Socket Call fails

[jm]

I tried adding the below code into the native C function to create a
socket.

{
jint r;
r=socket(AF_INET, SOCK_DGRAM, 17);
LOGD("Return Value from socket=%d %d", r, errno);
....
}

Return Value from socket=-1 13
13 (EACCES)

How to get the create socket to work?

jm

[Jack Palevich]

It sounds like your APK does not have the INTERNET permission set. Try adding

<uses-permission android:name="android.permission.INTERNET" />

to your AndroidManifest.xml file.


See:

http://developer.android.com/guide/topics/security/security.html

[Lewis Z.]

I have similar issues with netlink socket. I'm able to create the
socket but fail to bind it. Other than the
INTERNET permission, I have also added the ACCESS_NETWORK_STATE
permission. But it doesn't help.

On Jul 2, 9:40 am, Jack Palevich <jack...@google.com> wrote:
> It sounds like your APK does not have the INTERNET permission set. Try adding
>
>     <uses-permission android:name="android.permission.INTERNET" />
>
>  to your AndroidManifest.xml file.
>
> See:
>
> http://developer.android.com/guide/topics/security/security.html
>

[Tim Hutt]

2009/7/2 Lewis Z. <lzh...@gmail.com>:

> I have similar issues with netlink socket. I'm able to create the
> socket but fail to bind it. Other than the
> INTERNET permission, I have also added the ACCESS_NETWORK_STATE
> permission. But it doesn't help.

I think you have to be root to listen on ports lower than 1024 in linux.

[Lewis Z.]

That's what we suspect because we can bind netlink socket with a
command line application.

For Android applications, how can we work around this root problem?
Any suggestion?

Thank you for the reply.

[jm]

Thanks. Adding the INTERNET permission has resolved the socket
creation issue.

jm

> > I think you have to be root to listen on ports lower than 1024 in linux.- Hide quoted text -
>
> - Show quoted text -

[Tim Hutt]

2009/7/7 Lewis Z. <lzh...@gmail.com>:
> Hi Tim,
>
> Are you suggesting there is no way that user application can listen on
> ports lower than 1024?

Yes. Unless Google have changed it. From the ip man page: "The port
numbers below 1024 are called reserved ports. Only privileged
processes (i.e., those having the CAP_NET_BIND_SERVICE capability) may
bind(2) to these sockets."

> Do you have any suggestion? Thanks.

1. Root your device.
2. Ask Google to fix this or submit a patch yourself. This 'security'
measure dates back to the old days of unix. It was a bad idea and
probably reduces security since it resulted in all manner of servers
(web, ftp, etc.) running as root. Either way there's no reason to have
it on a phone.

Good link: http://calum.org/posts/root-to-bind-to-ports-under-1024

Just out of interest, what are you writing? I can only thing of one
useful thing that need a port less than 1024: running samba (or
something simpler) so you can share files with windows machines over
wifi.

[Roman]

What's about to run on native a program as root which can access the
ports lower than 1024. This program would act as a server. You could
communicate from a client (your JNI code) with the server to access
the ports.

--
Roman Baumgaertner
Sr. SW Engineer-OSDC
·T· · ·Mobile· stick together
The views, opinions and statements in this email are those of the
author solely in their individual capacity, and do not necessarily
represent those of T-Mobile USA, Inc.

[Paton Lewis]

> > Are you suggesting there is no way that user application can listen on
> > ports lower than 1024?
>
> Yes. Unless Google have changed it. From the ip man page: "The port
> numbers below 1024 are called reserved ports. Only privileged
> processes (i.e., those having the CAP_NET_BIND_SERVICE capability) may
> bind(2) to these sockets."
>
> > Do you have any suggestion? Thanks.
>
> 1. Root your device.
> 2. Ask Google to fix this or submit a patch yourself. This 'security'
> measure dates back to the old days of unix. It was a bad idea and
> probably reduces security since it resulted in all manner of servers
> (web, ftp, etc.) running as root. Either way there's no reason to have
> it on a phone.

This is a problem for us as well. Can someone from Google please
comment on this issue?

[David Turner]

On Sat, Jul 11, 2009 at 12:24 AM, Paton Lewis <pal...@adobe.com> wrote:

This is a problem for us as well. Can someone from Google please
comment on this issue?

I'd suggest trying on android-platform instead, since this also affects VM code, and is
really a general platform security issue.
 

[Paton Lewis]

> > This is a problem for us as well. Can someone from Google please
> > comment on this issue?
>
> I'd suggest trying on android-platform instead, since this also affects VM
> code, and is
> really a general platform security issue.

For reference, here is the android-platform thread on the topic:
http://groups.google.com/group/android-platform/browse_thread/thread/35bc1e75fe22e7e3/934b4aaf018e9660?hl=en&lnk=gst&q=port+1024#934b4aaf018e9660

[Lewis Z.]

IMHO, the NDK really should provide a general solution to this common
issue. As in MS Windows, there is a standard way for user applications
to access the miniport drivers.

On Jul 13, 1:11 pm, Paton Lewis <pale...@adobe.com> wrote:
> > > This is a problem for us as well. Can someone from Google please
> > > comment on this issue?
>
> > I'd suggest trying on android-platform instead, since this also affects VM
> > code, and is
> > really a general platform security issue.
>

> For reference, here is the android-platform thread on the topic:http://groups.google.com/group/android-platform/browse_thread/thread/...