Mobile security, proof-of-concept.
Tom
tom at flowee.org
Thu May 27 11:22:08 BST 2021
On Wednesday, 26 May 2021 14:46:07 CEST David Edmundson wrote:
> It's certainly where Linux is heading. I've been looking into
> these quite heavily purely from the POV of resource
> constraints and tracking rather than security. There's so many
> other cool possibilities: I especially want network namespaces
> to track network use per-app.
Oh, indeed.
That makes so much sense on a phone!
Being able to only allow an app Wifi access if your mobile plan is
limited makes a lot of sense too.
re kwin;
my thinking is that most of the session-wide stuff can be run
without any namespace jail. The graphics system, kwin and maybe
others.
This means that kwin is in a parent namespace (they are a
hierarchy, so at the root).
This is how it currently is in my proof of concept and indeed
kwin can kill the app but the app can't kill kwin. Or even see
kwin in the process table.
I'll continue in my gitlab project towards a system that allows
app isolation and where permissions can be set.
Access for apps to a common area, access to the SD card, those
are good ones to start with.
Thank you for the ideas!
And if anyone wants to see what I've been playing with:
https://gitlab.com/tomzander/securitymanager/-/tree/master
More information about the Plasma-mobile
mailing list