We have moved to a new Sailfish OS Forum. Please start new discussions there.
105

[feature request] App permission control center & redirect to sandbox on deny

asked 2015-04-14 15:08:53 +0200

evo3de gravatar image

updated 2016-07-29 13:35:53 +0200

I want a central point of settings in System > App-permission-contol-center where i can see all Apps and services (native & dalvik) and there corresponding permissions. If we deny the permisson for an App so it should´n blocked completly (stop running) it should redirected in to a blank sandbox.

In Addition may you can configure which services can stay persistent in background after closing Apps (Whatsup, Google services, Situations, etc.), so you have the full control.

Also needed feature of control centre:

Dalvik on demand

Configure the Alien Dalvik Runtime if no Android App is Open:

do nothing and stay in background stop dalvik after 1, 2, 3, 4, 5 min inactivity

Network access for each app / service on option - buttons ( none, Wlan, 4G, 3G, 2G, BT) <thanks @pattjolla="" for="" inspiration=""></thanks>

So we can be sure, that there are no services left in background who mess up memory, try to spy data and we can improof our battery life

I know there might be some nearby similar requests at some pionts, but i want a summary sollution on this

edit: first partes implemented at update 1.1.7.24

  • prevent loading app services on system startup (seems to be not runing correctly)
  • Force stop
  • kill cache
  • kill data

edit: Needed feature: prevent autoreload of backgroundtasks

edit: Any news from Jolla Dev on this? Seems 2 be nothing new implemented on 2.0.0.10 since 1.1.7.24

edit: Update 2.0.2.48 Aurajoki Nothing new on this site

edit retag flag offensive close delete

Comments

11

This is definitely needed for a OS which is focused on privacy and security.

taaem ( 2015-04-14 15:53:10 +0200 )edit

With Sailfish Secure (see announcement here) there might be a solution for that. A more basic discussion on your request can be found here: https://together.jolla.com/question/4182/permission-control-for-apps/

lakutalo ( 2015-05-06 16:43:45 +0200 )edit

Yes and no @lakutalo Sailfish Secure is more, it is the device full control, full encryption with DLP (Data lost prevention, management, deployment, collaboration and encrypted data connection sollution for authorities and cooperations. And it´s seperate from SailfishOS surely not for free. I want a less inflated and more fundamental integration, where everyone get´s the benefit of it

evo3de ( 2015-05-06 16:55:03 +0200 )edit

I would not mind paying for it, but that is up to the individual. As you say, it will be a holistic solution. Don't worry, I got your point. Also SElinux is considered as an option to be road-mapped (see here). That would surely establish a solid basis for the type of control center you requested for SFOS in common (which I also suggested here).

lakutalo ( 2015-05-06 17:11:10 +0200 )edit

Btw. you (enduser) might not pay for Sailfish Secure, this doesn´t matter because it is an Enterprise Suite so companys, authoritys etc will pay licence fees as they doing it for every system with central administration opportunity or enterprise background / premium support

evo3de ( 2015-05-06 17:52:09 +0200 )edit

4 Answers

Sort by » oldest newest most voted
7

answered 2015-04-17 11:59:15 +0200

evo3de gravatar image

updated 2015-04-17 12:37:45 +0200

Have a new idea for an option on this control centre:

Dalvik on demand

Configure the Alien Dalvik Runtime if no Android App is Open:

  • do nothing and stay in background
  • stop dalvik after 1, 2, 3, 4, 5 min inactivity

So we can be sure, that there are no services left in background who mess up memory, try to spy data and we can improof our battery life

edit flag offensive delete publish link more

Comments

There is nothing built in the system like that at the moment but with the Utility app from Jolla, you can actually already turn Alien Dalvik VM off (manually though) and save a lot of power ;)

Elioty ( 2015-04-18 02:24:13 +0200 )edit

Yes i do this automatically by situations and im exited how long the battery can run, so would be great if others could enjoy this too

evo3de ( 2015-04-20 10:23:29 +0200 )edit
5

answered 2015-04-16 10:36:48 +0200

evo3de gravatar image

In Addition may you can configure which services can stay persistent in background by closing Apps (Whatsup, Google services, Situations, etc.), so you have the full control.

edit flag offensive delete publish link more
2

answered 2015-05-06 15:45:20 +0200

PatsJolla gravatar image

I also see the need for sth like having an overview to understand "which App has the right to do what?"

Similar to the Android AFWall+ App.

In the past I tried to use this to block unnecessary internet requests from certain apps, but somehow it manages even to block ALL sailfish communication too.

A native Nailfish app for this purpose would fit here much better.

edit flag offensive delete publish link more

Comments

Apps could may be bypassed, so i think it must be central and systemwide for an harder system (Secure SailfishOS) - but transparent and open from source like a cage and not a jail

evo3de ( 2015-05-06 16:05:13 +0200 )edit

To tell the truth .. I'm a bit confused how it works but AFWall+ is really killing all traffic if configured wrong. I can't even get the sailfish browser to open jolla.com... And this is an android app... of course this could be bypassed but killing AFWall+ somehow (but the App changes the hosts file too). So I think this could be a good first step.

PatsJolla ( 2015-05-06 22:07:47 +0200 )edit
0

answered 2015-04-14 16:13:35 +0200

null gravatar image

If you know there are similar requests, why do you open a new one?

Duplicate of https://together.jolla.com/question/4182/permission-control-for-apps/

edit flag offensive delete publish link more

Comments

Because there is no one how asks for a central control for all! Sailfish Apps, Sailfish Services, Android Apps and Services. Additionally there is no ware a request, how to handle a permission deney - so it is a new case

evo3de ( 2015-04-14 16:51:43 +0200 )edit
1

Right, so what you want is a front-end with this back-end > https://together.jolla.com/question/9670/api-security-model/

null ( 2015-04-14 17:14:44 +0200 )edit

yes, now it goes into same destination. One place to get full controll

evo3de ( 2015-04-14 17:25:40 +0200 )edit
Login/Signup to Answer

Question tools

Follow
10 followers

Stats

Asked: 2015-04-14 15:08:53 +0200

Seen: 1,772 times

Last updated: Jul 29 '16