XPrivacy
XPrivacy copied to clipboard
M66B
Restricting IPC to certain processes
Some apps require permission to make use of IPC (Inter Process Communication). From my understanding this could be abused to use another app as a sort of proxy to access the Internet, bypassing firewalls and Internet access privileges.
So I would like to see an option to blacklist or whitelist certain apps. Or maybe (no idea if that's possible) an option to disallow making use of certain privileges when operating through another process.
I also notice that IPC request, sometimes. So, it's suggested to always deny? Sorry for silly question but i notice that every time it happens the background is red, and so denied it could/should result in a crash of the app...?
Personally I deny every permission and see if it works. If it crashes I check in Xprivacy which permissions it has recently denied for this app. Then I decide if I get rid of the app or if I grant the permission.
I've found that you always need to allow the IPC permission IPackageManager:getPackageInfo. And you can always deny the Identification permission SERIAL.
That's right. In many cases Shell is also required. Really frightening what permissions most of them want...
Von: T-vK [email protected] Gesendet: Montag, 18. September 2017 08:08 An: M66B/XPrivacy Cc: Subscribed Betreff: Re: [M66B/XPrivacy] Restricting IPC to certain processes (#2379)
Personally I deny every permission and see if it works. If it crashes I check in Xprivacy which permissions it has recently denied for this app. Then I decide if I get rid of the app or if I grant the permission. I've found that you always need to allow the IPC permission IPackageManager:getPackageInfo. And you can always deny the Identification permission SERIAL.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/M66B/XPrivacy/issues/2379#issuecomment-330153001, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AWP-GfzS8sROAVBFkGnvYZN5ay_LRqtsks5sjiT5gaJpZM4KSD_5.
Always allow IPC. Now that you say it I am gonna need to default this.
Von: Marko [email protected] Gesendet: Sonntag, 17. September 2017 15:41 An: M66B/XPrivacy Cc: Subscribed Betreff: Re: [M66B/XPrivacy] Restricting IPC to certain processes (#2379)
I also notice that IPC request, sometimes. So, it's suggested to always deny? Sorry for silly question but i notice that every time it happens the background is red, and so denied it could/should result in a crash of the app...?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/M66B/XPrivacy/issues/2379#issuecomment-330057423, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AWP-GaCv-ekkrY4NEnlnTkCYtMLqRdYRks5sjT2ZgaJpZM4KSD_5.
I was just taking about IPackageManager:getPackageInfo not IPC in general. I usually deny all IPC prompts. The only exeption is IPackageManager:getPackageInfo. And shell is usually not a big deal. You just have to pay attention which shell command the app wats to access. If it wants to access su for instance and you allow it, then the app could happily bypass Xprivacy. If it's just trying to access a sound library or similar stuff, then you should be fine.
Just be sure to never allow an app to access a whole category just because it needs one function of that category.
Thank you for you're explanations @T-vK , for this I select IPC and checked all the apps, just in case. They were few and for what I can say, also blocking IPC they works as well. Greetings
As far as I remember nothing worked for me without IPC thats why I said it.
LONG LIVE XPRIVACY!
Von: Marko [email protected] Gesendet: Dienstag, 19. September 2017 15:53 An: M66B/XPrivacy Cc: 8alucard8; Comment Betreff: Re: [M66B/XPrivacy] Restricting IPC to certain processes (#2379)
Thank you for you're explanations @T-vKhttps://github.com/t-vk , for this I select IPC and checked all the apps, just in case. They were few and for what I can say, also blocking IPC they works as well. Greetings
— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/M66B/XPrivacy/issues/2379#issuecomment-330583584, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AWP-GX37dajTtdcdQf0pjttzW7MoJas2ks5sj-KRgaJpZM4KSD_5.
Yes @8alucard8 sometimes seems mandatory for run some app as well. Btw I notice that, in sporadic cases, blocking IPC (or others commands) app soon crash, but if you relaunch it in some cases it works. For this case i have an idea, but needs the help of enthusiast users. And i don't know what @M66B might think. My idea is to open a dedicated page where report all that permission that, if blocked, crash the app without solution to restart it, especially those with the red background, which are the most critical. Something like:
- Android (number or name)
- name of the app
- name of the permission
- screenshot (optional)
@MarkoIndaco If an app crashes because of Xprivacy, you can just open up Xprivacy, select the app that crashed, open the menu and tap on Usage Data. This will bring up a list of the most recent permissions that an app has been granted or denied. For instance if the Usage Data looks like this, then the app most likely crashed because it was denied permission for phone/getSimOperator. (The red circle icon with the white minus in the middle indicates the permission was denied. Just look for top-most entry with that icon. That should be the problem.)
Thank you for explanation. I take a look at the Usage Data menu and yes, I notice some of that "denied" indicator related to the sim-restrictions, by the way they are not so many, and the apps that I block on "getSimOperator" they don't need at all of that function. Indeed they works as well also with that restriction. Well, already I am here I can say Xprivacy still working good, except for a message that appear every time I run Xprivacy. But closing the message don't affect the app, that indeed start to loading the app-list like always. I tested some app and seems all good. @M66B damn you 😝 you don't really understand what you've done. With Xprivacy you create a mass of addicted people who can't use no more a phone without it (I'm kidding... but it's true) 😁 Greetings
??? Wat even is this
Sent from Samsung Mobile
-------- Original message -------- From: sarahuribe242 Date:01/10/2017 08:33 (GMT+00:00) To: M66B/XPrivacy Cc: Subscribed Subject: Re: [M66B/XPrivacy] Restricting IPC to certain processes (#2379)
Hahahaha... REALLY, REALLY!!
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/M66B/XPrivacy/issues/2379#issuecomment-333359278, or mute the threadhttps://github.com/notifications/unsubscribe-auth/Ac5IpwwklcgNroMhcQJQFLyFDFlIp5A2ks5sn0A2gaJpZM4KSD_5.
