updates related to motorola milestone debugging and iptables transproxy settings

svn:r22743
2010-07-31 15:43:56 +00:00 · 2010-07-31 15:43:56 +00:00 · e157ecd92a
parent 243ff10c48
commit e157ecd92a
6 changed files with 117 additions and 199 deletions
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@ -5,7 +5,7 @@
       <uses-permission android:name="android.permission.INTERNET" />
-    <application android:icon="@drawable/icon" android:label="@string/app_name" android:debuggable="false">
+    <application android:icon="@drawable/icon" android:label="@string/app_name" android:debuggable="true">
        <activity android:name=".Orbot"
                  android:theme="@android:style/Theme.NoTitleBar"
--- a/src/org/torproject/android/Orbot.java
+++ b/src/org/torproject/android/Orbot.java
@ -390,134 +390,7 @@ public class Orbot extends Activity implements OnClickListener, TorConstants
 	 * Read in the Preferences and write then to the .torrc file
 	 */
 	/*
 	private void processSettingsOld ()
 	{
 		StringBuffer torrcText = new StringBuffer();
 		torrcText.append(TorConstants.TORRC_DEFAULT);
 		SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
 		boolean useBridges = prefs.getBoolean(PREF_BRIDGES_ENABLED, false);
 		boolean autoUpdateBridges = prefs.getBoolean(PREF_BRIDGES_UPDATED, false);
        boolean becomeRelay = prefs.getBoolean(PREF_OR, false);
        boolean ReachableAddresses = prefs.getBoolean(PREF_REACHABLE_ADDRESSES,false);
 		enableTransparentProxy = prefs.getBoolean(PREF_TRANSPARENT, false);
 		if (hasRoot)
 		{
 			if (enableTransparentProxy)
 			{
 				TorTransProxy.setDNSProxying();
 				TorTransProxy.setTransparentProxying(this, TorServiceUtils.getApps(this));
 			}
 			else
 			{
 				TorTransProxy.purgeNatIptables();
 			}
 		}
 		String bridgeList = prefs.getString(PREF_BRIDGES_LIST,"");
 		if (useBridges)
 		{
 			if (bridgeList == null || bridgeList.length() == 0)
 			{
 				showAlert("Bridge Error","In order to use the bridge feature, you must enter at least one bridge IP address." +
 						"Send an email to bridges@torproject.org with the line \"get bridges\" by itself in the body of the mail from a gmail account.");
 				showSettings();
 				return;
 			}
 			torrcText.append("UseBridges 1");
 			torrcText.append('\n');		
 			torrcText.append("UpdateBridgesFromAuthority ");
 			if (autoUpdateBridges)
 				torrcText.append("1");
 			else
 				torrcText.append("0");
 			torrcText.append('\n');		
 			String bridgeDelim = "\n";
 			if (bridgeList.indexOf(",") != -1)
 			{
 				bridgeDelim = ",";
 			}
 			StringTokenizer st = new StringTokenizer(bridgeList,bridgeDelim);
 			while (st.hasMoreTokens())
 			{
 				torrcText.append("bridge ");
 				torrcText.append(st.nextToken());
 				torrcText.append('\n');		
 			}
 		}
 		else
 		{
 			torrcText.append("UseBridges 0");
 			torrcText.append('\n');
 		}
        try
        {
            if (ReachableAddresses)
            {
                String ReachableAddressesPorts =
                    prefs.getString(PREF_REACHABLE_ADDRESSES_PORTS, "*:80,*:443");
                torrcText.append("ReachableAddresses ");
                // We should verify this and someday, the Exception will matter :-)
                torrcText.append(ReachableAddressesPorts);
                torrcText.append('\n');
            }
        }
        catch (Exception e)
        {
           showAlert("Config Error","Your ReachableAddresses settings caused an exception!");
        }
        try
        {
            if (becomeRelay && (!useBridges) && (!ReachableAddresses))
            {
                int ORPort =  Integer.parseInt(prefs.getString(PREF_OR_PORT, "9001"));
                String nickname = prefs.getString(PREF_OR_NICKNAME, "Orbot");
                torrcText.append("ORPort ");
