dan
/
tor-android
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added "check" yes/no dialog prompt; debuged iptables/transprox settings on Android 1.6 and 2.2 

svn:r22901
This commit is contained in:
Nathan Freitas 2010-08-14 05:08:55 +00:00
parent 22caae8989
commit c288383db1
12 changed files with 534 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
AndroidManifest.xml
View File

@ -1,11 +1,11 @@
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="org.torproject.android"
android:versionName="0.2.2.14-orbot-alpha-1.0.2" android:versionCode="8">
package="org.torproject.android" android:versionName="0.2.2.14-orbot-alpha-1.0.2" android:versionCode="8">
<uses-permission android:name="android.permission.INTERNET" />
<application android:icon="@drawable/icon" android:label="@string/app_name" android:debuggable="false">
<application android:icon="@drawable/icon" android:label="@string/app_name">
<activity android:name=".Orbot"
android:theme="@android:style/Theme.NoTitleBar"
@ -19,13 +19,22 @@
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
</intent-filter>
<intent-filter>
<category android:name="android.intent.category.DEFAULT" />
<action android:name="org.torproject.android.REQUEST_HS_PORT" />
</intent-filter>
<intent-filter>
<category android:name="android.intent.category.DEFAULT" />
<action android:name="org.torproject.android.START_TOR" />
</intent-filter>
</activity>
<activity android:name=".SettingsPreferences" android:label="@string/app_name"/>
<activity android:name=".AppManager" android:label="@string/app_name"/>
<activity android:name=".WizardActivity" android:label="@string/app_name"/>
<service android:name=".service.TorService" android:process=":remote" android:debuggable="false">
<service android:name=".service.TorService" android:process=":remote">
<intent-filter>
<action android:name="org.torproject.android.service.ITorService" />
<action android:name="org.torproject.android.service.TOR_SERVICE" />

BIN
assets/iptables
View File

Binary file not shown.

4
assets/torrc
View File

@ -1,9 +1,8 @@
SocksPort 9050
SocksListenAddress 127.0.0.1
SafeSocks 1
DNSPort 5400
Log notice stdout
Log debug syslog
##Log debug syslog
DataDirectory /data/data/org.torproject.android/data
ControlPort 9051
CookieAuthentication 1
@ -12,3 +11,4 @@ RelayBandwidthBurst 20 KBytes
UseBridges 0
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 5400

2
default.properties
View File

@ -10,5 +10,5 @@
# Indicates whether an apk should be generated for each density.
split.density=false
# Project target.
target=Google Inc.:Google APIs:3
target=android-3
apk-configurations=

5
res/values/strings.xml
View File

@ -1,5 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="pref_hs_group">Hidden Services</string>
<string name="app_name">Orbot</string>
<string name="app_version">1.0.2</string>
<string name="internal_web_url">http://orbot/</string>
@ -72,6 +73,9 @@ and all DNS requests. This includes the built-in Browser, Gmail, YouTube and Map
<string name="btn_back">Back</string>
<string name="btn_finish">Finish</string>
<string name="btn_okay">Okay</string>
<string name="btn_cancel">Cancel</string>
<!-- Welcome Wizard strings (DJH) -->
<string name="wizard_welcome_msg">Orbot brings Tor to Android. Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.\n\n*WARNING:* Simply installing Orbot will _not_ magically anonymize your mobile traffic! This wizard will help you get started.</string>
@ -115,4 +119,5 @@ and all DNS requests. This includes the built-in Browser, Gmail, YouTube and Map
<string name="connect_first_time"> You\'ve successfully connected to the Tor network - but this does NOT mean your device is secure. You can use the \'Check\' option from the menu to test your browser. \n\nVisit us at https://guardianproject.info/apps/orbot or send an email to help@guardianproject.info to learn more.</string>
<string name="tor_check">This will open your default web browser to https://check.torproject.org in order to see if Orbot is probably configured and you are connected to Tor.</string>
</resources>

