From 9de420e1246116f115fc8c693e8a675fb055a804 Mon Sep 17 00:00:00 2001 From: n8fr8 Date: Mon, 1 Oct 2012 13:46:08 +0530 Subject: [PATCH] fixes for transproxy rule adding/deleting --- src/org/torproject/android/Orbot.java | 27 +- .../android/service/TorService.java | 2 +- .../android/service/TorServiceConstants.java | 2 +- .../android/service/TorTransProxy.java | 252 ++++-------------- 4 files changed, 68 insertions(+), 215 deletions(-) diff --git a/src/org/torproject/android/Orbot.java b/src/org/torproject/android/Orbot.java index f95ff45a..b4040fdf 100644 --- a/src/org/torproject/android/Orbot.java +++ b/src/org/torproject/android/Orbot.java @@ -32,6 +32,7 @@ import android.os.Message; import android.os.RemoteException; import android.preference.PreferenceManager; import android.text.ClipboardManager; +import android.text.Layout; import android.text.method.ScrollingMovementMethod; import android.util.Log; import android.view.LayoutInflater; @@ -40,15 +41,11 @@ import android.view.MenuInflater; import android.view.MenuItem; import android.view.MotionEvent; import android.view.View; -import android.view.View.OnClickListener; import android.view.View.OnLongClickListener; import android.view.View.OnTouchListener; import android.widget.Button; -import android.widget.ImageView; import android.widget.RelativeLayout; import android.widget.SlidingDrawer; -import android.widget.SlidingDrawer.OnDrawerCloseListener; -import android.widget.SlidingDrawer.OnDrawerOpenListener; import android.widget.TextView; import android.widget.Toast; @@ -126,7 +123,9 @@ public class Orbot extends Activity implements TorConstants, OnLongClickListener }); - mTxtOrbotLog.setMovementMethod(new ScrollingMovementMethod()); + ScrollingMovementMethod smm = new ScrollingMovementMethod(); + + mTxtOrbotLog.setMovementMethod(smm); mTxtOrbotLog.setOnLongClickListener(new View.OnLongClickListener() { @@ -144,6 +143,20 @@ public class Orbot extends Activity implements TorConstants, OnLongClickListener } + private void appendLogTextAndScroll(String text) + { + if(mTxtOrbotLog != null){ + mTxtOrbotLog.append(text + "\n"); + final Layout layout = mTxtOrbotLog.getLayout(); + if(layout != null){ + int scrollDelta = layout.getLineBottom(mTxtOrbotLog.getLineCount() - 1) + - mTxtOrbotLog.getScrollY() - mTxtOrbotLog.getHeight(); + if(scrollDelta > 0) + mTxtOrbotLog.scrollBy(0, scrollDelta); + } + } + } + /* * Create the UI Options Menu (non-Javadoc) * @see android.app.Activity#onCreateOptionsMenu(android.view.Menu) @@ -574,7 +587,7 @@ public class Orbot extends Activity implements TorConstants, OnLongClickListener if (torServiceMsg != null && torServiceMsg.length() > 0) { // showAlert("Update", torServiceMsg,xte - mTxtOrbotLog.append(torServiceMsg + "\n"); + appendLogTextAndScroll(torServiceMsg); } boolean showFirstTime = prefs.getBoolean("connect_first_time",true); @@ -605,7 +618,7 @@ public class Orbot extends Activity implements TorConstants, OnLongClickListener // if (progressDialog != null) // progressDialog.setMessage(torServiceMsg); - mTxtOrbotLog.append(torServiceMsg + '\n'); + appendLogTextAndScroll(torServiceMsg); if (mItemOnOff != null) mItemOnOff.setTitle(R.string.menu_stop); diff --git a/src/org/torproject/android/service/TorService.java b/src/org/torproject/android/service/TorService.java index 7b53f3c2..f28f0133 100644 --- a/src/org/torproject/android/service/TorService.java +++ b/src/org/torproject/android/service/TorService.java @@ -993,7 +993,7 @@ public class TorService extends Service implements TorServiceConstants, TorConst } public void setTorProfile(int profile) { - logNotice("Tor