Building an Anrdoid-like permissions interface for Linux desktops

[martinruenz]

Project description

Sometimes it is useful to employ 3rd-party software (which might be closed source) that you can not fully trust. Currently, there is no user-friendly way – at least that I am aware of – which would allow you to limit the permissions of such an application. Common mobile operating systems offer some form of privilege management, so that the user can grant permissions, such as accessing contacts, on a per application level. In my opinion, in would be very convenient and lead to a higher level of security to have an equivalent interface under Linux. After all, it is an ordinary wish to use closed-source software, but I don’t think providing access to all personal files is the best default behaviour.

Of course, the system architecture of a mobile OS differs greatly from the one of a Linux desktop. But I think that AppArmor profiles could be managed by a GUI to yield a similar user experience.

Here is a rough mockup of how the controls for a single application could look like:

Questions:

• How to collect a list of the applications that are managed by the interface?
  Possible solution: Collect all executables in the current path environment and offer the ability to manually add executables.

• What kind of permissions would be managed?
  Initially, I think just granting read / write privileges to files and directories would be a good starting point. At a later stage a nice extension would be to control special privileges such as network or webcam access etc.

Relevant Technology

• Linux
• AppArmor

The interface itself could be written in various languages. Using python ant gtk would certainly be one popular option.

Who is this for

Creating the GUI itself is trivial and could be done by a novice developer. The more sophisticated part is the management of AppArmor rules and having a strong knowledge of linux systems would certainly help here. I think creating a first prototype shouldn't take too long and an intermediate level should be good enough for development.

Further reading

• A stackexchange discussion on how to restrict the privileges of a single application

[KOLANICH]

Also:
https://github.com/netblue30/firejail - a sandbox for linux

[fluks]

You can use AppArmor as a blackilist if you first allow everything. I remembered first, that this was not possible. If you use it as a whitelist, then you would need to distribute profiles for programs.

https://lists.ubuntu.com/archives/apparmor/2016-June/009790.html

Maybe allow everything, then deny the things you want to control as a default. If you want to first control only $HOME file operations.

capability,
network,
file,
mount,
ptrace,
signal,
unix,
change_profile,
dbus,
pivot_root,
umount,

deny @{HOME}/ rw,
deny @{HOME}/** rw,