I have a requirement for similar task as mentioned in this link.. Passive monitoring of sockets in Android. One way is parsing the /proc/net/{tcp,udp,...} tables. But we have to keep on reading continuously for keep on monitoring; which is not efficient way. As it will be a mobile device app, it will eat up the battery as it requires CPU Time for keep on monitoring for time interval (say 1 sec).
But, I am looking for an event based approach. As I googled about the same, I ended with NETLINK for monitoring the sockets. But I observe that Android NDK doesn't have support for the
#include <linux/sock_diag.h>
#include <linux/inet_diag.h>
#include <linux/unix_diag.h>
#include <linux/packet_diag.h>
#include <linux/netlink_diag.h>
Does anyone tried using NETLINK in Android for monitoring the INET sockets? If so please share the information.
Thanks.
UPDATE: I tried copy pasting the above mentioned files in the "jni" folder and built using ndk-build. Building was successful and also no crashes at the runtime. But, socket creation of type
socket(AF_NETLINK, SOCK_DGRAM, NETLINK_INET_DIAG)
is failing with error EACCES(13) - Permission to create a socket of the specified type and/or protocol is denied.
Any suggestions how to proceed further?
In Android Lollipop, Security Enhanced Linux (SELinux) in Android is enabled in "enforce" mode. By observing/looking at the sandbox definitions Android Source Code - SE Policy of the app.te (Below pasted excerpt), there will not be any supports for the netlink sockets.
# Privileged netlink socket interfaces.
neverallow appdomain
self:{
netlink_socket
netlink_firewall_socket
netlink_tcpdiag_socket
netlink_nflog_socket
netlink_xfrm_socket
netlink_audit_socket
netlink_ip6fw_socket
netlink_dnrt_socket
} *;