diff options
Diffstat (limited to 'app/src/main/java/se/leap/bitmaskclient/firewall')
6 files changed, 649 insertions, 0 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallCallback.java b/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallCallback.java new file mode 100644 index 00000000..15fa426f --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallCallback.java @@ -0,0 +1,25 @@ +/** + * Copyright (c) 2019 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package se.leap.bitmaskclient.firewall; + +interface FirewallCallback { + void onFirewallStarted(boolean success); + void onFirewallStopped(boolean success); + void onTetheringStarted(boolean success); + void onTetheringStopped(boolean success); + void onSuRequested(boolean success); +} diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallManager.java b/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallManager.java new file mode 100644 index 00000000..c148497b --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallManager.java @@ -0,0 +1,151 @@ +package se.leap.bitmaskclient.firewall; +/** + * Copyright (c) 2019 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +import android.content.Context; + +import java.util.Observable; +import java.util.Observer; + +import de.blinkt.openvpn.core.VpnStatus; +import se.leap.bitmaskclient.tethering.TetheringObservable; +import se.leap.bitmaskclient.tethering.TetheringState; +import se.leap.bitmaskclient.utils.PreferenceHelper; + +public class FirewallManager implements FirewallCallback, Observer { + public static String BITMASK_CHAIN = "bitmask_fw"; + public static String BITMASK_FORWARD = "bitmask_forward"; + public static String BITMASK_POSTROUTING = "bitmask_postrouting"; + static final String TAG = FirewallManager.class.getSimpleName(); + private boolean isRunning = false; + + private Context context; + + public FirewallManager(Context context, boolean observeTethering) { + this.context = context; + if (observeTethering) { + TetheringObservable.getInstance().addObserver(this); + } + } + + @Override + public void onFirewallStarted(boolean success) { + if (success) { + VpnStatus.logInfo("[FIREWALL] Custom rules established"); + } else { + VpnStatus.logError("[FIREWALL] Could not establish custom rules."); + } + } + + @Override + public void onFirewallStopped(boolean success) { + if (success) { + VpnStatus.logInfo("[FIREWALL] Custom rules deleted"); + } else { + VpnStatus.logError("[FIREWALL] Could not delete custom rules"); + } + } + + @Override + public void onTetheringStarted(boolean success) { + if (success) { + VpnStatus.logInfo("[FIREWALL] Rules for tethering enabled"); + } else { + VpnStatus.logError("[FIREWALL] Could not enable rules for tethering."); + } + } + + @Override + public void onTetheringStopped(boolean success) { + if (success) { + VpnStatus.logInfo("[FIREWALL] Rules for tethering successfully disabled"); + } else { + VpnStatus.logError("[FIREWALL] Could not disable rules for tethering."); + } + } + + @Override + public void onSuRequested(boolean success) { + PreferenceHelper.setSuPermission(context, success); + if (!success) { + VpnStatus.logError("[FIREWALL] Root permission needed to execute custom firewall rules."); + } + } + + public void onDestroy() { + TetheringObservable.getInstance().deleteObserver(this); + } + + + public void start() { + if (!isRunning) { + isRunning = true; + if (PreferenceHelper.useIpv6Firewall(context)) { + startIPv6Firewall(); + } + TetheringState tetheringState = TetheringObservable.getInstance().getTetheringState(); + if (tetheringState.hasAnyDeviceTetheringEnabled() && tetheringState.hasAnyVpnTetheringAllowed()) { + startTethering(); + } + } + + } + + public void stop() { + isRunning = false; + if (PreferenceHelper.useIpv6Firewall(context)) { + stopIPv6Firewall(); + } + TetheringState tetheringState = TetheringObservable.getInstance().getTetheringState(); + if (tetheringState.hasAnyDeviceTetheringEnabled() && tetheringState.hasAnyVpnTetheringAllowed()) { + stopTethering(); + } + } + + public void