Does PROT_SOCK even make sense in android?
16 views
Skip to first unread message
Jason Newton
Dec 14, 2015, 4:03:32 PM12/14/15
to Android Linux Kernel Development
Hi
I have an application I'm writing that uses SNMP and unfortunately, that protocol expects the application's host system to have port 162 binded to receive requested data. That doesn't work on stock android with apps without root permission. To me, this limit makes absolutely no sense these days, especially on an android phone. So I figured I'd ask here rather than the general LKML where they might have more legacy concerns - can it be removed from android kernels going forward? It's as simple as changing PROT_SOCK to 0 but it completely depends on upstream/vendors doing this. It also depends and possibly becomes even more pointless with 5.0+ using selinux in enforcing mode.
I seem to have no recourse at the moment as I cannot inject another node to translate the port between the systems I want to talk to and I cannot root the phone or provide a custom images. But I'll tell you what odd thing I can do... I can use the USB Host api to steal the ethernet device I'm sending packets over - not that I want to do that at all, but I am amazed I can hijack the device yet not bind to port 162.
Advice/ideas? Acceptance of nuking PROT_SOCK?
-Jason
I have an application I'm writing that uses SNMP and unfortunately, that protocol expects the application's host system to have port 162 binded to receive requested data. That doesn't work on stock android with apps without root permission. To me, this limit makes absolutely no sense these days, especially on an android phone. So I figured I'd ask here rather than the general LKML where they might have more legacy concerns - can it be removed from android kernels going forward? It's as simple as changing PROT_SOCK to 0 but it completely depends on upstream/vendors doing this. It also depends and possibly becomes even more pointless with 5.0+ using selinux in enforcing mode.
I seem to have no recourse at the moment as I cannot inject another node to translate the port between the systems I want to talk to and I cannot root the phone or provide a custom images. But I'll tell you what odd thing I can do... I can use the USB Host api to steal the ethernet device I'm sending packets over - not that I want to do that at all, but I am amazed I can hijack the device yet not bind to port 162.
Advice/ideas? Acceptance of nuking PROT_SOCK?
-Jason
Reply all
Reply to author
Forward
0 new messages