On Tue, May 30, 2017, at 02:51 PM, Hans-Christoph Steiner wrote:
Tom Ritter:
On 30 May 2017 at 13:22, Hans-Christoph Steiner hans@guardianproject.info wrote:
As for Android apps updating their own code, it is possible, and it is occasionally done.
Can it be prevented?
Android now sets the /data and /sdcard partitions so that code cannot be executed from them. Those are the only places that apps have permission to write. So apps cannot download and store code. The only option is to download code and keep it in RAM.
However, we could download a new tor binary, or PT's on demand, at least in the current configuration, since those are just command line executable we unpack and store in data. You can execute binaries from within /data - you just need to chmod them first. It is only /sdcard where that is not allowed.
I think you can also download shared libraries anywhere, and just load them via System.load() with an arbitrary path.
I do agree, there is benefit from keeping the tor process in an isolated sandbox from the browser process. This has been the discussion we have been having around a core "Tor Network Services" APK, that would be essentially an invisible dependency much like Google Play Services.
+n