diff options
author | cyberta <cyberta@riseup.net> | 2020-01-31 22:46:24 -0800 |
---|---|---|
committer | cyberta <cyberta@riseup.net> | 2020-01-31 22:46:24 -0800 |
commit | 0e8f40e75eb1a5fe2d3c212b5939fdbf427ec0f5 (patch) | |
tree | f6b0adef18755cc8c107897e625595614e5dce36 /app/src/main/java | |
parent | 721d222a457ec0dfec28bc4ee4908b50f04904fc (diff) | |
parent | b8ba423d997f5dbb2541b4f4542a2b6b30400485 (diff) |
Merge branch 'implement_tethering_for_rooted_devices' into 'master'
Implement tethering for rooted devices
See merge request leap/bitmask_android!98
Diffstat (limited to 'app/src/main/java')
24 files changed, 1606 insertions, 243 deletions
diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java index 766dc925..67d3c4f2 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java @@ -47,7 +47,7 @@ import de.blinkt.openvpn.core.connection.Obfs4Connection; import se.leap.bitmaskclient.R; import se.leap.bitmaskclient.VpnNotificationManager; import se.leap.bitmaskclient.pluggableTransports.Shapeshifter; -import se.leap.bitmaskclient.utils.FirewallHelper; +import se.leap.bitmaskclient.firewall.FirewallManager; import static de.blinkt.openvpn.core.ConnectionStatus.LEVEL_CONNECTED; import static de.blinkt.openvpn.core.ConnectionStatus.LEVEL_WAITING_FOR_USER_INPUT; @@ -90,7 +90,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac private Runnable mOpenVPNThread; private VpnNotificationManager notificationManager; private Shapeshifter shapeshifter; - private FirewallHelper firewallHelper; + private FirewallManager firewallManager; private static final int PRIORITY_MIN = -2; private static final int PRIORITY_DEFAULT = 0; @@ -194,7 +194,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac VpnStatus.removeStateListener(this); } } - firewallHelper.shutdownFirewall(); + firewallManager.stop(); } private boolean runningOnAndroidTV() { @@ -309,7 +309,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac return START_REDELIVER_INTENT; } - /* TODO: check that for Bitmask */ + /* TODO: check that for Bitmask */ // Always show notification here to avoid problem with startForeground timeout VpnStatus.logInfo(R.string.building_configration); VpnStatus.updateStateString("VPN_GENERATE_CONFIG", "", R.string.building_configration, ConnectionStatus.LEVEL_START); @@ -449,14 +449,12 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac mProcessThread.start(); } - firewallHelper.startFirewall(); - new Handler(getMainLooper()).post(() -> { - if (mDeviceStateReceiver != null) { - unregisterDeviceStateReceiver(); - } - registerDeviceStateReceiver(mManagement); - } + if (mDeviceStateReceiver != null) { + unregisterDeviceStateReceiver(); + } + registerDeviceStateReceiver(mManagement); + } ); } @@ -518,7 +516,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac super.onCreate(); notificationManager = new VpnNotificationManager(this, this); notificationManager.createOpenVpnNotificationChannel(); - firewallHelper = new FirewallHelper(this); + firewallManager = new FirewallManager(this, true); } @Override @@ -537,6 +535,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac VpnStatus.flushLog(); notificationManager.deleteNotificationChannel(NOTIFICATION_CHANNEL_BG_ID); notificationManager.deleteNotificationChannel(NOTIFICATION_CHANNEL_NEWSTATUS_ID); + firewallManager.onDestroy(); } private String getTunConfigString() { @@ -967,30 +966,25 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac String channel = NOTIFICATION_CHANNEL_NEWSTATUS_ID; // Display byte count only after being connected - { - if (level == LEVEL_CONNECTED) { - mDisplayBytecount = true; - mConnecttime = System.currentTimeMillis(); - if (!runningOnAndroidTV()) - channel = NOTIFICATION_CHANNEL_BG_ID; - } else { - mDisplayBytecount = false; - } + if (level == LEVEL_CONNECTED) { + mDisplayBytecount = true; + mConnecttime = System.currentTimeMillis(); + if (!runningOnAndroidTV()) + channel = NOTIFICATION_CHANNEL_BG_ID; + firewallManager.start(); + } else { + mDisplayBytecount = false; + } - // Other notifications are shown, - // This also mean we are no longer connected, ignore bytecount messages until next - // CONNECTED - // Does not work :( - notificationManager.buildOpenVpnNotification( - mProfile != null ? mProfile.mName : "", - mProfile != null && mProfile.mUsePluggableTransports, - VpnStatus.getLastCleanLogMessage(this), - VpnStatus.getLastCleanLogMessage(this), - level, - 0, - channel); + notificationManager.buildOpenVpnNotification( + mProfile != null ? mProfile.mName : "", + mProfile != null && mProfile.mUsePluggableTransports, + VpnStatus.getLastCleanLogMessage(this), + VpnStatus.getLastCleanLogMessage(this), + level, + 0, + channel); - } } @Override diff --git a/app/src/main/java/se/leap/bitmaskclient/BitmaskApp.java b/app/src/main/java/se/leap/bitmaskclient/BitmaskApp.java index 45664653..48910fb5 100644 --- a/app/src/main/java/se/leap/bitmaskclient/BitmaskApp.java +++ b/app/src/main/java/se/leap/bitmaskclient/BitmaskApp.java @@ -8,6 +8,8 @@ import android.support.v7.app.AppCompatDelegate; import com.squareup.leakcanary.LeakCanary; import com.squareup.leakcanary.RefWatcher; +import se.leap.bitmaskclient.tethering.TetheringStateManager; + import static se.leap.bitmaskclient.Constants.SHARED_PREFERENCES; import static se.leap.bitmaskclient.utils.PreferenceHelper.getSavedProviderFromSharedPreferences; @@ -38,6 +40,7 @@ public class BitmaskApp extends MultiDexApplication { providerObservable.updateProvider(getSavedProviderFromSharedPreferences(preferences)); EipSetupObserver.init(this, preferences); AppCompatDelegate.setCompatVectorFromResourcesEnabled(true); + TetheringStateManager.getInstance().init(this); } /** diff --git a/app/src/main/java/se/leap/bitmaskclient/Constants.java b/app/src/main/java/se/leap/bitmaskclient/Constants.java index 5ed28806..60edc941 100644 --- a/app/src/main/java/se/leap/bitmaskclient/Constants.java +++ b/app/src/main/java/se/leap/bitmaskclient/Constants.java @@ -16,6 +16,11 @@ public interface Constants { String EXCLUDED_APPS = "excluded_apps"; String USE_PLUGGABLE_TRANSPORTS = "usePluggableTransports"; String SU_PERMISSION = "su_permission"; + String ALLOW_TETHERING_BLUETOOTH = "tethering_bluetooth"; + String ALLOW_TETHERING_WIFI = "tethering_wifi"; + String ALLOW_TETHERING_USB = "tethering_usb"; + String SHOW_EXPERIMENTAL = "show_experimental"; + String USE_IPv6_FIREWALL = "use_ipv6_firewall"; ////////////////////////////////////////////// @@ -55,6 +60,7 @@ public interface Constants { String EIP_ACTION_START_BLOCKING_VPN = "se.leap.bitmaskclient.EIP_ACTION_START_BLOCKING_VPN"; String EIP_ACTION_STOP_BLOCKING_VPN = "se.leap.bitmaskclient.EIP_ACTION_STOP_BLOCKING_VPN"; String EIP_ACTION_PREPARE_VPN = "se.leap.bitmaskclient.EIP_ACTION_PREPARE_VPN"; + String EIP_ACTION_CONFIGURE_TETHERING = "se.leap.bitmaskclient.EIP_ACTION_CONFIGURE_TETHERING"; String EIP_RECEIVER = "EIP.RECEIVER"; String EIP_REQUEST = "EIP.REQUEST"; diff --git a/app/src/main/java/se/leap/bitmaskclient/EipSetupObserver.java b/app/src/main/java/se/leap/bitmaskclient/EipSetupObserver.java index 74f132b9..84516ee3 100644 --- a/app/src/main/java/se/leap/bitmaskclient/EipSetupObserver.java +++ b/app/src/main/java/se/leap/bitmaskclient/EipSetupObserver.java @@ -44,7 +44,6 @@ import static se.leap.bitmaskclient.Constants.PROVIDER_KEY; import static se.leap.bitmaskclient.Constants.PROVIDER_PROFILE; import static se.leap.bitmaskclient.ProviderAPI.CORRECTLY_DOWNLOADED_EIP_SERVICE; import static se.leap.bitmaskclient.ProviderAPI.CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE; -import static se.leap.bitmaskclient.ProviderAPI.PROVIDER_NOK; /** * Created by cyberta on 05.12.18. diff --git a/app/src/main/java/se/leap/bitmaskclient/drawer/NavigationDrawerFragment.java b/app/src/main/java/se/leap/bitmaskclient/drawer/NavigationDrawerFragment.java index 3144d62c..104f1edc 100644 --- a/app/src/main/java/se/leap/bitmaskclient/drawer/NavigationDrawerFragment.java +++ b/app/src/main/java/se/leap/bitmaskclient/drawer/NavigationDrawerFragment.java @@ -43,6 +43,7 @@ import android.view.MenuInflater; import android.view.MenuItem; import android.view.View; import android.view.ViewGroup; +import android.widget.TextView; import java.util.Set; @@ -56,10 +57,12 @@ import se.leap.bitmaskclient.ProviderListActivity; import se.leap.bitmaskclient.ProviderObservable; import se.leap.bitmaskclient.R; import se.leap.bitmaskclient.eip.EipCommand; +import se.leap.bitmaskclient.firewall.FirewallManager; import se.leap.bitmaskclient.fragments.AboutFragment; import se.leap.bitmaskclient.fragments.AlwaysOnDialog; import se.leap.bitmaskclient.fragments.ExcludeAppsFragment; import se.leap.bitmaskclient.fragments.LogFragment; +import se.leap.bitmaskclient.fragments.TetheringDialog; import se.leap.bitmaskclient.utils.PreferenceHelper; import se.leap.bitmaskclient.views.IconSwitchEntry; import se.leap.bitmaskclient.views.IconTextEntry; @@ -81,6 +84,7 @@ import static se.leap.bitmaskclient.utils.PreferenceHelper.getSaveBattery; import static