                torrcText.append(ORPort);
                torrcText.append('\n');
                torrcText.append("Nickname ");
                torrcText.append(nickname);
                torrcText.append('\n');
                torrcText.append("ExitPolicy reject *:*");
                torrcText.append('\n');
            }
        }
        catch (Exception e)
        {
            showAlert("Uh-oh!","Your relay settings caused an exception!");
            showSettings();
            return;
        }
 		Utils.saveTextFile(TorServiceConstants.TORRC_INSTALL_PATH, torrcText.toString());
 	}
 	*/
 	private void processSettings () throws RemoteException
 	{
--- a/src/org/torproject/android/service/TorBinaryInstaller.java
+++ b/src/org/torproject/android/service/TorBinaryInstaller.java
@ -38,7 +38,10 @@ public class TorBinaryInstaller implements TorServiceConstants {
 		boolean privoxyBinaryExists = new File(installPath + PRIVOXY_ASSET_KEY).exists();
 		Log.i(TAG,"Privoxy binary exists=" + privoxyBinaryExists);
-		if (!(torBinaryExists && privoxyBinaryExists) || force)
+		boolean iptablesBinaryExists = new File(installPath + IPTABLES_ASSET_KEY).exists();
 		Log.i(TAG,"IPTables binary exists=" + iptablesBinaryExists);
 		if (!(torBinaryExists && privoxyBinaryExists && iptablesBinaryExists) || force)
 			installFromZip ();
 	}
@ -51,39 +54,31 @@ public class TorBinaryInstaller implements TorServiceConstants {
 		try
 		{
 			/*
 			String apkPath = APK_PATH;
 			int apkIdx = 1;
 			while (!new File(apkPath).exists())
 			{
 				apkPath = APK_PATH_BASE + '-' + (apkIdx++) + ".apk";
 				Log.i(TAG,"Could not find APK. Trying new path: " + apkPath);
 			}
 			*/
 			ZipFile zip = new ZipFile(apkPath);
-			ZipEntry zipen = zip.getEntry(TOR_BINARY_ZIP_KEY);
+			ZipEntry zipen = zip.getEntry(ASSETS_BASE + TOR_BINARY_ASSET_KEY);
 			streamToFile(zip.getInputStream(zipen),installPath + TOR_BINARY_ASSET_KEY);
-			zipen = zip.getEntry(TORRC_ZIP_KEY);
+			zipen = zip.getEntry(ASSETS_BASE + TORRC_ASSET_KEY);
 			streamToFile(zip.getInputStream(zipen),installPath + TORRC_ASSET_KEY);
-			zipen = zip.getEntry(PRIVOXY_ZIP_KEY);
+			zipen = zip.getEntry(ASSETS_BASE + PRIVOXY_ASSET_KEY);
 			streamToFile(zip.getInputStream(zipen),installPath + PRIVOXY_ASSET_KEY);
-			zipen = zip.getEntry(PRIVOXYCONFIG_ZIP_KEY);
+			zipen = zip.getEntry(ASSETS_BASE + PRIVOXYCONFIG_ASSET_KEY);
 			streamToFile(zip.getInputStream(zipen),installPath + PRIVOXYCONFIG_ASSET_KEY);
 			zipen = zip.getEntry(ASSETS_BASE + PRIVOXYCONFIG_ASSET_KEY);
 			streamToFile(zip.getInputStream(zipen),installPath + PRIVOXYCONFIG_ASSET_KEY);
 			zipen = zip.getEntry(ASSETS_BASE + IPTABLES_ASSET_KEY);
 			streamToFile(zip.getInputStream(zipen),installPath + IPTABLES_ASSET_KEY);
 			zip.close();
-			Log.i(TAG,"SUCCESS: unzipped tor, privoxy binaries from apk");
+			Log.i(TAG,"SUCCESS: unzipped tor, privoxy, iptables binaries from apk");
 		}
 		catch (IOException ioe)
--- a/src/org/torproject/android/service/TorService.java
+++ b/src/org/torproject/android/service/TorService.java
@ -401,11 +401,13 @@ public class TorService extends Service implements TorServiceConstants, Runnable
    	torBinaryPath = appHome + TOR_BINARY_ASSET_KEY;
    	privoxyPath = appHome + PRIVOXY_ASSET_KEY;
    	String iptablesPath = appHome + IPTABLES_ASSET_KEY;
 		boolean torBinaryExists = new File(torBinaryPath).exists();
 		boolean privoxyBinaryExists = new File(privoxyPath).exists();
 		boolean iptablesBinaryExists = new File(iptablesPath).exists();
-		if (!(torBinaryExists && privoxyBinaryExists))
+		if (!(torBinaryExists && privoxyBinaryExists && iptablesBinaryExists))
 		{
 			killTorProcess ();
@ -415,7 +417,7 @@ public class TorService extends Service implements TorServiceConstants, Runnable
 			torBinaryExists = new File(torBinaryPath).exists();
