From 369cbbea9482d0b6e5a466bde03140d772bcca83 Mon Sep 17 00:00:00 2001 From: M66B Date: Sat, 6 Feb 2016 16:17:31 +0100 Subject: [PATCH] Require approval for port forwarding --- app/src/main/AndroidManifest.xml | 21 ++-- .../eu/faircode/netguard/ActivityForward.java | 103 ++++++++++++++++++ .../eu/faircode/netguard/ActivityMain.java | 2 - app/src/main/jni/netguard/netguard.c | 30 ++--- app/src/main/jni/netguard/netguard.h | 1 + app/src/main/res/layout/forward.xml | 60 ++++++++++ app/src/main/res/values/strings.xml | 2 + app/src/main/res/values/styles.xml | 5 + 8 files changed, 198 insertions(+), 26 deletions(-) create mode 100644 app/src/main/java/eu/faircode/netguard/ActivityForward.java create mode 100644 app/src/main/res/layout/forward.xml diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml index 2680a9ee..60ca601d 100644 --- a/app/src/main/AndroidManifest.xml +++ b/app/src/main/AndroidManifest.xml @@ -75,6 +75,17 @@ android:value=".ActivityMain" /> + + + + + + + - - - - - - - diff --git a/app/src/main/java/eu/faircode/netguard/ActivityForward.java b/app/src/main/java/eu/faircode/netguard/ActivityForward.java new file mode 100644 index 00000000..5f97b1f2 --- /dev/null +++ b/app/src/main/java/eu/faircode/netguard/ActivityForward.java @@ -0,0 +1,103 @@ +package eu.faircode.netguard; + + +/* + This file is part of NetGuard. + + NetGuard is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + NetGuard is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with NetGuard. If not, see . + + Copyright 2015-2016 by Marcel Bokhorst (M66B) +*/ + +import android.app.Activity; +import android.os.Bundle; +import android.text.TextUtils; +import android.view.View; +import android.widget.Button; +import android.widget.TextView; + +public class ActivityForward extends Activity { + private static final String TAG = "NetGuard.Forward"; + private static final String ACTION_START_PORT_FORWARD = "eu.faircode.netguard.START_PORT_FORWARD"; + private static final String ACTION_STOP_PORT_FORWARD = "eu.faircode.netguard.STOP_PORT_FORWARD"; + + private native void jni_start_port_forward(int protocol, int source, int target, int uid); + + private native void jni_stop_port_forward(int protocol, int source); + + static { + System.loadLibrary("netguard"); + } + + @Override + protected void onCreate(Bundle savedInstanceState) { + super.onCreate(savedInstanceState); + setContentView(R.layout.forward); + + final int protocol = getIntent().getIntExtra("protocol", 0); + final int source = getIntent().getIntExtra("source", 0); + final int target = getIntent().getIntExtra("target", 0); + final int uid = getIntent().getIntExtra("uid", 0); + + String pname; + if (protocol == 6) + pname = getString(R.string.menu_protocol_tcp); + else if (protocol == 17) + pname = getString(R.string.menu_protocol_udp); + else + pname = Integer.toString(protocol); + + TextView tvForward = (TextView) findViewById(R.id.tvForward); + if (ACTION_START_PORT_FORWARD.equals(getIntent().getAction())) + tvForward.setText(getString(R.string.msg_forward_start, + pname, source, target, + TextUtils.join(", ", Util.getApplicationNames(uid, this)))); + else + tvForward.setText(getString(R.string.msg_forward_stop, pname, source)); + + Button btnOk = (Button) findViewById(R.id.btnOk); + Button btnCancel = (Button) findViewById(R.id.btnCancel); + + btnOk.setOnClickListener(new View.OnClickListener() { + @Override + public void onClick(View view) { + if (ACTION_START_PORT_FORWARD.equals(getIntent().getAction())) { + // am start -a eu.faircode.netguard.START_PORT_FORWARD \ + // -n eu.faircode.netguard/eu.faircode.netguard.ActivityForward \ + // --ei protocol \ + // --ei source \ + // --ei target \ + // --ei uid + jni_start_port_forward(protocol, source, target, uid); + + } else if (ACTION_STOP_PORT_FORWARD.equals(getIntent().getAction())) { + // am start -a eu.faircode.netguard.STOP_PORT_FORWARD \ + // -n eu.faircode.netguard/eu.faircode.netguard.ActivityForward \ + // --ei protocol \ + // --ei source \ + jni_stop_port_forward(protocol, source); + } + + finish(); + } + }); + + btnCancel.setOnClickListener(new View.OnClickListener() { + @Override + public void onClick(View view) { + finish(); + } + }); + } +} diff --git a/app/src/main/java/eu/faircode/netguard/ActivityMain.java b/app/src/main/java/eu/faircode/netguard/ActivityMain.java index 3deb7b8e..8bbc53f1 100644 --- a/app/src/main/java/eu/faircode/netguard/ActivityMain.java +++ b/app/src/main/java/eu/faircode/netguard/ActivityMain.java @@ -622,8 +622,6 @@ public class ActivityMain extends AppCompatActivity implements SharedPreferences return true; case