[tbb-dev] So, about the Linux sandbox in the long term?

Nathan Freitas nathan at freitas.net
Tue May 30 19:22:22 UTC 2017

On Tue, May 30, 2017, at 02:51 PM, Hans-Christoph Steiner wrote:
> Tom Ritter:
> > On 30 May 2017 at 13:22, Hans-Christoph Steiner
> > <hans at guardianproject.info> wrote:
> >> As for Android apps updating their own code, it is possible, and it is
> >> occasionally done.
> > 
> > Can it be prevented?
> Android now sets the /data and /sdcard partitions so that code cannot be
> executed from them.  Those are the only places that apps have permission
> to write.  So apps cannot download and store code.  The only option is
> to download code and keep it in RAM.

However, we could download a new tor binary, or PT's on demand, at least
in the current configuration, since those are just command line
executable we unpack and store in data. You can execute binaries from
within /data - you just need to chmod them first. It is only /sdcard
where that is not allowed.

I think you can also download shared libraries anywhere, and just load
them via System.load() with an arbitrary path.

I do agree, there is benefit from keeping the tor process in an isolated
sandbox from the browser process. This has been the discussion we have
been having around a core "Tor Network Services" APK, that would be
essentially an invisible dependency much like Google Play Services.


More information about the tbb-dev mailing list