Closed bogeskov closed 10 years ago
pgschk
commented
10 years ago While the perfect solution would be a shared ruleset between users, a quick and simple change that would at least help a lot with the current multi user situation would probably be to re-apply the current users rules when ACTION_USER_FOREGROUND is broadcasted.
I would be really happy to see some multiuser support :+1:
skullone
commented
10 years ago I'm working on getting my hands on a tablet so I can start working on this.
Are you able to actually apply the rules with every user? Are UID's for apps different between users? For example if Angry Birds is 10024 for User A is it still 10024 for User B?
pgschk
commented
10 years ago I can't do any excessive testing right now. But the following seems to be true:
skullone
commented
10 years ago I'm assuming that all apps from users not in use are suspended and not using data in any way? For example if you're streaming Pandora on User A and switch to User B the music stops correct?
On Fri, Aug 30, 2013 at 1:15 PM, pgschk notifications@github.com wrote:
I can't do any excessive testing right now. But the following seems to be true:
- Every user that is allowed to use root is able to apply his own rules set, of course overwriting the other users rules, rendering them completely offline.
- System Apps (4 digit UIDs) are the same for all users.
- All other apps have a prefix, in my case 10, for example app with UID 10024 for the main user is 1010024 for the second user (maybe _20_for the third user? Will test).
- The last digits seem to be consistent for each package name.
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/27#issuecomment-23576135 .
pgschk
commented
10 years ago Well, all foreground activity, like music, is stopped, but background activity remains active (for example, switching users while downloading a file will not stop or pause the download. So, no, they are not completely suspended. To perfectly support multiuser, Android Firewall would have to manage all rulesets at the same time, I think.
The prefix for the third user is not 20, it is 11, confirmed by Android's sources:
#define AID_USER 100000 /* offset for uid ranges for each user */so 10024, 1010024, 1110024, 1210024, and so on.
Users are defined in /data/system/users/userlist.xml:
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<users nextSerialNumber="12" version="2">
<user id="0" />
<user id="10" />
<user id="11" />
</users>/data/system/packages.list contain all installed apps for all users, but without the UID offset: com.jtschohl.androidfirewall 10072 0 /data/data/com.jtschohl.androidfirewall default
Please let me know how I can be of assistance.
skullone
commented
10 years ago So if you do a Show Rules from within the app on the second user the UID listed for a blocked/allowed app shows up as something like 1010123 instead of 10123?
On Fri, Aug 30, 2013 at 2:59 PM, pgschk notifications@github.com wrote:
Well, all foreground activity, like music, is stopped, but background activity remains active (for example, switching users while downloading a file will not stop or pause the download. So, now, they are not completely suspended. To perfectly support multiuser, Android Firewall would have to manage alle rulesets at the same time, I think.
The prefix for the third user is not 20, it is 11, confirmed by Android's sourceshttps://android.googlesource.com/platform/system/core.git/+/master/include/private/android_filesystem_config.h :
define AID_USER 100000 /* offset for uid ranges for each user */
so 10024, 1010024, 1110024, 1210024, and so on.
Users are defined in /data/system/users/userlist.xml:
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<user id="10" /> <user id="11" /></users>/data/system/packages.list contain all installed apps for all users, but without the UID offset: com.jtschohl.androidfirewall 10072 0 /data/data/com.jtschohl.androidfirewall default
Please let me know how I can be of assistance.
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/27#issuecomment-23582436 .
pgschk
commented
10 years ago Exacly, here's a screenshot:
skullone
commented
10 years ago The more I think about it the more I think the best option is a different set of chains for each user. I'll see what I can do. On Aug 30, 2013 4:24 PM, "pgschk" notifications@github.com wrote:
Exacly, here's a screenshot: [image: Screenshot]https://github-camo.global.ssl.fastly.net/de4ff102e1aa4e51114022540c845b725b2bf3cb/687474703a2f2f692e696d6775722e636f6d2f564330616950346c2e706e67
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/27#issuecomment-23587016 .
skullone
commented
10 years ago Please e-mail me directly. I have something for you to test. :D
On Fri, Aug 30, 2013 at 3:24 PM, pgschk notifications@github.com wrote:
Exacly, here's a screenshot: [image: Screenshot]https://github-camo.global.ssl.fastly.net/de4ff102e1aa4e51114022540c845b725b2bf3cb/687474703a2f2f692e696d6775722e636f6d2f564330616950346c2e706e67
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/27#issuecomment-23587016 .
skullone
commented
10 years ago 2.3.1 has been released. It contains multi-user support. Please open a new issue or e-mail me if you have any issues or questions.
When using current (as of 2013-05-03).
It looks like you can only see the uids of the processes running as your user (which makes sense), when you switch user space the new rule-set is not applied. Meaning programs can go online after user switch, that shouldn't.
Eventually when you switch user a couple of times and start the app, it dies under you. I can't yet see a pattern of when it happens.
I'm not sure if the rule-set apply can be fixed without making a service to see the user space "hibernate"/"resume" which it looks like when you switch user. (usb debugging with "adb shell", gets disconnected when switching user)