15
res/xml/preferences.xml
View File

@ -27,16 +27,6 @@ android:enabled="true"/>
</PreferenceCategory>
<!--
<PreferenceCategory android:title="Web Proxy">
<Preference
android:defaultValue=""
android:key="pref_web_proxy"
android:title="Open Proxy Panel"
android:summary="Set HTTP Settings (Android 2.x Experimental)"
android:enabled="true"/>
</PreferenceCategory>
-->
<PreferenceCategory android:title="Bridges">
@ -100,4 +90,9 @@ android:dialogTitle="Enter ports"
/>
</PreferenceCategory>
<PreferenceCategory android:title="@string/pref_hs_group"><CheckBoxPreference android:title="Enable Hidden Services" android:summary="run servers accessible via the Tor network" android:key="pref_hs_enable"></CheckBoxPreference>
<EditTextPreference android:summary="enter localhost ports for hidden services" android:title="Hidden Service Ports" android:enabled="false" android:key="pref_hs_ports"></EditTextPreference>
<EditTextPreference android:key="pref_hs_hostname" android:summary="the addressable name for your hidden service (generated automatically)" android:title=".Onion Hostname"></EditTextPreference>
</PreferenceCategory>
</PreferenceScreen>

281
src/org/torproject/android/Orbot.java
View File

@ -3,10 +3,15 @@
package org.torproject.android;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.util.StringTokenizer;
import org.torproject.android.service.ITorService;
import org.torproject.android.service.ITorServiceCallback;
import org.torproject.android.service.TorServiceConstants;
import org.torproject.android.service.TorTransProxy;
import android.app.Activity;
@ -62,6 +67,7 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
/* Tor Service interaction */
/* The primary interface we will be calling on the service. */
ITorService mService = null;
private boolean autoStartOnBind = false;
Orbot mOrbot = null;
@ -147,15 +153,11 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
}
else if (item.getItemId() == 4)
{
this.showSettings();
showSettings();
}
else if (item.getItemId() == 6)
{
this.showMessageLog();
}
else if (item.getItemId() == 2)
{
openBrowser(URL_TOR_CHECK);
showMessageLog();
}
else if (item.getItemId() == 3)
{
@ -163,8 +165,7 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
}
else if (item.getItemId() == 7)
{
//launch check.torproject.org
openBrowser(URL_TOR_CHECK);
doTorCheck();
}
else if (item.getItemId() == 8)
{
@ -180,15 +181,17 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
private void doExit ()
{
try {
stopTor();
NotificationManager mNotificationManager = (NotificationManager) getSystemService(Context.NOTIFICATION_SERVICE);
mNotificationManager.cancelAll();
unbindService();
stopService(new Intent(ITorService.class.getName()));
NotificationManager mNotificationManager = (NotificationManager) getSystemService(Context.NOTIFICATION_SERVICE);
mNotificationManager.cancelAll();
} catch (RemoteException e) {
Log.w(TAG, e);
@ -247,6 +250,69 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
logBuffer.append(logText);
}
private void doTorCheck ()
{
DialogInterface.OnClickListener dialogClickListener = new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
switch (which){
case DialogInterface.BUTTON_POSITIVE:
openBrowser(URL_TOR_CHECK);
break;
case DialogInterface.BUTTON_NEGATIVE:
//do nothing
break;
}
}
};
AlertDialog.Builder builder = new AlertDialog.Builder(this);
builder.setMessage(R.string.tor_check).setPositiveButton(R.string.btn_okay, dialogClickListener)
.setNegativeButton(R.string.btn_cancel, dialogClickListener).show();
}
private void enableHiddenServicePort (int hsPort)
{
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(mOrbot);
Editor pEdit = prefs.edit();
String hsPortString = prefs.getString("pref_hs_ports", "");
if (hsPortString.length() > 0 && hsPortString.indexOf(hsPort+"")==-1)
hsPortString += ',' + hsPort;
else
hsPortString = hsPort + "";
pEdit.putString("pref_hs_ports", hsPortString);
pEdit.putBoolean("pref_hs_enable", true);
pEdit.commit();
try {
processSettings();
String onionHostname = getHiddenServiceHostname();
Intent nResult = new Intent();
nResult.putExtra("hs_host", onionHostname);
setResult(RESULT_OK, nResult);
} catch (RemoteException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
/* (non-Javadoc)
* @see android.app.Activity#onResume()
*/
@ -254,33 +320,80 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
super.onResume();
NotificationManager mNotificationManager = (NotificationManager) getSystemService(Context.NOTIFICATION_SERVICE);
mNotificationManager.cancelAll();
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(mOrbot);
boolean showWizard = prefs.getBoolean("show_wizard",true);
String action = getIntent().getAction();
if (showWizard)
if (action != null)
{
Editor pEdit = prefs.edit();
if (action.equals("org.torproject.android.REQUEST_HS_PORT"))
{
DialogInterface.OnClickListener dialogClickListener = new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
switch (which){
case DialogInterface.BUTTON_POSITIVE:
int hsPort = getIntent().getIntExtra("hs_port", -1);
enableHiddenServicePort (hsPort);
finish();
break;
case DialogInterface.BUTTON_NEGATIVE:
//No button clicked
finish();
break;
}
}
};
