Discussion:
[android-kernel] Global Android file access controller / file filter
'Fabian B' via Android Linux Kernel Development
2017-03-07 20:05:25 UTC
Permalink
I would like to implement a global file access controller. Each file call
(for example open an image by an app) should be checked by a
policy-controller. Example: Pictures, which are made from 09pm to 08am
should not be displayed to the current user - not important if the picture
is used in a gallery app or as an in-game resource of a mobile game.



I know, there is the UserManager api in the framework code on the top of
the architecture stack. But I like to share pictures between users, if the
current read-condition allows it. The context switch should be go "on the
fly", without changing the user.



At first, I thought I have to edit/extend the Android framework source code
(or the Java api source code) like the FileInputStream or Java File api.
But now I know that there are some NDK libraries, which have their own file
access by the bionic library
<https://android.googlesource.com/platform/bionic/>.



My question is now: Is it possible and enough to edit the bionic library
(for example the function fopen(3) ) or do I have to edit the read syscall
on kernel level to reach a global access controller? Or is the right way to
have a look in the vfs? I also read something about AppArmor
<https://wiki.ubuntu.com/AppArmor>, a LSM for MAC - but is this a possible
solution?



The big important point is to get the dynamic policies from a self-written
system app. This could also be a challenge.



I hope that some people here have some tips for me where I have to look for
it. Also ideas or hints for possibilities are welcome!
--
--
unsubscribe: android-kernel+***@googlegroups.com
website: http://groups.google.com/group/android-kernel
---
You received this message because you are subscribed to the Google Groups "Android Linux Kernel Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-kernel+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...