[tor-commits] [orbot/master] selectively disable/enable transproxy rules

n8fr8 at torproject.org n8fr8 at torproject.org
Mon Aug 11 15:37:01 UTC 2014 

commit 6955c44e3673751c34e85a48305f1f1de6449dff
Author: Nathan Freitas <nathan at freitas.net>
Date:   Thu Aug 7 15:33:57 2014 -0400

    selectively disable/enable transproxy rules
---
 .../torproject/android/service/TorTransProxy.java  |   86 ++++++++------------
 1 file changed, 32 insertions(+), 54 deletions(-)

diff --git a/src/org/torproject/android/service/TorTransProxy.java b/src/org/torproject/android/service/TorTransProxy.java
index db97777..f0117e1 100644
--- a/src/org/torproject/android/service/TorTransProxy.java
+++ b/src/org/torproject/android/service/TorTransProxy.java
@@ -336,14 +336,18 @@ public class TorTransProxy implements TorServiceConstants {
 		return code;
 	}*/
 	
-	public int setTransparentProxyingByApp(Context context, ArrayList<TorifiedApp> apps) throws Exception
+	public int setTransparentProxyingByApp(Context context, ArrayList<TorifiedApp> apps, boolean enableRule) throws Exception
 	{
 		String ipTablesPath = getIpTablesPath(context);
 		
     	//StringBuilder script = new StringBuilder();
     	
+		String action = " -A ";
     	String srcChainName = "OUTPUT";
 
+		if (!enableRule)
+			action = " -D ";
+		
     	//run the delete commands in a separate process as it might error out
     	//String[] cmdExecClear = {script.toString()};    	    	
 		//code = TorServiceUtils.doShellCommand(cmdExecClear, res, runRoot, waitFor);
@@ -376,7 +380,7 @@ public class TorTransProxy implements TorServiceConstants {
 				// Allow loopback
 				script.append(ipTablesPath);
 				script.append(" -t filter");
-		        script.append(" -A ").append(srcChainName);
+		        script.append(action).append(srcChainName);
 				script.append(" -m owner --uid-owner ");
 				script.append(tApp.getUid());
 				script.append(" -o lo");
@@ -388,7 +392,7 @@ public class TorTransProxy implements TorServiceConstants {
 				// Set up port redirection
 		    	script.append(ipTablesPath);
 		    	script.append(" -t nat");
-		    	script.append(" -A ").append(srcChainName);				
+		    	script.append(action).append(srcChainName);				
 				script.append(" -p tcp");
 				script.append(ALLOW_LOCAL);
 				script.append(" -m owner --uid-owner ");
@@ -403,7 +407,7 @@ public class TorTransProxy implements TorServiceConstants {
 				// Same for DNS
 				script.append(ipTablesPath);
 				script.append(" -t nat");
-				script.append(" -A ").append(srcChainName);
+				script.append(action).append(srcChainName);
 				script.append(" -p udp");
 				script.append(" -m owner --uid-owner ");
 				script.append(tApp.getUid());
@@ -418,7 +422,7 @@ public class TorTransProxy implements TorServiceConstants {
 				// Reject all other outbound packets
 				script.append(ipTablesPath);
 				script.append(" -t filter");
-		        script.append(" -A ").append(srcChainName);
+		        script.append(action).append(srcChainName);
 				script.append(" -m owner --uid-owner ");
 				script.append(tApp.getUid());				
 				script.append(ALLOW_LOCAL);
@@ -500,40 +504,7 @@ public class TorTransProxy implements TorServiceConstants {
 			mTorService.debug(msg);
 	}
 	
-	public int clearTransparentProxyingAll(Context context) throws Exception 
-	{
 
-		String ipTablesPath = getIpTablesPath(context);
-		
-    	StringBuilder script = new StringBuilder();    	
-
-    	Shell shell = Shell.startRootShell();
-    	
-    	String chainName = "OUTPUT";
-    	
-		script = new StringBuilder();
-		script.append(ipTablesPath);
-    	script.append(" -t nat");		
-    	script.append(" -F ").append(chainName); //delete previous user-defined chain
-    	
-    	executeCommand (shell, script.toString());
-		script = new StringBuilder();
-		
-    	
-		script = new StringBuilder();
-		
-		script.append(ipTablesPath);
-    	script.append(" -t filter");		
-    	script.append(" -F ").append(chainName); //delete previous user-defined chain
-    	
-    	int lastExit = executeCommand (shell, script.toString());
-		
-    	shell.close();
-    	
-    	clearAllIPv6Filters(context);
-		
-    	return lastExit;
-	}
 	
 	public int fixTransproxyLeak (Context context) throws Exception 
 	{
@@ -609,18 +580,25 @@ public class TorTransProxy implements TorServiceConstants {
 		return lastExit;
 	}
 	
-	public int setTransparentProxyingAll(Context context) throws Exception 
+	public int setTransparentProxyingAll(Context context, boolean enable) throws Exception 
 	{
+	  	
+		String action = " -A ";
+    	String srcChainName = "OUTPUT";
+
+		if (!enable)
+			action = " -D ";
 		
-		dropAllIPv6Traffic(context,-1);
+		if (enable)
+			dropAllIPv6Traffic(context,-1);
+		else
+			clearAllIPv6Filters(context);
 		
