Development discussion of WireGuard
 help / color / mirror / Atom feed
From: "Karaahmetoglu, Ahmet" <ahmet.karaahmetoglu@accenture.com>
To: "wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: [android] Device protected vs. user-credential protected storage, no tunnels before first unlock on modern Android?
Date: Wed, 13 Dec 2023 11:53:29 +0000	[thread overview]
Message-ID: <BL0P114MB08021FF0D2666BECAFB26DA6EF8DA@BL0P114MB0802.NAMP114.PROD.OUTLOOK.COM> (raw)

Dear WireGuard community,

It seems that for accessing tunnel configurations the different components of wireguard-android only support accessing the user-credential protected storage (/data/data/). This path is usually not available before first unlock on modern Android, so WireGuard is not able to access its configuration.

I was wondering if this in on purpose or are there any plans on adding support for device protected storage (/data/data_de/)? Actually, I would assume that storing tunnel configurations there is essential for always_on_vpn_lockdown to be working - which seems to be supported by WireGuard when looking at Android VPN settings. But this can hardly be the case - if I'm not mistaken.

So, any hints/background information about the situation is highly appreciated.

Thank you very much in advance, and kind regards,
Ahmet Karaahmetoglu


________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security, AI-powered support capabilities, and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________

www.accenture.com

                 reply	other threads:[~2023-12-20  5:55 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=BL0P114MB08021FF0D2666BECAFB26DA6EF8DA@BL0P114MB0802.NAMP114.PROD.OUTLOOK.COM \
    --to=ahmet.karaahmetoglu@accenture.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).