AOSP Hikey closed/filtered ports


#1

My Hikey board is running Android 6.0.1 (AOSP master branch), and I’m trying to run an app that uses ports 5000, 7000, 7100, and 48000. However, the app doesn’t work, and nmap reveals that ports 5000 and 48000 are closed, while 7000 and 7100 are filtered. The ports remain closed/filtered even after adding an iptables rule to allow all incoming connections. How can I open these ports?


#2

Hi Emily,

There isn’t really a way to directly ‘open/close’ a port using a command of some sort. You would have to do this directly in the source code of your app, either hard coded or as a user input. Try googling for ‘android sockets programming’ for references. E.g. https://examples.javacodegeeks.com/android/core/socket-core/android-socket-example. Also take note the required permission setup in section 3 of the url.

HTH


#3

So there are no security options one could change in the configuration of the board itself to allow incoming connections?


#4

Hm… not sure if SELinux can be the cause. Are you connecting to a well known service like httpd on those ports? Can you maybe check /var/log/messages or /proc/kmsg to see if there might be a message like ‘SELinux is preventing /usr/sbin/httpd from name_bind access on the tcp_socket port 5000’? To allow binding to a non-standard port, you can use something like ‘semanage port -a -t PORT_TYPE -p tcp 5000’, where PORT_TYPE is one of the following: ntop_port_t, http_cache_port_t, http_port_t [1]. Not sure how you would do this though if you’re not using one of these types.

[1] http://www.techrepublic.com/blog/linux-and-open-source/practical-selinux-port-contexts-and-handling-access-alerts/


#5

To help clarify, we created the app and it runs successfully on many other android devices, including those running betas of 6.0.1. In all cases an nmap scan of the ports (7100 is the example in particular) show open on other devices but filtered on the hikey.

Similarily, in the other devices we can connect to those ports from an external device however the hikey just hangs on connect i.e. telnet 10.x.x.x 7100.

The ports successfully bind, and the problem persists even when SELinux is set in permissive mode.


#6

Bug report submitted @ https://bugs.96boards.org/show_bug.cgi?id=434.
Please track/follow progress there.


#7

I could not reproduce this issue on AOSP master. I have installed telnetd app on hikey and running telnet server listening to 7100 port.

I could connect telnet to host machine.

nmap shows the port as open:
nmap -p 7100-7120 172.16.0.5

Starting Nmap 6.40 ( http://nmap.org ) at 2016-08-12 10:15 IST
Nmap scan report for 172.16.0.5
Host is up (0.027s latency).
PORT STATE SERVICE
7100/tcp open font-service
7101/tcp closed elcn
7102/tcp closed unknown
7103/tcp closed unknown
7104/tcp closed unknown
7105/tcp closed unknown
7106/tcp closed unknown
7107/tcp closed unknown
7108/tcp closed unknown
7109/tcp closed unknown
7110/tcp closed unknown
7111/tcp closed unknown
7112/tcp closed unknown
7113/tcp closed unknown
7114/tcp closed unknown
7115/tcp closed unknown
7116/tcp closed unknown
7117/tcp closed unknown
7118/tcp closed unknown
7119/tcp closed unknown
7120/tcp closed unknown

Please provide the link to the build that you are trying also the apk that you are using to test this.


#8

We’re using AOSP master as well. This is the app we’re testing with: https://play.google.com/store/apps/details?id=com.squirrels.reflector

If it makes any difference, we’re creating the sockets in the JNI layer rather than in the Android application itself.