a look at the Usage Data menu and yes, I notice some of that "denied" indicator related to the sim-restrictions, by the way they are not so many, and the apps that I block on "getSimOperator" they don't need at all of that function. Indeed they works as well also with that restriction. Well, already I am here I can say Xprivacy still working good, except for a message that appear every time I run Xprivacy. But closing the message don't affect the app, that indeed start to loading the app-list like always. I tested some app and seems all good. @M66B damn you 😝 you don't really understand what you've done. With Xprivacy you create a mass of addicted people who can't use no more a phone without it (I'm kidding... but it's true) 😁 Greetings

sarahuribe242 commented 7 years ago

Hahahaha... REALLY, REALLY!!

nicky140586 commented 7 years ago

??? Wat even is this

Sent from Samsung Mobile

-------- Original message -------- From: sarahuribe242 Date:01/10/2017 08:33 (GMT+00:00) To: M66B/XPrivacy Cc: Subscribed Subject: Re: [M66B/XPrivacy] Restricting IPC to certain processes (#2379)

Hahahaha... REALLY, REALLY!!

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/M66B/XPrivacy/issues/2379#issuecomment-333359278, or mute the threadhttps://github.com/notifications/unsubscribe-auth/Ac5IpwwklcgNroMhcQJQFLyFDFlIp5A2ks5sn0A2gaJpZM4KSD_5.