profile set to " + profile); + // logNotice("Tor profile set to " + profile); if (profile == PROFILE_ON) { diff --git a/src/org/torproject/android/service/TorServiceConstants.java b/src/org/torproject/android/service/TorServiceConstants.java index 3776118b..2fe07ae4 100644 --- a/src/org/torproject/android/service/TorServiceConstants.java +++ b/src/org/torproject/android/service/TorServiceConstants.java @@ -77,7 +77,7 @@ public interface TorServiceConstants { public static final int DISABLE_TOR_MSG = 3; public static final int LOG_MSG = 4; - public static final String BINARY_TOR_VERSION = "0.2.3.17-beta"; + public static final String BINARY_TOR_VERSION = "0.2.4.3-alpha"; public static final String BINARY_PRIVOXY_VERSION = "3.0.12"; public static final String PREF_BINARY_TOR_VERSION_INSTALLED = "BINARY_TOR_VERSION_INTALLED"; public static final String PREF_BINARY_PRIVOXY_VERSION_INSTALLED = "BINARY_PRIVOXY_VERSION_INTALLED"; diff --git a/src/org/torproject/android/service/TorTransProxy.java b/src/org/torproject/android/service/TorTransProxy.java index e5050f8e..6db0437e 100644 --- a/src/org/torproject/android/service/TorTransProxy.java +++ b/src/org/torproject/android/service/TorTransProxy.java @@ -65,6 +65,7 @@ public class TorTransProxy implements TorServiceConstants { return path; } + /* public int flushIptablesAll(Context context) throws Exception { String ipTablesPath = getIpTablesPath(context); @@ -91,7 +92,7 @@ public class TorTransProxy implements TorServiceConstants { return code; - } + }*/ /* public static int purgeIptablesByApp(Context context, TorifiedApp[] apps) throws Exception { @@ -210,9 +211,17 @@ public class TorTransProxy implements TorServiceConstants { return code; } + public int setTransparentProxyingByApp (Context context, ArrayList apps) throws Exception + { + return modifyTransparentProxyingByApp(context, "A", apps); + } + public int clearTransparentProxyingByApp (Context context, ArrayList apps) throws Exception + { + return modifyTransparentProxyingByApp(context, "D", apps); + } - public int setTransparentProxyingByApp(Context context, ArrayList apps) throws Exception + public int modifyTransparentProxyingByApp(Context context, String cmd, ArrayList apps) throws Exception { boolean runRoot = true; @@ -227,6 +236,8 @@ public class TorTransProxy implements TorServiceConstants { StringBuilder res = new StringBuilder(); int code = -1; + String modCmd = " -" + cmd + " OUTPUT"; + // flushIptables(context); int torUid = context.getApplicationInfo().uid; @@ -245,7 +256,7 @@ public class TorTransProxy implements TorServiceConstants { // Set up port redirection script.append(ipTablesPath); - script.append(" -A OUTPUT"); + script.append(modCmd); script.append(" -t nat"); script.append(" -p tcp"); script.append(" ! -d 127.0.0.1"); //allow access to localhost @@ -258,7 +269,7 @@ public class TorTransProxy implements TorServiceConstants { // Same for DNS script.append(ipTablesPath); - script.append(" -A OUTPUT"); + script.append(modCmd); script.append(" -t nat"); script.append(" -p udp -m owner --uid-owner "); script.append(tApp.getUid()); @@ -274,7 +285,7 @@ public class TorTransProxy implements TorServiceConstants { { // Allow packets to localhost (contains all the port-redirected ones) script.append(ipTablesPath); - script.append(" -A OUTPUT"); + script.append(modCmd); script.append(" -t filter"); script.append(" -m owner --uid-owner "); script.append(tApp.getUid()); @@ -288,7 +299,7 @@ public class TorTransProxy implements TorServiceConstants { // Allow loopback script.append(ipTablesPath); - script.append(" -A