diff options
Diffstat (limited to 'main/src')
7 files changed, 246 insertions, 119 deletions
diff --git a/main/src/main/AndroidManifest.xml b/main/src/main/AndroidManifest.xml index e57cf096..efee02f7 100644 --- a/main/src/main/AndroidManifest.xml +++ b/main/src/main/AndroidManifest.xml @@ -224,6 +224,13 @@ android:name="android.support.PARENT_ACTIVITY" android:value="de.blinkt.openvpn.activities.MainActivity" /> </activity> + <activity + android:name=".api.RemoteAction" + /> + <activity-alias + android:exported="true" + android:name=".api.DisconnectVPN" + android:targetActivity=".api.RemoteAction" /> </application> </manifest>
\ No newline at end of file diff --git a/main/src/main/java/de/blinkt/openvpn/LaunchVPN.java b/main/src/main/java/de/blinkt/openvpn/LaunchVPN.java index 44e355ff..7b5d4e28 100644 --- a/main/src/main/java/de/blinkt/openvpn/LaunchVPN.java +++ b/main/src/main/java/de/blinkt/openvpn/LaunchVPN.java @@ -34,6 +34,7 @@ import android.widget.EditText; import java.io.IOException; import de.blinkt.openvpn.activities.LogWindow; +import de.blinkt.openvpn.api.ExternalAppDatabase; import de.blinkt.openvpn.core.ConnectionStatus; import de.blinkt.openvpn.core.IServiceStatus; import de.blinkt.openvpn.core.OpenVPNStatusService; @@ -139,8 +140,14 @@ public class LaunchVPN extends Activity { mhideLog = intent.getBooleanExtra(EXTRA_HIDELOG, false); VpnProfile profileToConnect = ProfileManager.get(this, shortcutUUID); - if (shortcutName != null && profileToConnect == null) + if (shortcutName != null && profileToConnect == null) { profileToConnect = ProfileManager.getInstance(this).getProfileByName(shortcutName); + if (!(new ExternalAppDatabase(this).checkRemoteActionPermission(this))) { + finish(); + return; + } + } + if (profileToConnect == null) { VpnStatus.logError(R.string.shortcut_profile_notfound); diff --git a/main/src/main/java/de/blinkt/openvpn/api/ConfirmDialog.java b/main/src/main/java/de/blinkt/openvpn/api/ConfirmDialog.java index 4124b7d4..2355f83b 100644 --- a/main/src/main/java/de/blinkt/openvpn/api/ConfirmDialog.java +++ b/main/src/main/java/de/blinkt/openvpn/api/ConfirmDialog.java @@ -21,6 +21,7 @@ import android.app.AlertDialog; import android.app.AlertDialog.Builder; import android.content.DialogInterface; import android.content.DialogInterface.OnShowListener; +import android.content.Intent; import android.content.pm.ApplicationInfo; import android.content.pm.PackageManager; import android.util.Log; @@ -29,97 +30,113 @@ import android.widget.Button; import android.widget.CompoundButton; import android.widget.ImageView; import android.widget.TextView; + import de.blinkt.openvpn.R; public class ConfirmDialog extends Activity implements -CompoundButton.OnCheckedChangeListener, DialogInterface.OnClickListener { - private static final String TAG = "OpenVPNVpnConfirm"; - - private String mPackage; - - private Button mButton; - - private AlertDialog mAlert; - - @Override - protected void onResume() { - super.onResume(); - try { - mPackage = getCallingPackage(); - if (mPackage==null) { - finish(); - return; - } - - - PackageManager pm = getPackageManager(); - ApplicationInfo app = pm.getApplicationInfo(mPackage, 0); - - View view = View.inflate(this, R.layout.api_confirm, null); - ((ImageView) view.findViewById(R.id.icon)).setImageDrawable(app.loadIcon(pm)); - ((TextView) view.findViewById(R.id.prompt)).setText( - getString(R.string.prompt, app.loadLabel(pm), getString(R.string.app))); - ((CompoundButton) view.findViewById(R.id.check)).setOnCheckedChangeListener(this); - - - Builder builder = new AlertDialog.Builder(this); - - builder.setView(view); - - builder.setIconAttribute(android.R.attr.alertDialogIcon); - builder.setTitle(android.R.string.dialog_alert_title); - builder.setPositiveButton(android.R.string.ok,this); - builder.setNegativeButton(android.R.string.cancel,this); - - mAlert = builder.create(); - mAlert.setCanceledOnTouchOutside(false); - - mAlert.setOnShowListener (new OnShowListener() { - @Override - public void onShow(DialogInterface dialog) { - mButton = mAlert.getButton(DialogInterface.BUTTON_POSITIVE); - mButton.setEnabled(false); - - } - }); - - //setCloseOnTouchOutside(false); - - mAlert.show(); - - } catch (Exception e) { - Log.e(TAG, "onResume", e); - finish(); - } - } - - @Override - public void onBackPressed() { - setResult(RESULT_CANCELED); - finish(); - } - - @Override - public void onCheckedChanged(CompoundButton button, boolean checked) { - mButton.setEnabled(checked); - } - - @Override - public void onClick(DialogInterface dialog, int which) { - - if (which == DialogInterface.BUTTON_POSITIVE) { - ExternalAppDatabase extapps = new ExternalAppDatabase(this); - extapps.addApp(mPackage); - setResult(RESULT_OK); - finish(); - } - - if (which == DialogInterface.BUTTON_NEGATIVE) { - setResult(RESULT_CANCELED); - finish(); - } - } + CompoundButton.OnCheckedChangeListener, DialogInterface.OnClickListener { + private static final String TAG = "OpenVPNVpnConfirm"; + + public static final String EXTRA_PACKAGE_NAME = "android.intent.extra.PACKAGE_NAME"; + + public static final String ANONYMOUS_PACKAGE = "de.blinkt.openvpn.ANYPACKAGE"; + + private String mPackage; + + private Button mButton; + + private AlertDialog mAlert; + + @Override + protected void onResume() { + super.onResume(); + + Intent intent = getIntent(); + if (intent.getStringExtra(EXTRA_PACKAGE_NAME) != null) { + mPackage = intent.getStringExtra(EXTRA_PACKAGE_NAME); + } else { + mPackage = getCallingPackage(); + if (mPackage == null) { + finish(); + return; + } + } + + try { + View view = View.inflate(this, R.layout.api_confirm, null); + CharSequence appString; + if (mPackage.equals(ANONYMOUS_PACKAGE)) { + appString = getString(R.string.all_app_prompt, getString(R.string.app)); + } else { + PackageManager pm = getPackageManager(); + ApplicationInfo app = pm.getApplicationInfo(mPackage, 0); + appString = getString(R.string.prompt, app.loadLabel(pm) , getString(R.string.app)); + ((ImageView) view.findViewById(R.id.icon)).setImageDrawable(app.loadIcon(pm)); + } + + + ((TextView) view.findViewById(R.id.prompt)).setText(appString); + ((CompoundButton) view.findViewById(R.id.check)).setOnCheckedChangeListener(this); + + + Builder builder = new AlertDialog.Builder(this); + + builder.setView(view); + + builder.setIconAttribute(android.R.attr.alertDialogIcon); + builder.setTitle(android.R.string.dialog_alert_title); + builder.setPositiveButton(android.R.string.ok, this); + builder.setNegativeButton(android.R.string.cancel, this); + + mAlert = builder.create(); + mAlert.setCanceledOnTouchOutside(false); + + mAlert.setOnShowListener(new OnShowListener() { + @Override + public void onShow(DialogInterface dialog) { + mButton = mAlert.getButton(DialogInterface.BUTTON_POSITIVE); + mButton.setEnabled(false); + + } + }); + + //setCloseOnTouchOutside(false); + + mAlert.show(); + + } catch (Exception e) { + Log.e(TAG, "onResume", e); + finish(); + } + } + + @Override + public void onBackPressed() { + setResult(RESULT_CANCELED); + finish(); + } + + @Override + public void onCheckedChanged(CompoundButton button, boolean checked) { + mButton.setEnabled(checked); + } + + @Override + public void onClick(DialogInterface dialog, int which) { + + if (which == DialogInterface.BUTTON_POSITIVE) { + ExternalAppDatabase extapps = new ExternalAppDatabase(this); + extapps.addApp(mPackage); + setResult(RESULT_OK); + finish(); + } + + if (which == DialogInterface.BUTTON_NEGATIVE) { + setResult(RESULT_CANCELED); + finish(); + } + } } diff --git a/main/src/main/java/de/blinkt/openvpn/api/ExternalAppDatabase.java b/main/src/main/java/de/blinkt/openvpn/api/ExternalAppDatabase.java index 967d7728..e87b4c3a 100644 --- a/main/src/main/java/de/blinkt/openvpn/api/ExternalAppDatabase.java +++ b/main/src/main/java/de/blinkt/openvpn/api/ExternalAppDatabase.java @@ -5,9 +5,14 @@ package de.blinkt.openvpn.api; +import android.app.Activity; import android.content.Context; +import android.content.Intent; import android.content.SharedPreferences; import android.content.SharedPreferences.Editor; +import android.content.pm.ApplicationInfo; +import android.content.pm.PackageManager; +import android.os.Binder; import java.util.HashSet; import java.util.Set; @@ -64,4 +69,40 @@ public class ExternalAppDatabase { saveExtAppList(allowedapps); } + + public String checkOpenVPNPermission(PackageManager pm) throws