selectively disable/enable transproxy rules
This commit is contained in:
parent
5a9b9dc5b1
commit
6955c44e36
|
@ -336,14 +336,18 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
return code;
|
return code;
|
||||||
}*/
|
}*/
|
||||||
|
|
||||||
public int setTransparentProxyingByApp(Context context, ArrayList<TorifiedApp> apps) throws Exception
|
public int setTransparentProxyingByApp(Context context, ArrayList<TorifiedApp> apps, boolean enableRule) throws Exception
|
||||||
{
|
{
|
||||||
String ipTablesPath = getIpTablesPath(context);
|
String ipTablesPath = getIpTablesPath(context);
|
||||||
|
|
||||||
//StringBuilder script = new StringBuilder();
|
//StringBuilder script = new StringBuilder();
|
||||||
|
|
||||||
|
String action = " -A ";
|
||||||
String srcChainName = "OUTPUT";
|
String srcChainName = "OUTPUT";
|
||||||
|
|
||||||
|
if (!enableRule)
|
||||||
|
action = " -D ";
|
||||||
|
|
||||||
//run the delete commands in a separate process as it might error out
|
//run the delete commands in a separate process as it might error out
|
||||||
//String[] cmdExecClear = {script.toString()};
|
//String[] cmdExecClear = {script.toString()};
|
||||||
//code = TorServiceUtils.doShellCommand(cmdExecClear, res, runRoot, waitFor);
|
//code = TorServiceUtils.doShellCommand(cmdExecClear, res, runRoot, waitFor);
|
||||||
|
@ -376,7 +380,7 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
// Allow loopback
|
// Allow loopback
|
||||||
script.append(ipTablesPath);
|
script.append(ipTablesPath);
|
||||||
script.append(" -t filter");
|
script.append(" -t filter");
|
||||||
script.append(" -A ").append(srcChainName);
|
script.append(action).append(srcChainName);
|
||||||
script.append(" -m owner --uid-owner ");
|
script.append(" -m owner --uid-owner ");
|
||||||
script.append(tApp.getUid());
|
script.append(tApp.getUid());
|
||||||
script.append(" -o lo");
|
script.append(" -o lo");
|
||||||
|
@ -388,7 +392,7 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
// Set up port redirection
|
// Set up port redirection
|
||||||
script.append(ipTablesPath);
|
script.append(ipTablesPath);
|
||||||
script.append(" -t nat");
|
script.append(" -t nat");
|
||||||
script.append(" -A ").append(srcChainName);
|
script.append(action).append(srcChainName);
|
||||||
script.append(" -p tcp");
|
script.append(" -p tcp");
|
||||||
script.append(ALLOW_LOCAL);
|
script.append(ALLOW_LOCAL);
|
||||||
script.append(" -m owner --uid-owner ");
|
script.append(" -m owner --uid-owner ");
|
||||||
|
@ -403,7 +407,7 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
// Same for DNS
|
// Same for DNS
|
||||||
script.append(ipTablesPath);
|
script.append(ipTablesPath);
|
||||||
script.append(" -t nat");
|
script.append(" -t nat");
|
||||||
script.append(" -A ").append(srcChainName);
|
script.append(action).append(srcChainName);
|
||||||
script.append(" -p udp");
|
script.append(" -p udp");
|
||||||
script.append(" -m owner --uid-owner ");
|
script.append(" -m owner --uid-owner ");
|
||||||
script.append(tApp.getUid());
|
script.append(tApp.getUid());
|
||||||
|
@ -418,7 +422,7 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
// Reject all other outbound packets
|
// Reject all other outbound packets
|
||||||
script.append(ipTablesPath);
|
script.append(ipTablesPath);
|
||||||
script.append(" -t filter");
|
script.append(" -t filter");
|
||||||
script.append(" -A ").append(srcChainName);
|
script.append(action).append(srcChainName);
|
||||||
script.append(" -m owner --uid-owner ");
|
script.append(" -m owner --uid-owner ");
|
||||||
script.append(tApp.getUid());
|
script.append(tApp.getUid());
|
||||||
script.append(ALLOW_LOCAL);
|
script.append(ALLOW_LOCAL);
|
||||||
|
@ -500,40 +504,7 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
mTorService.debug(msg);
|
mTorService.debug(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
public int clearTransparentProxyingAll(Context context) throws Exception
|
|
||||||
{
|
|
||||||
|
|
||||||
String ipTablesPath = getIpTablesPath(context);
|
|
||||||
|
|
||||||
StringBuilder script = new StringBuilder();
|
|
||||||
|
|
||||||
Shell shell = Shell.startRootShell();
|
|
||||||
|
|
||||||
String chainName = "OUTPUT";
|
|
||||||
|
|
||||||
script = new StringBuilder();
|
|
||||||
script.append(ipTablesPath);
|
|
||||||
script.append(" -t nat");
|
|
||||||
script.append(" -F ").append(chainName); //delete previous user-defined chain
|
|
||||||
|
|
||||||
executeCommand (shell, script.toString());
|
|
||||||
script = new StringBuilder();