 			privoxyBinaryExists = new File(privoxyPath).exists();
-    		if (torBinaryExists && privoxyBinaryExists)
+    		if (torBinaryExists && privoxyBinaryExists && iptablesBinaryExists)
    		{
    			logNotice(getString(R.string.status_install_success));
@ -429,8 +431,6 @@ public class TorService extends Service implements TorServiceConstants, Runnable
    			sendCallbackMessage(getString(R.string.status_install_fail));
    			//showAlert(getString(R.string.title_error),getString(R.string.status_install_fail));
    			return false;
    		}
@ -439,7 +439,9 @@ public class TorService extends Service implements TorServiceConstants, Runnable
 		{
 			logNotice("Found Tor binary: " + torBinaryPath);
-			logNotice("Found prvoxy binary: " + privoxyPath);
+			logNotice("Found privoxy binary: " + privoxyPath);
 			logNotice("Found iptables binary: " + iptablesPath);
 		}
@ -453,6 +455,10 @@ public class TorService extends Service implements TorServiceConstants, Runnable
 		String[] cmd2 = {SHELL_CMD_CHMOD + ' ' + CHMOD_EXE_VALUE + ' ' + privoxyPath};
 		TorServiceUtils.doShellCommand(cmd2, log, false, true);
 		logNotice("(re)Setting permission on iptables binary");
 		String[] cmd3 = {SHELL_CMD_CHMOD + ' ' + CHMOD_EXE_VALUE + ' ' + iptablesPath};
 		TorServiceUtils.doShellCommand(cmd3, log, false, true);
 		return true;
    }
@ -1181,15 +1187,15 @@ public class TorService extends Service implements TorServiceConstants, Runnable
 					logNotice ("TorTransProxy enabled: " + success);
 				} catch (Exception e) {
 					logNotice("WARNING: Error configuring transparenty proxying: " + e.getMessage());
 					logNotice("WARNING: Error configuring transparenty proxying: " + e.getMessage());
 					Log.w(TAG, "error refreshing iptables: err=" + e.getMessage(), e);
 				}
 			}
 			else
 			{
-				TorTransProxy.purgeNatIptables();
+				TorTransProxy.purgeIptables();
 			}
 		}
@ -1197,7 +1203,7 @@ public class TorService extends Service implements TorServiceConstants, Runnable
 		{
 			if (hasRoot)
 			{
-				TorTransProxy.purgeNatIptables();
+				TorTransProxy.purgeIptables();
 			}
 		}
 	}
--- a/src/org/torproject/android/service/TorServiceConstants.java
+++ b/src/org/torproject/android/service/TorServiceConstants.java
@ -8,42 +8,27 @@ public interface TorServiceConstants {
 	public final static String TOR_APP_USERNAME = "org.torproject.android";
-	//home directory of Android application
+	public final static String ASSETS_BASE = "assets/";
 //	public final static String TOR_HOME = "/data/data/" + TOR_APP_USERNAME + "/";
-	//public final static String TOR_HOME_DATA_DIR = TOR_HOME + "data/";
+	//home directory of Android application
 	//name of the tor C binary
 	public final static String TOR_BINARY_ASSET_KEY = "tor";	
 //	public final static String TOR_BINARY_INSTALL_PATH = TOR_HOME + TOR_BINARY_ASSET_KEY; //path to install the Tor binary too
 	public final static String TOR_BINARY_ZIP_KEY = "assets/" + TOR_BINARY_ASSET_KEY;//key of the tor binary in the Zip file
 	//torrc (tor config file)
 	public final static String TORRC_ASSET_KEY = "torrc";
-//	public final static String TORRC_INSTALL_PATH = TOR_HOME + TORRC_ASSET_KEY; //path to install torrc to within the android app data folder
+
 	public final static String TORRC_ZIP_KEY = "assets/" + TORRC_ASSET_KEY; //key of the torrc file in the Zip file
 	//how to launch tor
 //	public final static String TOR_COMMAND_LINE_ARGS = "-f " + TORRC_INSTALL_PATH  + " || exit\n";
 	//privoxy
 	public final static String PRIVOXY_ASSET_KEY = "privoxy";
 //	public final static String PRIVOXY_INSTALL_PATH = TOR_HOME + PRIVOXY_ASSET_KEY; //path to install privoxy to within the android app data folder
 	public final static String PRIVOXY_ZIP_KEY = "assets/" + PRIVOXY_ASSET_KEY; //key of the privoxy file in the Zip file
 	//privoxy.config