int hsPort = getIntent().getIntExtra("hs_port", -1);
String requestMsg = "An app wants to open a server port (" + hsPort + ") to the Tor network. This is safe if you trust the app.";
AlertDialog.Builder builder = new AlertDialog.Builder(this);
builder.setMessage(requestMsg).setPositiveButton("Allow", dialogClickListener)
.setNegativeButton("Deny", dialogClickListener).show();
pEdit.putBoolean("show_wizard",false);
}
else if (action.equals("org.torproject.android.START_TOR"))
{
autoStartOnBind = true;
if (mService == null)
bindService();
}
pEdit.commit();
showHelp();
}
else
{
NotificationManager mNotificationManager = (NotificationManager) getSystemService(Context.NOTIFICATION_SERVICE);
mNotificationManager.cancelAll();
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(mOrbot);
boolean showWizard = prefs.getBoolean("show_wizard",true);
if (showWizard)
{
Editor pEdit = prefs.edit();
pEdit.putBoolean("show_wizard",false);
pEdit.commit();
showHelp();
}
}
}
/* (non-Javadoc)
@ -293,8 +406,7 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
startService(new Intent(INTENT_TOR_SERVICE));
bindService ();
//updateStatus ("");
updateStatus ("");
}
@ -414,8 +526,12 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
boolean ReachableAddresses = prefs.getBoolean(PREF_REACHABLE_ADDRESSES,false);
boolean enableHiddenServices = prefs.getBoolean("pref_hs_enable", false);
boolean enableTransparentProxy = prefs.getBoolean(PREF_TRANSPARENT, false);
mService.updateTransProxy();
String bridgeList = prefs.getString(PREF_BRIDGES_LIST,"");
@ -469,6 +585,10 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
mService.updateConfiguration("ReachableAddresses", ReachableAddressesPorts, false);
}
else
{
mService.updateConfiguration("ReachableAddresses", "", false);
}
}
catch (Exception e)
{
@ -487,6 +607,12 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
mService.updateConfiguration("ExitPolicy", "reject *:*", false);
}
else
{
mService.updateConfiguration("ORPort", "", false);
mService.updateConfiguration("Nickname", "", false);
mService.updateConfiguration("ExitPolicy", "", false);
}
}
catch (Exception e)
{
@ -495,8 +621,48 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
return;
}
if (mService != null)
mService.saveConfiguration();
if (enableHiddenServices)
{
mService.updateConfiguration("HiddenServiceDir","/data/data/org.torproject.android/", false);
String hsPorts = prefs.getString("pref_hs_ports","");
StringTokenizer st = new StringTokenizer (hsPorts,",");
String hsPortConfig = null;
while (st.hasMoreTokens())
{
hsPortConfig = st.nextToken();
if (hsPortConfig.indexOf(":")==-1) //setup the port to localhost if not specifed
{
hsPortConfig = hsPortConfig + " 127.0.0.1:" + hsPortConfig;
}
mService.updateConfiguration("HiddenServicePort",hsPortConfig, false);
}
//force save now so the hostname file gets generated
mService.saveConfiguration();
String onionHostname = getHiddenServiceHostname();
if (onionHostname != null)
{
Editor pEdit = prefs.edit();
pEdit.putString("pref_hs_hostname",onionHostname);
pEdit.commit();
}
}
else
{
mService.updateConfiguration("HiddenServiceDir","", false);
}
mService.saveConfiguration();
}
catch (Exception e)
{
@ -509,6 +675,20 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
}
private String getHiddenServiceHostname ()
{
String appHome = "/data/data/" + TorServiceConstants.TOR_APP_USERNAME + "/";
File file = new File(appHome, "hostname");
try {
String onionHostname = Utils.readString(new FileInputStream(file));
return onionHostname.trim();
} catch (FileNotFoundException e) {
Log.i(TAG, "unable to read onion hostname file",e);
return null;
}
}
private void showAlert(String title, String msg)
{
@ -561,7 +741,21 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
}
boolean enableHiddenServices = prefs.getBoolean("pref_hs_enable", false);
if (enableHiddenServices)
{
String onionHostname = getHiddenServiceHostname();
if (onionHostname != null)
{
Editor pEdit = prefs.edit();
pEdit.putString("pref_hs_hostname",onionHostname);
pEdit.commit();
}
}
}
@ -651,14 +845,18 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
else if (mService.getStatus() == STATUS_READY)
{
startTor();
if (event.getAction() == MotionEvent.ACTION_UP)
{
startTor();
}
}
else
{
stopTor();
if (event.getAction() == MotionEvent.ACTION_DOWN)
{
stopTor();
}
}
}
@ -799,18 +997,29 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
mService = ITorService.Stub.asInterface(service);
updateStatus ("");
// We want to monitor the service for as long as we are
// connected to it.
try {
mService.registerCallback(mCallback);
if (autoStartOnBind)
{
autoStartOnBind = false;
startTor();
}
} catch (RemoteException e) {
// In this case the service has crashed before we could even
// do anything with it; we can count on soon being
// disconnected (and then reconnected if it can be restarted)
// so there is no need to do anything here.
Log.i(TAG,"error registering callback to service",e);
}
}
@ -844,8 +1053,6 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
try {
mService.unregisterCallback(mCallback);
} catch (RemoteException e) {
// There is nothing special we need to do if the service
// has crashed.