se.leap.bitmaskclient.utils.PreferenceHelper.getShowAlwaysOnDialog; import static se.leap.bitmaskclient.utils.PreferenceHelper.getUsePluggableTransports; import static se.leap.bitmaskclient.utils.PreferenceHelper.saveBattery; +import static se.leap.bitmaskclient.utils.PreferenceHelper.showExperimentalFeatures; import static se.leap.bitmaskclient.utils.PreferenceHelper.usePluggableTransports; /** @@ -109,6 +113,9 @@ public class NavigationDrawerFragment extends Fragment implements SharedPreferen private Toolbar toolbar; private IconTextEntry account; private IconSwitchEntry saveBattery; + private IconTextEntry tethering; + private IconSwitchEntry firewall; + private View experimentalFeatureFooter; private boolean userLearnedDrawer; private volatile boolean wasPaused; @@ -117,7 +124,7 @@ public class NavigationDrawerFragment extends Fragment implements SharedPreferen private SharedPreferences preferences; private final static String KEY_SHOW_SAVE_BATTERY_ALERT = "KEY_SHOW_SAVE_BATTERY_ALERT"; - private boolean showEnableExperimentalFeature = false; + private volatile boolean showSaveBattery = false; AlertDialog alertDialog; @Override @@ -237,6 +244,10 @@ public class NavigationDrawerFragment extends Fragment implements SharedPreferen initSaveBatteryEntry(); initAlwaysOnVpnEntry(); initExcludeAppsEntry(); + initShowExperimentalHint(); + initTetheringEntry(); + initFirewallEntry(); + initExperimentalFeatureFooter(); initDonateEntry(); initLogEntry(); initAboutEntry(); @@ -339,6 +350,62 @@ public class NavigationDrawerFragment extends Fragment implements SharedPreferen } } + private void initShowExperimentalHint() { + TextView textView = drawerLayout.findViewById(R.id.show_experimental_features); + textView.setText(showExperimentalFeatures(getContext()) ? R.string.hide_experimental : R.string.show_experimental); + textView.setOnClickListener(v -> { + boolean shown = showExperimentalFeatures(getContext()); + if (shown) { + tethering.setVisibility(GONE); + firewall.setVisibility(GONE); + experimentalFeatureFooter.setVisibility(GONE); + ((TextView) v).setText(R.string.show_experimental); + } else { + tethering.setVisibility(VISIBLE); + firewall.setVisibility(VISIBLE); + experimentalFeatureFooter.setVisibility(VISIBLE); + ((TextView) v).setText(R.string.hide_experimental); + } + PreferenceHelper.setShowExperimentalFeatures(getContext(), !shown); + }); + } + + private void initFirewallEntry() { + firewall = drawerView.findViewById(R.id.enableIPv6Firewall); + boolean show = showExperimentalFeatures(getContext()); + firewall.setVisibility(show ? VISIBLE : GONE); + firewall.setChecked(PreferenceHelper.useIpv6Firewall(this.getContext())); + firewall.setOnCheckedChangeListener((buttonView, isChecked) -> { + if (!buttonView.isPressed()) { + return; + } + PreferenceHelper.setUseIPv6Firewall(getContext(), isChecked); + FirewallManager firewallManager = new FirewallManager(getContext().getApplicationContext(), false); + if (VpnStatus.isVPNActive()) { + if (isChecked) { + firewallManager.startIPv6Firewall(); + } else { + firewallManager.stopIPv6Firewall(); + } + } + }); + } + + private void initTetheringEntry() { + tethering = drawerView.findViewById(R.id.tethering); + boolean show = showExperimentalFeatures(getContext()); + tethering.setVisibility(show ? VISIBLE : GONE); + tethering.setOnClickListener((buttonView) -> { + showTetheringAlert(); + }); + } + + private void initExperimentalFeatureFooter() { + experimentalFeatureFooter = drawerView.findViewById(R.id.experimental_features_footer); + boolean show = showExperimentalFeatures(getContext()); + experimentalFeatureFooter.setVisibility(show ? VISIBLE : GONE); + } + private void initDonateEntry() { if (ENABLE_DONATION) { IconTextEntry donate = drawerView.findViewById(R.id.donate); @@ -415,8 +482,9 @@ public class NavigationDrawerFragment extends Fragment implements SharedPreferen @Override public void onSaveInstanceState(Bundle outState) { super.onSaveInstanceState(outState); - if (showEnableExperimentalFeature) { + if (showSaveBattery) { outState.putBoolean(KEY_SHOW_SAVE_BATTERY_ALERT, true); + alertDialog.dismiss(); } } @@ -434,7 +502,7 @@ public class NavigationDrawerFragment extends Fragment implements SharedPreferen try { AlertDialog.Builder alertBuilder = new AlertDialog.Builder(getActivity()); - showEnableExperimentalFeature = true; + showSaveBattery = true; alertDialog = alertBuilder .setTitle(activity.getString(R.string.save_battery)) .setMessage(activity.getString(R.string.save_battery_message)) @@ -442,13 +510,26 @@ public class NavigationDrawerFragment extends Fragment implements SharedPreferen saveBattery(getContext(), true); }) .setNegativeButton(activity.getString(android.R.string.no), (dialog, which) -> saveBattery.setCheckedQuietly(false)) - .setOnDismissListener(dialog -> showEnableExperimentalFeature = false) + .setOnDismissListener(dialog -> showSaveBattery = false) .setOnCancelListener(dialog -> saveBattery.setCheckedQuietly(false)).show(); } catch (IllegalStateException e) { e.printStackTrace(); } } + public void showTetheringAlert() { + try { + + FragmentTransaction fragmentTransaction = new FragmentManagerEnhanced( + getActivity().getSupportFragmentManager()).removePreviousFragment( + TetheringDialog.TAG); + DialogFragment newFragment = new TetheringDialog(); + newFragment.show(fragmentTransaction, TetheringDialog.TAG); + } catch (IllegalStateException | NullPointerException e) { + e.printStackTrace(); + } + } + public void showAlwaysOnDialog() { try { diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java index 1d67cd12..1186b54f 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java @@ -61,6 +61,7 @@ import static de.blinkt.openvpn.core.connection.Connection.TransportType.OPENVPN import static se.leap.bitmaskclient.Constants.BROADCAST_GATEWAY_SETUP_OBSERVER_EVENT; import static se.leap.bitmaskclient.Constants.BROADCAST_RESULT_KEY; import static se.leap.bitmaskclient.Constants.EIP_ACTION_CHECK_CERT_VALIDITY; +import static se.leap.bitmaskclient.Constants.EIP_ACTION_CONFIGURE_TETHERING; import static se.leap.bitmaskclient.Constants.EIP_ACTION_IS_RUNNING; import static se.leap.bitmaskclient.Constants.EIP_ACTION_START; import static se.leap.bitmaskclient.Constants.EIP_ACTION_START_ALWAYS_ON_VPN; @@ -190,6 +191,9 @@ public final class EIP extends JobIntentService implements Observer { disconnect(); earlyRoutes(); break; + case EIP_ACTION_CONFIGURE_TETHERING: + Log.d(TAG, "TODO: implement tethering configuration"); + break; } } diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EipCommand.java b/app/src/main/java/se/leap/bitmaskclient/eip/EipCommand.java index eb266e3c..d2667e42 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/EipCommand.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/EipCommand.java @@ -6,6 +6,7 @@ import android.content.Intent; import android.os.ResultReceiver; import android.support.annotation.NonNull; import android.support.annotation.VisibleForTesting; +import android.support.v4.content.ContextCompat; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; @@ -13,6 +14,7 @@ import org.jetbrains.annotations.Nullable; import se.leap.bitmaskclient.Provider; import static se.leap.bitmaskclient.Constants.EIP_ACTION_CHECK_CERT_VALIDITY; +import static se.leap.bitmaskclient.Constants.EIP_ACTION_CONFIGURE_TETHERING; import static se.leap.bitmaskclient.Constants.EIP_ACTION_START; import static se.leap.bitmaskclient.Constants.EIP_ACTION_START_BLOCKING_VPN; import static se.leap.bitmaskclient.Constants.EIP_ACTION_STOP; @@ -90,4 +92,13 @@ public class EipCommand { execute(context, EIP_ACTION_CHECK_CERT_VALIDITY, resultReceiver, null); } + public static void configureTethering(@NonNull Context context) { + execute(context, EIP_ACTION_CONFIGURE_TETHERING); + } + + @VisibleForTesting + public static void configureTethering(@NonNull Context context, ResultReceiver resultReceiver) { + execute(context, EIP_ACTION_CONFIGURE_TETHERING); + } + } diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallCallback.java b/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallCallback.java new file mode 100644 index 00000000..15fa426f --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallCallback.java @@ -0,0 +1,25 @@ +/** + * Copyright (c) 2019 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package se.leap.bitmaskclient.firewall; + +interface FirewallCallback { + void onFirewallStarted(boolean success); + void onFirewallStopped(boolean success); + void onTetheringStarted(boolean success); + void onTetheringStopped(boolean success); + void onSuRequested(boolean success); +} diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallManager.java b/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallManager.java new file mode 100644 index 00000000..c148497b --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallManager.java @@ -0,0 +1,151 @@ +package se.leap.bitmaskclient.firewall; +/** + * Copyright (c) 2019 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +import android.content.Context; + +import