OUTPUT"); + script.append(modCmd); script.append(" -t filter"); script.append(" -m owner --uid-owner "); script.append(tApp.getUid()); @@ -299,7 +310,7 @@ public class TorTransProxy implements TorServiceConstants { // Reject DNS that is not from Tor (order is important - first matched rule counts!) script.append(ipTablesPath); - script.append(" -A OUTPUT"); + script.append(modCmd); script.append(" -t filter"); script.append(" -m owner --uid-owner "); script.append(tApp.getUid()); @@ -311,7 +322,7 @@ public class TorTransProxy implements TorServiceConstants { // Reject all other outbound TCP packets script.append(ipTablesPath); - script.append(" -A OUTPUT"); + script.append(modCmd); script.append(" -t filter"); script.append(" -m owner --uid-owner "); script.append(tApp.getUid()); @@ -321,7 +332,7 @@ public class TorTransProxy implements TorServiceConstants { // Reject all other outbound UDP packets script.append(ipTablesPath); - script.append(" -A OUTPUT"); + script.append(modCmd); script.append(" -t filter"); script.append(" -m owner --uid-owner "); script.append(tApp.getUid()); @@ -332,15 +343,16 @@ public class TorTransProxy implements TorServiceConstants { } } - + /* // Allow everything for Tor script.append(ipTablesPath); - script.append(" -A OUTPUT"); + script.append(modCmd); script.append(" -t filter"); script.append(" -m owner --uid-owner "); script.append(torUid); script.append(" -j ACCEPT"); script.append(" || exit\n"); + */ String[] cmdAdd = {script.toString()}; @@ -351,114 +363,7 @@ public class TorTransProxy implements TorServiceConstants { return code; } - public int clearTransparentProxyingByApp(Context context, ArrayList apps) throws Exception - { - - boolean runRoot = true; - boolean waitFor = true; - - //redirectDNSResolvConf(); //not working yet - - String ipTablesPath = getIpTablesPath(context); - - StringBuilder script = new StringBuilder(); - - StringBuilder res = new StringBuilder(); - int code = -1; - - int torUid = context.getApplicationInfo().uid; - - //build up array of shell cmds to execute under one root context - for (TorifiedApp tApp:apps) - { - - if (tApp.isTorified() - && (!tApp.getUsername().equals(TorServiceConstants.TOR_APP_USERNAME)) - && (!tApp.getUsername().equals(TorServiceConstants.ORWEB_APP_USERNAME)) - ) //if app is set to true - { - - TorService.logMessage("clear transproxy for app: " + tApp.getUsername() + "(" + tApp.getUid() + ")"); - - // Set up port redirection - script.append(ipTablesPath); - script.append(" -D OUTPUT"); - script.append(" -t nat"); - script.append(" -p tcp"); - script.append(" ! -d 127.0.0.1"); //allow access to localhost - script.append(" -m owner --uid-owner "); - script.append(tApp.getUid()); - script.append(" -m tcp --syn"); - script.append(" -j REDIRECT --to-ports "); - script.append(TOR_TRANSPROXY_PORT); - script.append(" || exit\n"); - - // Same for DNS - script.append(ipTablesPath); - script.append(" -D OUTPUT"); - script.append(" -t nat"); - script.append(" -p udp -m owner --uid-owner "); - script.append(tApp.getUid()); - script.append(" -m udp --dport "); - script.append(STANDARD_DNS_PORT); - script.append(" -j REDIRECT --to-ports "); - script.append(TOR_DNS_PORT); - script.append(" || exit\n"); - - // Reject DNS that is not from Tor (order is important - first matched rule counts!) - script.append(ipTablesPath); - script.append(" -D OUTPUT"); - script.append(" -t filter"); - script.append(" -m owner --uid-owner "); - script.append(tApp.getUid()); - script.append(" -p udp"); - script.append(" --dport "); - script.append(STANDARD_DNS_PORT); - script.append(" -j REJECT"); - script.append(" || exit\n"); - - // Reject all other outbound TCP packets - script.append(ipTablesPath); - script.append(" -D OUTPUT"); - script.append(" -t filter"); - script.append(" -m owner --uid-owner "); - script.append(tApp.getUid()); - script.append(" -p tcp"); - script.append(" -j REJECT"); - script.append(" || exit\n"); - - // Reject all other outbound TCP packets - script.append(ipTablesPath); - script.append(" -D OUTPUT"); - script.append(" -t filter"); - script.append(" -m owner --uid-owner "); - script.append(tApp.getUid()); - script.append(" -p udp"); - script.append(" -j REJECT"); - script.append(" || exit\n"); - - } - } - - - // Allow everything for Tor - script.append(ipTablesPath); - script.append(" -D OUTPUT"); - script.append(" -t filter"); - script.append(" -m owner --uid-owner "); - script.append(torUid); - script.append(" -j ACCEPT"); - script.append(" || exit\n"); - - String[] cmdAdd = {script.toString()}; - - code = TorServiceUtils.doShellCommand(cmdAdd, res, runRoot, waitFor); - String msg = res.toString(); - TorService.logMessage(cmdAdd[0] + ";errCode=" + code + ";resp=" + msg); - - return code; - } - /* + /* // this is a bad idea so removing public int setTransparentProxyingByPort(Context context, int port) throws Exception { @@ -561,6 +466,17 @@ public class TorTransProxy implements TorServiceConstants { } public int setTransparentProxyingAll(Context context) throws Exception + { + return modifyTransparentProxyingAll(context, "A"); + } + + public int clearTransparentProxyingAll(Context context) throws Exception + { + return modifyTransparentProxyingAll(context, "D"); + + } + + public int modifyTransparentProxyingAll(Context context, String cmd) throws Exception { boolean runRoot = true; boolean waitFor = true; @@ -580,8 +496,9 @@ public class TorTransProxy implements TorServiceConstants { // Set up port redirection script.append(ipTablesPath); + script.append(" -" + cmd + " OUTPUT"); script.append(" -t nat"); - script.append(" -A OUTPUT -p tcp"); + script.append(" -p tcp"); script.append(" ! -d 127.0.0.1"); //allow access to localhost script.append(" -m owner ! --uid-owner "); script.append(torUid); @@ -592,8 +509,9 @@ public class TorTransProxy implements TorServiceConstants { // Same for DNS script.append(ipTablesPath); + script.append(" -" + cmd + " OUTPUT"); script.append(" -t nat"); - script.append(" -A OUTPUT -p udp -m owner ! --uid-owner "); + script.append(" -p udp -m owner ! --uid-owner "); script.append(torUid); script.append(" -m udp --dport "); script.append(STANDARD_DNS_PORT); @@ -607,8 +525,8 @@ public class TorTransProxy implements TorServiceConstants { { // Allow packets to localhost (contains all the port-redirected ones) script.append(ipTablesPath); + script.append(" -" + cmd + " OUTPUT"); script.append(" -t filter"); - script.append(" -A OUTPUT"); script.append(" -m owner ! --uid-owner "); script.append(torUid); script.append(" -p tcp"); @@ -622,8 +540,8 @@ public class TorTransProxy implements TorServiceConstants { // Allow loopback script.append(ipTablesPath); + script.append(" -" + cmd + " OUTPUT"); script.append(" -t filter"); - script.append(" -A OUTPUT"); script.append(" -p tcp"); script.append(" -o lo"); script.append(" -j ACCEPT"); @@ -631,8 +549,8 @@ public class TorTransProxy implements TorServiceConstants { // Allow everything for Tor script.append(ipTablesPath); + script.append(" -" + cmd + " OUTPUT"); script.append(" -t filter"); - script.append(" -A OUTPUT"); script.append(" -m owner --uid-owner "); script.append(torUid); script.append(" -j ACCEPT"); @@ -642,8 +560,8 @@ public class