1005 lines
25 KiB
Java
1005 lines
25 KiB
Java
package org.torproject.android.service.transproxy;
|
|
|
|
import java.io.DataOutputStream;
|
|
import java.io.File;
|
|
import java.io.IOException;
|
|
import java.util.ArrayList;
|
|
import java.util.Arrays;
|
|
import java.util.Collections;
|
|
import java.util.Iterator;
|
|
import java.util.List;
|
|
import java.util.StringTokenizer;
|
|
|
|
import android.content.Context;
|
|
import android.content.SharedPreferences;
|
|
import android.content.pm.ApplicationInfo;
|
|
import android.content.pm.PackageInfo;
|
|
import android.content.pm.PackageManager;
|
|
|
|
import org.sufficientlysecure.rootcommands.Shell;
|
|
import org.sufficientlysecure.rootcommands.command.SimpleCommand;
|
|
import org.torproject.android.service.OrbotConstants;
|
|
import org.torproject.android.service.util.Prefs;
|
|
import org.torproject.android.service.TorService;
|
|
import org.torproject.android.service.TorServiceConstants;
|
|
|
|
public class TorTransProxy implements TorServiceConstants {
|
|
|
|
private String mSysIptables = null;
|
|
private TorService mTorService = null;
|
|
private File mFileXtables = null;
|
|
|
|
private final static String ALLOW_LOCAL = " ! -d 127.0.0.1";
|
|
|
|
private int mTransProxyPort = TOR_TRANSPROXY_PORT_DEFAULT;
|
|
private int mDNSPort = TOR_DNS_PORT_DEFAULT;
|
|
|
|
private Shell mShell;
|
|
|
|
public TorTransProxy (TorService torService, File fileXTables) throws IOException
|
|
{
|
|
mTorService = torService;
|
|
mFileXtables = fileXTables;
|
|
|
|
// start root shell
|
|
mShell = Shell.startRootShell();
|
|
|
|
}
|
|
|
|
public static boolean testRoot () throws IOException
|
|
{
|
|
Runtime.getRuntime().exec("su");
|
|
return true;
|
|
}
|
|
|
|
public void setTransProxyPort (int transProxyPort)
|
|
{
|
|
mTransProxyPort = transProxyPort;
|
|
}
|
|
|
|
public void setDNSPort (int dnsPort)
|
|
{
|
|
mDNSPort = dnsPort;
|
|
}
|
|
|
|
public String getIpTablesPath (Context context)
|
|
{
|
|
|
|
String ipTablesPath = null;
|
|
|
|
if (Prefs.useSystemIpTables())
|
|
{
|
|
ipTablesPath = findSystemIPTables();
|
|
}
|
|
else
|
|
{
|
|
ipTablesPath = mFileXtables.getAbsolutePath();
|
|
ipTablesPath += " iptables"; //append subcommand since we are using xtables now
|
|
|
|
}
|
|
|
|
return ipTablesPath;
|
|
}
|
|
|
|
public String getIp6TablesPath (Context context)
|
|
{
|
|
|
|
String ipTablesPath = null;
|
|
|
|
if (Prefs.useSystemIpTables())
|
|
{
|
|
ipTablesPath = findSystemIP6Tables();
|
|
}
|
|
else
|
|
{
|
|
ipTablesPath = mFileXtables.getAbsolutePath();
|
|
ipTablesPath += " ip6tables"; //append subcommand since we are using xtables now
|
|
|
|
}
|
|
|
|
return ipTablesPath;
|
|
|
|
}
|
|
|
|
private String findSystemIPTables ()
|
|
{
|
|
if (mSysIptables != null)
|
|
{
|
|
return mSysIptables;
|
|
}
|
|
else
|
|
{
|
|
|
|
//if the user wants us to use the built-in iptables, then we have to find it
|
|
File fileIpt = new File("/system/xbin/iptables");
|
|
|
|
if (fileIpt.exists())
|
|
mSysIptables = fileIpt.getAbsolutePath();
|
|
else
|
|
{
|
|
|
|
fileIpt = new File("/system/bin/iptables");
|
|
|
|
if (fileIpt.exists())
|
|
mSysIptables = fileIpt.getAbsolutePath();
|
|
}
|
|
}
|
|
|
|
return mSysIptables;
|
|
}
|
|
|
|
|
|