java.util.Observable; +import java.util.Observer; + +import de.blinkt.openvpn.core.VpnStatus; +import se.leap.bitmaskclient.tethering.TetheringObservable; +import se.leap.bitmaskclient.tethering.TetheringState; +import se.leap.bitmaskclient.utils.PreferenceHelper; + +public class FirewallManager implements FirewallCallback, Observer { + public static String BITMASK_CHAIN = "bitmask_fw"; + public static String BITMASK_FORWARD = "bitmask_forward"; + public static String BITMASK_POSTROUTING = "bitmask_postrouting"; + static final String TAG = FirewallManager.class.getSimpleName(); + private boolean isRunning = false; + + private Context context; + + public FirewallManager(Context context, boolean observeTethering) { + this.context = context; + if (observeTethering) { + TetheringObservable.getInstance().addObserver(this); + } + } + + @Override + public void onFirewallStarted(boolean success) { + if (success) { + VpnStatus.logInfo("[FIREWALL] Custom rules established"); + } else { + VpnStatus.logError("[FIREWALL] Could not establish custom rules."); + } + } + + @Override + public void onFirewallStopped(boolean success) { + if (success) { + VpnStatus.logInfo("[FIREWALL] Custom rules deleted"); + } else { + VpnStatus.logError("[FIREWALL] Could not delete custom rules"); + } + } + + @Override + public void onTetheringStarted(boolean success) { + if (success) { + VpnStatus.logInfo("[FIREWALL] Rules for tethering enabled"); + } else { + VpnStatus.logError("[FIREWALL] Could not enable rules for tethering."); + } + } + + @Override + public void onTetheringStopped(boolean success) { + if (success) { + VpnStatus.logInfo("[FIREWALL] Rules for tethering successfully disabled"); + } else { + VpnStatus.logError("[FIREWALL] Could not disable rules for tethering."); + } + } + + @Override + public void onSuRequested(boolean success) { + PreferenceHelper.setSuPermission(context, success); + if (!success) { + VpnStatus.logError("[FIREWALL] Root permission needed to execute custom firewall rules."); + } + } + + public void onDestroy() { + TetheringObservable.getInstance().deleteObserver(this); + } + + + public void start() { + if (!isRunning) { + isRunning = true; + if (PreferenceHelper.useIpv6Firewall(context)) { + startIPv6Firewall(); + } + TetheringState tetheringState = TetheringObservable.getInstance().getTetheringState(); + if (tetheringState.hasAnyDeviceTetheringEnabled() && tetheringState.hasAnyVpnTetheringAllowed()) { + startTethering(); + } + } + + } + + public void stop() { + isRunning = false; + if (PreferenceHelper.useIpv6Firewall(context)) { + stopIPv6Firewall(); + } + TetheringState tetheringState = TetheringObservable.getInstance().getTetheringState(); + if (tetheringState.hasAnyDeviceTetheringEnabled() && tetheringState.hasAnyVpnTetheringAllowed()) { + stopTethering(); + } + } + + public void startTethering() { + SetupTetheringTask task = new SetupTetheringTask(this); + task.execute(); + } + + public void stopTethering() { + ShutdownTetheringTask task = new ShutdownTetheringTask(this); + task.execute(); + } + + public void startIPv6Firewall() { + StartIPv6FirewallTask task = new StartIPv6FirewallTask(this); + task.execute(); + } + + public void stopIPv6Firewall() { + ShutdownIPv6FirewallTask task = new ShutdownIPv6FirewallTask(this); + task.execute(); + } + + @Override + public void update(Observable o, Object arg) { + if (o instanceof TetheringObservable) { + TetheringObservable observable = (TetheringObservable) o; + TetheringState state = observable.getTetheringState(); + if (state.hasAnyVpnTetheringAllowed() && state.hasAnyDeviceTetheringEnabled()) { + startTethering(); + } else { + stopTethering(); + } + } + } +} diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/SetupTetheringTask.java b/app/src/main/java/se/leap/bitmaskclient/firewall/SetupTetheringTask.java new file mode 100644 index 00000000..7abd01a8 --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/SetupTetheringTask.java @@ -0,0 +1,220 @@ +/** + * Copyright (c) 2020 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package se.leap.bitmaskclient.firewall; + +import android.os.AsyncTask; +import android.util.Log; + +import java.lang.ref.WeakReference; +import java.net.NetworkInterface; +import java.util.ArrayList; +import java.util.Enumeration; + +import se.leap.bitmaskclient.tethering.TetheringObservable; +import se.leap.bitmaskclient.tethering.TetheringState; + +import static se.leap.bitmaskclient.firewall.FirewallManager.BITMASK_FORWARD; +import static se.leap.bitmaskclient.firewall.FirewallManager.BITMASK_POSTROUTING; +import static se.leap.bitmaskclient.utils.Cmd.runBlockingCmd; + +public class SetupTetheringTask extends AsyncTask<Void, Boolean, Boolean> { + + private static final String TAG = SetupTetheringTask.class.getSimpleName(); + private WeakReference<FirewallCallback> callbackWeakReference; + + SetupTetheringTask(FirewallCallback callback) { + callbackWeakReference = new WeakReference<>(callback); + } + + @Override + protected Boolean doInBackground(Void... args) { + TetheringState tetheringState = TetheringObservable.getInstance().getTetheringState(); + StringBuilder log = new StringBuilder(); + + String[] bitmaskChain = new String[]{ + "su", + "id", + "iptables -t filter --list " + BITMASK_FORWARD + " && iptables -t nat --list " + BITMASK_POSTROUTING }; + + try { + boolean hasBitmaskChain = runBlockingCmd(bitmaskChain, log) == 0; + boolean allowSu = log.toString().contains("uid=0"); + FirewallCallback callback = callbackWeakReference.get(); + if (callback != null) { + callback.onSuRequested(allowSu); + } + if (!allowSu) { + return false; + } + + boolean success = true; + log = new StringBuilder(); + + if (!hasBitmaskChain && tetheringState.hasAnyVpnTetheringAllowed() && tetheringState.hasAnyDeviceTetheringEnabled()) { + createChains(log); + } + + if (tetheringState.tetherWifiVpn()) { + log = new StringBuilder(); + success = addWifiTetheringRules(tetheringState, log); + logError(success, log); + } else if (!tetheringState.isVpnWifiTetheringAllowed){ + success = removeWifiTetheringRules(tetheringState, log); + logError(success, log); + } + + log = new StringBuilder(); + if (tetheringState.tetherUsbVpn()) { + success = success && addUsbTetheringRules(tetheringState, log); + logError(success, log); + } else if (!tetheringState.isVpnUsbTetheringAllowed) { + success = success && removeUsbTetheringRules(tetheringState, log); + logError(success, log); + } + + log = new StringBuilder(); + if (tetheringState.tetherBluetoothVpn()) { + success = success && addBluetoothTetheringRules(tetheringState, log); + logError(success, log); + } else if (!tetheringState.isVpnBluetoothTetheringAllowed) { + success = success && removeBluetoothTetheringRules(tetheringState, log); + logError(success, log); + } + return success; + } catch (Exception e) { + e.printStackTrace(); + Log.e(FirewallManager.TAG, log.toString()); + } + return false; + } + + private void logError(boolean success, StringBuilder log) { + if (!success) { + Log.e(TAG, log.toString()); + } + } + + + private void createChains(StringBuilder log) throws Exception { + boolean success; + String[] createChains = new String[]{ + "su", + "iptables -t filter --new-chain " + BITMASK_FORWARD, + "iptables -t nat --new-chain " + BITMASK_POSTROUTING, + "iptables -t filter --insert FORWARD --jump " + BITMASK_FORWARD, + "iptables -t nat --insert POSTROUTING --jump " + BITMASK_POSTROUTING, + }; + success = runBlockingCmd(createChains, log) == 0; + Log.d(FirewallManager.TAG, "added " + BITMASK_FORWARD + " and " + BITMASK_POSTROUTING+" to iptables: " + success); + Log.d(FirewallManager.TAG, log.toString()); + } + + private boolean addWifiTetheringRules(TetheringState state, StringBuilder log) throws Exception { + Log.d(TAG, "add Wifi tethering Rules"); + String[] addRules = getAdditionRules(state.wifiAddress, state.wifiInterface); + return runBlockingCmd(addRules, log) == 0; + } + + private boolean removeWifiTetheringRules(TetheringState state, StringBuilder log) throws Exception { + Log.d(TAG, "add Wifi tethering Rules"); + String[] removeRules = getDeletionRules(state, state.lastSeenWifiAddress, state.lastSeenWifiInterface); + return runBlockingCmd(removeRules, log) == 0; + } + + private boolean addUsbTetheringRules(TetheringState state, StringBuilder log) throws Exception { + Log.d(TAG, "add usb tethering rules"); + String[] addRules = getAdditionRules(state.usbAddress, state.usbInterface); + return runBlockingCmd(addRules, log) == 0; + } + + private boolean removeUsbTetheringRules(TetheringState state, StringBuilder log) throws Exception { + Log.d(TAG, "add usb tethering rules"); + String[] addRules = getDeletionRules(state, state.lastSeenUsbAddress, state.lastSeenUsbInterface); + return runBlockingCmd(addRules, log) == 0; + } + + //TODO: implement the follwing methods -v + private boolean removeBluetoothTetheringRules(TetheringState state, StringBuilder log) { + return true; + } + + private boolean addBluetoothTetheringRules(TetheringState state, StringBuilder