search

eylenburg / eylenburg.github.io

https://eylenburg.github.io/
Creative Commons Attribution Share Alike 4.0 International
119 stars 11 forks source link

Network control in CalyxOS #21

Closed marek22k closed 8 months ago

marek22k commented 8 months ago

Hello,

I'm a bit unsure what is meant by "direct" and "indirect". If foreground and background connections are meant, then from Android 13 onwards you can revoke the network (background) permissions of any app - at least in CalyxOS.

Screenshot_20240105-174124_1

matchboxbananasynergy commented 8 months ago

The controls on LineageOS-based operating systems are leaky as their approach only disabled direct network access (socket) but doesn't disable indirect access via the INTERNET permission, which provides multiple ways of bypassing them not requiring collusion between apps. This functionality is regularly used by apps with no malicious intent. Collusion between apps is an issue for all kinds of granted access, permissions, etc. and not specific to the INTERNET permission. If INTERNET permission is not blocked though, no collusion is required.

The above text is shown when hovering over "Network controls for apps" in the table.

eylenburg commented 8 months ago

The controls on LineageOS-based operating systems are leaky. LineageOS approach doesn't disable indirect access via the INTERNET permission which provides multiple ways of bypassing them not requiring collusion between apps. This functionality is regularly used by apps with no malicious intent. Collusion between apps is an issue for all kinds of granted access, permissions, etc. and not specific to the INTERNET permission. If INTERNET permission is not blocked though, no collusion is required.

quote from https://github.com/eylenburg/eylenburg.github.io/issues/5

To be fair, CalyxOS is not based on LineageOS but AOSP so I am not 100% sure if this is correct for CalyxOS

matchboxbananasynergy commented 8 months ago

The controls on LineageOS-based operating systems are leaky. LineageOS approach doesn't disable indirect access via the INTERNET permission which provides multiple ways of bypassing them not requiring collusion between apps. This functionality is regularly used by apps with no malicious intent. Collusion between apps is an issue for all kinds of granted access, permissions, etc. and not specific to the INTERNET permission. If INTERNET permission is not blocked though, no collusion is required. quote from #5

To be fair, CalyxOS is not based on LineageOS but AOSP so I am not 100% sure if this is correct for CalyxOS

I believe that these toggles come from LineageOS (as with a lot of other things in CalyxOS). The same principle applies here.

marek22k commented 8 months ago

Maybe I'm too stupid to understand this, but how exactly should an app access the internet without sockets?

matchboxbananasynergy commented 8 months ago

As an example, DownloadManager makes connections on behalf of apps, and you're not blocking the app's ability to abuse that unless you're also blocking indirect network access for OS APIs etc.