 		String ipTablesPath = getIpTablesPath(context);
 		
     	Shell shell = Shell.startRootShell();
     	
     	int torUid = context.getApplicationInfo().uid;
-
-    	String srcChainName = "OUTPUT";
     	
     	StringBuilder script = new StringBuilder();
     	
@@ -628,7 +606,7 @@ public class TorTransProxy implements TorServiceConstants {
     	
 		script.append(ipTablesPath);			
 		script.append(" -t nat");
-		script.append(" -A ").append(srcChainName);
+		script.append(action).append(srcChainName);
 		script.append(" -m owner --uid-owner ");
 		script.append(torUid);
 		script.append(" -j ACCEPT");
@@ -640,7 +618,7 @@ public class TorTransProxy implements TorServiceConstants {
 		
 		script.append(ipTablesPath);
 		script.append(" -t nat");
-		script.append(" -A ").append(srcChainName);
+		script.append(action).append(srcChainName);
 		script.append(" -o lo");
 		script.append(" -j ACCEPT");
 
@@ -650,7 +628,7 @@ public class TorTransProxy implements TorServiceConstants {
     	// Set up port redirection    	
 		script.append(ipTablesPath);		
 		script.append(" -t nat");
-		script.append(" -A ").append(srcChainName);
+		script.append(action).append(srcChainName);
 		script.append(" -p tcp");
 		script.append(ALLOW_LOCAL); //allow access to localhost
 		script.append(" -m owner ! --uid-owner ");
@@ -665,7 +643,7 @@ public class TorTransProxy implements TorServiceConstants {
 		// Same for DNS
 		script.append(ipTablesPath);
 		script.append(" -t nat");
-		script.append(" -A ").append(srcChainName);
+		script.append(action).append(srcChainName);
 		script.append(" -p udp");
 		script.append(ALLOW_LOCAL); //allow access to localhost
 		script.append(" -m owner ! --uid-owner ");
@@ -684,7 +662,7 @@ public class TorTransProxy implements TorServiceConstants {
 			//XXX: Comment the following rules for non-debug builds
 			script.append(ipTablesPath);			
 			script.append(" -t filter");
-			script.append(" -A ").append(srcChainName);
+			script.append(action).append(srcChainName);
 			script.append(" -p udp");
 			script.append(" --dport ");
 			script.append(STANDARD_DNS_PORT);
@@ -697,7 +675,7 @@ public class TorTransProxy implements TorServiceConstants {
 			
 			script.append(ipTablesPath);			
 			script.append(" -t filter");
-			script.append(" -A ").append(srcChainName);
+			script.append(action).append(srcChainName);
 	    	script.append(" -p tcp");
 			script.append(" -j LOG");
 			script.append(" --log-prefix='ORBOT_TCPLEAK_PROTECTION'");
@@ -711,7 +689,7 @@ public class TorTransProxy implements TorServiceConstants {
 		//allow access to transproxy port
 		script.append(ipTablesPath);
 		script.append(" -t filter");
-		script.append(" -A ").append(srcChainName);
+		script.append(action).append(srcChainName);
 		script.append(" -p tcp");
 		script.append(" -m tcp");
 		script.append(" --dport ").append(mTransProxyPort);
@@ -723,7 +701,7 @@ public class TorTransProxy implements TorServiceConstants {
 		//allow access to local SOCKS port
 		script.append(ipTablesPath);
 		script.append(" -t filter");
-		script.append(" -A ").append(srcChainName);
+		script.append(action).append(srcChainName);
 		script.append(" -p tcp");
 		script.append(" -m tcp");
 		script.append(" --dport ").append(PORT_SOCKS_DEFAULT);
@@ -735,7 +713,7 @@ public class TorTransProxy implements TorServiceConstants {
 		//allow access to local SOCKS port
 		script.append(ipTablesPath);
 		script.append(" -t filter");
-		script.append(" -A ").append(srcChainName);
+		script.append(action).append(srcChainName);
 		script.append(" -p tcp");
 		script.append(" -m tcp");
 		script.append(" --dport ").append(PORT_HTTP);
@@ -747,7 +725,7 @@ public class TorTransProxy implements TorServiceConstants {
 		//allow access to local DNS port
 		script.append(ipTablesPath);
 		script.append(" -t filter");
-		script.append(" -A ").append(srcChainName);
+		script.append(action).append(srcChainName);
 		script.append(" -p udp");
 		script.append(" -m udp");
 		script.append(" --dport ").append(mDNSPort);
@@ -759,7 +737,7 @@ public class TorTransProxy implements TorServiceConstants {
 		//allow access to local DNS port
 		script.append(ipTablesPath);
 		script.append(" -t filter");
-		script.append(" -A ").append(srcChainName);
+		script.append(action).append(srcChainName);
 		script.append(" -p udp");
 		script.append(" -m udp");
 		script.append(" --dport ").append(mDNSPort);
@@ -772,7 +750,7 @@ public class TorTransProxy implements TorServiceConstants {
 		// Reject all other packets
 		script.append(ipTablesPath);
 		script.append(" -t filter");
-		script.append(" -A ").append(srcChainName);
+		script.append(action).append(srcChainName);
 		script.append(" -m owner ! --uid-owner ");
 		script.append(torUid);
 		script.append(ALLOW_LOCAL); //allow access to localhost

More information about the tor-commits mailing list