startTethering() { + SetupTetheringTask task = new SetupTetheringTask(this); + task.execute(); + } + + public void stopTethering() { + ShutdownTetheringTask task = new ShutdownTetheringTask(this); + task.execute(); + } + + public void startIPv6Firewall() { + StartIPv6FirewallTask task = new StartIPv6FirewallTask(this); + task.execute(); + } + + public void stopIPv6Firewall() { + ShutdownIPv6FirewallTask task = new ShutdownIPv6FirewallTask(this); + task.execute(); + } + + @Override + public void update(Observable o, Object arg) { + if (o instanceof TetheringObservable) { + TetheringObservable observable = (TetheringObservable) o; + TetheringState state = observable.getTetheringState(); + if (state.hasAnyVpnTetheringAllowed() && state.hasAnyDeviceTetheringEnabled()) { + startTethering(); + } else { + stopTethering(); + } + } + } +} diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/SetupTetheringTask.java b/app/src/main/java/se/leap/bitmaskclient/firewall/SetupTetheringTask.java new file mode 100644 index 00000000..7abd01a8 --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/SetupTetheringTask.java @@ -0,0 +1,220 @@ +/** + * Copyright (c) 2020 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package se.leap.bitmaskclient.firewall; + +import android.os.AsyncTask; +import android.util.Log; + +import java.lang.ref.WeakReference; +import java.net.NetworkInterface; +import java.util.ArrayList; +import java.util.Enumeration; + +import se.leap.bitmaskclient.tethering.TetheringObservable; +import se.leap.bitmaskclient.tethering.TetheringState; + +import static se.leap.bitmaskclient.firewall.FirewallManager.BITMASK_FORWARD; +import static se.leap.bitmaskclient.firewall.FirewallManager.BITMASK_POSTROUTING; +import static se.leap.bitmaskclient.utils.Cmd.runBlockingCmd; + +public class SetupTetheringTask extends AsyncTask<Void, Boolean, Boolean> { + + private static final String TAG = SetupTetheringTask.class.getSimpleName(); + private WeakReference<FirewallCallback> callbackWeakReference; + + SetupTetheringTask(FirewallCallback callback) { + callbackWeakReference = new WeakReference<>(callback); + } + + @Override + protected Boolean doInBackground(Void... args) { + TetheringState tetheringState = TetheringObservable.getInstance().getTetheringState(); + StringBuilder log = new StringBuilder(); + + String[] bitmaskChain = new String[]{ + "su", + "id", + "iptables -t filter --list " + BITMASK_FORWARD + " && iptables -t nat --list " + BITMASK_POSTROUTING }; + + try { + boolean hasBitmaskChain = runBlockingCmd(bitmaskChain, log) == 0; + boolean allowSu = log.toString().contains("uid=0"); + FirewallCallback callback = callbackWeakReference.get(); + if (callback != null) { + callback.onSuRequested(allowSu); + } + if (!allowSu) { + return false; + } + + boolean success = true; + log = new StringBuilder(); + + if (!hasBitmaskChain && tetheringState.hasAnyVpnTetheringAllowed() && tetheringState.hasAnyDeviceTetheringEnabled()) { + createChains(log); + } + + if (tetheringState.tetherWifiVpn()) { + log = new StringBuilder(); + success = addWifiTetheringRules(tetheringState, log); + logError(success, log); + } else if (!tetheringState.isVpnWifiTetheringAllowed){ + success = removeWifiTetheringRules(tetheringState, log); + logError(success, log); + } + + log = new StringBuilder(); + if (tetheringState.tetherUsbVpn()) { + success = success && addUsbTetheringRules(tetheringState, log); + logError(success, log); + } else if (!tetheringState.isVpnUsbTetheringAllowed) { + success = success && removeUsbTetheringRules(tetheringState, log); + logError(success, log); + } + + log = new StringBuilder(); + if (tetheringState.tetherBluetoothVpn()) { + success = success && addBluetoothTetheringRules(tetheringState, log); + logError(success, log); + } else if (!tetheringState.isVpnBluetoothTetheringAllowed) { + success = success && removeBluetoothTetheringRules(tetheringState, log); + logError(success, log); + } + return success; + } catch (Exception e) { + e.printStackTrace(); + Log.e(FirewallManager.TAG, log.toString()); + } + return