VPN permissions (to access /dev/net/tun without Superuser) #6
Comments
|
Also, I guess, it'd need some network-related (possibly, MODIFY_NETWORK_ACCOUNTING, or something like that) permissions to be able to manage IP-addresses (via iproute2) on tun-interface from tinc-up script |
|
Actually, manuals says that it is android.permission.BIND_VPN_SERVICE |
|
I can confirm this issue exists on google nexus 4 (2012 generation) with android 4.4.2 as well. |
|
Looked like a good lead. However BIND_VPN_SERVICE permissions simply allows to build a simple VPN service, without giving direct access to /dev/tun file of vpn group (at least from what I see). Duplicate of #5. |
Hi.
I just noticed that tinc-gui doesn't notice in Manifest that it needs vpn privileges, so then it can't access tun interface, because at least on my device it is:
shell@android:/etc/tinc/mva # ls /dev/tun -l
crw-rw---- system vpn 10, 200 1970-08-14 18:08 tun
(so, tinc app should have vpn group pemissions to have access).
P.S. Also, I think, it'd be nice to have some minimalistic internal text editor (it'll allow to keep tinc config directory and files inaccessible by other apps)
The text was updated successfully, but these errors were encountered: