Skip to content
This repository has been archived by the owner on Sep 6, 2019. It is now read-only.

Unable to restrict AOSP Browser (com.android.browser) #1685

Closed
an0n981 opened this issue May 25, 2014 · 5 comments
Closed

Unable to restrict AOSP Browser (com.android.browser) #1685

an0n981 opened this issue May 25, 2014 · 5 comments
Labels
bug lowprio

Comments

@an0n981
Copy link
Contributor

an0n981 commented May 25, 2014

Denying Internet/Connect or View/loadURL (onDemand or permanently) has no effect, all pages are able to load, although the usage data shows as denied. AOSP browser does not use any native libraries.

Log, restrictions, screen shots:
https://mega.co.nz/#!clYDgbCa!c6RSqviqK3lm3FWQSEgqV_aWKy-1qZnBXVquGgu5EU0
@M66B
Copy link
Owner

M66B commented May 26, 2014

Stock browser = Chrome?
Does the browser share its uid with other system components?

I am afraid Google is connecting to the internet in a non-standard way, by doing direct sysyem call. This will probably end up in the limitations section.

@M66B M66B added bug labels May 26, 2014
@an0n981
Copy link
Contributor Author

an0n981 commented May 26, 2014

Not Chrome, the open source stock AOSP browser, the one that used to be standard before Google started pushing Chrome. It is still standard on ROMs that don't have the proprietary GAPPS installed.
It does not share its UID.

@Allnicknames
Copy link

As far as I can tell this happens with dolphin browser as well. I wrote about it a couple of weeks ago on XDA post # 9282.
internet/connect is generally ignored except for file downloading. shell category fully restricted. view/url restricted.

@M66B
Copy link
Owner

M66B commented May 27, 2014 

05-25 20:46:35.034 W/XPrivacy(2694): On demand 10071/loadUrl(http://www.xprivacy.eu/) view=!restricted?
05-25 20:46:35.034 W/XPrivacy(2694): On demanding 10071/loadUrl(http://www.xprivacy.eu/) view=!restricted?
05-25 20:46:37.404 W/XPrivacy(2694): Blacklisting 10071/loadUrl(http://www.xprivacy.eu/) view=!restricted? xextra=null
05-25 20:46:37.434 W/XPrivacy(2694): Clearing cache for 10071/android.intent.action.VIEW(null) view=!restricted?
05-25 20:46:37.439 W/XPrivacy(2694): Clearing cache for 10071/loadUrl(null) view=!restricted?
05-25 20:46:37.444 W/XPrivacy(2694): Removing 10071:view/loadUrl(http://www.xprivacy.eu/)=true/false
05-25 20:46:37.444 I/XPrivacy(2694): get service 10071/loadUrl(http://www.xprivacy.eu/) view=!restricted? 2421 ms
05-25 20:46:37.449 I/XPrivacy/XWebView(7310): get client 10071/loadUrl(http://www.xprivacy.eu/) view=restricted 2424 ms
05-25 20:46:37.449 I/XPrivacy/XWebSettings(7310): get client 10071/setUserAgentString(null) view=!restricted (cached) 0 ms

loadUrl is successfully restricted on the client side (browser). No other restrictions are hit soon thereafter, so the stock browser is probably using some (hidden) system service or another system component to load the page.

@M66B M66B closed this as completed in 555783b May 27, 2014
@M66B
Copy link
Owner

M66B commented Oct 17, 2014

There is another limitation:

"You can't set the user-agent string used for XMLHttpRequests made from JavaScript. Those requests always use the default user-agent string."
https://developer.chrome.com/multidevice/webview/overview

@M66B M66B mentioned this issue Jan 20, 2015
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug lowprio
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@M66B @an0n981 @Allnicknames