Mobile security, proof-of-concept.

Tom tom at flowee.org
Thu May 27 11:22:08 BST 2021


On Wednesday, 26 May 2021 14:46:07 CEST David Edmundson wrote:
> It's certainly where Linux is heading. I've been looking into
> these quite heavily purely from the POV of resource
> constraints and tracking rather than security. There's so many
> other cool possibilities: I especially want network namespaces
> to track network use per-app.

Oh, indeed.
That makes so much sense on a phone!
Being able to only allow an app Wifi access if your mobile plan is 
limited makes a lot of sense too.


re kwin;

my thinking is that most of the session-wide stuff can be run 
without any namespace jail. The graphics system, kwin and maybe 
others.
This means that kwin is in a parent namespace (they are a 
hierarchy, so at the root).
This is how it currently is in my proof of concept and indeed 
kwin can kill the app but the app can't kill kwin. Or even see 
kwin in the process table.

I'll continue in my gitlab project towards a system that allows 
app isolation and where permissions can be set.
Access for apps to a common area, access to the SD card, those 
are good ones to start with.

Thank you for the ideas!

And if anyone wants to see what I've been playing with:
https://gitlab.com/tomzander/securitymanager/-/tree/master




More information about the Plasma-mobile mailing list