 	public final static String PRIVOXYCONFIG_ASSET_KEY = "privoxy.config";
 //	public final static String PRIVOXYCONFIG_INSTALL_PATH = TOR_HOME + PRIVOXYCONFIG_ASSET_KEY; //path to install privoxy to within the android app data folder
 	public final static String PRIVOXYCONFIG_ZIP_KEY = "assets/" + PRIVOXYCONFIG_ASSET_KEY; //key of the privoxy file in the Zip file
 	//how to launch privoxy
 //	public final static String PRIVOXY_COMMAND_LINE_ARGS = ' ' + PRIVOXYCONFIG_INSTALL_PATH + " || exit\n";
 	//where to send the notices log
 //	public final static String TOR_LOG_PATH = TOR_HOME + "notices.log";
 	//control port cookie path
 //	public final static String TOR_CONTROL_AUTH_COOKIE = TOR_HOME_DATA_DIR + "control_auth_cookie";
 	//iptables key
 	public final static String IPTABLES_ASSET_KEY = "iptables";	
 	//various console cmds
 	public final static String SHELL_CMD_CHMOD = "chmod";
--- a/src/org/torproject/android/service/TorTransProxy.java
+++ b/src/org/torproject/android/service/TorTransProxy.java
@ -1,5 +1,7 @@
 package org.torproject.android.service;
 import java.io.File;
 import org.torproject.android.TorifiedApp;
 import android.content.Context;
@ -9,14 +11,17 @@ public class TorTransProxy {
 	private final static String TAG = "TorTransProxy";
-	private final static String CMD_NAT_FLUSH = "iptables -t nat -F || exit\n";
+	private static String BASE_DIR = "/data/data/" + TorServiceConstants.TOR_APP_USERNAME + "/";
 	private final static String CMD_DNS_PROXYING_ADD = "iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 127.0.0.1:5400 || exit\n";
-	//private final static String CMD_DNS_PROXYING_DELETE = "iptables -t nat -D PREROUTING -p udp --dport 53 -j DNAT --to 127.0.0.1:5400 || exit\n";
+	private final static String CMD_NAT_FLUSH = "iptables -t nat -F || exit\n";
-	// - just calling a system wide flush of iptables rules
+	private final static String CMD_FILTER_FLUSH = "iptables -t filter -F || exit\n";
 	private final static String CMD_DNS_PROXYING_ADD = "iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 127.0.0.1:5400 || exit\n";
 	private final static String IPTABLES_ADD = " -A ";
 	//private final static String CMD_DNS_PROXYING_DELETE = "iptables -t nat -D PREROUTING -p udp --dport 53 -j DNAT --to 127.0.0.1:5400 || exit\n";
 	// - just calling a system wide flush of iptables rules
 	//private final static String IPTABLES_DELETE = " -D "; //not deleting manually anymore - just calling a system wide flush of iptables rules
   // private final static String IPTABLES_DROP_ALL = " -j DROP ";
@ -32,7 +37,7 @@ public class TorTransProxy {
 		try {
 			// Run an empty script just to check root access
-			String[] cmd = {"whoami"};
+			String[] cmd = {"exit 0"};
 			int exitCode = TorServiceUtils.doShellCommand(cmd, log, true, true);
 			if (exitCode == 0) {
@ -46,13 +51,36 @@ public class TorTransProxy {
 		return false;
 	}
 	private static String findBaseDir ()
 	{
 		String[] cmds = {"/system/bin/iptables -t nat --list"};
    	StringBuilder res = new StringBuilder();
 		int code;
 		try {
 			code = TorServiceUtils.doShellCommand(cmds, res, true, true);
 		if (code != 0) {
 			return BASE_DIR;
 		}
 		else
 			return "/system/bin/";
 		} catch (Exception e) {
 			return BASE_DIR;
 		}
 	}
 	public static int setDNSProxying () throws Exception
 	{
 		String baseDir = findBaseDir();
    	final StringBuilder log = new StringBuilder();
    	int code;
-    	String[] cmds = {CMD_DNS_PROXYING_ADD};
+    	String[] cmds = {baseDir + CMD_DNS_PROXYING_ADD};
    	code = TorServiceUtils.doShellCommand(cmds, log, true, true);
@ -78,15 +106,21 @@ public class TorTransProxy {
    }
    */
-	public static boolean purgeNatIptables() {
+	public static boolean purgeIptables() {
 		String baseDir = findBaseDir();
    	StringBuilder res = new StringBuilder();