|
|
private String findSystemIP6Tables ()
|
|
{
|
|
|
|
//if the user wants us to use the built-in iptables, then we have to find it
|
|
File fileIpt = new File("/system/xbin/ip6tables");
|
|
|
|
if (fileIpt.exists())
|
|
mSysIptables = fileIpt.getAbsolutePath();
|
|
else
|
|
{
|
|
|
|
fileIpt = new File("/system/bin/ip6tables");
|
|
|
|
if (fileIpt.exists())
|
|
mSysIptables = fileIpt.getAbsolutePath();
|
|
}
|
|
|
|
|
|
return mSysIptables;
|
|
}
|
|
|
|
/*
|
|
public int flushIptablesAll(Context context) throws Exception {
|
|
|
|
String ipTablesPath = getIpTablesPath(context);
|
|
|
|
final StringBuilder script = new StringBuilder();
|
|
|
|
StringBuilder res = new StringBuilder();
|
|
int code = -1;
|
|
|
|
script.append(ipTablesPath);
|
|
script.append(" -t nat");
|
|
script.append(" -F || exit\n");
|
|
|
|
script.append(ipTablesPath);
|
|
script.append(" -t filter");
|
|
script.append(" -F || exit\n");
|
|
|
|
String[] cmd = {script.toString()};
|
|
code = TorServiceUtils.doShellCommand(cmd, res, true, true);
|
|
String msg = res.toString();
|
|
|
|
TorService.logMessage(cmd[0] + ";errCode=" + code + ";resp=" + msg);
|
|
|
|
|
|
return code;
|
|
|
|
}*/
|
|
|
|
/*
|
|
public static int purgeIptablesByApp(Context context, TorifiedApp[] apps) throws Exception {
|
|
|
|
//restoreDNSResolvConf(); //not working yet
|
|
|
|
String ipTablesPath = new File(context.getDir("bin", 0),"iptables").getAbsolutePath();
|
|
|
|
final StringBuilder script = new StringBuilder();
|
|
|
|
StringBuilder res = new StringBuilder();
|
|
int code = -1;
|
|
|
|
for (int i = 0; i < apps.length; i++)
|
|
{
|
|
//flush nat for every app
|
|
script.append(ipTablesPath);
|
|
script.append(" -t nat -m owner --uid-owner ");
|
|
script.append(tApp.getUid());
|
|
script.append(" -F || exit\n");
|
|
public static ArrayList<TorifiedApp> getApps (Context context, SharedPreferences prefs)
|
|
{
|
|
|
|
String tordAppString = prefs.getString(PREFS_KEY_TORIFIED, "");
|
|
String[] tordApps;
|
|
|
|
StringTokenizer st = new StringTokenizer(tordAppString,"|");
|
|
tordApps = new String[st.countTokens()];
|
|
int tordIdx = 0;
|
|
while (st.hasMoreTokens())
|
|
{
|
|
tordApps[tordIdx++] = st.nextToken();
|
|
}
|
|
|
|
Arrays.sort(tordApps);
|
|
|
|
//else load the apps up
|
|
PackageManager pMgr = context.getPackageManager();
|
|
|
|
List<ApplicationInfo> lAppInfo = pMgr.getInstalledApplications(0);
|
|
|
|
Iterator<ApplicationInfo> itAppInfo = lAppInfo.iterator();
|
|
|
|
ArrayList<TorifiedApp> apps = new ArrayList<TorifiedApp>();
|
|
|
|
ApplicationInfo aInfo = null;
|
|
|
|
int appIdx = 0;
|
|
TorifiedApp app = null;
|
|
|
|
while (itAppInfo.hasNext())
|
|
{
|
|
aInfo = itAppInfo.next();
|
|
|
|
app = new TorifiedApp();
|
|
|
|
try {
|
|
PackageInfo pInfo = pMgr.getPackageInfo(aInfo.packageName, PackageManager.GET_PERMISSIONS);
|
|
|
|
if (pInfo != null && pInfo.requestedPermissions != null)
|
|
{
|
|
for (String permInfo:pInfo.requestedPermissions)
|
|
{
|
|
if (permInfo.equals("android.permission.INTERNET"))
|
|
{
|
|
app.setUsesInternet(true);
|
|
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
|
|
} catch (Exception e) {
|
|
// TODO Auto-generated catch block
|
|
e.printStackTrace();
|
|
}
|
|
|
|