33
src/org/torproject/android/SettingsPreferences.java
View File

@ -3,7 +3,6 @@
package org.torproject.android;
import org.torproject.android.service.TorServiceUtils;
import org.torproject.android.service.TorTransProxy;
import android.content.Intent;
@ -21,8 +20,7 @@ public class SettingsPreferences
private CheckBoxPreference prefCBTransProxy = null;
private CheckBoxPreference prefcBTransProxyAll = null;
private Preference prefTransProxyApps = null;
private Preference prefWebProxy = null;
private CheckBoxPreference prefHiddenServices = null;
private boolean hasRoot = false;
@ -37,7 +35,6 @@ public class SettingsPreferences
}
@Override
protected void onResume() {
@ -63,10 +60,13 @@ public class SettingsPreferences
}
//disabled for now 28/07 nf
//prefWebProxy = ((PreferenceCategory)this.getPreferenceScreen().getPreference(1)).getPreference(0);
//prefWebProxy.setOnPreferenceClickListener(this);
}
prefHiddenServices = ((CheckBoxPreference)((PreferenceCategory)this.getPreferenceScreen().getPreference(4)).getPreference(0));
prefHiddenServices.setOnPreferenceClickListener(this);
((PreferenceCategory)this.getPreferenceScreen().getPreference(4)).getPreference(1).setEnabled(prefHiddenServices.isChecked());
((PreferenceCategory)this.getPreferenceScreen().getPreference(4)).getPreference(2).setEnabled(prefHiddenServices.isChecked());
};
@ -89,18 +89,13 @@ public class SettingsPreferences
{
startActivity(new Intent(this, AppManager.class));
}
/*
else if (preference == prefWebProxy)
else if (preference == prefHiddenServices)
{
Intent intent = new Intent();
intent.setClassName(this,"com.android.settings.ProxySelector");
intent.putExtra("title", "Set host=127.0.0.1 and port=8118");
intent.putExtra("button-label", "Save");
startActivity(intent);
}*/
((PreferenceCategory)this.getPreferenceScreen().getPreference(4)).getPreference(1).setEnabled(prefHiddenServices.isChecked());
((PreferenceCategory)this.getPreferenceScreen().getPreference(4)).getPreference(2).setEnabled(prefHiddenServices.isChecked());
}
else
{
prefcBTransProxyAll.setEnabled(prefCBTransProxy.isChecked());