 		try {
-			String[] cmds = {CMD_NAT_FLUSH};
+			String[] cmds = {baseDir + CMD_NAT_FLUSH, baseDir + CMD_FILTER_FLUSH};
 			int code = TorServiceUtils.doShellCommand(cmds, res, true, true);
 			if (code != 0) {
 				Log.w(TAG, "error purging iptables. exit code: " + code + "\n" + res);
 				return false;
 			}
 			return true;
 		} catch (Exception e) {
 			Log.w(TAG,"error purging iptables: " + e);
@ -97,6 +131,8 @@ public class TorTransProxy {
 	public static boolean setTransparentProxyingByApp(Context context, TorifiedApp[] apps, boolean forceAll) throws Exception
 	{
 		String baseDir = findBaseDir();
 		String command = null;
 		command = IPTABLES_ADD; //ADD
@ -121,30 +157,49 @@ public class TorTransProxy {
 					Log.i(TAG,"enabling transproxy for app: " + apps[i].getUsername() + "(" + apps[i].getUid() + ")");
 					//TCP
 					script.append(baseDir);
 					script.append("iptables -t nat");
-					script.append(command);
+					script.append(" -A OUTPUT -p tcp -m owner --uid-owner ");
 					script.append("OUTPUT -p tcp -m owner --uid-owner ");
 					script.append(apps[i].getUid());
-					script.append(" -j DNAT --to 127.0.0.1:9040");
+				//	script.append(" -j DNAT --to 127.0.0.1:9040");
 					script.append(" -m tcp --syn -j REDIRECT --to-ports 9040");
 					script.append(" || exit\n");
 					//UDP
 					script.append(baseDir);
 					script.append("iptables -t nat");
-					script.append(command);
+					script.append(" -A OUTPUT -p udp -m owner --uid-owner ");
 					script.append("OUTPUT -p udp -m owner --uid-owner ");
 					script.append(apps[i].getUid());
-					script.append(" -j DROP"); //drop all UDP packets as Tor won't handle them
+					script.append(" --dport 53 -j REDIRECT --to-ports 5400"); //drop all UDP packets as Tor won't handle them
 					script.append(" || exit\n");
 					script.append(baseDir);
 					script.append("iptables -t nat");
 					script.append(" -A OUTPUT -m owner --uid-owner ");
 					script.append(apps[i].getUid());
 					script.append(" -j DROP"); //drop all other packets as Tor won't handle them
 					script.append(" || exit\n");
 					/*
 					 * iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp -j REDIRECT --to-ports 9040 
 iptables -t nat -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53 
 iptables -t filter -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --dport 9040 -j ACCEPT
 iptables -t filter -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j ACCEPT
 iptables -t filter -A OUTPUT -m owner --uid-owner anonymous -j DROP
 					 */
 				}		
 			}
 	    	String[] cmd = {script.toString()};
 	    	Log.i(TAG, cmd[0]);
 			code = TorServiceUtils.doShellCommand(cmd, res, true, true);
 			String msg = res.toString();
-			Log.e(TAG, msg);
+			Log.i(TAG, msg);
 		return false;
@ -153,9 +208,8 @@ public class TorTransProxy {
 	public static boolean setTransparentProxyingByPort(Context context, String[] ports) {
-		String command = null;
+		String baseDir = findBaseDir();
 		command = IPTABLES_ADD; //ADD
    	final StringBuilder script = new StringBuilder();
@ -167,6 +221,8 @@ public class TorTransProxy {
 				Log.i(TAG,"enabling transproxy for port: " + ports[i]);
 				//TCP
 				script.append(baseDir);
 				script.append("iptables -t nat");
 				script.append("-A PREROUTING -p tcp --dport ");
 				script.append(ports[i]);
@ -174,6 +230,8 @@ public class TorTransProxy {
 				script.append(" || exit\n");
 				//UDP
 				script.append(baseDir);
 				script.append("iptables -t nat");
 				script.append("-A PREROUTING -p udp --dport ");
 				script.append(ports[i]);
@ -185,6 +243,7 @@ public class TorTransProxy {
 	    	StringBuilder res = new StringBuilder();
 	    	String[] cmd = {script.toString()};
 	    	Log.i(TAG, cmd[0]);
 			code = TorServiceUtils.doShellCommand(cmd, res, true, true);