Android app: allowing socket access for a program

I am trying to develop an app which calls a external program (written in C) using the Runtime.getRuntime().exec method. This program is basically an gstreamer-based RTSP server, and it works good if I run from the Android command prompt. However, when开发者_C百科 I run the program from the app, I am getting the following error.

Failed to bind socket (Permission denied)

I had given the network access in my AndroidManifest.xml file.

<uses-permission android:name="android.permission.INTERNET"></uses-permission>

I also tried this:

String cmd = "ping localhost";
Runtime.getRuntime().exec(cmd);

For which I got:

ping: icmp open socket: Operation not permitted

I also tried to run an another program from an app (which shows an image on the Android screen - surfaceflinger sink). So, I included android.permission.ACCESS_SURFACE_FLINGER in the manifest file. However, it wasn't able to display on surfaceflinger sink.

So, I have a feeling that these permissions are not passed on to these external programs. Is there a way to achieve this? I don't want to convert these C-based programs to Java.

Separate executables are not officially supported, though that's probably not your problem here.

Internet permission is implemented via unix group membership, and it should track to stand alone executables because they run as the same user id as the launching application - that's why, for example a local terminal application can let you use command-line networking applications in its shell. So perhaps you have some other problem, such as trying to bind to a privileged port or one that is already in use. Technically, the permission check is on the creation of AF_INET sockets rather than at binding, so if your error message is accurate, it is not indicating a lack on Internet permission (though the error could be imprecise and indicate that something in the chain of events leading up to a bound socket is failing).

ICMP and ping present an interesting situation; I don't think 3rd-party apps can get NET_RAW so instead the setgid bit is used to give the net_raw group to the stock ping executable - if you are using your own, it probably wouldn't have that and wouldn't work.

iirc ACCESS_SURFACE_FLINGER is not a permission available to 3rd-party applications.