From 614b8790e5fc0bb3864eb2e3dd8c15016333d016 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Wed, 4 Jun 2014 17:17:02 +0200 Subject: Implement PIE on JELLY BEAN --- main/jni/Android.mk | 13 ++++++- main/misc/build-native.sh | 3 +- .../main/java/de/blinkt/openvpn/VpnProfile.java | 42 ++++++++++++++++------ .../java/de/blinkt/openvpn/core/OpenVPNThread.java | 2 +- .../de/blinkt/openvpn/core/VPNLaunchHelper.java | 15 ++++---- 5 files changed, 54 insertions(+), 21 deletions(-) diff --git a/main/jni/Android.mk b/main/jni/Android.mk index 3152d7e9..33d0bc76 100644 --- a/main/jni/Android.mk +++ b/main/jni/Android.mk @@ -57,6 +57,17 @@ include $(CLEAR_VARS) LOCAL_LDLIBS := -lz -lc LOCAL_SHARED_LIBRARIES := libssl libcrypto openvpn LOCAL_SRC_FILES:= minivpn.c dummy.cpp -LOCAL_MODULE = minivpn +LOCAL_MODULE = nopievpn +include $(BUILD_EXECUTABLE) + + +include $(CLEAR_VARS) +LOCAL_LDLIBS := -lz -lc +LOCAL_CFLAGS= -fPIE -pie +LOCAL_CFLAGS = -fPIE +LOCAL_LDFLAGS = -fPIE -pie +LOCAL_SHARED_LIBRARIES := libssl libcrypto openvpn +LOCAL_SRC_FILES:= minivpn.c dummy.cpp +LOCAL_MODULE = pievpn include $(BUILD_EXECUTABLE) diff --git a/main/misc/build-native.sh b/main/misc/build-native.sh index 35353bdd..f27384cd 100755 --- a/main/misc/build-native.sh +++ b/main/misc/build-native.sh @@ -35,7 +35,8 @@ if [ $? = 0 ]; then mkdir -p ../ovpnlibs/assets for i in * do - cp -v $i/minivpn ../ovpnlibs/assets/minivpn.$i + cp -v $i/nopievpn ../ovpnlibs/assets/nopievpn.$i + cp -v $i/pievpn ../ovpnlibs/assets/pievpn.$i done # Removed compiled openssl libs, will use platform so libs # Reduces size of apk diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java index 601fb2df..c8771e9f 100644 --- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -12,18 +12,16 @@ import android.security.KeyChain; import android.security.KeyChainException; import android.util.Base64; -import de.blinkt.openvpn.core.NativeUtils; -import de.blinkt.openvpn.core.VpnStatus; -import de.blinkt.openvpn.core.OpenVpnService; -import de.blinkt.openvpn.core.X509Utils; import org.spongycastle.util.io.pem.PemObject; import org.spongycastle.util.io.pem.PemWriter; -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import java.io.*; +import java.io.File; +import java.io.FileNotFoundException; +import java.io.FileReader; +import java.io.FileWriter; +import java.io.IOException; +import java.io.Serializable; +import java.io.StringWriter; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.security.InvalidKeyException; @@ -37,6 +35,16 @@ import java.util.Locale; import java.util.UUID; import java.util.Vector; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; + +import de.blinkt.openvpn.core.NativeUtils; +import de.blinkt.openvpn.core.OpenVpnService; +import de.blinkt.openvpn.core.VpnStatus; +import de.blinkt.openvpn.core.X509Utils; + public class VpnProfile implements Serializable { // Note that this class cannot be moved to core where it belongs since // the profile loading depends on it being here @@ -48,7 +56,9 @@ public class VpnProfile implements Serializable { public static final String EXTRA_PROFILEUUID = "de.blinkt.openvpn.profileUUID"; public static final String INLINE_TAG = "[[INLINE]]"; public static final String DISPLAYNAME_TAG = "[[NAME]]"; - public static final String MINIVPN = "miniopenvpn"; + private static final String MININONPIEVPN = "nopievpn"; + private static final String MINIPIEVPN = "pievpn"; + private static final long serialVersionUID = 7085688938959334563L; private static final String OVPNCONFIGFILE = "android.conf"; public static final int MAXLOGLEVEL = 4; @@ -138,6 +148,14 @@ public class VpnProfile implements Serializable { mProfileVersion = CURRENT_PROFILE_VERSION; } + public static String getMiniVPNExecutableName() + { + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) + return VpnProfile.MINIPIEVPN; + else + return VpnProfile.MININONPIEVPN; + } + public static String openVpnEscape(String unescaped) { if (unescaped == null) return null; @@ -538,7 +556,7 @@ public class VpnProfile implements Serializable { // Add fixed paramenters //args.add("/data/data/de.blinkt.openvpn/lib/openvpn"); - args.add(cacheDir.getAbsolutePath() + "/" + VpnProfile.MINIVPN); + args.add(cacheDir.getAbsolutePath() + "/" + getMiniVPNExecutableName()); args.add("--config"); args.add(cacheDir.getAbsolutePath() + "/" + OVPNCONFIGFILE); @@ -547,6 +565,8 @@ public class VpnProfile implements Serializable { return args.toArray(new String[args.size()]); } + + public Intent prepareIntent(Context context) { String prefix = context.getPackageName(); diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java index a1f6f533..09f9a916 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java +++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java @@ -168,7 +168,7 @@ public class OpenVPNThread implements Runnable { private String genLibraryPath(String[] argv, ProcessBuilder pb) { // Hack until I find a good way to get the real library path - String applibpath = argv[0].replace("/cache/" + VpnProfile.MINIVPN , "/lib"); + String applibpath = argv[0].replace("/cache/" + VpnProfile.getMiniVPNExecutableName() , "/lib"); String lbpath = pb.environment().get("LD_LIBRARY_PATH"); if(lbpath==null) diff --git a/main/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java b/main/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java index 5f1efb5f..3d28cb4b 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java +++ b/main/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java @@ -1,19 +1,20 @@ package de.blinkt.openvpn.core; +import android.content.Context; +import android.content.Intent; +import android.os.Build; + import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; -import android.content.Context; -import android.content.Intent; -import android.os.Build; import de.blinkt.openvpn.R; import de.blinkt.openvpn.VpnProfile; public class VPNLaunchHelper { static private boolean writeMiniVPN(Context context) { - File mvpnout = new File(context.getCacheDir(),VpnProfile.MINIVPN); + File mvpnout = new File(context.getCacheDir(),VpnProfile.getMiniVPNExecutableName()); if (mvpnout.exists() && mvpnout.canExecute()) return true; @@ -23,12 +24,12 @@ public class VPNLaunchHelper { InputStream mvpn; try { - mvpn = context.getAssets().open("minivpn." + Build.CPU_ABI); + mvpn = context.getAssets().open(VpnProfile.getMiniVPNExecutableName() + "." + Build.CPU_ABI); } catch (IOException errabi) { VpnStatus.logInfo("Failed getting assets for archicture " + Build.CPU_ABI); e2=errabi; - mvpn = context.getAssets().open("minivpn." + Build.CPU_ABI2); + mvpn = context.getAssets().open(VpnProfile.getMiniVPNExecutableName() + "." + Build.CPU_ABI2); } @@ -45,7 +46,7 @@ public class VPNLaunchHelper { fout.close(); if(!mvpnout.setExecutable(true)) { - VpnStatus.logError("Failed to set minivpn executable"); + VpnStatus.logError("Failed to make OpenVPN executable"); return false; } -- cgit v1.2.3