RAW socket using NDK

[Madhav]

Hi,

Im trying to create a RAW socket using the NDK.
However the socket command is failing with errno EPERM(operation not
allowed) .
I already have permission for INTERNET set in my AndroidManifest.xml.
I think the problem has to do with root access ...
Does any one have an idea of how to resolve this?

Thanks in Advance

Madhav

[Tim Hutt]

2009/9/27 Madhav <madhav...@gmail.com>:

You can't. As with listening on ports under 1024 you have to be root.
Again, this doesn't make much sense on a phone. Bug google about it.
(Unless there is a legitimate security reason for this limitation?; I
can't think of any.)

Raw man page: "Only processes with an effective user ID of 0 [i.e.
root] or the CAP_NET_RAW capability are allowed to open raw sockets."

[Tim Hutt]

2009/9/28 Tim Hutt <tdh...@gmail.com>:

> 2009/9/27 Madhav <madhav...@gmail.com>:
>>
>> Hi,
>>
>> Im trying to create a RAW socket using the NDK.
>> However the socket command is failing with errno EPERM(operation not
>> allowed) .
>> I already have permission for INTERNET set in my AndroidManifest.xml.
>> I think the problem has to do with root access ...
>> Does any one have an idea of how to resolve this?
>
> You can't. As with listening on ports under 1024 you have to be root.
> Again, this doesn't make much sense on a phone. Bug google about it.

In fact, Google: consider this an official bugging. Please would you
add CAP_NET_BIND_SERVICE, CAP_NET_RAW, and CAP_NET_BROADCAST (and
maybe CAP_NET_ADMIN - might be useful for tethering/firewall apps) to
a new android permission (say, 'advanced_internet').

Thanks,

Tim

PS: Yes I know this is a futile request.
PPS: Yeah this should probably be in android-platform, but I expect it
would be equally futile there, so meh.

[Jack Palevich]

Unfortunately this newsgroup is not a very good place to request new Android features.

If you would like to report a bug or request a feature, please do so using the issue tracker:

http://code.google.com/p/android/issues/list

If you still want to discuss this issue publicly, please use android-platform or android-dev, as the issue is not directly related to the NDK.

Another approach, if you are ambitious, is to submit a patch:

http://source.android.com/submit-patches

(But before you develop a patch, consider posting on android-platform to see if you can get someone from Google to commit to the idea that such a patch would be a good idea, and maybe help you get it into the code base. I'm not familiar with the networking security implications of allowing Android apps to open lower socket numbers.)

[Tim Hutt]

2009/9/28 Jack Palevich <jac...@google.com>:

> Unfortunately this newsgroup is not a very good place to request new Android
> features.
>
> If you would like to report a bug or request a feature, please do so using
> the issue tracker:
>
> http://code.google.com/p/android/issues/list

Created an issue here: http://code.google.com/p/android/issues/detail?id=4039

[Madhav]

Thanks for the pointers.
I wanted to create a raw socket to receive ICMP packets
Dont think it will be possible now...

Thanks
Madhav

On Sep 28, 12:33 pm, Tim Hutt <tdh...@gmail.com> wrote:
> 2009/9/28 Jack Palevich <jack...@google.com>:

[GC]

> You can't. As with listening on ports under1024you have to be root.

> Again, this doesn't make much sense on a phone. Bug google about it.

> (Unless there is a legitimatesecurityreason for this limitation?; I

> can't think of any.)
>

The reason is as legitimate on a a phone as it is anywhere else you
run IP services. In fact, I'd argue it makes a lot more sense on a
phone like Android than it does on your typical desktop as people seem
willing to install just about anything on their phone. Google simply
needs to provide an API which allows for proper permissions to be
requested at the API layer such that users can be properly informed
when install services request protected ports.

As you said, the capabilities need to be made available via an API for
applications.