[tbb-dev] So, about the Linux sandbox in the long term?
Yawning Angel
yawning at schwanenlied.me
Wed May 31 13:44:13 UTC 2017
On Tue, 30 May 2017 20:22:09 +0200
Hans-Christoph Steiner <hans at guardianproject.info> wrote:
[snip]
> Android is a very different OS than all the desktops. GNU/Linux, OSX
> and Windows are much more similar to each other than to Android.
> Android is also the most popular computing platform in the world, so
> its worth investing it. More users and more page views than Windows.
>
> Given the desire for stronger sandboxing, it could make sense to keep
> tor in something like Orbot, which is installed separately. That
> means its isolated from the browser part with all the Android
> tricks. Things like CopperheadOS make that sandboxing even stronger.
>
> As for Android apps updating their own code, it is possible, and it is
> occasionally done. It is considered a bad practice, and Google has
> been gradually locking that down over time. Android already provides
> a solid install procedure, at best, I think it would be a waste of
> time to build a custom in-app updater to replace that. For example,
> that will break nice security properties like the code being
> installed read-only even to the app itself.
The general gist I'm getting from this is:
Continue to treat Android like the red headed stepchild that it is,
because a tor-launcher deprecation/rewrite doesn't affect the one
platform that doesn't really even use tor-launcher in the first
place.
nb: If there is special code required for Fenec to interact with
Orbot, I don't see why that requires it's own launcher process.
There's also no reason why, "Vidalla++" (or whatever it ends up getting
called, if it happens) can't support Android, however:
* Downloading/installing/updating the browser - Handled by whatever
app store people use (and if people are sideloading apks, it's
handled by the person).
* Configuring/Launching Tor - Handled by Orbot.
* Sandboxing - Handled by the OS. There's probably more that could be
done here, but I will profess ignorance to how much kernel support
is available in deployed Android installations for any of the
mechanisms (And I assume that things like AppArmor that require
root fall into the realm of "Not useful in a general case").
So I'm not seeing much of a point here.
Regards,
--
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20170531/9a6065db/attachment.sig>
More information about the tbb-dev
mailing list