If I launch some C code with the JNI in my Android application, is there a way I could limit that C code to access only a specific folder in my application folder, so sandboxing it to just a specific sub-folder of my application folder?
From my understanding the native C code invoking syscalls in the context of a Android application is sandboxed to the files of that application, following the general application sandboxing design. But I would like to specify that the C code and all of its shared libraries will only be able to access i.e. the "c_storage" folder within my application storage.
I tried with the overriding the POSIX symbols, this works but of course a shared module could work around that with dlsym.