SecurityRemoteException { + + for (String appPackage : getExtAppList()) { + ApplicationInfo app; + try { + app = pm.getApplicationInfo(appPackage, 0); + if (Binder.getCallingUid() == app.uid) { + return appPackage; + } + } catch (PackageManager.NameNotFoundException e) { + // App not found. Remove it from the list + removeApp(appPackage); + } + + } + throw new SecurityException("Unauthorized OpenVPN API Caller"); + } + + + public boolean checkRemoteActionPermission(Activity a) { + + String callingPackage = a.getCallingPackage(); + + if (callingPackage == null) + callingPackage = ConfirmDialog.ANONYMOUS_PACKAGE; + + if (isAllowed(callingPackage)) { + return true; + } else { + Intent confirmDialog = new Intent(a, ConfirmDialog.class); + confirmDialog.putExtra(ConfirmDialog.EXTRA_PACKAGE_NAME, callingPackage); + a.startActivity(confirmDialog); + return false; + } + } } diff --git a/main/src/main/java/de/blinkt/openvpn/api/ExternalOpenVPNService.java b/main/src/main/java/de/blinkt/openvpn/api/ExternalOpenVPNService.java index 6b549ed1..e5c50a6c 100644 --- a/main/src/main/java/de/blinkt/openvpn/api/ExternalOpenVPNService.java +++ b/main/src/main/java/de/blinkt/openvpn/api/ExternalOpenVPNService.java @@ -111,28 +111,9 @@ public class ExternalOpenVPNService extends Service implements StateListener { private final IOpenVPNAPIService.Stub mBinder = new IOpenVPNAPIService.Stub() {
- private String checkOpenVPNPermission() throws SecurityRemoteException {
- PackageManager pm = getPackageManager();
-
- for (String appPackage : mExtAppDb.getExtAppList()) {
- ApplicationInfo app;
- try {
- app = pm.getApplicationInfo(appPackage, 0);
- if (Binder.getCallingUid() == app.uid) {
- return appPackage;
- }
- } catch (NameNotFoundException e) {
- // App not found. Remove it from the list
- mExtAppDb.removeApp(appPackage);
- }
-
- }
- throw new SecurityException("Unauthorized OpenVPN API Caller");
- }
-
@Override
public List<APIVpnProfile> getProfiles() throws RemoteException {
- checkOpenVPNPermission();
+ mExtAppDb.checkOpenVPNPermission(getPackageManager());
ProfileManager pm = ProfileManager.getInstance(getBaseContext());
@@ -170,7 +151,7 @@ public class ExternalOpenVPNService extends Service implements StateListener { @Override
public void startProfile(String profileUUID) throws RemoteException {
- checkOpenVPNPermission();
+ mExtAppDb.checkOpenVPNPermission(getPackageManager());
VpnProfile vp = ProfileManager.get(getBaseContext(), profileUUID);
if (vp.checkProfile(getApplicationContext()) != R.string.no_error_found)
@@ -180,7 +161,7 @@ public class ExternalOpenVPNService extends Service implements StateListener { }
public void startVPN(String inlineConfig) throws RemoteException {
- String callingApp = checkOpenVPNPermission();
+ String callingApp = mExtAppDb.checkOpenVPNPermission(getPackageManager());
ConfigParser cp = new ConfigParser();
try {
@@ -216,7 +197,7 @@ public class ExternalOpenVPNService extends Service implements StateListener { @Override
public APIVpnProfile addNewVPNProfile(String name, boolean userEditable, String config) throws RemoteException {
- String callingPackage = checkOpenVPNPermission();
+ String callingPackage = mExtAppDb.checkOpenVPNPermission(getPackageManager());
ConfigParser cp = new ConfigParser();
try {
@@ -241,7 +222,7 @@ public class ExternalOpenVPNService extends Service implements StateListener { @Override
public void removeProfile(String profileUUID) throws RemoteException {
- checkOpenVPNPermission();
+ mExtAppDb.checkOpenVPNPermission(getPackageManager());
ProfileManager pm = ProfileManager.getInstance(getBaseContext());
VpnProfile vp = ProfileManager.get(getBaseContext(), profileUUID);
pm.removeProfile(ExternalOpenVPNService.this, vp);
@@ -249,7 +230,7 @@ public class ExternalOpenVPNService extends Service implements StateListener { @Override
public boolean protectSocket(ParcelFileDescriptor pfd) throws RemoteException {
- checkOpenVPNPermission();
+ mExtAppDb.checkOpenVPNPermission(getPackageManager());
try {
boolean success= mService.protect(pfd.getFd());
pfd.close();
@@ -272,7 +253,7 @@ public class ExternalOpenVPNService extends Service implements StateListener { @Override