10
src/org/torproject/android/service/TorBinaryInstaller.java
View File

@ -37,11 +37,8 @@ public class TorBinaryInstaller implements TorServiceConstants {
boolean privoxyBinaryExists = new File(installPath + PRIVOXY_ASSET_KEY).exists();
Log.i(TAG,"Privoxy binary exists=" + privoxyBinaryExists);
boolean iptablesBinaryExists = new File(installPath + IPTABLES_ASSET_KEY).exists();
Log.i(TAG,"IPTables binary exists=" + iptablesBinaryExists);
if (!(torBinaryExists && privoxyBinaryExists && iptablesBinaryExists) || force)
if (!(torBinaryExists && privoxyBinaryExists) || force)
installFromZip ();
}
@ -72,9 +69,6 @@ public class TorBinaryInstaller implements TorServiceConstants {
zipen = zip.getEntry(ASSETS_BASE + PRIVOXYCONFIG_ASSET_KEY);
streamToFile(zip.getInputStream(zipen),installPath + PRIVOXYCONFIG_ASSET_KEY);
zipen = zip.getEntry(ASSETS_BASE + IPTABLES_ASSET_KEY);
streamToFile(zip.getInputStream(zipen),installPath + IPTABLES_ASSET_KEY);
zip.close();

107
src/org/torproject/android/service/TorService.java
View File

@ -401,13 +401,11 @@ public class TorService extends Service implements TorServiceConstants, Runnable
torBinaryPath = appHome + TOR_BINARY_ASSET_KEY;
privoxyPath = appHome + PRIVOXY_ASSET_KEY;
String iptablesPath = appHome + IPTABLES_ASSET_KEY;
boolean torBinaryExists = new File(torBinaryPath).exists();
boolean privoxyBinaryExists = new File(privoxyPath).exists();
boolean iptablesBinaryExists = new File(iptablesPath).exists();
if (!(torBinaryExists && privoxyBinaryExists && iptablesBinaryExists))
if (!(torBinaryExists && privoxyBinaryExists))
{
killTorProcess ();
@ -417,7 +415,7 @@ public class TorService extends Service implements TorServiceConstants, Runnable
torBinaryExists = new File(torBinaryPath).exists();
privoxyBinaryExists = new File(privoxyPath).exists();
if (torBinaryExists && privoxyBinaryExists && iptablesBinaryExists)
if (torBinaryExists && privoxyBinaryExists)
{
logNotice(getString(R.string.status_install_success));
@ -439,9 +437,8 @@ public class TorService extends Service implements TorServiceConstants, Runnable
{
logNotice("Found Tor binary: " + torBinaryPath);
logNotice("Found privoxy binary: " + privoxyPath);
logNotice("Found Privoxy binary: " + privoxyPath);
logNotice("Found iptables binary: " + iptablesPath);
}
@ -455,9 +452,6 @@ public class TorService extends Service implements TorServiceConstants, Runnable
String[] cmd2 = {SHELL_CMD_CHMOD + ' ' + CHMOD_EXE_VALUE + ' ' + privoxyPath};
TorServiceUtils.doShellCommand(cmd2, log, false, true);
logNotice("(re)Setting permission on iptables binary");
String[] cmd3 = {SHELL_CMD_CHMOD + ' ' + CHMOD_EXE_VALUE + ' ' + iptablesPath};
TorServiceUtils.doShellCommand(cmd3, log, false, true);
return true;
}
@ -947,8 +941,17 @@ public class TorService extends Service implements TorServiceConstants, Runnable
{
//turn on
return setupTransProxy(currentStatus == STATUS_ON);
try
{
setupTransProxy(currentStatus == STATUS_ON);
return true;
}
catch (Exception e)
{
Log.i(TAG, "error enabling transproxy",e);
return false;
}
}
public String getConfiguration (String name)
@ -993,7 +996,19 @@ public class TorService extends Service implements TorServiceConstants, Runnable
if (configBuffer == null)
configBuffer = new ArrayList<String>();
configBuffer.add(name + ' ' + value);
if (value == null || value.length() == 0)
{
if (conn != null)
{
try {