if ((aInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 1)
|
|
{
|
|
//System app
|
|
app.setUsesInternet(true);
|
|
}
|
|
|
|
|
|
if (!app.usesInternet())
|
|
continue;
|
|
else
|
|
{
|
|
apps.add(app);
|
|
}
|
|
|
|
|
|
app.setEnabled(aInfo.enabled);
|
|
app.setUid(aInfo.uid);
|
|
app.setUsername(pMgr.getNameForUid(app.getUid()));
|
|
app.setProcname(aInfo.processName);
|
|
app.setPackageName(aInfo.packageName);
|
|
|
|
try
|
|
{
|
|
app.setName(pMgr.getApplicationLabel(aInfo).toString());
|
|
}
|
|
catch (Exception e)
|
|
{
|
|
app.setName(aInfo.packageName);
|
|
}
|
|
|
|
|
|
//app.setIcon(pMgr.getApplicationIcon(aInfo));
|
|
|
|
// check if this application is allowed
|
|
if (Arrays.binarySearch(tordApps, app.getUsername()) >= 0) {
|
|
app.setTorified(true);
|
|
}
|
|
else
|
|
{
|
|
app.setTorified(false);
|
|
}
|
|
|
|
appIdx++;
|
|
}
|
|
|
|
Collections.sort(apps);
|
|
|
|
return apps;
|
|
}
|
|
|
|
|
|
script.append(ipTablesPath);
|
|
script.append(" -t filter -m owner --uid-owner ");
|
|
script.append(tApp.getUid());
|
|
script.append(" -F || exit\n");
|
|
|
|
}
|
|
|
|
|
|
String[] cmd = {script.toString()};
|
|
code = TorServiceUtils.doShellCommand(cmd, res, true, true);
|
|
String msg = res.toString();
|
|
logNotice(cmd[0] + ";errCode=" + code + ";resp=" + msg);
|
|
|
|
|
|
return code;
|
|
|
|
}*/
|
|
|
|
|
|
/*
|
|
// 9/19/2010 - NF This code is in process... /etc path on System partition
|
|
// is read-only on Android for now.
|
|
public static int redirectDNSResolvConf () throws Exception
|
|
{
|
|
StringBuilder script = new StringBuilder();
|
|
StringBuilder res = new StringBuilder();
|
|
int code = -1;
|
|
|
|
//mv resolv.conf to resolve.conf.bak
|
|
String cmd = "mv /etc/resolv.conf /etc/resolv.conf.bak";
|
|
script.append(cmd);
|
|
|
|
//create new resolve.conf pointing to localhost/127.0.0.1
|
|
cmd = "echo \"nameserver 127.0.0.1\" > /etc/resolv.conf";
|
|
script.append(cmd);
|
|
|
|
String[] cmdFlush = {script.toString()};
|
|
code = TorServiceUtils.doShellCommand(cmdFlush, res, true, true);
|
|
//String msg = res.toString(); //get stdout from command
|
|
|
|
|
|
return code;
|
|
}
|
|
|
|
public static int restoreDNSResolvConf () throws Exception
|
|
{
|
|
StringBuilder script = new StringBuilder();
|
|
StringBuilder res = new StringBuilder();
|
|
int code = -1;
|
|
|
|
//mv resolv.conf to resolve.conf.bak
|
|
String cmd = "mv /etc/resolv.conf.bak /etc/resolv.conf";
|
|
script.append(cmd);
|
|
script.append(" || exit\n");
|
|
|
|
String[] cmdFlush = {script.toString()};
|
|
code = TorServiceUtils.doShellCommand(cmdFlush, res, true, true);
|
|
//String msg = res.toString(); //get stdout from command
|
|
|
|
return code;
|
|
}
|
|
*/
|
|
/*
|
|
public int testOwnerModule(Context context, String ipTablesPath) throws Exception
|
|
{
|
|
|
|
TorBinaryInstaller.assertIpTablesBinaries(context, false);
|
|
|
|
boolean runRoot = true;
|
|
boolean waitFor = true;
|
|
|
|
int torUid = context.getApplicationInfo().uid;
|
|
|
|
StringBuilder script = new StringBuilder();
|
|
|
|
StringBuilder res = new StringBuilder();
|
|
int code = -1;
|
|
|
|
// Allow everything for Tor
|
|
script.append(ipTablesPath);
|
|
script.append(" -A OUTPUT");
|
|
script.append(" -t filter");
|
|