log) { + return true; + } + + private String[] getAdditionRules(String addressRange, String interfaceName) { + return new String[] { + "su", + "iptables -t filter --flush " + BITMASK_FORWARD, + "iptables -t nat --flush " + BITMASK_POSTROUTING, + "iptables -t filter --append " + BITMASK_FORWARD + " --jump ACCEPT", + "iptables -t nat --append " + BITMASK_POSTROUTING + " --jump MASQUERADE", + "if [[ ! `ip rule show from "+ addressRange+" lookup 61` ]]; " + + "then ip rule add from " + addressRange + " lookup 61; " + + "fi", + "if [[ ! `ip route list table 61 | grep 'default dev " + getTunName() + " scope link'` ]]; " + + "then ip route add default dev " + getTunName() + " scope link table 61; " + + "fi", + "if [[ ! `ip route list table 61 | grep '"+ addressRange +" dev "+ interfaceName +" scope link'` ]]; " + + "then ip route add " + addressRange + " dev " + interfaceName + " scope link table 61; " + + "fi", + "if [[ ! `ip route list table 61 | grep 'broadcast 255.255.255.255 dev " + interfaceName + " scope link'` ]]; " + + "then ip route add broadcast 255.255.255.255 dev " + interfaceName + " scope link table 61; " + + "fi" + }; + } + + private String[] getDeletionRules(TetheringState state, String addressRange, String interfaceName) { + ArrayList<String> list = new ArrayList<>(); + list.add("su"); + list.add("ip route delete broadcast 255.255.255.255 dev " + addressRange +" scope link table 61"); + list.add("ip route delete " + addressRange + " dev " + interfaceName +" scope link table 61"); + if (!state.hasAnyVpnTetheringAllowed() || !state.hasAnyDeviceTetheringEnabled()) { + list.add("ip route delete default dev " + getTunName() + " scope link table 61"); + } + list.add("if [[ `ip rule show from " + addressRange + " lookup 61` ]]; " + + "then ip rule del from " + addressRange + " lookup 61; " + + "fi"); + + return list.toArray(new String[0]); + } + + + + private String getTunName() { + try { + for (Enumeration<NetworkInterface> en = NetworkInterface.getNetworkInterfaces(); en.hasMoreElements(); ) { + NetworkInterface networkInterface = en.nextElement(); + if (networkInterface.getName().contains("tun")) { + return networkInterface.getName(); + } + } + } catch (Exception e) { + e.printStackTrace(); + } + return ""; + } + + @Override + protected void onPostExecute(Boolean result) { + super.onPostExecute(result); + FirewallCallback callback = callbackWeakReference.get(); + if (callback != null) { + callback.onTetheringStarted(result); + } + } +} diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownIPv6FirewallTask.java b/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownIPv6FirewallTask.java new file mode 100644 index 00000000..63d6074d --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownIPv6FirewallTask.java @@ -0,0 +1,71 @@ +/** + * Copyright (c) 2020 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package se.leap.bitmaskclient.firewall; + +import android.os.AsyncTask; +import android.util.Log; + +import java.lang.ref.WeakReference; + +import static se.leap.bitmaskclient.firewall.FirewallManager.BITMASK_CHAIN; +import static se.leap.bitmaskclient.utils.Cmd.runBlockingCmd; + +class ShutdownIPv6FirewallTask extends AsyncTask<Void, Boolean, Boolean> { + + private WeakReference<FirewallCallback> callbackWeakReference; + + ShutdownIPv6FirewallTask(FirewallCallback callback) { + callbackWeakReference = new WeakReference<>(callback); + } + + @Override + protected Boolean doInBackground(Void... voids) { + boolean success; + StringBuilder log = new StringBuilder(); + String[] deleteChain = new String[]{ + "su", + "id", + "ip6tables --delete OUTPUT --jump " + BITMASK_CHAIN, + "ip6tables --flush " + BITMASK_CHAIN, + "ip6tables --delete-chain " + BITMASK_CHAIN + }; + try { + success = runBlockingCmd(deleteChain, log) == 0; + } catch (Exception e) { + e.printStackTrace(); + Log.e(FirewallManager.TAG, log.toString()); + return false; + } + + try { + boolean allowSu = log.toString().contains("uid=0"); + callbackWeakReference.get().onSuRequested(allowSu); + } catch (Exception e) { + //ignore + } + return success; + } + + @Override + protected void onPostExecute(Boolean result) { + super.onPostExecute(result); + FirewallCallback callback = callbackWeakReference.get(); + if (callback != null) { + callback.onFirewallStopped(result); + } + } +} diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownTetheringTask.java b/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownTetheringTask.java new file mode 100644 index 00000000..dcb3ccba --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownTetheringTask.java @@ -0,0 +1,94 @@ +/** + * Copyright (c) 2020 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package se.leap.bitmaskclient.firewall; + +import android.os.AsyncTask; +import android.util.Log; + +import java.lang.ref.WeakReference; +import java.util.ArrayList; + +import se.leap.bitmaskclient.tethering.TetheringObservable; +import se.leap.bitmaskclient.tethering.TetheringState; + +import static se.leap.bitmaskclient.firewall.FirewallManager.BITMASK_FORWARD; +import static se.leap.bitmaskclient.firewall.FirewallManager.BITMASK_POSTROUTING; +import static se.leap.bitmaskclient.utils.Cmd.runBlockingCmd; + +public class ShutdownTetheringTask extends AsyncTask<Void, Boolean, Boolean> { + + private WeakReference<FirewallCallback> callbackWeakReference; + + ShutdownTetheringTask(FirewallCallback callback) { + callbackWeakReference = new WeakReference<>(callback); + } + + @Override + protected Boolean doInBackground(Void... args) { + TetheringState tetheringState = TetheringObservable.getInstance().getTetheringState(); + StringBuilder log = new StringBuilder(); + + String[] bitmaskChain = new String[]{ + "su", + "id", + "iptables -t filter --list " + BITMASK_FORWARD + " && iptables -t nat --list " + BITMASK_POSTROUTING }; + + try { + boolean hasBitmaskChain = runBlockingCmd(bitmaskChain, log) == 0; + boolean allowSu = log.toString().contains("uid=0"); + callbackWeakReference.get().onSuRequested(allowSu); + if (!allowSu) { + return false; + } + + log = new StringBuilder(); + + ArrayList<String> removeChains = new ArrayList<>(); + removeChains.add("su"); + removeChains.add("ip route flush table 61"); + removeChains.add("if [[ `ip rule show from " + tetheringState.lastSeenWifiAddress+ " lookup 61` ]]; " + + "then ip rule del from " + tetheringState.lastSeenWifiAddress + " lookup 61; " + + "fi"); + removeChains.add("if [[ `ip rule show from " + tetheringState.lastSeenUsbAddress+ " lookup 61` ]]; " + + "then ip rule del from " + tetheringState.lastSeenUsbAddress + " lookup 61; " + + "fi"); + if (hasBitmaskChain) { + removeChains.add("iptables -t filter --delete FORWARD --jump " + BITMASK_FORWARD); + removeChains.add("iptables -t nat --delete POSTROUTING --jump " + BITMASK_POSTROUTING); + removeChains.add("iptables -t filter --flush " + BITMASK_FORWARD); + removeChains.add("iptables -t nat --flush " + BITMASK_POSTROUTING); + removeChains.add("iptables -t filter --delete-chain " + BITMASK_FORWARD); + removeChains.add("iptables -t nat --delete-chain " + BITMASK_POSTROUTING); + } + return runBlockingCmd(removeChains.toArray(new String[0]), log) == 0; + + } catch (Exception e) { + e.printStackTrace(); + Log.e(FirewallManager.TAG, log.toString()); + } + return false; + } + + @Override + protected void onPostExecute(Boolean result) { + super.onPostExecute(result); + FirewallCallback callback = callbackWeakReference.get(); + if (callback != null) { + callback.onTetheringStarted(result); + } + } +} diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/StartIPv6FirewallTask.java b/app/src/main/java/se/leap/bitmaskclient/firewall/StartIPv6FirewallTask.java new file mode 100644 index 00000000..b01270e0 --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/StartIPv6FirewallTask.java @@ -0,0 +1,88 @@ +/** + * Copyright (c) 2020 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package se.leap.bitmaskclient.firewall; + +import android.os.AsyncTask; +import android.util.Log; + +import java.lang.ref.WeakReference; + +import static se.leap.bitmaskclient.firewall.FirewallManager.BITMASK_CHAIN; +import static se.leap.bitmaskclient.utils.Cmd.runBlockingCmd; + +class StartIPv6FirewallTask extends AsyncTask<Void, Boolean, Boolean> { + + private WeakReference<FirewallCallback> callbackWeakReference; + + StartIPv6FirewallTask(FirewallCallback callback) { + callbackWeakReference = new WeakReference<>(callback); + } + + @Override + protected Boolean doInBackground(Void... voids) { + StringBuilder log = new StringBuilder(); + String[] bitmaskChain = new String[]{ + "su", + "id", + "ip6tables --list " + BITMASK_CHAIN }; + + + try { + boolean hasBitmaskChain = runBlockingCmd(bitmaskChain, log) == 0; + boolean allowSu = log.toString().contains("uid=0"); + callbackWeakReference.get().onSuRequested(allowSu); + if (!allowSu) { + return false; + } + + boolean success; + log = new StringBuilder(); + if (!hasBitmaskChain) { + String[] createChainAndRules = new String[]{ + "su", + "ip6tables --new-chain " + BITMASK_CHAIN, + "ip6tables --insert OUTPUT --jump " + BITMASK_CHAIN, + "ip6tables --append " + BITMASK_CHAIN + " -p tcp --jump REJECT", + "ip6tables --append " + BITMASK_CHAIN + " -p udp --jump REJECT" + }; + success = runBlockingCmd(createChainAndRules, log) == 0; + Log.d(FirewallManager.TAG, "added " + BITMASK_CHAIN + " to ip6tables: " + success); + Log.d(FirewallManager.TAG, log.toString()); + return success; + } else { + String[] addRules = new String[] { + "su", + "ip6tables --append " + BITMASK_CHAIN + " -p tcp --jump REJECT", + "ip6tables --append " + BITMASK_CHAIN + " -p udp --jump REJECT" }; + return runBlockingCmd(addRules, log) == 0; + } + } catch (Exception e) { + e.printStackTrace(); + Log.e(FirewallManager.TAG, log.toString()); + } + return false; + } + + @Override + protected void onPostExecute(Boolean result) { + super.onPostExecute(result); + FirewallCallback callback = callbackWeakReference.get(); + if (callback != null) { + callback.onFirewallStarted(result); + } + } +} diff --git a/app/src/main/java/se/leap/bitmaskclient/fragments/TetheringDialog.java b/app/src/main/java/se/leap/bitmaskclient/fragments/TetheringDialog.java new file mode 100644 index 00000000..c53d2a6c --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/fragments/TetheringDialog.java @@ -0,0 +1,239 @@ +package se.leap.bitmaskclient.fragments; + +import android.app.Dialog; +import android.content.Intent; +import android.graphics.drawable.Drawable; +import android.os.Bundle; +import android.provider.Settings; +import android.support.annotation.NonNull; +import android.support.v7.app.AlertDialog; +import android.support.v7.app.AppCompatDialogFragment; +import android.support.v7.widget.AppCompatTextView; +import android.support.v7.widget.LinearLayoutManager; +import android.support.v7.widget.RecyclerView; +import android.text.Spannable; +import android.text.SpannableString; +import android.text.method.LinkMovementMethod; +import android.text.style.ClickableSpan; +import android.util.Log; +import android.view.LayoutInflater; +import android.view.View; +import android.view.ViewGroup; + +/** + * Copyright (c) 2020 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +import java.util.Observable; +import java.util.Observer; + +import butterknife.ButterKnife; +import butterknife.InjectView; +import de.blinkt.openvpn.core.VpnStatus; +import se.leap.bitmaskclient.R; +import se.leap.bitmaskclient.firewall.FirewallManager; +import se.leap.bitmaskclient.tethering.TetheringObservable; +import se.leap.bitmaskclient.utils.PreferenceHelper; +import se.leap.bitmaskclient.views.IconCheckboxEntry; + +public class TetheringDialog extends AppCompatDialogFragment implements Observer { + + public final static String TAG = TetheringDialog.class.getName(); + + @InjectView(R.id.tvTitle) + AppCompatTextView title; + + @InjectView(R.id.user_message) + AppCompatTextView userMessage; + + @InjectView(R.id.selection_list_view) + RecyclerView selectionListView; + DialogListAdapter adapter; + private DialogListAdapter.ViewModel[] dataset; + + public static class DialogListAdapter extends RecyclerView.Adapter<DialogListAdapter.ViewHolder> { + + interface OnItemClickListener { + void onItemClick(ViewModel item); + } + + private ViewModel[] dataSet; + private OnItemClickListener clickListener; + + DialogListAdapter(ViewModel[] dataSet, OnItemClickListener clickListener) { + this.dataSet = dataSet; + this.clickListener = clickListener; + } + + @NonNull + @Override + public ViewHolder onCreateViewHolder(@NonNull ViewGroup viewGroup, int i) { + IconCheckboxEntry v = new IconCheckboxEntry(viewGroup.getContext()); + return new ViewHolder(v); + } + + @Override + public void onBindViewHolder(@NonNull ViewHolder viewHolder, int i) { + viewHolder.bind(dataSet[i], clickListener); + } + + @Override + public int getItemCount() { + return dataSet.length; + } + + public static class ViewModel { + + public Drawable image; + public String text; + public boolean checked; + public boolean enabled; + + ViewModel(Drawable image, String text, boolean checked, boolean enabled) { + this.image = image; + this.text = text; + this.checked = checked; + this.enabled = enabled; + } + } + + public static class ViewHolder extends RecyclerView.ViewHolder { + + ViewHolder(IconCheckboxEntry v) { + super(v); + } + + public void bind(ViewModel model, OnItemClickListener onClickListener) { + ((IconCheckboxEntry) this.itemView).bind(model); + this.itemView.setOnClickListener(v -> { + model.checked = !model.checked; + ((IconCheckboxEntry) itemView).setChecked(model.checked); + onClickListener.onItemClick(model); + }); + } + } + } + + @NonNull + @Override + public Dialog onCreateDialog(Bundle savedInstanceState) { + AlertDialog.Builder builder = new AlertDialog.Builder(getActivity()); + LayoutInflater inflater = getActivity().getLayoutInflater(); + View view = inflater.inflate(R.layout.d_list_selection, null); + ButterKnife.inject(this, view); + + title.setText(R.string.tethering); + userMessage.setMovementMethod(LinkMovementMethod.getInstance()); + userMessage.setLinkTextColor(getContext().getResources().getColor(R.color.colorPrimary)); + userMessage.setText(createUserMessage()); + + initDataset(); + adapter = new DialogListAdapter(dataset, this::onItemClick); + selectionListView.setAdapter(adapter); + selectionListView.setLayoutManager(new LinearLayoutManager(getActivity())); + + + builder.setView(view) + .setPositiveButton(android.R.string.ok, (dialog, id) -> { + PreferenceHelper.allowWifiTethering(getContext(), dataset[0].checked); + PreferenceHelper.allowUsbTethering(getContext(), dataset[1].checked); +// PreferenceHelper.allowBluetoothTethering(getContext(), dataset[2].checked); + TetheringObservable.allowVpnWifiTethering(dataset[0].checked); + TetheringObservable.allowVpnUsbTethering(dataset[1].checked); +// TetheringObservable.allowVpnBluetoothTethering(dataset[2].checked); + FirewallManager firewallManager = new FirewallManager(getContext().getApplicationContext(), false); + if (VpnStatus.isVPNActive()) { + if (TetheringObservable.getInstance().getTetheringState().hasAnyDeviceTetheringEnabled() && + TetheringObservable.getInstance().getTetheringState().hasAnyVpnTetheringAllowed()) { + firewallManager.startTethering(); + } else { + firewallManager.stopTethering(); + } + } + }).setNegativeButton(R.string.cancel, (dialog, id) -> dialog.cancel()); + return builder.create(); + } + + @Override + public void onResume() { + super.onResume(); + dataset[0].enabled = TetheringObservable.getInstance().isWifiTetheringEnabled(); + dataset[1].enabled = TetheringObservable.getInstance().isUsbTetheringEnabled(); +// dataset[2].enabled = TetheringObservable.getInstance().isBluetoothTetheringEnabled(); + adapter.notifyDataSetChanged(); + TetheringObservable.getInstance().addObserver(this); + } + + @Override + public void onPause() { + super.onPause(); + TetheringObservable.getInstance().deleteObserver(this); + } + + public void onItemClick(DialogListAdapter.ViewModel item) { + + } + + private CharSequence createUserMessage() { + String tetheringMessage = getString(R.string.tethering_message); + String systemSettings = getString(R.string.tethering_system_settings); + String systemSettingsMessage = getString(R.string.tethering_enabled_message, systemSettings); + String wholeMessage = systemSettingsMessage + "\n\n" + tetheringMessage; + int startIndex = wholeMessage.indexOf(systemSettings, 0); + int endIndex = startIndex + systemSettings.length(); + + Spannable spannable = new SpannableString(wholeMessage); + spannable.setSpan(new ClickableSpan() { + @Override + public void onClick(@NonNull View widget) { + Intent intent = new Intent(Settings.ACTION_WIRELESS_SETTINGS); + startActivity(intent); + } + }, startIndex, endIndex, Spannable.SPAN_EXCLUSIVE_EXCLUSIVE); + + return spannable; + } + + private void initDataset() { + dataset = new DialogListAdapter.ViewModel[] { + new DialogListAdapter.ViewModel(getContext().getResources().getDrawable(R.drawable.ic_wifi), + getContext().getString(R.string.tethering_wifi), + PreferenceHelper.isWifiTetheringAllowed(getContext()), + TetheringObservable.getInstance().isWifiTetheringEnabled()), + new DialogListAdapter.ViewModel(getContext().getResources().getDrawable(R.drawable.ic_usb), + getContext().getString(R.string.tethering_usb), + PreferenceHelper.isUsbTetheringAllowed(getContext()), + TetheringObservable.getInstance().isUsbTetheringEnabled()), +/* new DialogListAdapter.ViewModel(getContext().getResources().getDrawable(R.drawable.ic_bluetooth), + getContext().getString(R.string.tethering_bluetooth), + PreferenceHelper.isBluetoothTetheringAllowed(getContext()), + TetheringObservable.getInstance().isUsbTetheringEnabled())*/ + }; + } + + @Override + public void update(Observable o, Object arg) { + if (o instanceof TetheringObservable) { + TetheringObservable observable = (TetheringObservable) o; + Log.d(TAG, "TetheringObservable is updated"); + dataset[0].enabled = observable.isWifiTetheringEnabled(); + dataset[1].enabled = observable.isUsbTetheringEnabled(); +// dataset[2].enabled = observable.isBluetoothTetheringEnabled(); + adapter.notifyDataSetChanged(); + } + } + +} diff --git a/app/src/main/java/se/leap/bitmaskclient/tethering/TetheringBroadcastReceiver.java b/app/src/main/java/se/leap/bitmaskclient/tethering/TetheringBroadcastReceiver.java new file mode 100644 index 00000000..369a6cf6 --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/tethering/TetheringBroadcastReceiver.java @@ -0,0 +1,41 @@ +/** + * Copyright (c) 2020LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +package se.leap.bitmaskclient.tethering; + +import android.content.BroadcastReceiver; +import android.content.Context; +import android.content.Intent; +import android.net.wifi.WifiManager; +import android.util.Log; + +public class TetheringBroadcastReceiver extends BroadcastReceiver { + private static final String TAG = TetheringBroadcastReceiver.class.getSimpleName(); + + @Override + public void onReceive(Context context, Intent intent) { + if ("android.net.wifi.WIFI_AP_STATE_CHANGED".equals(intent.getAction())) { + Log.d(TAG, "TETHERING WIFI_AP_STATE_CHANGED"); + TetheringStateManager.updateWifiTetheringState(); + } else if ("android.net.conn.TETHER_STATE_CHANGED".equals(intent.getAction())) { + Log.d(TAG, "TETHERING TETHER_STATE_CHANGED"); + TetheringStateManager.updateUsbTetheringState(); + TetheringStateManager.updateBluetoothTetheringState(); + TetheringStateManager.updateWifiTetheringState(); + } + } +} diff --git a/app/src/main/java/se/leap/bitmaskclient/tethering/TetheringObservable.java b/app/src/main/java/se/leap/bitmaskclient/tethering/TetheringObservable.java new file mode 100644 index 00000000..75d29417 --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/tethering/TetheringObservable.java @@ -0,0 +1,117 @@ +/** + * Copyright (c) 2020 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package se.leap.bitmaskclient.tethering; + +import android.support.annotation.NonNull; + +import java.util.Observable; + +public class TetheringObservable extends Observable { + private static TetheringObservable instance; + + private TetheringState tetheringState; + + private TetheringObservable() { + tetheringState = new TetheringState(); + } + + public static TetheringObservable getInstance() { + if (instance == null) { + instance = new TetheringObservable(); + } + return instance; + } + + public static void allowVpnWifiTethering(boolean enabled) { + if (getInstance().tetheringState.isVpnWifiTetheringAllowed != enabled) { + getInstance().tetheringState.isVpnWifiTetheringAllowed = enabled; + getInstance().setChanged(); + getInstance().notifyObservers(); + } + } + + public static void allowVpnUsbTethering(boolean enabled) { + if (getInstance().tetheringState.isVpnUsbTetheringAllowed != enabled) { + getInstance().tetheringState.isVpnUsbTetheringAllowed = enabled; + getInstance().setChanged(); + getInstance().notifyObservers(); + } + } + + public static void allowVpnBluetoothTethering(boolean enabled) { + if (getInstance().tetheringState.isVpnBluetoothTetheringAllowed != enabled) { + getInstance().tetheringState.isVpnBluetoothTetheringAllowed = enabled; + getInstance().setChanged(); + getInstance().notifyObservers(); + } + } + + static void setWifiTethering(boolean enabled, @NonNull String address, @NonNull String interfaceName) { + if (getInstance().tetheringState.isWifiTetheringEnabled != enabled || + !getInstance().tetheringState.wifiInterface.equals(interfaceName) || + !getInstance().tetheringState.wifiAddress.equals(address)) { + TetheringState state = getInstance().tetheringState; + state.isWifiTetheringEnabled = enabled; + state.wifiInterface = interfaceName; + state.wifiAddress = address; + state.lastSeenWifiAddress = address.isEmpty() ? state.lastSeenWifiAddress : address; + state.lastSeenWifiInterface = interfaceName.isEmpty() ? state.lastSeenWifiInterface : interfaceName; + getInstance().setChanged(); + getInstance().notifyObservers(); + } + + } + + static void setUsbTethering(boolean enabled, @NonNull String address, @NonNull String interfaceName) { + if (getInstance().tetheringState.isUsbTetheringEnabled != enabled || + !getInstance().tetheringState.usbAddress.equals(address) || + !getInstance().tetheringState.usbInterface.equals(interfaceName)) { + TetheringState state = getInstance().tetheringState; + state.isUsbTetheringEnabled = enabled; + state.usbAddress = address; + state.usbInterface = interfaceName; + state.lastSeenUsbAddress = address.isEmpty() ? state.lastSeenUsbAddress : address; + state.lastSeenUsbInterface = interfaceName.isEmpty() ? state.lastSeenUsbInterface : interfaceName; + getInstance().setChanged(); + getInstance().notifyObservers(); + } + } + + static void setBluetoothTethering(boolean enabled) { + if (getInstance().tetheringState.isBluetoothTetheringEnabled != enabled) { + getInstance().tetheringState.isBluetoothTetheringEnabled = enabled; + getInstance().setChanged(); + getInstance().notifyObservers(); + } + } + + public boolean isBluetoothTetheringEnabled() { + return tetheringState.isBluetoothTetheringEnabled; + } + + public boolean isUsbTetheringEnabled() { + return tetheringState.isUsbTetheringEnabled; + } + + public boolean isWifiTetheringEnabled() { + return tetheringState.isWifiTetheringEnabled; + } + + public TetheringState getTetheringState() { + return tetheringState; + } +} diff --git a/app/src/main/java/se/leap/bitmaskclient/tethering/TetheringState.java b/app/src/main/java/se/leap/bitmaskclient/tethering/TetheringState.java new file mode 100644 index 00000000..8ef237c6 --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/tethering/TetheringState.java @@ -0,0 +1,45 @@ +package se.leap.bitmaskclient.tethering; + +public class TetheringState implements Cloneable { + public boolean isWifiTetheringEnabled; + public boolean isUsbTetheringEnabled; + public boolean isBluetoothTetheringEnabled; + public boolean isVpnWifiTetheringAllowed; + public boolean isVpnUsbTetheringAllowed; + public boolean isVpnBluetoothTetheringAllowed; + public String wifiInterface = ""; + public String lastSeenWifiInterface = ""; + public String wifiAddress = ""; + public String lastSeenWifiAddress = ""; + public String usbInterface = ""; + public String lastSeenUsbInterface = ""; + public String usbAddress = ""; + public String lastSeenUsbAddress = ""; + public String bluetoothInterface = ""; + public String lastSeenBluetoothInterface = ""; + public String bluetoothAddress = ""; + public String lastSeenBluetoothAddress = ""; + + + public boolean tetherWifiVpn() { + return isWifiTetheringEnabled && isVpnWifiTetheringAllowed; + } + + public boolean tetherUsbVpn() { + return isUsbTetheringEnabled && isVpnUsbTetheringAllowed; + } + + public boolean tetherBluetoothVpn() { + return isBluetoothTetheringEnabled && isVpnBluetoothTetheringAllowed; + } + + public boolean hasAnyDeviceTetheringEnabled() { + return isBluetoothTetheringEnabled || isUsbTetheringEnabled || isWifiTetheringEnabled; + } + + public boolean hasAnyVpnTetheringAllowed() { + return isVpnWifiTetheringAllowed || isVpnUsbTetheringAllowed || isVpnBluetoothTetheringAllowed; + } + + +} diff --git a/app/src/main/java/se/leap/bitmaskclient/tethering/TetheringStateManager.java b/app/src/main/java/se/leap/bitmaskclient/tethering/TetheringStateManager.java new file mode 100644 index 00000000..d3c934f6 --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/tethering/TetheringStateManager.java @@ -0,0 +1,181 @@ +/** + * Copyright (c) 2020 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package se.leap.bitmaskclient.tethering; + +import android.content.Context; +import android.content.IntentFilter; +import android.support.annotation.VisibleForTesting; + +import java.net.Inet4Address; +import java.net.InterfaceAddress; +import java.net.NetworkInterface; +import java.util.Enumeration; +import java.util.List; + +import se.leap.bitmaskclient.utils.Cmd; + +import static se.leap.bitmaskclient.utils.PreferenceHelper.isBluetoothTetheringAllowed; +import static se.leap.bitmaskclient.utils.PreferenceHelper.isUsbTetheringAllowed; +import static se.leap.bitmaskclient.utils.PreferenceHelper.isWifiTetheringAllowed; + +/** + * This manager tries to figure out the current tethering states for Wifi, USB and Bluetooth + * The default behavior differs for failing attempts to get these states: + * Wifi: keeps old state + * USB: defaults to false + * Bluetooth defaults to false + * For Wifi there's a second method to check the current state (see TetheringBroadcastReceiver). + * Either of both methods can change the state if they succeed, but are ignored if they fail. + * This should avoid any interference between both methods. + */ +public class TetheringStateManager { + private static final String TAG = TetheringStateManager.class.getSimpleName(); + private static TetheringStateManager instance; + + private WifiManagerWrapper wifiManager; + + private TetheringStateManager() { } + + public static TetheringStateManager getInstance() { + if (instance == null) { + instance = new TetheringStateManager(); + } + return instance; + } + + public void init(Context context) { + TetheringBroadcastReceiver broadcastReceiver = new TetheringBroadcastReceiver(); + IntentFilter intentFilter = new IntentFilter("android.net.conn.TETHER_STATE_CHANGED"); + intentFilter.addAction("android.net.wifi.WIFI_AP_STATE_CHANGED"); + context.getApplicationContext().registerReceiver(broadcastReceiver, intentFilter); + instance.wifiManager = new WifiManagerWrapper(context); + TetheringObservable.allowVpnWifiTethering(isWifiTetheringAllowed(context)); + TetheringObservable.allowVpnUsbTethering(isUsbTetheringAllowed(context)); + TetheringObservable.allowVpnBluetoothTethering(isBluetoothTetheringAllowed(context)); + updateWifiTetheringState(); + updateUsbTetheringState(); + updateBluetoothTetheringState(); + } + + static void updateWifiTetheringState() { + WifiManagerWrapper manager = getInstance().wifiManager; + try { + TetheringObservable.setWifiTethering(manager.isWifiAPEnabled(), getWifiAddressRange(), getWlanInterfaceName()); + } catch (Exception e) { + e.printStackTrace(); + } + } + + static void updateUsbTetheringState() { + TetheringObservable.setUsbTethering(isUsbTetheringEnabled(), getUsbAddressRange(), getUsbInterfaceName()); + } + + static void updateBluetoothTetheringState() { + //TetheringObservable.setBluetoothTethering(isBluetoothTetheringEnabled()); + } + + private static String getWifiAddressRange() { + String interfaceAddress = getInterfaceAddress(getWlanInterface()); + return getAddressRange(interfaceAddress); + } + + private static String getUsbAddressRange() { + String interfaceAddress = getInterfaceAddress(getUsbInterface()); + return getAddressRange(interfaceAddress); + } + + private static String getWlanInterfaceName() { + return getInterfaceName(getWlanInterface()); + } + + private static String getUsbInterfaceName() { + return getInterfaceName(getUsbInterface()); + } + + private static NetworkInterface getWlanInterface() { + return getNetworkInterface(new String[]{"wlan", "eth"}); + } + + private static NetworkInterface getUsbInterface() { + return getNetworkInterface(new String[]{"rndis", "usb"}); + } + + private static boolean isBluetoothTetheringEnabled() { + StringBuilder log = new StringBuilder(); + boolean hasBtPan = false; + try { + hasBtPan = Cmd.runBlockingCmd(new String[] {"ifconfig bt-pan"}, log) == 0; + //Log.d(TAG, "ifconfig result: " + log.toString()); + } catch (Exception e) { + e.printStackTrace(); + } + return hasBtPan; + + } + + private static boolean isUsbTetheringEnabled() { + return getUsbInterface() != null; + } + + private static String getAddressRange(String interfaceAddress) { + if (interfaceAddress.split("\\.").length == 4) { + String result = interfaceAddress.substring(0, interfaceAddress.lastIndexOf(".")); + result = result + ".0/24"; + return result; + } + return ""; + } + + private static String getInterfaceAddress(NetworkInterface networkInterface) { + if (networkInterface != null) { + List<InterfaceAddress> ifaceAddresses = networkInterface.getInterfaceAddresses(); + for (InterfaceAddress ifaceAddres : ifaceAddresses) { + if (ifaceAddres.getAddress() instanceof Inet4Address) { + return ifaceAddres.getAddress().getHostAddress(); + } + } + } + return ""; + } + + private static String getInterfaceName(NetworkInterface networkInterface) { + if (networkInterface != null) { + return networkInterface.getName(); + } + return ""; + } + + private static NetworkInterface getNetworkInterface(String[] interfaceNames) { + try { + for(Enumeration<NetworkInterface> en = NetworkInterface.getNetworkInterfaces(); en.hasMoreElements();) { + NetworkInterface networkInterface = en.nextElement(); + if(!networkInterface.isLoopback()){ + for (String interfaceName : interfaceNames) { + if (networkInterface.getName().contains(interfaceName)) { + return networkInterface; + } + } + } + } + } catch(Exception e){ + e.printStackTrace(); + } + + return null; + } + +} diff --git a/app/src/main/java/se/leap/bitmaskclient/tethering/WifiHotspotState.java b/app/src/main/java/se/leap/bitmaskclient/tethering/WifiHotspotState.java new file mode 100644 index 00000000..f29a87f8 --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/tethering/WifiHotspotState.java @@ -0,0 +1,25 @@ +/** + * Copyright (c) 2020 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package se.leap.bitmaskclient.tethering; + +public enum WifiHotspotState { + WIFI_AP_STATE_DISABLING, + WIFI_AP_STATE_DISABLED, + WIFI_AP_STATE_ENABLING, + WIFI_AP_STATE_ENABLED, + WIFI_AP_STATE_FAILED +} diff --git a/app/src/main/java/se/leap/bitmaskclient/tethering/WifiManagerWrapper.java b/app/src/main/java/se/leap/bitmaskclient/tethering/WifiManagerWrapper.java new file mode 100644 index 00000000..ed395d7f --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/tethering/WifiManagerWrapper.java @@ -0,0 +1,41 @@ +/** + * Copyright (c) 2020 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package se.leap.bitmaskclient.tethering; + +import android.content.Context; +import android.net.wifi.WifiManager; + +import java.lang.reflect.Method; + +/** + * This Wrapper allows better Unit testing. + */ +class WifiManagerWrapper { + + private WifiManager wifiManager; + + WifiManagerWrapper(Context context) { + this.wifiManager = (WifiManager) context.getApplicationContext().getSystemService(Context.WIFI_SERVICE); + } + + boolean isWifiAPEnabled() throws Exception { + Method method = wifiManager.getClass().getMethod("getWifiApState"); + int tmp = ((Integer) method.invoke(wifiManager)); + return WifiHotspotState.WIFI_AP_STATE_ENABLED.ordinal() == tmp % 10; + } + +} diff --git a/app/src/main/java/se/leap/bitmaskclient/utils/Cmd.java b/app/src/main/java/se/leap/bitmaskclient/utils/Cmd.java index a72658a4..d033ed24 100644 --- a/app/src/main/java/se/leap/bitmaskclient/utils/Cmd.java +++ b/app/src/main/java/se/leap/bitmaskclient/utils/Cmd.java @@ -18,7 +18,6 @@ package se.leap.bitmaskclient.utils; import android.support.annotation.WorkerThread; -import android.util.Log; import java.io.IOException; import java.io.InputStreamReader; @@ -43,7 +42,6 @@ public class Cmd { try { for (String cmd : cmds) { - Log.d(TAG, "executing CMD: " + cmd); out.write(cmd); out.write("\n"); } diff --git a/app/src/main/java/se/leap/bitmaskclient/utils/FirewallHelper.java b/app/src/main/java/se/leap/bitmaskclient/utils/FirewallHelper.java deleted file mode 100644 index 26e6603a..00000000 --- a/app/src/main/java/se/leap/bitmaskclient/utils/FirewallHelper.java +++ /dev/null @@ -1,196 +0,0 @@ -package se.leap.bitmaskclient.utils; -/** - * Copyright (c) 2019 LEAP Encryption Access Project and contributers - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -import android.content.Context; -import android.os.AsyncTask; -import android.util.Log; - -import java.lang.ref.WeakReference; - -import de.blinkt.openvpn.core.VpnStatus; - -import static se.leap.bitmaskclient.utils.Cmd.runBlockingCmd; - -interface FirewallCallback { - void onFirewallStarted(boolean success); - void onFirewallStopped(boolean success); - void onSuRequested(boolean success); -} - - -public class FirewallHelper implements FirewallCallback { - private static String BITMASK_CHAIN = "bitmask_fw"; - private static final String TAG = FirewallHelper.class.getSimpleName(); - - private Context context; - - public FirewallHelper(Context context) { - this.context = context; - } - - - @Override - public void onFirewallStarted(boolean success) { - if (success) { - VpnStatus.logInfo("[FIREWALL] Custom rules established"); - } else { - VpnStatus.logError("[FIREWALL] Could not establish custom rules."); - } - } - - @Override - public void onFirewallStopped(boolean success) { - if (success) { - VpnStatus.logInfo("[FIREWALL] Custom rules deleted"); - } else { - VpnStatus.logError("[FIREWALL] Could not delete custom rules"); - } - } - - @Override - public void onSuRequested(boolean success) { - PreferenceHelper.setSuPermission(context, success); - if (!success) { - VpnStatus.logError("[FIREWALL] Root permission needed to execute custom firewall rules."); - } - } - - - private static class StartFirewallTask extends AsyncTask<Void, Boolean, Boolean> { - - WeakReference<FirewallCallback> callbackWeakReference; - - StartFirewallTask(FirewallCallback callback) { - callbackWeakReference = new WeakReference<>(callback); - } - - @Override - protected Boolean doInBackground(Void... voids) { - StringBuilder log = new StringBuilder(); - String[] bitmaskChain = new String[]{ - "su", - "id", - "ip6tables --list " + BITMASK_CHAIN }; - - - try { - boolean hasBitmaskChain = runBlockingCmd(bitmaskChain, log) == 0; - boolean allowSu = log.toString().contains("uid=0"); - try { - callbackWeakReference.get().onSuRequested(allowSu); - Thread.sleep(1000); - } catch (Exception e) { - //ignore - } - - boolean success; - log = new StringBuilder(); - if (!hasBitmaskChain) { - String[] createChainAndRules = new String[]{ - "su", - "ip6tables --new-chain " + BITMASK_CHAIN, - "ip6tables --insert OUTPUT --jump " + BITMASK_CHAIN, - "ip6tables --append " + BITMASK_CHAIN + " -p tcp --jump REJECT", - "ip6tables --append " + BITMASK_CHAIN + " -p udp --jump REJECT" - }; - success = runBlockingCmd(createChainAndRules, log) == 0; - Log.d(TAG, "added " + BITMASK_CHAIN + " to ip6tables: " + success); - Log.d(TAG, log.toString()); - return success; - } else { - String[] addRules = new String[] { - "su", - "ip6tables --append " + BITMASK_CHAIN + " -p tcp --jump REJECT", - "ip6tables --append " + BITMASK_CHAIN + " -p udp --jump REJECT" }; - return runBlockingCmd(addRules, log) == 0; - } - } catch (Exception e) { - e.printStackTrace(); - Log.e(TAG, log.toString()); - } - return false; - } - - @Override - protected void onPostExecute(Boolean result) { - super.onPostExecute(result); - FirewallCallback callback = callbackWeakReference.get(); - if (callback != null) { - callback.onFirewallStarted(result); - } - } - } - - private static class ShutdownFirewallTask extends AsyncTask<Void, Boolean, Boolean> { - - WeakReference<FirewallCallback> callbackWeakReference; - - ShutdownFirewallTask(FirewallCallback callback) { - callbackWeakReference = new WeakReference<>(callback); - } - - @Override - protected Boolean doInBackground(Void... voids) { - boolean success; - StringBuilder log = new StringBuilder(); - String[] deleteChain = new String[]{ - "su", - "id", - "ip6tables --delete OUTPUT --jump " + BITMASK_CHAIN, - "ip6tables --flush " + BITMASK_CHAIN, - "ip6tables --delete-chain " + BITMASK_CHAIN - }; - try { - success = runBlockingCmd(deleteChain, log) == 0; - } catch (Exception e) { - e.printStackTrace(); - Log.e(TAG, log.toString()); - return false; - } - - try { - boolean allowSu = log.toString().contains("uid=0"); - callbackWeakReference.get().onSuRequested(allowSu); - } catch (Exception e) { - //ignore - } - return success; - } - - @Override - protected void onPostExecute(Boolean result) { - super.onPostExecute(result); - FirewallCallback callback = callbackWeakReference.get(); - if (callback != null) { - callback.onFirewallStopped(result); - } - } - } - - - public void startFirewall() { - StartFirewallTask task = new StartFirewallTask(this); - task.execute(); - } - - public void shutdownFirewall() { - ShutdownFirewallTask task = new ShutdownFirewallTask(this); - task.execute(); - } - -} diff --git a/app/src/main/java/se/leap/bitmaskclient/utils/PreferenceHelper.java b/app/src/main/java/se/leap/bitmaskclient/utils/PreferenceHelper.java index de2058c7..6f9744bc 100644 --- a/app/src/main/java/se/leap/bitmaskclient/utils/PreferenceHelper.java +++ b/app/src/main/java/se/leap/bitmaskclient/utils/PreferenceHelper.java @@ -3,35 +3,34 @@ package se.leap.bitmaskclient.utils; import android.content.Context; import android.content.SharedPreferences; import android.support.annotation.NonNull; -import android.support.annotation.Nullable; import org.json.JSONException; import org.json.JSONObject; import java.net.MalformedURLException; import java.net.URL; -import java.util.ArrayList; import java.util.HashSet; -import java.util.List; -import java.util.Locale; -import java.util.Map; import java.util.Set; import de.blinkt.openvpn.VpnProfile; import se.leap.bitmaskclient.Provider; import static android.content.Context.MODE_PRIVATE; +import static se.leap.bitmaskclient.Constants.ALLOW_TETHERING_BLUETOOTH; +import static se.leap.bitmaskclient.Constants.ALLOW_TETHERING_USB; +import static se.leap.bitmaskclient.Constants.ALLOW_TETHERING_WIFI; import static se.leap.bitmaskclient.Constants.ALWAYS_ON_SHOW_DIALOG; import static se.leap.bitmaskclient.Constants.DEFAULT_SHARED_PREFS_BATTERY_SAVER; import static se.leap.bitmaskclient.Constants.EXCLUDED_APPS; import static se.leap.bitmaskclient.Constants.LAST_USED_PROFILE; -import static se.leap.bitmaskclient.Constants.PREFERENCES_APP_VERSION; import static se.leap.bitmaskclient.Constants.PROVIDER_CONFIGURED; import static se.leap.bitmaskclient.Constants.PROVIDER_EIP_DEFINITION; import static se.leap.bitmaskclient.Constants.PROVIDER_PRIVATE_KEY; import static se.leap.bitmaskclient.Constants.PROVIDER_VPN_CERTIFICATE; import static se.leap.bitmaskclient.Constants.SHARED_PREFERENCES; +import static se.leap.bitmaskclient.Constants.SHOW_EXPERIMENTAL; import static se.leap.bitmaskclient.Constants.SU_PERMISSION; +import static se.leap.bitmaskclient.Constants.USE_IPv6_FIREWALL; import static se.leap.bitmaskclient.Constants.USE_PLUGGABLE_TRANSPORTS; /** @@ -146,6 +145,46 @@ public class PreferenceHelper { return getBoolean(context, DEFAULT_SHARED_PREFS_BATTERY_SAVER, false); } + public static void allowUsbTethering(Context context, boolean isEnabled) { + putBoolean(context, ALLOW_TETHERING_USB, isEnabled); + } + + public static boolean isUsbTetheringAllowed(Context context) { + return getBoolean(context, ALLOW_TETHERING_USB, false); + } + + public static void allowWifiTethering(Context context, boolean isEnabled) { + putBoolean(context, ALLOW_TETHERING_WIFI, isEnabled); + } + + public static boolean isWifiTetheringAllowed(Context context) { + return getBoolean(context, ALLOW_TETHERING_WIFI, false); + } + + public static void allowBluetoothTethering(Context context, boolean isEnabled) { + putBoolean(context, ALLOW_TETHERING_BLUETOOTH, isEnabled); + } + + public static boolean isBluetoothTetheringAllowed(Context context) { + return getBoolean(context, ALLOW_TETHERING_BLUETOOTH, false); + } + + public static void setShowExperimentalFeatures(Context context, boolean show) { + putBoolean(context, SHOW_EXPERIMENTAL, show); + } + + public static boolean showExperimentalFeatures(Context context) { + return getBoolean(context, SHOW_EXPERIMENTAL, false); + } + + public static void setUseIPv6Firewall(Context context, boolean useFirewall) { + putBoolean(context, USE_IPv6_FIREWALL, useFirewall); + } + + public static boolean useIpv6Firewall(Context context) { + return getBoolean(context, USE_IPv6_FIREWALL, false); + } + public static void saveShowAlwaysOnDialog(Context context, boolean showAlwaysOnDialog) { putBoolean(context, ALWAYS_ON_SHOW_DIALOG, showAlwaysOnDialog); } diff --git a/app/src/main/java/se/leap/bitmaskclient/views/IconCheckboxEntry.java b/app/src/main/java/se/leap/bitmaskclient/views/IconCheckboxEntry.java new file mode 100644 index 00000000..ca44592e --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/views/IconCheckboxEntry.java @@ -0,0 +1,86 @@ +package se.leap.bitmaskclient.views; + +import android.annotation.TargetApi; +import android.content.Context; +import android.graphics.drawable.Drawable; +import android.support.annotation.Nullable; +import android.support.v4.content.ContextCompat; +import android.support.v4.graphics.drawable.DrawableCompat; +import android.support.v7.widget.AppCompatImageView; +import android.util.AttributeSet; +import android.view.LayoutInflater; +import android.view.View; +import android.widget.LinearLayout; +import android.widget.TextView; + +import butterknife.ButterKnife; +import butterknife.InjectView; +import se.leap.bitmaskclient.R; +import se.leap.bitmaskclient.fragments.TetheringDialog; + + +public class IconCheckboxEntry extends LinearLayout { + + @InjectView(android.R.id.text1) + TextView textView; + + @InjectView(R.id.material_icon) + AppCompatImageView iconView; + + @InjectView(R.id.checked_icon) + AppCompatImageView checkedIcon; + + public IconCheckboxEntry(Context context) { + super(context); + initLayout(context, null); + } + + public IconCheckboxEntry(Context context, @Nullable AttributeSet attrs) { + super(context, attrs); + initLayout(context, attrs); + } + + public IconCheckboxEntry(Context context, @Nullable AttributeSet attrs, int defStyleAttr) { + super(context, attrs, defStyleAttr); + initLayout(context, attrs); + } + + @TargetApi(21) + public IconCheckboxEntry(Context context, AttributeSet attrs, int defStyleAttr, int defStyleRes) { + super(context, attrs, defStyleAttr, defStyleRes); + initLayout(context, attrs); + } + + void initLayout(Context context, AttributeSet attrs) { + LayoutInflater inflater = (LayoutInflater) context + .getSystemService(Context.LAYOUT_INFLATER_SERVICE); + View rootview = inflater.inflate(R.layout.v_icon_select_text_list_item, this, true); + ButterKnife.inject(this, rootview); + + + + } + + public void bind(TetheringDialog.DialogListAdapter.ViewModel model) { + this.setEnabled(model.enabled); + textView.setText(model.text); + textView.setEnabled(model.enabled); + + Drawable checkIcon = DrawableCompat.wrap(getResources().getDrawable(R.drawable.ic_check_bold)).mutate(); + if (model.enabled) { + DrawableCompat.setTint(checkIcon, ContextCompat.getColor(getContext(), R.color.colorSuccess)); + } else { + DrawableCompat.setTint(checkIcon, ContextCompat.getColor(getContext(), R.color.colorDisabled)); + } + + iconView.setImageDrawable(model.image); + checkedIcon.setImageDrawable(checkIcon); + setChecked(model.checked); + } + + public void setChecked(boolean checked) { + checkedIcon.setVisibility(checked ? VISIBLE : GONE); + checkedIcon.setContentDescription(checked ? "selected" : "unselected"); + } + +} |