|
|
||||||
|
|
||||||
|
|
||||||
script = new StringBuilder();
|
|
||||||
|
|
||||||
script.append(ipTablesPath);
|
|
||||||
script.append(" -t filter");
|
|
||||||
script.append(" -F ").append(chainName); //delete previous user-defined chain
|
|
||||||
|
|
||||||
int lastExit = executeCommand (shell, script.toString());
|
|
||||||
|
|
||||||
shell.close();
|
|
||||||
|
|
||||||
clearAllIPv6Filters(context);
|
|
||||||
|
|
||||||
return lastExit;
|
|
||||||
}
|
|
||||||
|
|
||||||
public int fixTransproxyLeak (Context context) throws Exception
|
public int fixTransproxyLeak (Context context) throws Exception
|
||||||
{
|
{
|
||||||
|
@ -609,10 +580,19 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
return lastExit;
|
return lastExit;
|
||||||
}
|
}
|
||||||
|
|
||||||
public int setTransparentProxyingAll(Context context) throws Exception
|
public int setTransparentProxyingAll(Context context, boolean enable) throws Exception
|
||||||
{
|
{
|
||||||
|
|
||||||
|
String action = " -A ";
|
||||||
|
String srcChainName = "OUTPUT";
|
||||||
|
|
||||||
|
if (!enable)
|
||||||
|
action = " -D ";
|
||||||
|
|
||||||
|
if (enable)
|
||||||
dropAllIPv6Traffic(context,-1);
|
dropAllIPv6Traffic(context,-1);
|
||||||
|
else
|
||||||
|
clearAllIPv6Filters(context);
|
||||||
|
|
||||||
String ipTablesPath = getIpTablesPath(context);
|
String ipTablesPath = getIpTablesPath(context);
|
||||||
|
|
||||||
|
@ -620,15 +600,13 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
|
|
||||||
int torUid = context.getApplicationInfo().uid;
|
int torUid = context.getApplicationInfo().uid;
|
||||||
|
|
||||||
String srcChainName = "OUTPUT";
|
|
||||||
|
|
||||||
StringBuilder script = new StringBuilder();
|
StringBuilder script = new StringBuilder();
|
||||||
|
|
||||||
// Allow everything for Tor
|
// Allow everything for Tor
|
||||||
|
|
||||||
script.append(ipTablesPath);
|
script.append(ipTablesPath);
|
||||||
script.append(" -t nat");
|
script.append(" -t nat");
|
||||||
script.append(" -A ").append(srcChainName);
|
script.append(action).append(srcChainName);
|
||||||
script.append(" -m owner --uid-owner ");
|
script.append(" -m owner --uid-owner ");
|
||||||
script.append(torUid);
|
script.append(torUid);
|
||||||
script.append(" -j ACCEPT");
|
script.append(" -j ACCEPT");
|
||||||
|
@ -640,7 +618,7 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
|
|
||||||
script.append(ipTablesPath);
|
script.append(ipTablesPath);
|
||||||
script.append(" -t nat");
|
script.append(" -t nat");
|
||||||
script.append(" -A ").append(srcChainName);
|
script.append(action).append(srcChainName);
|
||||||
script.append(" -o lo");
|
script.append(" -o lo");
|
||||||
script.append(" -j ACCEPT");
|
script.append(" -j ACCEPT");
|
||||||
|
|
||||||
|
@ -650,7 +628,7 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
// Set up port redirection
|
// Set up port redirection
|
||||||
script.append(ipTablesPath);
|
script.append(ipTablesPath);
|
||||||
script.append(" -t nat");
|
script.append(" -t nat");
|
||||||
script.append(" -A ").append(srcChainName);
|
script.append(action).append(srcChainName);
|
||||||
script.append(" -p tcp");
|
script.append(" -p tcp");
|
||||||
script.append(ALLOW_LOCAL); //allow access to localhost
|
script.append(ALLOW_LOCAL); //allow access to localhost
|
||||||
script.append(" -m owner ! --uid-owner ");
|
script.append(" -m owner ! --uid-owner ");
|
||||||
|
@ -665,7 +643,7 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
// Same for DNS
|
// Same for DNS
|
||||||
script.append(ipTablesPath);
|
script.append(ipTablesPath);
|
||||||
script.append(" -t nat");
|
script.append(" -t nat");
|
||||||
script.append(" -A ").append(srcChainName);
|
script.append(action).append(srcChainName);
|
||||||
script.append(" -p udp");
|
script.append(" -p udp");
|
||||||
script.append(ALLOW_LOCAL); //allow access to localhost
|
script.append(ALLOW_LOCAL); //allow access to localhost
|
||||||
script.append(" -m owner ! --uid-owner ");
|
script.append(" -m owner ! --uid-owner ");
|
||||||
|
@ -684,7 +662,7 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
//XXX: Comment the following rules for non-debug builds
|
//XXX: Comment the following rules for non-debug builds
|
||||||
script.append(ipTablesPath);
|
script.append(ipTablesPath);
|
||||||
script.append(" -t filter");
|
script.append(" -t filter");
|
||||||
script.append(" -A ").append(srcChainName);
|
script.append(action).append(srcChainName);
|
||||||
script.append(" -p udp");
|
script.append(" -p udp");
|
||||||