script.append(" -m owner --uid-owner ");
|
|
script.append(torUid);
|
|
script.append(" -j ACCEPT");
|
|
script.append(" || exit\n");
|
|
|
|
script.append(ipTablesPath);
|
|
script.append(" -D OUTPUT");
|
|
script.append(" -t filter");
|
|
script.append(" -m owner --uid-owner ");
|
|
script.append(torUid);
|
|
script.append(" -j ACCEPT");
|
|
script.append(" || exit\n");
|
|
|
|
String[] cmdAdd = {script.toString()};
|
|
|
|
code = TorServiceUtils.doShellCommand(cmdAdd, res, runRoot, waitFor);
|
|
String msg = res.toString();
|
|
|
|
if (mTorService != null)
|
|
logMessage(cmdAdd[0] + ";errCode=" + code + ";resp=" + msg);
|
|
|
|
|
|
return code;
|
|
}
|
|
*/
|
|
|
|
/*
|
|
public int clearTransparentProxyingByApp (Context context, ArrayList<TorifiedApp> apps) throws Exception
|
|
{
|
|
boolean runRoot = true;
|
|
boolean waitFor = true;
|
|
|
|
String ipTablesPath = getIpTablesPath(context);
|
|
|
|
StringBuilder script = new StringBuilder();
|
|
|
|
StringBuilder res = new StringBuilder();
|
|
int code = -1;
|
|
|
|
String chainName = "ORBOT";
|
|
String jumpChainName = "OUTPUT";
|
|
|
|
script.append(ipTablesPath);
|
|
script.append(" --flush ").append(chainName); //delete previous user-defined chain
|
|
script.append(" || exit\n");
|
|
|
|
script.append(ipTablesPath);
|
|
script.append(" -D ").append(jumpChainName);
|
|
script.append(" -j ").append(chainName);
|
|
script.append(" || exit\n");
|
|
|
|
script.append(ipTablesPath);
|
|
script.append(" -X ").append(chainName); //delete previous user-defined chain
|
|
script.append(" || exit\n");
|
|
|
|
String[] cmdAdd = {script.toString()};
|
|
|
|
code = TorServiceUtils.doShellCommand(cmdAdd, res, runRoot, waitFor);
|
|
String msg = res.toString();
|
|
|
|
logMessage(cmdAdd[0] + ";errCode=" + code + ";resp=" + msg);
|
|
|
|
return code;
|
|
}*/
|
|
|
|
public int setTransparentProxyingByApp(Context context, ArrayList<TorifiedApp> apps, boolean enableRule) throws Exception
|
|
{
|
|
String ipTablesPath = getIpTablesPath(context);
|
|
|
|
//StringBuilder script = new StringBuilder();
|
|
|
|
String action = " -A ";
|
|
String srcChainName = "OUTPUT";
|
|
|
|
if (!enableRule)
|
|
action = " -D ";
|
|
|
|
//run the delete commands in a separate process as it might error out
|
|
//String[] cmdExecClear = {script.toString()};
|
|
//code = TorServiceUtils.doShellCommand(cmdExecClear, res, runRoot, waitFor);
|
|
|
|
//reset script
|
|
|
|
int lastExit = -1;
|
|
StringBuilder script;
|
|
|
|
|
|
// Same for DNS
|
|
script = new StringBuilder();
|
|
script.append(ipTablesPath);
|
|
script.append(" -t nat");
|
|
script.append(action).append(srcChainName);
|
|
script.append(" -p udp");
|
|
//script.append(" -m owner --uid-owner ");
|
|
//script.append(tApp.getUid());
|
|
//script.append(" -m udp --dport ");
|
|
script.append(" --dport ");
|
|
script.append(STANDARD_DNS_PORT);
|
|
script.append(" -j REDIRECT --to-ports ");
|
|
script.append(mDNSPort);
|
|
executeCommand (script.toString());
|
|
|
|
// Allow everything for Tor
|
|
|
|
//build up array of shell cmds to execute under one root context
|
|
for (TorifiedApp tApp:apps)
|
|
{
|
|
|
|
if (((!enableRule) || tApp.isTorified())
|
|
&& (!tApp.getUsername().equals(TOR_APP_USERNAME))
|
|
) //if app is set to true
|
|
