Implement PIE on JELLY BEAN

author: Arne Schwabe <arne@rfc2549.org> 2014-06-04 17:17:02 +0200
committer: Arne Schwabe <arne@rfc2549.org> 2014-06-04 17:17:02 +0200
commit: 614b8790e5fc0bb3864eb2e3dd8c15016333d016 (patch)
tree: 53cfe70577ddc69cd92f5b816281d2a76bced1ce
parent: ca7fe0a3dcdcec7d0cfa77bcff26409e84a9fa9a (diff)
5 files changed, 54 insertions, 21 deletions
diff --git a/main/jni/Android.mk b/main/jni/Android.mk
index 3152d7e9..33d0bc76 100644
--- a/main/jni/Android.mk
+++ b/main/jni/Android.mk
@@ -57,6 +57,17 @@ include $(CLEAR_VARS)
 LOCAL_LDLIBS := -lz  -lc 
 LOCAL_SHARED_LIBRARIES := libssl libcrypto openvpn
 LOCAL_SRC_FILES:= minivpn.c dummy.cpp
-LOCAL_MODULE = minivpn
+LOCAL_MODULE = nopievpn
+include $(BUILD_EXECUTABLE)
+
+
+include $(CLEAR_VARS)
+LOCAL_LDLIBS := -lz  -lc 
+LOCAL_CFLAGS= -fPIE -pie
+LOCAL_CFLAGS = -fPIE
+LOCAL_LDFLAGS = -fPIE -pie
+LOCAL_SHARED_LIBRARIES := libssl libcrypto openvpn
+LOCAL_SRC_FILES:= minivpn.c dummy.cpp
+LOCAL_MODULE = pievpn
 include $(BUILD_EXECUTABLE)
 
diff --git a/main/misc/build-native.sh b/main/misc/build-native.sh
index 35353bdd..f27384cd 100755
--- a/main/misc/build-native.sh
+++ b/main/misc/build-native.sh
@@ -35,7 +35,8 @@ if [ $? = 0 ]; then
 	mkdir -p ../ovpnlibs/assets
 	for i in *
 	do
-		cp -v $i/minivpn ../ovpnlibs/assets/minivpn.$i
+		cp -v $i/nopievpn ../ovpnlibs/assets/nopievpn.$i
+		cp -v $i/pievpn ../ovpnlibs/assets/pievpn.$i
 	done
 	# Removed compiled openssl libs, will use platform so libs 
 	# Reduces size of apk
diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
index 601fb2df..c8771e9f 100644
--- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -12,18 +12,16 @@ import android.security.KeyChain;
 import android.security.KeyChainException;
 import android.util.Base64;
 
-import de.blinkt.openvpn.core.NativeUtils;
-import de.blinkt.openvpn.core.VpnStatus;
-import de.blinkt.openvpn.core.OpenVpnService;
-import de.blinkt.openvpn.core.X509Utils;
 import org.spongycastle.util.io.pem.PemObject;
 import org.spongycastle.util.io.pem.PemWriter;
 
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import java.io.*;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileReader;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.Serializable;
+import java.io.StringWriter;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.security.InvalidKeyException;
@@ -37,6 +35,16 @@ import java.util.Locale;
 import java.util.UUID;
 import java.util.Vector;
 
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+
+import de.blinkt.openvpn.core.NativeUtils;
+import de.blinkt.openvpn.core.OpenVpnService;
+import de.blinkt.openvpn.core.VpnStatus;
+import de.blinkt.openvpn.core.X509Utils;
+
 public class VpnProfile implements Serializable {
     // Note that this class cannot be moved to core where it belongs since
     // the profile loading depends on it being here
@@ -48,7 +56,9 @@ public class VpnProfile implements Serializable {
     public static final String EXTRA_PROFILEUUID = "de.blinkt.openvpn.profileUUID";
     public static final String INLINE_TAG = "[[INLINE]]";
     public static final String DISPLAYNAME_TAG = "[[NAME]]";
-    public static final String MINIVPN = "miniopenvpn";
+    private static final String MININONPIEVPN = "nopievpn";
+    private static final String MINIPIEVPN = "pievpn";
+
     private static final long serialVersionUID = 7085688938959334563L;
     private static final String OVPNCONFIGFILE = "android.conf";
     public static final int MAXLOGLEVEL = 4;
@@ -138,6 +148,14 @@ public class VpnProfile implements Serializable {
         mProfileVersion = CURRENT_PROFILE_VERSION;
     }
 
