GrapheneOS
[Feature Request] Separate permission for private network access
Split the current network permission into internet and private network permission. The latter includes all RFC 1918 and 4193 private addresses, and perhaps more.
If the app only has internet permission, essential addresses such as DNS can be unblocked when necessary.
@emi-YFcz5XDj I'm not sure if I got the idea of your feature request correctly. Do you mean something like "provide Internet access" + "provide access to (current) LAN" separately?
I was going to submit a feature request myself which adds a permission for specific networks. My main use-case is that I've got many apps that make only sense for my home LAN/Wifi. They control local services like lawn mower robot, house automation and so forth. Therefore, I'd like to have a separate permission for "allow this app network for the network that is using the current gateway host" or "allow this app network for following WiFi (E)SSIDs" which should be specific enough to detect the network(s) but prevent traffic that goes beyond the gateways to the Internet.
@emi-YFcz5XDj I'm not sure if I got the idea of your feature request correctly. Do you mean something like "provide Internet access" + "provide access to (current) LAN" separately?
Yes.
I was going to submit a feature request myself which adds a permission for specific networks. My main use-case is that I've got many apps that make only sense for my home LAN/Wifi. They control local services like lawn mower robot, house automation and so forth. Therefore, I'd like to have a separate permission for "allow this app network for the network that is using the current gateway host" or "allow this app network for following WiFi (E)SSIDs" which should be specific enough to detect the network(s) but prevent traffic that goes beyond the gateways to the Internet.
A highly customisable firewall with per-app and per-network configuration is obviously preferred. My proposal is network-independent like the current one since more fine grained access control is likely much harder to implement.
A highly customisable firewall with per-app and per-network configuration is obviously preferred.
That would be incredibly leaky without treating network access as disabled and allowing only specific cases which would be very complex to implement. We have no interest in leaky network toggles like LineageOS.
A highly customisable firewall with per-app and per-network configuration is obviously preferred.
That would be incredibly leaky without treating network access as disabled and allowing only specific cases which would be very complex to implement. We have no interest in leaky network toggles like LineageOS.
Hence, "much harder to implement".
For any partial filtering, we'd have to treat Network as disabled overall and special case certain checks which should be considered enabled so that indirect connections via APIs like DownloadManager are blocked if they don't directly support the feature.
Here’s a write up on how iOS implements this permission: https://martina.lindorfer.in/files/papers/nwscanning_oakland25.pdf
Dunno if that’s useful but it’s interesting at least to see how they went about it.
Android 16 is going to be adding this permission so it looks like GrapheneOS won’t have to worry about adding it: https://developer.android.com/privacy-and-security/local-network-permission
This issue can be closed now.