conn.resetConf(Arrays.asList(new String[]{name}));
} catch (IOException e) {
Log.w(TAG, "Unable to reset conf",e);
}
}
}
else
configBuffer.add(name + ' ' + value);
return false;
}
@ -1007,7 +1022,6 @@ public class TorService extends Service implements TorServiceConstants, Runnable
if (configBuffer != null)
{
conn.setConf(configBuffer);
//conn.saveConf();
configBuffer = null;
}
@ -1083,6 +1097,8 @@ public class TorService extends Service implements TorServiceConstants, Runnable
boolean ReachableAddresses = prefs.getBoolean(TorConstants.PREF_REACHABLE_ADDRESSES,false);
boolean enableHiddenServices = prefs.getBoolean("pref_hs_enable", false);
boolean enableTransparentProxy = prefs.getBoolean(TorConstants.PREF_TRANSPARENT, false);
@ -1137,6 +1153,10 @@ public class TorService extends Service implements TorServiceConstants, Runnable
mBinder.updateConfiguration("ReachableAddresses", ReachableAddressesPorts, false);
}
else
{
mBinder.updateConfiguration("ReachableAddresses", "", false);
}
}
catch (Exception e)
{
@ -1155,6 +1175,12 @@ public class TorService extends Service implements TorServiceConstants, Runnable
mBinder.updateConfiguration("ExitPolicy", "reject *:*", false);
}
else
{
mBinder.updateConfiguration("ORPort", "", false);
mBinder.updateConfiguration("Nickname", "", false);
mBinder.updateConfiguration("ExitPolicy", "", false);
}
}
catch (Exception e)
{
@ -1163,12 +1189,41 @@ public class TorService extends Service implements TorServiceConstants, Runnable
return;
}
if (enableHiddenServices)
{
mBinder.updateConfiguration("HiddenServiceDir","/data/data/org.torproject.android/", false);
String hsPorts = prefs.getString("pref_hs_ports","");
StringTokenizer st = new StringTokenizer (hsPorts,",");
String hsPortConfig = null;
while (st.hasMoreTokens())
{
hsPortConfig = st.nextToken();
if (hsPortConfig.indexOf(":")==-1) //setup the port to localhost if not specifed
{
hsPortConfig = hsPortConfig + " 127.0.0.1:" + hsPortConfig;
}
mBinder.updateConfiguration("HiddenServicePort",hsPortConfig, false);
}
}
else
{
mBinder.updateConfiguration("HiddenServiceDir","", false);
}
mBinder.saveConfiguration();
}
private boolean setupTransProxy (boolean enabled)
private boolean setupTransProxy (boolean enabled) throws Exception
{
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(getApplication());
@ -1187,27 +1242,19 @@ public class TorService extends Service implements TorServiceConstants, Runnable
if (hasRoot && enableTransparentProxy)
{
try
{
TorTransProxy.setDNSProxying();
boolean success = TorTransProxy.setTransparentProxyingByApp(this,AppManager.getApps(this),transProxyAll);
logNotice ("TorTransProxy enabled: " + success);
//TorTransProxy.setDNSProxying();
int code = TorTransProxy.setTransparentProxyingByApp(this,AppManager.getApps(this),transProxyAll);
logNotice ("TorTransProxy resp code: " + code);
return true;
} catch (Exception e) {
logNotice("WARNING: Error configuring transparenty proxying: " + e.getMessage());
Log.w(TAG, "error refreshing iptables: err=" + e.getMessage(), e);
return false;
}
}
else
{
TorTransProxy.purgeIptables();
TorTransProxy.purgeIptables(this,AppManager.getApps(this));
}
}
@ -1215,7 +1262,7 @@ public class TorService extends Service implements TorServiceConstants, Runnable
{
if (hasRoot)
{
TorTransProxy.purgeIptables();
TorTransProxy.purgeIptables(this,AppManager.getApps(this));
}
}