false; + } + + private void logError(boolean success, StringBuilder log) { + if (!success) { + Log.e(TAG, log.toString()); + } + } + + + private void createChains(StringBuilder log) throws Exception { + boolean success; + String[] createChains = new String[]{ + "su", + "iptables -t filter --new-chain " + BITMASK_FORWARD, + "iptables -t nat --new-chain " + BITMASK_POSTROUTING, + "iptables -t filter --insert FORWARD --jump " + BITMASK_FORWARD, + "iptables -t nat --insert POSTROUTING --jump " + BITMASK_POSTROUTING, + }; + success = runBlockingCmd(createChains, log) == 0; + Log.d(FirewallManager.TAG, "added " + BITMASK_FORWARD + " and " + BITMASK_POSTROUTING+" to iptables: " + success); + Log.d(FirewallManager.TAG, log.toString()); + } + + private boolean addWifiTetheringRules(TetheringState state, StringBuilder log) throws Exception { + Log.d(TAG, "add Wifi tethering Rules"); + String[] addRules = getAdditionRules(state.wifiAddress, state.wifiInterface); + return runBlockingCmd(addRules, log) == 0; + } + + private boolean removeWifiTetheringRules(TetheringState state, StringBuilder log) throws Exception { + Log.d(TAG, "add Wifi tethering Rules"); + String[] removeRules = getDeletionRules(state, state.lastSeenWifiAddress, state.lastSeenWifiInterface); + return runBlockingCmd(removeRules, log) == 0; + } + + private boolean addUsbTetheringRules(TetheringState state, StringBuilder log) throws Exception { + Log.d(TAG, "add usb tethering rules"); + String[] addRules = getAdditionRules(state.usbAddress, state.usbInterface); + return runBlockingCmd(addRules, log) == 0; + } + + private boolean removeUsbTetheringRules(TetheringState state, StringBuilder log) throws Exception { + Log.d(TAG, "add usb tethering rules"); + String[] addRules = getDeletionRules(state, state.lastSeenUsbAddress, state.lastSeenUsbInterface); + return runBlockingCmd(addRules, log) == 0; + } + + //TODO: implement the follwing methods -v + private boolean removeBluetoothTetheringRules(TetheringState state, StringBuilder log) { + return true; + } + + private boolean addBluetoothTetheringRules(TetheringState state, StringBuilder log) { + return true; + } + + private String[] getAdditionRules(String addressRange, String interfaceName) { + return new String[] { + "su", + "iptables -t filter --flush " + BITMASK_FORWARD, + "iptables -t nat --flush " + BITMASK_POSTROUTING, + "iptables -t filter --append " + BITMASK_FORWARD + " --jump ACCEPT", + "iptables -t nat --append " + BITMASK_POSTROUTING + " --jump MASQUERADE", + "if [[ ! `ip rule show from "+ addressRange+" lookup 61` ]]; " + + "then ip rule add from " + addressRange + " lookup 61; " + + "fi", + "if [[ ! `ip route list table 61 | grep 'default dev " + getTunName() + " scope link'` ]]; " + + "then ip route add default dev " + getTunName() + " scope link table 61; " + + "fi", + "if [[ ! `ip route list table 61 | grep '"+ addressRange +" dev "+ interfaceName +" scope link'` ]]; " + + "then ip route add " + addressRange + " dev " + interfaceName + " scope link table 61; " + + "fi", + "if [[ ! `ip route list table 61 | grep 'broadcast 255.255.255.255 dev " + interfaceName + " scope link'` ]]; " + + "then ip route add broadcast 255.255.255.255 dev " + interfaceName + " scope link table 61; " + + "fi" + }; + } + + private String[] getDeletionRules(TetheringState state, String addressRange, String interfaceName) { + ArrayList<String> list = new ArrayList<>(); + list.add("su"); + list.add("ip route delete broadcast 255.255.255.255 dev " + addressRange +" scope link table 61"); + list.add("ip route delete " + addressRange + " dev " + interfaceName +" scope link table 61"); + if (!state.hasAnyVpnTetheringAllowed() || !state.hasAnyDeviceTetheringEnabled()) { + list.add("ip route delete default dev " + getTunName() + " scope link table 61"); + } + list.add("if [[ `ip rule show from " + addressRange + " lookup 61` ]]; " + + "then ip rule del from " + addressRange + " lookup 61; " + + "fi"); + + return list.toArray(new String[0]); + } + + + + private String getTunName() { + try { + for (Enumeration<NetworkInterface> en = NetworkInterface.getNetworkInterfaces(); en.hasMoreElements(); ) { + NetworkInterface networkInterface = en.nextElement(); + if (networkInterface.getName().contains("tun")) { + return networkInterface.getName(); + } + } + } catch (Exception e) { + e.printStackTrace(); + } + return ""; + } + + @Override + protected void onPostExecute(Boolean result) { + super.onPostExecute(result); + FirewallCallback callback = callbackWeakReference.get(); + if (callback != null) { + callback.onTetheringStarted(result); + } + } +} diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownIPv6FirewallTask.java b/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownIPv6FirewallTask.java new file mode 100644 index 00000000..63d6074d --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownIPv6FirewallTask.java @@ -0,0 +1,71 @@ +/** + * Copyright (c) 2020 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package se.leap.bitmaskclient.firewall; + +import android.os.AsyncTask; +import android.util.Log; + +import java.lang.ref.WeakReference; + +import static se.leap.bitmaskclient.firewall.FirewallManager.BITMASK_CHAIN; +import static se.leap.bitmaskclient.utils.Cmd.runBlockingCmd; + +class ShutdownIPv6FirewallTask extends AsyncTask<Void, Boolean, Boolean> { + + private WeakReference<FirewallCallback> callbackWeakReference; + + ShutdownIPv6FirewallTask(FirewallCallback callback) { + callbackWeakReference = new WeakReference<>(callback); + } + + @Override + protected Boolean doInBackground(Void... voids) { + boolean success; + StringBuilder log = new StringBuilder(); + String[] deleteChain = new String[]{ + "su", + "id", + "ip6tables --delete OUTPUT --jump " + BITMASK_CHAIN, + "ip6tables --flush " + BITMASK_CHAIN, + "ip6tables --delete-chain " + BITMASK_CHAIN + }; + try { + success = runBlockingCmd(deleteChain, log) == 0; + } catch (Exception e) { + e.printStackTrace(); + Log.e(FirewallManager.TAG, log.toString()); + return false; + } + + try { + boolean allowSu = log.toString().contains("uid=0"); + callbackWeakReference.get().onSuRequested(allowSu); + } catch (Exception e) { + //ignore + } + return success; + } + + @Override + protected void onPostExecute(Boolean result) { + super.onPostExecute(result); + FirewallCallback callback = callbackWeakReference.get(); + if (callback != null) { + callback.onFirewallStopped(result); + } + } +} diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownTetheringTask.java b/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownTetheringTask.java new file mode 100644 index 00000000..dcb3ccba --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownTetheringTask.java @@ -0,0 +1,94 @@ +/** + * Copyright (c) 2020 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package se.leap.bitmaskclient.firewall; + +import android.os.AsyncTask; +import android.util.Log; + +import java.lang.ref.WeakReference; +import java.util.ArrayList; + +import se.leap.bitmaskclient.tethering.TetheringObservable; +import se.leap.bitmaskclient.tethering.TetheringState; + +import static se.leap.bitmaskclient.firewall.FirewallManager.BITMASK_FORWARD; +import static se.leap.bitmaskclient.firewall.FirewallManager.BITMASK_POSTROUTING; +import static se.leap.bitmaskclient.utils.Cmd.runBlockingCmd; + +public class ShutdownTetheringTask extends AsyncTask<Void, Boolean, Boolean> { + + private WeakReference<FirewallCallback> callbackWeakReference; + + ShutdownTetheringTask(FirewallCallback callback) { + callbackWeakReference = new WeakReference<>(callback); + } + + @Override + protected Boolean doInBackground(Void... args) { + TetheringState tetheringState = TetheringObservable.getInstance().getTetheringState(); + StringBuilder log = new StringBuilder(); + + String[] bitmaskChain = new String[]{ + "su", + "id", + "iptables -t filter --list " + BITMASK_FORWARD + " && iptables -t nat --list " + BITMASK_POSTROUTING }; + + try { + boolean hasBitmaskChain = runBlockingCmd(bitmaskChain, log) == 0; + boolean allowSu = log.toString().contains("uid=0"); + callbackWeakReference.get().onSuRequested(allowSu); + if (!allowSu) { + return false; + } + + log = new StringBuilder(); + + ArrayList<String> removeChains = new ArrayList<>(); + removeChains.add("su"); + removeChains.add("ip route flush table 61"); + removeChains.add("if [[ `ip rule show from " + tetheringState.lastSeenWifiAddress+ " lookup 61` ]]; " + + "then ip rule del from " + tetheringState.lastSeenWifiAddress + " lookup 61; " + + "fi"); + removeChains.add("if [[ `ip rule show from " + tetheringState.lastSeenUsbAddress+ " lookup 61` ]]; " + + "then ip rule del from " + tetheringState.lastSeenUsbAddress + " lookup 61; " + + "fi"); + if (hasBitmaskChain) { + removeChains.add("iptables -t filter --delete FORWARD --jump " + BITMASK_FORWARD); + removeChains.add("iptables -t nat --delete POSTROUTING --jump " + BITMASK_POSTROUTING); + removeChains.add("iptables -t filter --flush " + BITMASK_FORWARD); + removeChains.add("iptables -t nat --flush " + BITMASK_POSTROUTING); + removeChains.add("iptables -t filter --delete-chain " + BITMASK_FORWARD); + removeChains.add("iptables -t nat --delete-chain " + BITMASK_POSTROUTING); + } + return runBlockingCmd(removeChains.toArray(new String[0]), log) == 0; + + } catch (Exception e) { + e.printStackTrace(); + Log.e(FirewallManager.TAG, log.toString()); + } + return false; + } + + @Override + protected void onPostExecute(Boolean result) { + super.onPostExecute(result); + FirewallCallback callback = callbackWeakReference.get(); + if (callback != null) { + callback.onTetheringStarted(result); + } + } +} diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/StartIPv6FirewallTask.java b/app/src/main/java/se/leap/bitmaskclient/firewall/StartIPv6FirewallTask.java new file mode 100644 index 00000000..b01270e0 --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/StartIPv6FirewallTask.java @@ -0,0 +1,88 @@ +/** + * Copyright (c) 2020 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package se.leap.bitmaskclient.firewall; + +import android.os.AsyncTask; +import android.util.Log; + +import java.lang.ref.WeakReference; + +import static se.leap.bitmaskclient.firewall.FirewallManager.BITMASK_CHAIN; +import static se.leap.bitmaskclient.utils.Cmd.runBlockingCmd; + +class StartIPv6FirewallTask extends AsyncTask<Void, Boolean, Boolean> { + + private WeakReference<FirewallCallback> callbackWeakReference; + + StartIPv6FirewallTask(FirewallCallback callback) { + callbackWeakReference = new WeakReference<>(callback); + } + + @Override + protected Boolean doInBackground(Void... voids) { + StringBuilder log = new StringBuilder(); + String[] bitmaskChain = new String[]{ + "su", + "id", + "ip6tables --list " + BITMASK_CHAIN }; + + + try { + boolean hasBitmaskChain = runBlockingCmd(bitmaskChain, log) == 0; + boolean allowSu = log.toString().contains("uid=0"); + callbackWeakReference.get().onSuRequested(allowSu); + if (!allowSu) { + return false; + } + + boolean success; + log = new StringBuilder(); + if (!hasBitmaskChain) { + String[] createChainAndRules = new String[]{ + "su", + "ip6tables --new-chain " + BITMASK_CHAIN, + "ip6tables --insert OUTPUT --jump " + BITMASK_CHAIN, + "ip6tables --append " + BITMASK_CHAIN + " -p tcp --jump REJECT", + "ip6tables --append " + BITMASK_CHAIN + " -p udp --jump REJECT" + }; + success = runBlockingCmd(createChainAndRules, log) == 0; + Log.d(FirewallManager.TAG, "added " + BITMASK_CHAIN + " to ip6tables: " + success); + Log.d(FirewallManager.TAG, log.toString()); + return success; + } else { + String[] addRules = new String[] { + "su", + "ip6tables --append " + BITMASK_CHAIN + " -p tcp --jump REJECT", + "ip6tables --append " + BITMASK_CHAIN + " -p udp --jump REJECT" }; + return runBlockingCmd(addRules, log) == 0; + } + } catch (Exception e) { + e.printStackTrace(); + Log.e(FirewallManager.TAG, log.toString()); + } + return false; + } + + @Override + protected void onPostExecute(Boolean result) { + super.onPostExecute(result); + FirewallCallback callback = callbackWeakReference.get(); + if (callback != null) { + callback.onFirewallStarted(result); + } + } +} |