{
|
|
|
|
|
|
logMessage("transproxy for app: " + tApp.getUsername() + " (" + tApp.getUid() + "): enable=" + enableRule);
|
|
|
|
dropAllIPv6Traffic(context, tApp.getUid(),enableRule);
|
|
|
|
script = new StringBuilder();
|
|
|
|
// Allow loopback
|
|
/**
|
|
script.append(ipTablesPath);
|
|
script.append(" -t filter");
|
|
script.append(action).append(srcChainName);
|
|
script.append(" -m owner --uid-owner ");
|
|
script.append(tApp.getUid());
|
|
script.append(" -o lo");
|
|
script.append(" -j ACCEPT");
|
|
|
|
executeCommand (shell, script.toString());
|
|
script = new StringBuilder();
|
|
**/
|
|
|
|
// Set up port redirection
|
|
script.append(ipTablesPath);
|
|
script.append(" -t nat");
|
|
script.append(action).append(srcChainName);
|
|
script.append(" -p tcp");
|
|
script.append(ALLOW_LOCAL);
|
|
script.append(" -m owner --uid-owner ");
|
|
script.append(tApp.getUid());
|
|
script.append(" -m tcp --syn");
|
|
script.append(" -j REDIRECT --to-ports ");
|
|
script.append(mTransProxyPort);
|
|
|
|
executeCommand (script.toString());
|
|
|
|
|
|
script = new StringBuilder();
|
|
|
|
// Reject all other outbound packets
|
|
script.append(ipTablesPath);
|
|
script.append(" -t filter");
|
|
script.append(action).append(srcChainName);
|
|
script.append(" -m owner --uid-owner ");
|
|
script.append(tApp.getUid());
|
|
script.append(ALLOW_LOCAL);
|
|
script.append(" -j REJECT");
|
|
|
|
lastExit = executeCommand (script.toString());
|
|
|
|
|
|
}
|
|
}
|
|
|
|
return lastExit;
|
|
}
|
|
|
|
private int executeCommand (String cmdString) throws Exception {
|
|
|
|
SimpleCommand command = new SimpleCommand(cmdString);
|
|
|
|
mShell.add(command).waitForFinish();
|
|
|
|
logMessage("Command Exec: " + cmdString);
|
|
logMessage("Output: " + command.getOutput());
|
|
logMessage("Exit code: " + command.getExitCode());
|
|
|
|
return 0;
|
|
}
|
|
|
|
public void closeShell () throws IOException
|
|
{
|
|
mShell.close();
|
|
}
|
|
|
|
public int enableTetheringRules (Context context) throws Exception
|
|
{
|
|
|
|
String ipTablesPath = getIpTablesPath(context);
|
|
|
|
StringBuilder script = new StringBuilder();
|
|
|
|
String[] hwinterfaces = {"usb0","wl0.1"};
|
|
|
|
|
|
int lastExit = -1;
|
|
|
|
for (int i = 0; i < hwinterfaces.length; i++)
|
|
{
|
|
|
|
script = new StringBuilder();
|
|
script.append(ipTablesPath);
|
|
script.append(" -t nat -A PREROUTING -i ");
|
|
script.append(hwinterfaces[i]);
|
|
script.append(" -p udp --dport 53 -j REDIRECT --to-ports ");
|
|
script.append(mDNSPort);
|
|
|
|
executeCommand (script.toString());
|
|
script = new StringBuilder();
|
|
|
|
|
|
script = new StringBuilder();
|
|
script.append(ipTablesPath);
|
|
script.append(" -t nat -A PREROUTING -i ");
|
|
script.append(hwinterfaces[i]);
|
|
script.append(" -p tcp -j REDIRECT --to-ports ");
|
|
script.append(mTransProxyPort);
|
|
|
|
lastExit = executeCommand (script.toString());
|
|
script = new StringBuilder();
|
|
|
|
|
|
}
|
|
|
|
return lastExit;
|
|
}
|
|
|
|
private void logMessage (String msg)
|
|
{
|
|
if (mTorService != null)
|
|
mTorService.debug(msg);
|
|
}
|
|
|
|
|
|
|
|
public int fixTransproxyLeak (Context context) throws Exception
|
|
{
|
|
String ipTablesPath = getIpTablesPath(context);
|
|
|
|