R.id.menu_settings: - if (menuSearch != null) - MenuItemCompat.collapseActionView(menuSearch); startActivity(new Intent(this, ActivitySettings.class)); return true; diff --git a/app/src/main/jni/netguard/netguard.c b/app/src/main/jni/netguard/netguard.c index f99643b6..bb6614ff 100644 --- a/app/src/main/jni/netguard/netguard.c +++ b/app/src/main/jni/netguard/netguard.c @@ -242,17 +242,16 @@ Java_eu_faircode_netguard_SinkholeService_jni_1done(JNIEnv *env, jobject instanc // JNI ForwardService JNIEXPORT void JNICALL -Java_eu_faircode_netguard_ForwardService_jni_1stop_1port_1forward( - JNIEnv *env, jobject instance, jint source) { - log_android(ANDROID_LOG_WARN, - "Stop port forwarding to uid %d", source); +Java_eu_faircode_netguard_ActivityForward_jni_1stop_1port_1forward( + JNIEnv *env, jobject instance, jint protocol, jint source) { + log_android(ANDROID_LOG_WARN, "Stop port forwarding to protocol %d port %d", protocol, source); if (pthread_mutex_lock(&lock)) log_android(ANDROID_LOG_ERROR, "pthread_mutex_lock failed"); struct port_forward *l = NULL; struct port_forward *f = port_forward; - while (f != NULL && f->source != source) { + while (f != NULL && f->protocol != protocol && f->source != source) { l = f; f = f->next; } @@ -270,18 +269,21 @@ Java_eu_faircode_netguard_ForwardService_jni_1stop_1port_1forward( } JNIEXPORT void JNICALL -Java_eu_faircode_netguard_ForwardService_jni_1start_1port_1forward( - JNIEnv *env, jobject instance, jint source, jint target, jint uid) { +Java_eu_faircode_netguard_ActivityForward_jni_1start_1port_1forward( + JNIEnv *env, jobject instance, jint protocol, jint source, jint target, jint uid) { - Java_eu_faircode_netguard_ForwardService_jni_1stop_1port_1forward(env, instance, source); + Java_eu_faircode_netguard_ActivityForward_jni_1stop_1port_1forward( + env, instance, protocol, source); log_android(ANDROID_LOG_WARN, - "Start port forwarding from %d to %d uid %d", source, target, uid); + "Start port forwarding protocol %d from %d to %d uid %d", + protocol, source, target, uid); if (pthread_mutex_lock(&lock)) log_android(ANDROID_LOG_ERROR, "pthread_mutex_lock failed"); struct port_forward *forward = malloc(sizeof(struct port_forward)); + forward->protocol = protocol; forward->source = source; forward->target = target; forward->uid = uid; @@ -298,7 +300,7 @@ JNIEXPORT jstring JNICALL Java_eu_faircode_netguard_Util_jni_1getprop(JNIEnv *env, jclass type, jstring name_) { const char *name = (*env)->GetStringUTFChars(env, name_, 0); - char value[250]; + char value[250] = ""; __system_property_get(env, name, value); (*env)->ReleaseStringUTFChars(env, name_, name); @@ -1556,7 +1558,7 @@ void handle_ip(const struct arguments *args, const uint8_t *pkt, const size_t le flags[flen] = 0; struct port_forward *fwd53 = port_forward; - while (fwd53 != NULL && fwd53->source != 53) + while (fwd53 != NULL && fwd53->protocol != IPPROTO_UDP && fwd53->source != 53) fwd53 = fwd53->next; // Get uid @@ -1634,7 +1636,7 @@ void handle_ip(const struct arguments *args, const uint8_t *pkt, const size_t le else { if (protocol == IPPROTO_UDP) block_udp(args, pkt, length, payload, uid); - log_android(ANDROID_LOG_INFO, "Address v%d p%d %s/%u syn %d not allowed", + log_android(ANDROID_LOG_WARN, "Address v%d p%d %s/%u syn %d not allowed", version, protocol, dest, dport, syn); } @@ -1963,7 +1965,7 @@ jboolean handle_udp(const struct arguments *args, // Port forwarding struct port_forward *fwd = port_forward; - while (fwd != NULL && fwd->source != ntohs(udphdr->dest)) + while (fwd != NULL && fwd->protocol != IPPROTO_UDP && fwd->source != ntohs(udphdr->dest)) fwd = fwd->next; if (fwd != NULL) { if (fwd->uid == cur->uid) @@ -2617,7 +2619,7 @@ int open_tcp_socket(const struct arguments *args, const struct tcp_session *cur) // Port forwarding struct port_forward *fwd = port_forward; - while (fwd != NULL && fwd->source != ntohs(cur->dest)) + while (fwd != NULL && fwd->protocol != IPPROTO_TCP && fwd->source != ntohs(cur->dest)) fwd = fwd->next; if (fwd != NULL) { if (fwd->uid == cur->uid) diff --git a/app/src/main/jni/netguard/netguard.h b/app/src/main/jni/netguard/netguard.h index d473a25e..63e655c8 100644 --- a/app/src/main/jni/netguard/netguard.h +++ b/app/src/main/jni/netguard/netguard.h @@ -40,6 +40,7 @@ struct arguments { }; struct port_forward { + uint8_t protocol; uint16_t source; uint16_t target; uint16_t uid; diff --git a/app/src/main/res/layout/forward.xml b/app/src/main/res/layout/forward.xml new file mode 100644 index 00000000..6fa594cf --- /dev/null +++ b/app/src/main/res/layout/forward.xml @@ -0,0 +1,60 @@ + + + + + + + + + + + + + + +