3
src/org/torproject/android/service/TorServiceConstants.java
View File

@ -26,9 +26,6 @@ public interface TorServiceConstants {
//privoxy.config
public final static String PRIVOXYCONFIG_ASSET_KEY = "privoxy.config";
//iptables key
public final static String IPTABLES_ASSET_KEY = "iptables";
//various console cmds
public final static String SHELL_CMD_CHMOD = "chmod";

242
src/org/torproject/android/service/TorTransProxy.java
View File

@ -20,6 +20,7 @@ public class TorTransProxy {
private final static String IPTABLES_ADD = " -A ";
//private final static String CMD_DNS_PROXYING_DELETE = "iptables -t nat -D PREROUTING -p udp --dport 53 -j DNAT --to 127.0.0.1:5400 || exit\n";
// - just calling a system wide flush of iptables rules
//private final static String IPTABLES_DELETE = " -D "; //not deleting manually anymore - just calling a system wide flush of iptables rules
@ -51,6 +52,40 @@ public class TorTransProxy {
return false;
}
/**
* Check if we have root access
* @return boolean true if we have root
*/
public static String getIPTablesVersion() {
StringBuilder log = new StringBuilder();
try {
// Run an empty script just to check root access
String[] cmd = {"iptables -v"};
int exitCode = TorServiceUtils.doShellCommand(cmd, log, true, true);
String out = log.toString();
if (out.indexOf(" v")!=-1)
{
out = out.substring(out.indexOf(" v")+2);
out = out.substring(0,out.indexOf(":"));
return out;
}
} catch (Exception e) {
Log.w(TAG,"Error checking iptables version: " + e.getMessage() ,e);
}
Log.w(TAG, "Could not acquire check iptables: " + log.toString());
return null;
}
private static String findBaseDir ()
{
/*
@ -72,10 +107,11 @@ public class TorTransProxy {
return BASE_DIR;
}*/
return "/system/bin/";
return "";
}
/*
public static int setDNSProxying () throws Exception
{
String baseDir = findBaseDir();
@ -91,7 +127,7 @@ public class TorTransProxy {
return code;
}
}*/
/*
public static int setIptablesDropAll() {
@ -109,6 +145,45 @@ public class TorTransProxy {
}
*/
public static int purgeIptables(Context context, TorifiedApp[] apps) throws Exception {
String baseDir = findBaseDir();
final StringBuilder script = new StringBuilder();
StringBuilder res = new StringBuilder();
int code = -1;
for (int i = 0; i < apps.length; i++)
{
//flush nat for every app
script.append(baseDir);
script.append("iptables -t nat -m owner --uid-owner ");
script.append(apps[i].getUid());
script.append(" -F || exit\n");
script.append("iptables -t filter -m owner --uid-owner ");
script.append(apps[i].getUid());
script.append(" -F || exit\n");
}
String[] cmd = {script.toString()};
Log.i(TAG, cmd[0]);
code = TorServiceUtils.doShellCommand(cmd, res, true, true);
String msg = res.toString();
Log.i(TAG, msg);
return code;
}
/*
public static boolean purgeIptables() {
String baseDir = findBaseDir();
@ -129,96 +204,121 @@ public class TorTransProxy {
Log.w(TAG,"error purging iptables: " + e);
return false;
}
}
}*/
public static boolean setTransparentProxyingByApp(Context context, TorifiedApp[] apps, boolean forceAll) throws Exception
public static int setTransparentProxyingByApp(Context context, TorifiedApp[] apps, boolean forceAll) throws Exception
{
String baseDir = findBaseDir();
String command = null;
String iptablesVersion = getIPTablesVersion();
Log.i(TAG, "iptables version: " + iptablesVersion);
command = IPTABLES_ADD; //ADD
boolean ipTablesOld = false;
if (iptablesVersion != null && iptablesVersion.startsWith("1.3")){
ipTablesOld = true;
}
final StringBuilder script = new StringBuilder();
StringBuilder script = new StringBuilder();
//first we have to flush old settings
script.append(baseDir);
script.append(CMD_NAT_FLUSH);
script.append(" || exit\n");
script.append(baseDir);
