From 20f906ef16d10d7f69a7355bd590ae99cb64723b Mon Sep 17 00:00:00 2001 From: cyberta Date: Sat, 25 Jan 2020 14:40:13 -0600 Subject: add and remove configuring tethering rules on vpn start and shutdown --- .../de/blinkt/openvpn/core/OpenVPNService.java | 4 +- .../bitmaskclient/firewall/FirewallManager.java | 35 ++++++++--- .../firewall/ShutdownFirewallTask.java | 55 ----------------- .../firewall/ShutdownIPv6FirewallTask.java | 55 +++++++++++++++++ .../bitmaskclient/firewall/StartFirewallTask.java | 72 ---------------------- .../firewall/StartIPv6FirewallTask.java | 72 ++++++++++++++++++++++ .../tethering/TetheringObservable.java | 4 ++ 7 files changed, 161 insertions(+), 136 deletions(-) delete mode 100644 app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownFirewallTask.java create mode 100644 app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownIPv6FirewallTask.java delete mode 100644 app/src/main/java/se/leap/bitmaskclient/firewall/StartFirewallTask.java create mode 100644 app/src/main/java/se/leap/bitmaskclient/firewall/StartIPv6FirewallTask.java diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java index 7c17bed9..a48d6477 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java @@ -194,7 +194,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac VpnStatus.removeStateListener(this); } } - firewallManager.shutdownFirewall(); + firewallManager.stop(); } private boolean runningOnAndroidTV() { @@ -449,7 +449,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac mProcessThread.start(); } - firewallManager.startFirewall(); + firewallManager.start(); new Handler(getMainLooper()).post(() -> { if (mDeviceStateReceiver != null) { diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallManager.java b/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallManager.java index ce402ef8..78166671 100644 --- a/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallManager.java +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallManager.java @@ -19,6 +19,7 @@ package se.leap.bitmaskclient.firewall; import android.content.Context; import de.blinkt.openvpn.core.VpnStatus; +import se.leap.bitmaskclient.tethering.TetheringObservable; import se.leap.bitmaskclient.tethering.TetheringState; import se.leap.bitmaskclient.utils.PreferenceHelper; @@ -72,14 +73,24 @@ public class FirewallManager implements FirewallCallback { } - public void startFirewall() { - StartFirewallTask task = new StartFirewallTask(this); - task.execute(); + public void start() { + startIPv6Firewall(); + if (TetheringObservable.getInstance().hasAnyTetheringEnabled()) { + TetheringState deviceTethering = TetheringObservable.getInstance().getTetheringState(); + TetheringState vpnTethering = new TetheringState(); + vpnTethering.isWifiTetheringEnabled = deviceTethering.isWifiTetheringEnabled && PreferenceHelper.getWifiTethering(context); + vpnTethering.isUsbTetheringEnabled = deviceTethering.isUsbTetheringEnabled && PreferenceHelper.getUsbTethering(context); + vpnTethering.isBluetoothTetheringEnabled = deviceTethering.isBluetoothTetheringEnabled && PreferenceHelper.getBluetoothTethering(context); + configureTethering(vpnTethering); + } } - - public void shutdownFirewall() { - ShutdownFirewallTask task = new ShutdownFirewallTask(this); - task.execute(); + public void stop() { + shutdownIPv6Firewall(); + TetheringState allowedTethering = new TetheringState(); + allowedTethering.isWifiTetheringEnabled = PreferenceHelper.getWifiTethering(context); + allowedTethering.isUsbTetheringEnabled = PreferenceHelper.getUsbTethering(context); + allowedTethering.isBluetoothTetheringEnabled = PreferenceHelper.getBluetoothTethering(context); + configureTethering(allowedTethering); } public void configureTethering(TetheringState state) { @@ -87,4 +98,14 @@ public class FirewallManager implements FirewallCallback { task.execute(state); } + private void startIPv6Firewall() { + StartIPv6FirewallTask task = new StartIPv6FirewallTask(this); + task.execute(); + } + + private void shutdownIPv6Firewall() { + ShutdownIPv6FirewallTask task = new ShutdownIPv6FirewallTask(this); + task.execute(); + } + } diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownFirewallTask.java b/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownFirewallTask.java deleted file mode 100644 index 50fa77cd..00000000 --- a/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownFirewallTask.java +++ /dev/null @@ -1,55 +0,0 @@ -package se.leap.bitmaskclient.firewall; - -import android.os.AsyncTask; -import android.util.Log; - -import java.lang.ref.WeakReference; - -import static se.leap.bitmaskclient.firewall.FirewallManager.BITMASK_CHAIN; -import static se.leap.bitmaskclient.utils.Cmd.runBlockingCmd; - -class ShutdownFirewallTask extends AsyncTask { - - private WeakReference callbackWeakReference; - - ShutdownFirewallTask(FirewallCallback callback) { - callbackWeakReference = new WeakReference<>(callback); - } - - @Override - protected Boolean doInBackground(Void... voids) { - boolean success; - StringBuilder log = new StringBuilder(); - String[] deleteChain = new String[]{ - "su", - "id", - "ip6tables --delete OUTPUT --jump " + BITMASK_CHAIN, - "ip6tables --flush " + BITMASK_CHAIN, - "ip6tables --delete-chain " + BITMASK_CHAIN - }; - try { - success = runBlockingCmd(deleteChain, log) == 0; - } catch (Exception e) { - e.printStackTrace(); - Log.e(FirewallManager.TAG, log.toString()); - return false; - } - - try { - boolean allowSu = log.toString().contains("uid=0"); - callbackWeakReference.get().onSuRequested(allowSu); - } catch (Exception e) { - //ignore - } - return success; - } - - @Override - protected void onPostExecute(Boolean result) { - super.onPostExecute(result); - FirewallCallback callback = callbackWeakReference.get(); - if (callback != null) { - callback.onFirewallStopped(result); - } - } -} diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownIPv6FirewallTask.java b/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownIPv6FirewallTask.java new file mode 100644 index 00000000..dbdbf769 --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownIPv6FirewallTask.java @@ -0,0 +1,55 @@ +package se.leap.bitmaskclient.firewall; + +import android.os.AsyncTask; +import android.util.Log; + +import java.lang.ref.WeakReference; + +import static se.leap.bitmaskclient.firewall.FirewallManager.BITMASK_CHAIN; +import static se.leap.bitmaskclient.utils.Cmd.runBlockingCmd; + +class ShutdownIPv6FirewallTask extends AsyncTask { + + private WeakReference callbackWeakReference; + + ShutdownIPv6FirewallTask(FirewallCallback callback) { + callbackWeakReference = new WeakReference<>(callback); + } + + @Override + protected Boolean doInBackground(Void... voids) { + boolean success; + StringBuilder log = new StringBuilder(); + String[] deleteChain = new String[]{ + "su", + "id", + "ip6tables --delete OUTPUT --jump " + BITMASK_CHAIN, + "ip6tables --flush " + BITMASK_CHAIN, + "ip6tables --delete-chain " + BITMASK_CHAIN + }; + try { + success = runBlockingCmd(deleteChain, log) == 0; + } catch (Exception e) { + e.printStackTrace(); + Log.e(FirewallManager.TAG, log.toString()); + return false; + } + + try { + boolean allowSu = log.toString().contains("uid=0"); + callbackWeakReference.get().onSuRequested(allowSu); + } catch (Exception e) { + //ignore + } + return success; + } + + @Override + protected void onPostExecute(Boolean result) { + super.onPostExecute(result); + FirewallCallback callback = callbackWeakReference.get(); + if (callback != null) { + callback.onFirewallStopped(result); + } + } +} diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/StartFirewallTask.java b/app/src/main/java/se/leap/bitmaskclient/firewall/StartFirewallTask.java deleted file mode 100644 index 3bf6d684..00000000 --- a/app/src/main/java/se/leap/bitmaskclient/firewall/StartFirewallTask.java +++ /dev/null @@ -1,72 +0,0 @@ -package se.leap.bitmaskclient.firewall; - -import android.os.AsyncTask; -import android.util.Log; - -import java.lang.ref.WeakReference; - -import static se.leap.bitmaskclient.firewall.FirewallManager.BITMASK_CHAIN; -import static se.leap.bitmaskclient.utils.Cmd.runBlockingCmd; - -class StartFirewallTask extends AsyncTask { - - private WeakReference callbackWeakReference; - - StartFirewallTask(FirewallCallback callback) { - callbackWeakReference = new WeakReference<>(callback); - } - - @Override - protected Boolean doInBackground(Void... voids) { - StringBuilder log = new StringBuilder(); - String[] bitmaskChain = new String[]{ - "su", - "id", - "ip6tables --list " + BITMASK_CHAIN }; - - - try { - boolean hasBitmaskChain = runBlockingCmd(bitmaskChain, log) == 0; - boolean allowSu = log.toString().contains("uid=0"); - callbackWeakReference.get().onSuRequested(allowSu); - if (!allowSu) { - return false; - } - - boolean success; - log = new StringBuilder(); - if (!hasBitmaskChain) { - String[] createChainAndRules = new String[]{ - "su", - "ip6tables --new-chain " + BITMASK_CHAIN, - "ip6tables --insert OUTPUT --jump " + BITMASK_CHAIN, - "ip6tables --append " + BITMASK_CHAIN + " -p tcp --jump REJECT", - "ip6tables --append " + BITMASK_CHAIN + " -p udp --jump REJECT" - }; - success = runBlockingCmd(createChainAndRules, log) == 0; - Log.d(FirewallManager.TAG, "added " + BITMASK_CHAIN + " to ip6tables: " + success); - Log.d(FirewallManager.TAG, log.toString()); - return success; - } else { - String[] addRules = new String[] { - "su", - "ip6tables --append " + BITMASK_CHAIN + " -p tcp --jump REJECT", - "ip6tables --append " + BITMASK_CHAIN + " -p udp --jump REJECT" }; - return runBlockingCmd(addRules, log) == 0; - } - } catch (Exception e) { - e.printStackTrace(); - Log.e(FirewallManager.TAG, log.toString()); - } - return false; - } - - @Override - protected void onPostExecute(Boolean result) { - super.onPostExecute(result); - FirewallCallback callback = callbackWeakReference.get(); - if (callback != null) { - callback.onFirewallStarted(result); - } - } -} diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/StartIPv6FirewallTask.java b/app/src/main/java/se/leap/bitmaskclient/firewall/StartIPv6FirewallTask.java new file mode 100644 index 00000000..1dbfb9f8 --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/StartIPv6FirewallTask.java @@ -0,0 +1,72 @@ +package se.leap.bitmaskclient.firewall; + +import android.os.AsyncTask; +import android.util.Log; + +import java.lang.ref.WeakReference; + +import static se.leap.bitmaskclient.firewall.FirewallManager.BITMASK_CHAIN; +import static se.leap.bitmaskclient.utils.Cmd.runBlockingCmd; + +class StartIPv6FirewallTask extends AsyncTask { + + private WeakReference callbackWeakReference; + + StartIPv6FirewallTask(FirewallCallback callback) { + callbackWeakReference = new WeakReference<>(callback); + } + + @Override + protected Boolean doInBackground(Void... voids) { + StringBuilder log = new StringBuilder(); + String[] bitmaskChain = new String[]{ + "su", + "id", + "ip6tables --list " + BITMASK_CHAIN }; + + + try { + boolean hasBitmaskChain = runBlockingCmd(bitmaskChain, log) == 0; + boolean allowSu = log.toString().contains("uid=0"); + callbackWeakReference.get().onSuRequested(allowSu); + if (!allowSu) { + return false; + } + + boolean success; + log = new StringBuilder(); + if (!hasBitmaskChain) { + String[] createChainAndRules = new String[]{ + "su", + "ip6tables --new-chain " + BITMASK_CHAIN, + "ip6tables --insert OUTPUT --jump " + BITMASK_CHAIN, + "ip6tables --append " + BITMASK_CHAIN + " -p tcp --jump REJECT", + "ip6tables --append " + BITMASK_CHAIN + " -p udp --jump REJECT" + }; + success = runBlockingCmd(createChainAndRules, log) == 0; + Log.d(FirewallManager.TAG, "added " + BITMASK_CHAIN + " to ip6tables: " + success); + Log.d(FirewallManager.TAG, log.toString()); + return success; + } else { + String[] addRules = new String[] { + "su", + "ip6tables --append " + BITMASK_CHAIN + " -p tcp --jump REJECT", + "ip6tables --append " + BITMASK_CHAIN + " -p udp --jump REJECT" }; + return runBlockingCmd(addRules, log) == 0; + } + } catch (Exception e) { + e.printStackTrace(); + Log.e(FirewallManager.TAG, log.toString()); + } + return false; + } + + @Override + protected void onPostExecute(Boolean result) { + super.onPostExecute(result); + FirewallCallback callback = callbackWeakReference.get(); + if (callback != null) { + callback.onFirewallStarted(result); + } + } +} diff --git a/app/src/main/java/se/leap/bitmaskclient/tethering/TetheringObservable.java b/app/src/main/java/se/leap/bitmaskclient/tethering/TetheringObservable.java index fc06ee12..79c1ec6d 100644 --- a/app/src/main/java/se/leap/bitmaskclient/tethering/TetheringObservable.java +++ b/app/src/main/java/se/leap/bitmaskclient/tethering/TetheringObservable.java @@ -67,4 +67,8 @@ public class TetheringObservable extends Observable { public TetheringState getTetheringState() { return tetheringState; } + + public boolean hasAnyTetheringEnabled() { + return tetheringState.isBluetoothTetheringEnabled || tetheringState.isUsbTetheringEnabled || tetheringState.isWifiTetheringEnabled; + } } -- cgit v1.2.3