Skip to content

seemoo-lab/p-box

Repository files navigation

P-Box: Preventing Unwanted Data Flows using Permission Sandboxes on Android

This repository contains the artifact for the paper P-Box: Preventing Unwanted Data Flows using Permission Sandboxes on Android by Lucas Becker, David Breuer, and Matthias Hollick, to appear in Proceedings on Privacy Enhancing Technologies 2026(4).

It includes our complete AOSP 15-based P-Box implementation, a test suite, and several example apps demonstrating the system.

.
├── aosp-image/                        # our AOSP patches + docker file to build them
├── app_benchmarker/                   # Tooling used to record permission-request traces for the performance estimate
├── p-box-compat/                      # P-Box compatibility library for migrating existing apps
├── plots/                             # Generates the performance estimate plots (Figs. 6a-6c) from pre-recorded traces
├── recorder-app/                      # Migrated Fossify VoiceRecorder example app
├── sample-app-flow/                   # Permission flow example app
├── sample-app-map/                    # Sandboxed Map SDK example app
├── sample-app-pocket-maps-compat/     # PocketMaps app using the P-Box compatibility layer
├── test-suite/                        # Test suite validating core P-Box functionality
├── img/                               # Images used in documentation
└── artifact_appendix.md               # Full artifact appendix with setup and evaluation instructions

Requirements

  • Hardware: x86_64 machine; 32 GB RAM + ~32 GB swap recommended to avoid OOM issues. ~600 GB free disk space for a full build.
  • Software: Recent Linux (tested on Ubuntu 24.04.4 LTS), git + git-lfs, docker-ce, kernel modules vhci_hcd, vhost_net, vhost_vsock, and a Chrome-compatible browser.
  • Time: ~30–45 minutes of human interaction, ~3 hours of compute time.

Quick Start

This section explains how to run our modified AOSP build on the Cuttlefish emulator. You can also run our prototype on real hardware by modifying the build target in line 19 of the aosp-image/entrypoint.sh script.

  1. Install git, git-lfs, docker-ce, and Chrome; set up swap space if needed depending on your hardware.
  2. Install cuttlefish support files and reboot to apply udev rules & kernel modules.
# prepare emulator support files
sudo curl -fsSL https://us-apt.pkg.dev/doc/repo-signing-key.gpg \
    -o /etc/apt/trusted.gpg.d/artifact-registry.asc
sudo chmod a+r /etc/apt/trusted.gpg.d/artifact-registry.asc
echo "deb https://us-apt.pkg.dev/projects/android-cuttlefish-artifacts android-cuttlefish main" \
    |  sudo tee -a /etc/apt/sources.list.d/artifact-registry.list
sudo apt-get update -y
sudo apt-get install -y cuttlefish-base cuttlefish-user cuttlefish-orchestration
reboot
  1. Ensure the required kernel modules are loaded.
sudo modprobe vhci_hcd
sudo modprobe vhost_net
sudo modprobe vhost_vsock

# and check their presence:
lsmod | grep -E '(vhci_hcd|vhost_net|vhost_vsock)'
  1. Clone this repository:
git clone https://github.com/seemoo-lab/p-box.git
cd p-box
  1. Build and start the emulator:
docker build -t pbox-eval aosp-image
docker run -it --rm -v"$(pwd)/aosp-image/out:/data" --privileged \
 --device /dev/vhost-vsock --device /dev/vhost-net --device /dev/kvm \
 --net host pbox-eval:latest

This process takes some time, it is finished when you see a line with (connection reset messages might follow it, which is normal behavior):

Virtual device booted successfully

Sometimes, Google's repo client might hang for unknown reasons when syncing. In that case, you can simply restart the container, and it will continue from the previous state. Keep this container running and execute all subsequent experiments in a new terminal instance.

  1. Extract the AOSP SDK and open the emulator at https://localhost:8443/ in Chrome.
unzip -q aosp-image/out/out/host/linux-x86/sdk/aosp_cf_x86_64_only_phone/android-sdk_linux-x86.zip
ls android-sdk_linux-x86/

Expected output:

add-ons  docs  documentation.html  platforms  RELEASE_NOTES.html  samples

You should see a window like this:

Cuttlefish booted successfully

Full testing and experiment instructions (including how to build and run each example app and generate the performance plots) are provided in the artifact appendix included in this repository.

Security Note

The emulator uses the host's network stack and binds to all interfaces by default. Run it behind a firewall or within a trusted network. Our modified Android is a research prototype and is neither safe nor secure for use in production.

License / Citation

See repository files for license information.

About

Artifact for the paper P-Box: Preventing Unwanted Data Flows using Permission Sandboxes on Android

Topics

Resources

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors