This is extremely handy for Android Phones, as now most third-party Apps from mobile market is now close-sourced and it’s hard to promise its security, but some of this functions may be tempting, so we have to install it and give it permissions what it want at installation stage, and then it may do something we don’t like in the background, now with Lavender we can at least prevent from accessing network if we don’t trust it.
Both linux desktop and Android Phones are now supported(Front-end library and UI support)
Note: root permissions required to install on Android Phones(A native daemon needs to be installed and run as root),and this program heavily depends on some kernel network features which are not quite common during normal use, service daemon will dynamically check available kernel features, and won’t start if it doesn’t meet the basic requrement, check REAME in the source for th detailed requirement of the kernel
Features
- Dynamical network access behavior verdict support
- Self running info and behavior logging support
- Full NFCT log support, by which full network subsystem changes will be logged up
- Full CONNTRACK log support, by which all application’s network connections will be logged up
- Full UEVENT log support, by which all system events and changes will be logged up
TODO:
Android client lacking verdict DB operations support, need to manually clear lavender db to reset lavender networking access rule
Download :
Android : Android platform tgz package (201.7 kB)
Debian : lavender_0.1.3_amd64.deb (893.0 kB)
Sources : https://code.google.com/p/lavender-firewall/