TorTransProxy implements TorServiceConstants { { //XXX: Comment the following rules for non-debug builds script.append(ipTablesPath); + script.append(" -" + cmd + " OUTPUT"); script.append(" -t filter"); - script.append(" -A OUTPUT"); script.append(" -p udp"); script.append(" --dport "); script.append(STANDARD_DNS_PORT); @@ -663,8 +581,8 @@ public class TorTransProxy implements TorServiceConstants { // Reject DNS that is not from Tor (order is important - first matched rule counts!) script.append(ipTablesPath); + script.append(" -" + cmd + " OUTPUT"); script.append(" -t filter"); - script.append(" -A OUTPUT"); script.append(" -p udp"); script.append(" --dport "); script.append(STANDARD_DNS_PORT); @@ -673,16 +591,16 @@ public class TorTransProxy implements TorServiceConstants { // Reject all other outbound TCP packets script.append(ipTablesPath); + script.append(" -" + cmd + " OUTPUT"); script.append(" -t filter"); - script.append(" -A OUTPUT"); script.append(" -p tcp"); script.append(" -j REJECT"); script.append(" || exit\n"); // Reject all other outbound UDP packets script.append(ipTablesPath); + script.append(" -" + cmd + " OUTPUT"); script.append(" -t filter"); - script.append(" -A OUTPUT"); script.append(" -p udp"); script.append(" -j REJECT"); script.append(" || exit\n"); @@ -696,83 +614,5 @@ public class TorTransProxy implements TorServiceConstants { return code; } - public int clearTransparentProxyingAll(Context context) throws Exception - { - boolean runRoot = true; - boolean waitFor = true; - - //redirectDNSResolvConf(); //not working yet - - String ipTablesPath = getIpTablesPath(context); - - StringBuilder script = new StringBuilder(); - - StringBuilder res = new StringBuilder(); - int code = -1; - - - int torUid = context.getApplicationInfo().uid; - - // Set up port redirection - script.append(ipTablesPath); - script.append(" -D OUTPUT -p tcp"); - script.append(" -t nat"); - script.append(" ! -d 127.0.0.1"); //allow access to localhost - script.append(" -m owner ! --uid-owner "); - script.append(torUid); - script.append(" -m tcp --syn"); - script.append(" -j REDIRECT --to-ports "); - script.append(TOR_TRANSPROXY_PORT); - script.append(" || exit\n"); - - // Same for DNS - script.append(ipTablesPath); - script.append(" -D OUTPUT"); - script.append(" -t nat"); - script.append(" -p udp -m owner ! --uid-owner "); - script.append(torUid); - script.append(" -m udp --dport "); - script.append(STANDARD_DNS_PORT); - script.append(" -j REDIRECT --to-ports "); - script.append(TOR_DNS_PORT); - script.append(" || exit\n"); - - // Reject DNS that is not from Tor (order is important - first matched rule counts!) - script.append(ipTablesPath); - script.append(" -D OUTPUT"); - script.append(" -t filter"); - script.append(" -p udp"); - script.append(" --dport "); - script.append(STANDARD_DNS_PORT); - script.append(" -j REJECT"); - script.append(" || exit\n"); - - // Reject all other outbound TCP packets - script.append(ipTablesPath); - script.append(" -D OUTPUT"); - script.append(" -t filter"); - script.append(" -p tcp"); - script.append(" -j REJECT"); - script.append(" || exit\n"); - - // Reject all other outbound TCP packets - script.append(ipTablesPath); - script.append(" -D OUTPUT"); - script.append(" -t filter"); - script.append(" -p udp"); - script.append(" -j REJECT"); - script.append(" || exit\n"); - - String[] cmdAdd = {script.toString()}; - - code = TorServiceUtils.doShellCommand(cmdAdd, res, runRoot, waitFor); - String msg = res.toString(); - TorService.logMessage(cmdAdd[0] + ";errCode=" + code + ";resp=" + msg); - - - - return code; - } - }