public Intent prepareVPNService() throws RemoteException {
- checkOpenVPNPermission();
+ mExtAppDb.checkOpenVPNPermission(getPackageManager());
if (VpnService.prepare(ExternalOpenVPNService.this) == null)
return null;
@@ -284,7 +265,7 @@ public class ExternalOpenVPNService extends Service implements StateListener { @Override
public void registerStatusCallback(IOpenVPNStatusCallback cb)
throws RemoteException {
- checkOpenVPNPermission();
+ mExtAppDb.checkOpenVPNPermission(getPackageManager());
if (cb != null) {
cb.newStatus(mMostRecentState.vpnUUID, mMostRecentState.state,
@@ -298,7 +279,7 @@ public class ExternalOpenVPNService extends Service implements StateListener { @Override
public void unregisterStatusCallback(IOpenVPNStatusCallback cb)
throws RemoteException {
- checkOpenVPNPermission();
+ mExtAppDb.checkOpenVPNPermission(getPackageManager());
if (cb != null)
mCallbacks.unregister(cb);
@@ -306,21 +287,21 @@ public class ExternalOpenVPNService extends Service implements StateListener { @Override
public void disconnect() throws RemoteException {
- checkOpenVPNPermission();
+ mExtAppDb.checkOpenVPNPermission(getPackageManager());
if (mService != null)
mService.stopVPN(false);
}
@Override
public void pause() throws RemoteException {
- checkOpenVPNPermission();
+ mExtAppDb.checkOpenVPNPermission(getPackageManager());
if (mService != null)
mService.userPause(true);
}
@Override
public void resume() throws RemoteException {
- checkOpenVPNPermission();
+ mExtAppDb.checkOpenVPNPermission(getPackageManager());
if (mService != null)
mService.userPause(false);
diff --git a/main/src/main/java/de/blinkt/openvpn/api/RemoteAction.java b/main/src/main/java/de/blinkt/openvpn/api/RemoteAction.java new file mode 100644 index 00000000..cac8efcb --- /dev/null +++ b/main/src/main/java/de/blinkt/openvpn/api/RemoteAction.java @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2012-2017 Arne Schwabe + * Distributed under the GNU GPL v2 with additional terms. For full terms see the file doc/LICENSE.txt + */ + +package de.blinkt.openvpn.api; + +import android.app.Activity; +import android.content.ComponentName; +import android.content.Context; +import android.content.Intent; +import android.content.ServiceConnection; +import android.os.Bundle; +import android.os.IBinder; +import android.os.RemoteException; + +import de.blinkt.openvpn.core.IOpenVPNServiceInternal; +import de.blinkt.openvpn.core.OpenVPNService; + +public class RemoteAction extends Activity { + + private ExternalAppDatabase mExtAppDb; + + @Override + protected void onCreate(Bundle savedInstanceState) { + super.onCreate(savedInstanceState); + mExtAppDb = new ExternalAppDatabase(this); + } + + private ServiceConnection mConnection = new ServiceConnection() { + @Override + public void onServiceConnected(ComponentName className, + IBinder service) { + + IOpenVPNServiceInternal myservice = IOpenVPNServiceInternal.Stub.asInterface(service); + try { + myservice.stopVPN(false); + } catch (RemoteException e) { + e.printStackTrace(); + } + } + + @Override + public void onServiceDisconnected(ComponentName arg0) { + //mService = null; + } + + }; + + + @Override + protected void onResume() { + super.onResume(); + if (mExtAppDb.checkRemoteActionPermission(this)) + performAction(); + + finish(); + + } + + private void performAction() { + Intent intent = new Intent(this, OpenVPNService.class); + intent.setAction(OpenVPNService.START_SERVICE); + + ComponentName component = getIntent().getComponent(); + if (component.getShortClassName().equals(".api.DisconnectVPN")) { + boolean mDoDisconnect = true; + } + getApplicationContext().bindService(intent, mConnection, Context.BIND_AUTO_CREATE); + + + } +} diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml index 67248dae..c814afc6 100755 --- a/main/src/main/res/values/strings.xml +++ b/main/src/main/res/values/strings.xml @@ -454,5 +454,6 @@ <string name="openssl_error">OpenSSL returned an error</string> <string name="running_test">Running test…</string> <string name="test_algoirhtms">Test selected algorithms</string> + <string name="all_app_prompt">An external app tries to control %s. The app cannot be determined allowing now grants ALL apps access.</string> </resources> |