On 30 May 2017 at 07:45, Yawning Angel yawning@schwanenlied.me wrote:
On Tue, 30 May 2017 11:04:00 +0000 Georg Koppen gk@torproject.org wrote:
Oh, and it is not only Linux, OSX and Windows we need to take into account for planning the future for our sandboxing work. Android is coming later this year as a platform for Tor Browser as well. So, if we start thinking about the need for rewriting parts of what we include into Tor Browser now (and what is planned to get included into Tor Browser for Mobile) Android requirements for sandboxing should be considered, too.
Oh boy. I don't see AppArmor working at all, though this depends on the kernel. seccomp + namespaces might work, though this also depends on how the kernel is built.
Doesn't the OS handle containerization and secure updates? Are we doing the play store thing? Is tor-launcher even relevant on that platform, or is Orbot going to continue to handle all of that?
(I suspect that Android will end up remaining as the redheaded step child, depending on what path makes sense for the real computer platforms.)
For updates, I suspect that the Google Play and F-Droid (and maybe a custom Tor Project FDroid repo) are the way to go, and supporting anything else would be too much trouble. See also https://lists.mayfirst.org/pipermail/guardian-dev/2017-May/005278.html I haven't looked closely at how FDroid or a custom fdroid repo works though.
The OS does handle containerization, thankfully. There are some IPC mechanisms we should investigate (sending URL intents for example). But the sandboxing options on Android are probably much more limited than Desktop linux. I don't know of anyone who's played around with it actually. I think the current plan is to integrate tor into the Browser app; and not use Orbot - but I'm not sure where that would let us do any network-lockdown sandboxing that might be possible.
I am not certain if an Android app has permission to rewrite itself. We would need to investigate to be certain that this can only be done by the updater.
Definitely a lot of questions here...
-tom