Hardware interface access control for mobile applications
First Claim
1. A method comprising:
- implementing a virtual interface capable of providing applications on a mobile device with access to any network interface in a set of network interfaces, the applications restricted from accessing the network interfaces without using the virtual interface, the virtual interface provided by a virtual private network client executing in a kernel layer of an operating system of the mobile device;
configuring, by the virtual private network client, the virtual interface to form a first virtual interface for a first application on the mobile device to cause a first network interface in the set of network interfaces to be made accessible to the first application, the first network interface being selected by the virtual private network client for the first application from the set of network interfaces based on an access permission associated with the first application and in response to detection of a query from the first application for a list of available network interfaces, the first network interface that is selected and made accessible to the first application via the first virtual interface being unknown to the first application; and
providing the first application with access to the first network interface via the first virtual interface after the virtual private network client has established a virtual private network connection with a first destination, the virtual private network client to establish the virtual private network connection in response to the detection of the query from the first application for the list of available network interfaces, wherein the first application executes in at least one of an application layer of the operating system different from the kernel layer of the operating system or in a network accessible by the mobile device, and the virtual private network client executes persistently in a background process.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, articles of manufacture, and apparatus for hardware interface access control for mobile applications are disclosed. A disclosed example method includes restricting an application from accessing a set of hardware interfaces of a mobile device, and providing a virtual interface to the application via which the application is to access a first hardware interface in the set of hardware interfaces, the virtual interface provided by a program in a kernel layer of an operating system of the mobile device to control at least one of access or a method of access to the first hardware interface in the set of hardware interfaces, the first hardware interface that is accessible via the virtual interface being unknown to the application.
107 Citations
17 Claims
-
1. A method comprising:
-
implementing a virtual interface capable of providing applications on a mobile device with access to any network interface in a set of network interfaces, the applications restricted from accessing the network interfaces without using the virtual interface, the virtual interface provided by a virtual private network client executing in a kernel layer of an operating system of the mobile device; configuring, by the virtual private network client, the virtual interface to form a first virtual interface for a first application on the mobile device to cause a first network interface in the set of network interfaces to be made accessible to the first application, the first network interface being selected by the virtual private network client for the first application from the set of network interfaces based on an access permission associated with the first application and in response to detection of a query from the first application for a list of available network interfaces, the first network interface that is selected and made accessible to the first application via the first virtual interface being unknown to the first application; and providing the first application with access to the first network interface via the first virtual interface after the virtual private network client has established a virtual private network connection with a first destination, the virtual private network client to establish the virtual private network connection in response to the detection of the query from the first application for the list of available network interfaces, wherein the first application executes in at least one of an application layer of the operating system different from the kernel layer of the operating system or in a network accessible by the mobile device, and the virtual private network client executes persistently in a background process. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A tangible computer readable storage device comprising machine readable instructions that, when executed, cause a machine to perform operations comprising:
-
implementing a virtual interface capable of providing applications with access to any network interface in a set of network interfaces, the applications restricted from accessing the network interfaces without using the virtual interface, the virtual interface provided by a virtual private network client executing in a kernel layer of an operating system of the mobile device; configuring the virtual interface to form a first virtual interface for a first application on the mobile device to cause a first network interface in the set of network interfaces to be made accessible to the first application, the first network interface to be selected for the first application from the set of network interfaces based on an access permission associated with the first application and in response to detection of a query from the first application for a list of available network interfaces, the first network interface that is selected and made accessible to the first application via the first virtual interface being unknown to the first application; and providing the first application with access to the first network interface via the first virtual interface after the virtual private network client has established a virtual private network connection with a first destination, the virtual private network client to establish the virtual private network connection in response to the detection of the query from the first application for the list of available network interfaces, wherein the application is to execute in at least one of an application layer of the operating system different from the kernel layer of the operating system or in a network accessible by the mobile device, and the virtual private network client is to execute persistently in a background process. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A mobile device comprising:
-
a set of network interfaces; a first memory having machine readable instructions stored thereon; a processor to execute the instructions to perform operations comprising; determining whether a first application on the mobile device is authorized to access any of the network interfaces in the set; implementing a virtual interface capable of providing applications with access to any network interface in the set of network interfaces, the virtual interface to be provided by a virtual private network client integrated in a kernel layer of an operating system of the mobile device; instantiating a first instance of the virtual interface for the first application, the first instance of the virtual interface to cause a first network interface in the set of network interfaces to be made accessible to the first application, the first network interface to be selected for the first application from the set of network interfaces based on an access permission associated with the first application and in response to detection of a query from the first application for a list of available network interfaces, the first network interface that is selected and made accessible to the first application via the first instance of the virtual interface being unknown to the first application, but being one of a first subset of network interfaces the first application is permitted to access; and providing the first application with access to the first network interface via the first instance of the virtual interface after the virtual private network client has established a virtual private network connection with a first destination, the virtual private network client to establish the virtual private network connection in response to the detection of the query from the first application for the list of available network interfaces, wherein the first application is to execute in at least one of an application layer of the operating system different from the kernel layer of the operating system or in a network accessible by the mobile device, and the virtual private network client is to execute persistently in a background process. - View Dependent Claims (14, 15, 16, 17)
-
Specification