yinkai1205 / droidwall

Automatically exported from code.google.com/p/droidwall
0 stars 0 forks source link

Whitelist for 3G, Blacklist for WiFi, +UI suggestion #63

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
It would be useful to have functionality to choose whitelist mode for 3G (as I 
only want to allow very few apps to access that), but have blacklist mode for 
Wifi, as in general all apps should be able to access that. I currently use 
Whitelist mode, and have the "all" option checked for WiFi, but that means if 
there's a single misbehaving app I want to deny WiFi access to, I can't.

Can I suggest a UI for this? If you remove the whitelist and blacklist modes 
entirely, and just have the "all" options take their place. If the "all" option 
is checked, then all the checkboxes in that column are checked by default, and 
you can deny access to an app by unchecking its box.

Toggling the "all" button inverts all the checkboxes in the column, so those 
that were checked become unchecked, and those unchecked become checked, making 
the "all" button have the equivalent functionality of changing between 
blacklist and whitelist mode without needing to explain those concepts, or deal 
with the counter-intuitive case where a tick in a box means that an app is not 
allowed access to the network.

As the WiFi and 3G each have their own "all" box, this would also meet my need 
as I could have "all" in WiFi checked, and just uncheck problematic apps, and 
not have "all" in 3G checked, and just check those I want to give 3G networks 
access permission to.

Original issue reported on code.google.com by alexval...@gmail.com on 11 Nov 2010 at 8:33

GoogleCodeExporter commented 9 years ago
I like the idea of having a separated mode for 3G/Wifi.

There are, however, fundamental differences between the two modes and the "all" 
button:
  - When in "white-list" mode, the iptables firewall is configured to "allow by default" and just block specific applications. This means that all Linux processes (which are not really android applications) are allowed to pass the firewall. This includes the Linux kernel and kernel modules.
  - When in "black-list" mode, the iptables firewall is configured to "block by default" and just allow specific applications. On this case, non-android applications and kernel modules will be blocked.

I will try to work on something when I get some spare time ;)

Original comment by rodrigo...@gmail.com on 11 Nov 2010 at 11:20

GoogleCodeExporter commented 9 years ago
I appreciate the distinction between the modes is more than just what's checked 
and what isn't. I still feel that on a UI-level, using a system of inverted 
checkboxes as a representation of this would work, but I can see that 
non-android applications and kernel modules could be an issue. Perhaps just 
another row labelled "Everything else" might clarify things...

Thanks for looking into having separate modes though - whatever UI you decide 
on, that's the functionality I'd really find useful myself :-)

Original comment by alexval...@gmail.com on 11 Nov 2010 at 3:28

GoogleCodeExporter commented 9 years ago
I created a patch to address this issue: It removes the mode-label and uses the 
former "(Any application)"-item to let the user choose between black- and 
whitelisting for 3G and wifi seperately. I'm not sure if this is the most 
intuitive way to do this, but the rule-generation should work correctly.

Original comment by daniel.s...@googlemail.com on 7 Mar 2011 at 7:03

Attachments:

GoogleCodeExporter commented 9 years ago
daniel, I will take a look at it! Thanks for the contribution. I currently 
don't have much time to work on DroidWall, so any help is very welcome.

Original comment by rodrigo...@gmail.com on 8 Mar 2011 at 4:57

GoogleCodeExporter commented 9 years ago
When switching between Black and White Mode, shouldn't the check marks invert? 
That is not what I am seeing now.

Original comment by Eric....@gmail.com on 1 Oct 2011 at 6:55

GoogleCodeExporter commented 9 years ago
Issue 191 has been merged into this issue.

Original comment by rodrigo...@gmail.com on 7 Oct 2011 at 5:23

GoogleCodeExporter commented 9 years ago
#5 Agreed. I am trying to block my email application from using WiFI. When I 
tick the email in the black list, and then have a look at the white list it is 
ticked again.

In effect the black list is blocking and the white list is allowing the same 
application.

Unless it's just the UI?

Original comment by dirkie.t...@gmail.com on 24 Nov 2011 at 5:32

GoogleCodeExporter commented 9 years ago
I think that just changing the behaviour of clicking 'all' - selecting all 
items is not enough. When you install new app, you'll have to mark it as well.

The original idea is great :-) Or, ther could be some other one, without 
changing the blacklist/whitelist behaviour. Instead of current two states for 
each app (selected/not selected - functionality depends upon 
whitelist/blacklist mode) you could add additional two icons - "always block", 
"always allow" - no matter which mode is currently on. This one I could disable 
some APP and forget it forever :)

Original comment by adam.czy...@gmail.com on 6 Dec 2011 at 8:06