StringBuilder script = new StringBuilder();
|
|
script.append(ipTablesPath);
|
|
script.append(" -I OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m tcp --tcp-flags ACK,FIN ACK,FIN -j DROP");
|
|
|
|
executeCommand (script.toString());
|
|
script = new StringBuilder();
|
|
|
|
script = new StringBuilder();
|
|
script.append(ipTablesPath);
|
|
script.append(" -I OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m tcp --tcp-flags ACK,RST ACK,RST -j DROP");
|
|
|
|
int lastExit = executeCommand (script.toString());
|
|
script = new StringBuilder();
|
|
|
|
return lastExit;
|
|
|
|
}
|
|
|
|
public int dropAllIPv6Traffic (Context context, int appUid, boolean enableDrop) throws Exception {
|
|
|
|
String action = " -A ";
|
|
String chain = "OUTPUT";
|
|
|
|
if (!enableDrop)
|
|
action = " -D ";
|
|
|
|
String ip6tablesPath = getIp6TablesPath(context);
|
|
|
|
StringBuilder script;
|
|
|
|
script = new StringBuilder();
|
|
script.append(ip6tablesPath);
|
|
script.append(action);
|
|
script.append(chain);
|
|
|
|
if (appUid != -1)
|
|
{
|
|
script.append(" -m owner --uid-owner ");
|
|
script.append(appUid);
|
|
}
|
|
|
|
script.append(" -j DROP");
|
|
|
|
int lastExit = executeCommand (script.toString());
|
|
|
|
return lastExit;
|
|
}
|
|
|
|
/*
|
|
public int clearAllIPv6Filters (Context context) throws Exception
|
|
{
|
|
|
|
String ip6tablesPath = getIp6TablesPath(context);
|
|
Shell shell = Shell.startRootShell();
|
|
|
|
StringBuilder script;
|
|
|
|
script = new StringBuilder();
|
|
script.append(ip6tablesPath);
|
|
script.append(" -t filter");
|
|
script.append(" -F OUTPUT");
|
|
int lastExit = executeCommand (shell, script.toString());
|
|
|
|
shell.close();
|
|
|
|
return lastExit;
|
|
}*/
|
|
|
|
public int flushTransproxyRules (Context context) throws Exception {
|
|
int exit = -1;
|
|
|
|
String ipTablesPath = getIpTablesPath(context);
|
|
|
|
StringBuilder script = new StringBuilder();
|
|
script.append(ipTablesPath);
|
|
script.append(" -t nat ");
|
|
script.append(" -F ");
|
|
|
|
executeCommand (script.toString());
|
|
|
|
script = new StringBuilder();
|
|
script.append(ipTablesPath);
|
|
script.append(" -t filter ");
|
|
script.append(" -F ");
|
|
executeCommand (script.toString());
|
|
|
|
dropAllIPv6Traffic(context,-1,false);
|
|
dropAllIPv6Traffic(context,-1,false);
|
|
|
|
|
|
return exit;
|
|
}
|
|
|
|
public int setTransparentProxyingAll(Context context, boolean enable) throws Exception
|
|
{
|
|
|
|
String action = " -A ";
|
|
String srcChainName = "OUTPUT";
|
|
|
|
if (!enable)
|
|
action = " -D ";
|
|
|
|
dropAllIPv6Traffic(context,-1,enable);
|
|
|
|
String ipTablesPath = getIpTablesPath(context);
|
|
|
|
|
|
int torUid = context.getApplicationInfo().uid;
|
|
|
|
StringBuilder script = new StringBuilder();
|
|
|
|
// Allow everything for Tor
|
|
|
|
script.append(ipTablesPath);
|
|
script.append(" -t nat");
|
|
script.append(action).append(srcChainName);
|
|
script.append(" -m owner --uid-owner ");
|
|
script.append(torUid);
|
|
script.append(" -j ACCEPT");
|
|
|
|
executeCommand (script.toString());
|
|
script = new StringBuilder();
|
|
|
|
// Allow loopback
|
|
|
|
script.append(ipTablesPath);
|
|
script.append(" -t nat");
|
|
script.append(action).append(srcChainName);