script.append(" --dport ");
|
script.append(" --dport ");
|
||||||
script.append(STANDARD_DNS_PORT);
|
script.append(STANDARD_DNS_PORT);
|
||||||
|
@ -697,7 +675,7 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
|
|
||||||
script.append(ipTablesPath);
|
script.append(ipTablesPath);
|
||||||
script.append(" -t filter");
|
script.append(" -t filter");
|
||||||
script.append(" -A ").append(srcChainName);
|
script.append(action).append(srcChainName);
|
||||||
script.append(" -p tcp");
|
script.append(" -p tcp");
|
||||||
script.append(" -j LOG");
|
script.append(" -j LOG");
|
||||||
script.append(" --log-prefix='ORBOT_TCPLEAK_PROTECTION'");
|
script.append(" --log-prefix='ORBOT_TCPLEAK_PROTECTION'");
|
||||||
|
@ -711,7 +689,7 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
//allow access to transproxy port
|
//allow access to transproxy port
|
||||||
script.append(ipTablesPath);
|
script.append(ipTablesPath);
|
||||||
script.append(" -t filter");
|
script.append(" -t filter");
|
||||||
script.append(" -A ").append(srcChainName);
|
script.append(action).append(srcChainName);
|
||||||
script.append(" -p tcp");
|
script.append(" -p tcp");
|
||||||
script.append(" -m tcp");
|
script.append(" -m tcp");
|
||||||
script.append(" --dport ").append(mTransProxyPort);
|
script.append(" --dport ").append(mTransProxyPort);
|
||||||
|
@ -723,7 +701,7 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
//allow access to local SOCKS port
|
//allow access to local SOCKS port
|
||||||
script.append(ipTablesPath);
|
script.append(ipTablesPath);
|
||||||
script.append(" -t filter");
|
script.append(" -t filter");
|
||||||
script.append(" -A ").append(srcChainName);
|
script.append(action).append(srcChainName);
|
||||||
script.append(" -p tcp");
|
script.append(" -p tcp");
|
||||||
script.append(" -m tcp");
|
script.append(" -m tcp");
|
||||||
script.append(" --dport ").append(PORT_SOCKS_DEFAULT);
|
script.append(" --dport ").append(PORT_SOCKS_DEFAULT);
|
||||||
|
@ -735,7 +713,7 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
//allow access to local SOCKS port
|
//allow access to local SOCKS port
|
||||||
script.append(ipTablesPath);
|
script.append(ipTablesPath);
|
||||||
script.append(" -t filter");
|
script.append(" -t filter");
|
||||||
script.append(" -A ").append(srcChainName);
|
script.append(action).append(srcChainName);
|
||||||
script.append(" -p tcp");
|
script.append(" -p tcp");
|
||||||
script.append(" -m tcp");
|
script.append(" -m tcp");
|
||||||
script.append(" --dport ").append(PORT_HTTP);
|
script.append(" --dport ").append(PORT_HTTP);
|
||||||
|
@ -747,7 +725,7 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
//allow access to local DNS port
|
//allow access to local DNS port
|
||||||
script.append(ipTablesPath);
|
script.append(ipTablesPath);
|
||||||
script.append(" -t filter");
|
script.append(" -t filter");
|
||||||
script.append(" -A ").append(srcChainName);
|
script.append(action).append(srcChainName);
|
||||||
script.append(" -p udp");
|
script.append(" -p udp");
|
||||||
script.append(" -m udp");
|
script.append(" -m udp");
|
||||||
script.append(" --dport ").append(mDNSPort);
|
script.append(" --dport ").append(mDNSPort);
|
||||||
|
@ -759,7 +737,7 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
//allow access to local DNS port
|
//allow access to local DNS port
|
||||||
script.append(ipTablesPath);
|
script.append(ipTablesPath);
|
||||||
script.append(" -t filter");
|
script.append(" -t filter");
|
||||||
script.append(" -A ").append(srcChainName);
|
script.append(action).append(srcChainName);
|
||||||
script.append(" -p udp");
|
script.append(" -p udp");
|
||||||
script.append(" -m udp");
|
script.append(" -m udp");
|
||||||
script.append(" --dport ").append(mDNSPort);
|
script.append(" --dport ").append(mDNSPort);
|
||||||
|
@ -772,7 +750,7 @@ public class TorTransProxy implements TorServiceConstants {
|
||||||
// Reject all other packets
|
// Reject all other packets
|
||||||
script.append(ipTablesPath);
|
script.append(ipTablesPath);
|
||||||
script.append(" -t filter");
|
script.append(" -t filter");
|
||||||
script.append(" -A ").append(srcChainName);
|
script.append(action).append(srcChainName);
|
||||||
script.append(" -m owner ! --uid-owner ");
|
script.append(" -m owner ! --uid-owner ");
|
||||||
script.append(torUid);
|
script.append(torUid);
|
||||||
script.append(ALLOW_LOCAL); //allow access to localhost
|
script.append(ALLOW_LOCAL); //allow access to localhost
|
||||||
|
|
Loading…
Reference in New Issue