-
Are you planning to add connection blocking for system binaries for example such as ping or curl? |
Beta Was this translation helpful? Give feedback.
Replies: 23 comments 2 replies
-
I don't understand what you mean by "binaries"? Are they installed as apps in Android? Or installed from within tmux or side-loaded to |
Beta Was this translation helpful? Give feedback.
-
For example /system/bin/ping |
Beta Was this translation helpful? Give feedback.
-
unless binaries have their own UID (user id), Rethink can't do much. But otherwise, all new UIDs that Rethink "sees" will appear in "Apps" list. You can enable Block newly installed apps by default to make sure these new UIDs get blocked unless explicitly allowed. |
Beta Was this translation helpful? Give feedback.
-
But PCAPdroid with exactly the same capabilities does it ;)
This can be done by firewalls that generally do without permission to access the Internet ;) |
Beta Was this translation helpful? Give feedback.
-
I don't use pcapdroid or familiar with its code, so I can't say just what it is doing. If pcapdroid developer has any information on this, I'll gladly review and see if we can implement it pronto.
I don't understand how this is related to what we are discussing? Rethink is not really a firewall in the traditional sense. Technically, one can say it is but a Network Monitor with Firewall-like capabilities. |
Beta Was this translation helpful? Give feedback.
-
https://emanuele-f.github.io/PCAPdroid/
Oh, that's how it's :)
Then you need to fix everything: Firewall --> Firewall-like capabilities ;) |
Beta Was this translation helpful? Give feedback.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
-
Okay, let's try it ;)
https://user-images.githubusercontent.com/5488003/233846260-64ffd9c7-fbb7-4c25-93df-e463c0b18f76.png
You should have said that right away :)
It seemed to me easy to take and read the documentation for PCAPdroid:
The question was about something completely different.
This is a good issue. And there are references to NetGuard.
?
Which is even more true for PCAPdroid in which the developer has gone even further. |
Beta Was this translation helpful? Give feedback.
-
These are part of some 7 hardcoded names in pcapdroid (ref). Rethink uses names for some 100+ such components (not just 7) as defined in AOSP (ref). These are shown only when any of these components try to establish a connection. These are not "binaries".
You'd see Unknown with Rethink, too; these aren't binaries. This is a result of the Android OS losing account of the real owner of a given outgoing connection. This is one reason why Rethink has a
Like I said, there are many types of firewall. Rethink is specifically a userspace stateful Firewall (just like NetGuard and TrackerControl). The kind of firewall you're thinking about (what I call a 'traditional firewall' in the readme linked to above) isn't possible on Android without
Sure. |
Beta Was this translation helpful? Give feedback.
-
But let's look at this point first.
Of course uids and binaries are generally different things but with intersections. After all, the binary still uses an existing uid to access the network.
You had the opposite opinion above. But come on, let's get to the point. |
Beta Was this translation helpful? Give feedback.
-
As of today, these system components don't show up in the UI unless there's at least one outgoing connection from them. If you enable
You're hearing things no one has said.
Please start a different discussion (or open an issue, if there's one). I'm closing this one in favour of #1167. |
Beta Was this translation helpful? Give feedback.
-
You haven't answered the main question: how do you actually filter connections by UIDs?
Because you don't want to discuss the technical details. And there is no technical documentation as a starting point. And now you are trying to hide this discussion as far as possible from the public issues. |
Beta Was this translation helpful? Give feedback.
Hi, user 'anpic' seems to be trolling different no-root firewall projects.