|
|
script.append(" -o lo");
|
|
script.append(" -j ACCEPT");
|
|
|
|
executeCommand (script.toString());
|
|
script = new StringBuilder();
|
|
|
|
// Set up port redirection
|
|
script.append(ipTablesPath);
|
|
script.append(" -t nat");
|
|
script.append(action).append(srcChainName);
|
|
script.append(" -p tcp");
|
|
script.append(ALLOW_LOCAL); //allow access to localhost
|
|
script.append(" -m owner ! --uid-owner ");
|
|
script.append(torUid);
|
|
script.append(" -m tcp --syn");
|
|
script.append(" -j REDIRECT --to-ports ");
|
|
script.append(mTransProxyPort);
|
|
|
|
executeCommand (script.toString());
|
|
script = new StringBuilder();
|
|
|
|
// Same for DNS
|
|
script.append(ipTablesPath);
|
|
script.append(" -t nat");
|
|
script.append(action).append(srcChainName);
|
|
script.append(" -p udp");
|
|
script.append(ALLOW_LOCAL); //allow access to localhost
|
|
script.append(" -m owner ! --uid-owner ");
|
|
script.append(torUid);
|
|
//script.append(" -m udp --dport ");
|
|
script.append(" --dport ");
|
|
script.append(STANDARD_DNS_PORT);
|
|
script.append(" -j REDIRECT --to-ports ");
|
|
script.append(mDNSPort);
|
|
|
|
executeCommand (script.toString());
|
|
script = new StringBuilder();
|
|
|
|
|
|
/**
|
|
if (Prefs.useDebugLogging())
|
|
{
|
|
//XXX: Comment the following rules for non-debug builds
|
|
script.append(ipTablesPath);
|
|
script.append(" -t filter");
|
|
script.append(action).append(srcChainName);
|
|
script.append(" -p udp");
|
|
script.append(" --dport ");
|
|
script.append(STANDARD_DNS_PORT);
|
|
script.append(" -j LOG");
|
|
script.append(" --log-prefix='ORBOT_DNSLEAK_PROTECTION'");
|
|
script.append(" --log-uid");
|
|
|
|
executeCommand (script.toString());
|
|
script = new StringBuilder();
|
|
|
|
script.append(ipTablesPath);
|
|
script.append(" -t filter");
|
|
script.append(action).append(srcChainName);
|
|
script.append(" -p tcp");
|
|
script.append(" -j LOG");
|
|
script.append(" --log-prefix='ORBOT_TCPLEAK_PROTECTION'");
|
|
script.append(" --log-uid");
|
|
|
|
executeCommand (script.toString());
|
|
script = new StringBuilder();
|
|
|
|
}**/
|
|
|
|
//allow access to transproxy port
|
|
script.append(ipTablesPath);
|
|
script.append(" -t filter");
|
|
script.append(action).append(srcChainName);
|
|
script.append(" -p tcp");
|
|
script.append(" -m tcp");
|
|
script.append(" --dport ").append(mTransProxyPort);
|
|
script.append(" -j ACCEPT");
|
|
|
|
executeCommand (script.toString());
|
|
script = new StringBuilder();
|
|
|
|
//allow access to local HTTP port
|
|
script.append(ipTablesPath);
|
|
script.append(" -t filter");
|
|
script.append(action).append(srcChainName);
|
|
script.append(" -p tcp");
|
|
script.append(" -m tcp");
|
|
script.append(" --dport ").append(mTorService.getHTTPPort());
|
|
script.append(" -j ACCEPT");
|
|
|
|
executeCommand (script.toString());
|
|
script = new StringBuilder();
|
|
|
|
//allow access to local SOCKS port
|
|
script.append(ipTablesPath);
|
|
script.append(" -t filter");
|
|
script.append(action).append(srcChainName);
|
|
script.append(" -p tcp");
|
|
script.append(" -m tcp");
|
|
script.append(" --dport ").append(mTorService.getSOCKSPort());
|
|
script.append(" -j ACCEPT");
|
|
|
|
executeCommand (script.toString());
