MuntashirAkon
[ADB] firewall
Please check before submitting an issue
- [x] I am using the latest version of App Manager
- [x] I have searched the issues and haven't found anything relevant
- [x] I have read the docs
Describe a description of the new feature
firewalling by VPN is not a good solution for non rooted user because app can keep waking up and try connect to internet it will drain the battery root option exist but not all people are rooted
Describe the solution you'd like
add ADB mode to block network perm (yes it's possible)
Describe alternatives you've considered
i recently found this app (called netwall) https://play.google.com/store/apps/details?en=com.ysy.app.firewall
this app using ADB (Feat Shizuku) to disable network perm for app
Additional context
Netwall seems take advantage of net policy https://developer.android.com/reference/android/security/NetworkSecurityPolicy
surprisingly this method have advantage app won't able wake up and connect to internet the best part it's applicable on system app as well
Feature already available: https://muntashirakon.github.io/AppManager/en/#sec:net-policy
Feature already available: https://muntashirakon.github.io/AppManager/en/#sec:net-policy
currently it needs root that's the problem and as you can see above there is non root method to do so i open this hopefully developer consider add ADB mode thought
They basically use cmd connectivity set-package-networking-enabled [true|false] [package-name] commands to control the firewall. Internally, it uses Berkeley Packet Filter (BPF) to control network connectivity per-UID basis. But the trouble is, this does NOT persist the changes, which means the configurations get reset after a reboot. A possible solution is to start App Manager on boot and reapply those configurations, but with ADB, this is unreliable since ADB itself may not start automatically after a reboot due to a lack of Wi-Fi.
This feature seems to have been added in Android 13 (Tiramisu): https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/Connectivity/service/src/com/android/server/BpfNetMaps.java;l=649;drc=969d82bc82db2ab4912ae9fdbb85066a6d403d3c
They basically use
cmd connectivity set-package-networking-enabled [true|false] [package-name]commands to control the firewall. Internally, it uses Berkeley Packet Filter (BPF) to control network connectivity per-UID basis. But the trouble is, this does NOT persist the changes, which means the configurations get reset after a reboot. A possible solution is to start App Manager on boot and reapply those configurations, but with ADB, this is unreliable since ADB itself may not start automatically after a reboot due to a lack of Wi-Fi.This feature seems to have been added in Android 13 (Tiramisu): https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/Connectivity/service/src/com/android/server/BpfNetMaps.java;l=649;drc=969d82bc82db2ab4912ae9fdbb85066a6d403d3c
yes sir can you please consider add this to AM? 🙏😅
can you please consider add this to AM?
As I mentioned above: the firewall won't work after a reboot, which is a major drawback.
can you please consider add this to AM?
As I mentioned above: the firewall won't work after a reboot, which is a major drawback.
ikr that's unfortunate but yes it's up to you sir thanks for considering my feedback 🙏
ShizuWall and de1984 can do that even after reboot(ShizuWall at least has this option)
ShizuWall and de1984 can do that even after reboot(ShizuWall at least has this option)
yes but it's need root my question is tailored to people that doesn't have root (and cannot root their devices for some reason
but if mentioned app somehow able to achieve that without root (ADB) maybe dev can consider to take look and so on
yes but it's need root my question is tailored to people that doesn't have root.
It doesn't. They can work with Shizuku only(ADB) and ADB is not a root