script.append(CMD_FILTER_FLUSH);
script.append(" || exit\n");
StringBuilder res = new StringBuilder();
int code = -1;
for (int i = 0; i < apps.length; i++)
for (int i = 0; i < apps.length; i++)
{
//flush nat for every app
script.append(baseDir);
script.append("iptables -t nat -m owner --uid-owner ");
script.append(apps[i].getUid());
script.append(" -F || exit\n");
script.append("iptables -t filter -m owner --uid-owner ");
script.append(apps[i].getUid());
script.append(" -F || exit\n");
}
String[] cmdFlush = {script.toString()};
Log.i(TAG, cmdFlush[0]);
code = TorServiceUtils.doShellCommand(cmdFlush, res, true, true);
String msg = res.toString();
Log.i(TAG, msg);
script = new StringBuilder();
for (int i = 0; i < apps.length; i++)
{
if (forceAll || apps[i].isTorified())
{
if (forceAll || apps[i].isTorified())
if (apps[i].getUsername().equals(TorServiceConstants.TOR_APP_USERNAME))
{
Log.i(TAG,"detected Orbot app - will not transproxy");
if (apps[i].getUsername().equals(TorServiceConstants.TOR_APP_USERNAME))
{
Log.i(TAG,"detected Orbot app - will not transproxy");
continue;
}
Log.i(TAG,"enabling transproxy for app: " + apps[i].getUsername() + "(" + apps[i].getUid() + ")");
//TCP
continue;
}
Log.i(TAG,"enabling transproxy for app: " + apps[i].getUsername() + "(" + apps[i].getUid() + ")");
//TCP
script.append(baseDir);
script.append("iptables -t nat");
script.append(" -A OUTPUT -p tcp --syn");
script.append(" -m owner --uid-owner ");
script.append(apps[i].getUid());
script.append(" -m tcp ");
if (ipTablesOld)
script.append(" -j DNAT --to 127.0.0.1:9040");
else
script.append(" -j REDIRECT --to-ports 9040");
script.append(" || exit\n");
//DNS
script.append(baseDir);
script.append("iptables -t nat");
script.append(" -A OUTPUT -p udp -m owner --uid-owner ");
script.append(apps[i].getUid());
script.append(" -m udp --dport 53");
if (ipTablesOld)
script.append(" -j DNAT --to 127.0.0.1:5400");
else
script.append(" -j REDIRECT --to-ports 5400");
script.append(" || exit\n");
//EVERYTHING ELSE UDP - DROP!
if (!ipTablesOld) //for some reason this doesn't work on iptables 1.3.7
{
script.append(baseDir);
script.append("iptables -t nat");
script.append(" -A OUTPUT -p tcp -m owner --uid-owner ");
script.append(apps[i].getUid());
// script.append(" -j DNAT --to 127.0.0.1:9040");
script.append(" -m tcp --syn -j REDIRECT --to-ports 9040");
script.append(" || exit\n");
//UDP
script.append(baseDir);
script.append("iptables -t nat");
script.append("iptables");
script.append(" -A OUTPUT -p udp -m owner --uid-owner ");
script.append(apps[i].getUid());
script.append(" --dport 53 -j REDIRECT --to-ports 5400"); //drop all UDP packets as Tor won't handle them
script.append(" || exit\n");
/*
script.append(baseDir);
script.append("iptables -t nat");
script.append(" -A OUTPUT -m owner --uid-owner ");
script.append(apps[i].getUid());
script.append(" -j DROP"); //drop all other packets as Tor won't handle them
script.append(" || exit\n");
*/
/*
* iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp -j REDIRECT --to-ports 9040
iptables -t nat -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53
iptables -t filter -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --dport 9040 -j ACCEPT
iptables -t filter -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -m owner --uid-owner anonymous -j DROP
*/
}
}
String[] cmd = {script.toString()};
Log.i(TAG, cmd[0]);
code = TorServiceUtils.doShellCommand(cmd, res, true, true);
String msg = res.toString();
Log.i(TAG, msg);
}
}
}
String[] cmdAdd = {script.toString()};
Log.i(TAG, cmdAdd[0]);
code = TorServiceUtils.doShellCommand(cmdAdd, res, true, true);
msg = res.toString();
Log.i(TAG, msg);
return false;
return code;
}