mirror/NetGuard
1
0
Fork 0
mirror of https://github.com/M66B/NetGuard.git synced 2025-01-04 06:23:04 +00:00
Code Issues Releases Wiki Activity

Allow system applications in disconnected state

Browse source
This commit is contained in:
M66B 2016-02-13 08:02:47 +01:00
parent 5a63c34938
commit ed53576311
1 changed files with 23 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
app/src/main/java/eu/faircode/netguard/SinkholeService.java
View file

@ -105,6 +105,7 @@ public class SinkholeService extends VpnService implements SharedPreferences.OnS
private Map<String, Boolean> mapHostsBlocked = new HashMap<>(); private Map<String, Boolean> mapHostsBlocked = new HashMap<>();
private Map<Integer, Boolean> mapUidAllowed = new HashMap<>(); private Map<Integer, Boolean> mapUidAllowed = new HashMap<>();
private Map<Integer, Integer> mapUidKnown = new HashMap<>();
private Map<Long, Map<InetAddress, Boolean>> mapUidIPFilters = new HashMap<>(); private Map<Long, Map<InetAddress, Boolean>> mapUidIPFilters = new HashMap<>();
private Map<Integer, Forward> mapForward = new HashMap<>(); private Map<Integer, Forward> mapForward = new HashMap<>();
@ -334,7 +335,7 @@ public class SinkholeService extends VpnService implements SharedPreferences.OnS
if (vpn == null) if (vpn == null)
throw new IllegalStateException("VPN start failed"); throw new IllegalStateException("VPN start failed");
startNative(vpn, listAllowed); startNative(vpn, listAllowed, listRule);
removeWarningNotifications(); removeWarningNotifications();
updateEnforcingNotification(listAllowed.size(), listRule.size()); updateEnforcingNotification(listAllowed.size(), listRule.size());
@ -378,7 +379,7 @@ public class SinkholeService extends VpnService implements SharedPreferences.OnS
if (vpn == null) if (vpn == null)
throw new IllegalStateException("VPN start failed"); throw new IllegalStateException("VPN start failed");
startNative(vpn, listAllowed); startNative(vpn, listAllowed, listRule);
} else { } else {
Log.i(TAG, "VPN restart"); Log.i(TAG, "VPN restart");
@ -402,7 +403,7 @@ public class SinkholeService extends VpnService implements SharedPreferences.OnS
if (vpn == null) if (vpn == null)
throw new IllegalStateException("VPN start failed"); throw new IllegalStateException("VPN start failed");
startNative(vpn, listAllowed); startNative(vpn, listAllowed, listRule);
} }
removeWarningNotifications(); removeWarningNotifications();
@ -512,9 +513,6 @@ public class SinkholeService extends VpnService implements SharedPreferences.OnS
(system || !Util.isSystem(packet.uid, SinkholeService.this))) (system || !Util.isSystem(packet.uid, SinkholeService.this)))
showAccessNotification(packet.uid); showAccessNotification(packet.uid);
} }
if (packet.uid < 0)
Log.w(TAG, "Unknown application packet " + packet);
} }
private void resolved(ResourceRecord rr) { private void resolved(ResourceRecord rr) {
@ -890,7 +888,7 @@ public class SinkholeService extends VpnService implements SharedPreferences.OnS
} }
} }
private void startNative(ParcelFileDescriptor vpn, List<Rule> listAllowed) { private void startNative(ParcelFileDescriptor vpn, List<Rule> listAllowed, List<Rule> listRule) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(SinkholeService.this); SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(SinkholeService.this);
boolean log = prefs.getBoolean("log", false); boolean log = prefs.getBoolean("log", false);
boolean filter = prefs.getBoolean("filter", false); boolean filter = prefs.getBoolean("filter", false);
@ -899,7 +897,7 @@ public class SinkholeService extends VpnService implements SharedPreferences.OnS
// Prepare rules // Prepare rules
if (filter) { if (filter) {
prepareUidAllowed(listAllowed); prepareUidAllowed(listAllowed, listRule);
prepareHostsBlocked(); prepareHostsBlocked();
prepareUidIPFilters(); prepareUidIPFilters();
prepareForwarding(); prepareForwarding();
@ -928,15 +926,20 @@ public class SinkholeService extends VpnService implements SharedPreferences.OnS
private void unprepare() { private void unprepare() {
mapUidAllowed.clear(); mapUidAllowed.clear();
mapUidKnown.clear();
mapHostsBlocked.clear(); mapHostsBlocked.clear();
mapUidIPFilters.clear(); mapUidIPFilters.clear();
mapForward.clear(); mapForward.clear();
} }
private void prepareUidAllowed(List<Rule> listAllowed) { private void prepareUidAllowed(List<Rule> listAllowed, List<Rule> listRule) {
mapUidAllowed.clear(); mapUidAllowed.clear();
for (Rule rule : listAllowed) for (Rule rule : listAllowed)
mapUidAllowed.put(rule.info.applicationInfo.uid, true); mapUidAllowed.put(rule.info.applicationInfo.uid, true);
mapUidKnown.clear();
for (Rule rule : listRule)
mapUidKnown.put(rule.info.applicationInfo.uid, rule.info.applicationInfo.uid);
} }
private void prepareHostsBlocked() { private void prepareHostsBlocked() {
@ -1141,11 +1144,8 @@ public class SinkholeService extends VpnService implements SharedPreferences.OnS
if ((!blocked || (screen && last_interactive)) && (!metered || !(rule.roaming && roaming))) if ((!blocked || (screen && last_interactive)) && (!metered || !(rule.roaming && roaming)))
listAllowed.add(rule); listAllowed.add(rule);
} }
else
listAllowed.addAll(listRule);
Log.i(TAG, "Allowed " + listAllowed.size() + " of " + listRule.size()); Log.i(TAG, "Allowed " + listAllowed.size() + " of " + listRule.size());
return listAllowed; return listAllowed;
} }
@ -1202,13 +1202,17 @@ public class SinkholeService extends VpnService implements SharedPreferences.OnS
packet.allowed = false; packet.allowed = false;
if (prefs.getBoolean("filter", false)) { if (prefs.getBoolean("filter", false)) {
// https://android.googlesource.com/platform/system/core/+/master/include/private/android_filesystem_config.h // https://android.googlesource.com/platform/system/core/+/master/include/private/android_filesystem_config.h
if (packet.uid < 2000 && if (packet.uid < 2000 && !last_connected) {
!(packet.uid == 0 || // root // Allow system applications in disconnected state
packet.uid == 1000 || // system server packet.allowed = true;
packet.uid == 1001 || // telephony subsystem Log.w(TAG, "Allowing disconnected system " + packet);
packet.uid == 1013)) // mediaserver
packet.allowed = true; // allow unknown traffic } else if (packet.uid < 2000 && !mapUidKnown.containsKey(packet.uid)) {
else { // Allow unknown system traffic
packet.allowed = true;
Log.w(TAG, "Allowing unknown system " + packet);
} else {
boolean filtered = false; boolean filtered = false;
// Only TCP (6) and UDP (17) have port numbers // Only TCP (6) and UDP (17) have port numbers
int dport = (packet.protocol == 6 || packet.protocol == 17 ? packet.dport : 0); int dport = (packet.protocol == 6 || packet.protocol == 17 ? packet.dport : 0);