+    public static String getMiniVPNExecutableName()
+    {
+        if (Build.VERSION.SDK_INT  >= Build.VERSION_CODES.JELLY_BEAN)
+            return VpnProfile.MINIPIEVPN;
+        else
+            return VpnProfile.MININONPIEVPN;
+    }
+
     public static String openVpnEscape(String unescaped) {
         if (unescaped == null)
             return null;
@@ -538,7 +556,7 @@ public class VpnProfile implements Serializable {
 
         // Add fixed paramenters
         //args.add("/data/data/de.blinkt.openvpn/lib/openvpn");
-        args.add(cacheDir.getAbsolutePath() + "/" + VpnProfile.MINIVPN);
+        args.add(cacheDir.getAbsolutePath() + "/" + getMiniVPNExecutableName());
 
         args.add("--config");
         args.add(cacheDir.getAbsolutePath() + "/" + OVPNCONFIGFILE);
@@ -547,6 +565,8 @@ public class VpnProfile implements Serializable {
         return args.toArray(new String[args.size()]);
     }
 
+
+
     public Intent prepareIntent(Context context) {
         String prefix = context.getPackageName();
 
diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java
index a1f6f533..09f9a916 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java
@@ -168,7 +168,7 @@ public class OpenVPNThread implements Runnable {
 
 	private String genLibraryPath(String[] argv, ProcessBuilder pb) {
 		// Hack until I find a good way to get the real library path
-		String applibpath = argv[0].replace("/cache/" + VpnProfile.MINIVPN , "/lib");
+		String applibpath = argv[0].replace("/cache/" + VpnProfile.getMiniVPNExecutableName() , "/lib");
 		
 		String lbpath = pb.environment().get("LD_LIBRARY_PATH");
 		if(lbpath==null) 
diff --git a/main/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java b/main/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java
index 5f1efb5f..3d28cb4b 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java
@@ -1,19 +1,20 @@
 package de.blinkt.openvpn.core;
 
+import android.content.Context;
+import android.content.Intent;
+import android.os.Build;
+
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 
-import android.content.Context;
-import android.content.Intent;
-import android.os.Build;
 import de.blinkt.openvpn.R;
 import de.blinkt.openvpn.VpnProfile;
 
 public class VPNLaunchHelper {
 	static private boolean writeMiniVPN(Context context) {
-		File mvpnout = new File(context.getCacheDir(),VpnProfile.MINIVPN);
+		File mvpnout = new File(context.getCacheDir(),VpnProfile.getMiniVPNExecutableName());
 		if (mvpnout.exists() && mvpnout.canExecute())
 			return true;
 
@@ -23,12 +24,12 @@ public class VPNLaunchHelper {
 			InputStream mvpn;
 			
 			try {
-				mvpn = context.getAssets().open("minivpn." + Build.CPU_ABI);
+				mvpn = context.getAssets().open(VpnProfile.getMiniVPNExecutableName() + "." + Build.CPU_ABI);
 			}
 			catch (IOException errabi) {
 				VpnStatus.logInfo("Failed getting assets for archicture " + Build.CPU_ABI);
 				e2=errabi;
-				mvpn = context.getAssets().open("minivpn." + Build.CPU_ABI2);
+				mvpn = context.getAssets().open(VpnProfile.getMiniVPNExecutableName() + "." + Build.CPU_ABI2);
 				
 			}
 
@@ -45,7 +46,7 @@ public class VPNLaunchHelper {
 			fout.close();
 
 			if(!mvpnout.setExecutable(true)) {
-				VpnStatus.logError("Failed to set minivpn executable");
+				VpnStatus.logError("Failed to make OpenVPN executable");
 				return false;
 			}
author	Arne Schwabe <arne@rfc2549.org>	2014-06-04 17:17:02 +0200
committer	Arne Schwabe <arne@rfc2549.org>	2014-06-04 17:17:02 +0200
commit	614b8790e5fc0bb3864eb2e3dd8c15016333d016 (patch)
tree	53cfe70577ddc69cd92f5b816281d2a76bced1ce
parent	ca7fe0a3dcdcec7d0cfa77bcff26409e84a9fa9a (diff)