|
|
script = new StringBuilder();
|
|
|
|
//allow access to local DNS port
|
|
script.append(ipTablesPath);
|
|
script.append(" -t filter");
|
|
script.append(action).append(srcChainName);
|
|
script.append(" -p udp");
|
|
script.append(" -m udp");
|
|
script.append(" --dport ").append(mDNSPort);
|
|
script.append(" -j ACCEPT");
|
|
|
|
executeCommand (script.toString());
|
|
script = new StringBuilder();
|
|
|
|
// Reject all other packets
|
|
script.append(ipTablesPath);
|
|
script.append(" -t filter");
|
|
script.append(action).append(srcChainName);
|
|
script.append(" -m owner ! --uid-owner ");
|
|
script.append(torUid);
|
|
script.append(ALLOW_LOCAL); //allow access to localhost
|
|
script.append(" -j REJECT");
|
|
|
|
int lastExit = executeCommand (script.toString());
|
|
|
|
// fixTransproxyLeak (context);
|
|
|
|
return lastExit;
|
|
}
|
|
|
|
|
|
public static ArrayList<TorifiedApp> getApps (Context context, SharedPreferences prefs)
|
|
{
|
|
|
|
String tordAppString = prefs.getString(OrbotConstants.PREFS_KEY_TORIFIED, "");
|
|
String[] tordApps;
|
|
|
|
StringTokenizer st = new StringTokenizer(tordAppString,"|");
|
|
tordApps = new String[st.countTokens()];
|
|
int tordIdx = 0;
|
|
while (st.hasMoreTokens())
|
|
{
|
|
tordApps[tordIdx++] = st.nextToken();
|
|
}
|
|
|
|
Arrays.sort(tordApps);
|
|
|
|
//else load the apps up
|
|
PackageManager pMgr = context.getPackageManager();
|
|
|
|
List<ApplicationInfo> lAppInfo = pMgr.getInstalledApplications(0);
|
|
|
|
Iterator<ApplicationInfo> itAppInfo = lAppInfo.iterator();
|
|
|
|
ArrayList<TorifiedApp> apps = new ArrayList<TorifiedApp>();
|
|
|
|
ApplicationInfo aInfo = null;
|
|
|
|
int appIdx = 0;
|
|
TorifiedApp app = null;
|
|
|
|
while (itAppInfo.hasNext())
|
|
{
|
|
aInfo = itAppInfo.next();
|
|
|
|
app = new TorifiedApp();
|
|
|
|
try {
|
|
PackageInfo pInfo = pMgr.getPackageInfo(aInfo.packageName, PackageManager.GET_PERMISSIONS);
|
|
|
|
if (pInfo != null && pInfo.requestedPermissions != null)
|
|
{
|
|
for (String permInfo:pInfo.requestedPermissions)
|
|
{
|
|
if (permInfo.equals("android.permission.INTERNET"))
|
|
{
|
|
app.setUsesInternet(true);
|
|
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
|
|
} catch (Exception e) {
|
|
// TODO Auto-generated catch block
|
|
e.printStackTrace();
|
|
}
|
|
|
|
if ((aInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 1)
|
|
{
|
|
//System app
|
|
app.setUsesInternet(true);
|
|
}
|
|
|
|
|
|
if (!app.usesInternet())
|
|
continue;
|
|
else
|
|
{
|
|
apps.add(app);
|
|
}
|
|
|
|
|
|
app.setEnabled(aInfo.enabled);
|
|
app.setUid(aInfo.uid);
|
|
app.setUsername(pMgr.getNameForUid(app.getUid()));
|
|
app.setProcname(aInfo.processName);
|
|
app.setPackageName(aInfo.packageName);
|
|
|
|
try
|
|
{
|
|
app.setName(pMgr.getApplicationLabel(aInfo).toString());
|
|
}
|
|
catch (Exception e)
|
|
{
|
|
app.setName(aInfo.packageName);
|
|
}
|
|
|
|
|
|
//app.setIcon(pMgr.getApplicationIcon(aInfo));
|
|
|
|
// check if this application is allowed
|
|
if (Arrays.binarySearch(tordApps, app.getUsername()) >= 0) {
|
|
app.setTorified(true);
|
|
}
|
|
else
|
|
{
|
|
app.setTorified(false);
|
|
}
|
|
|
|
appIdx++;
|
|
}
|
|
|
|
Collections.sort(apps);
|
|
|
|
return apps;
|
|
}
|
|
|
|
}
|