java source code of FirewallManager

bitmask_android-master
- fix_gradle_lock.sh
- sigs
  - aguestuser.sig
- gradle.properties
- gradle
  - wrapper
    - gradle-wrapper.properties
- CHANGELOG
- installOnAllEmulators.sh
- go
  - src
    - golang.org
      - x
        sys
        crypto
        net
        tools
    - github.com
      - OperatorFoundation
        shapeshifter-transports
        shapeshifter-ipc
        obfs4
        shapeshifter-dispatcher
      - willscott
        goturn
      - agl
        ed25519
      - shadowsocks
        shadowsocks-go
      - aead
        chacha20
      - dchest
        siphash
    - se.leap.bitmaskclient
      - shapeshifter
  - install_go.sh
  - android_build_shapeshifter_lib.sh
  - android_build_shapeshifter.sh
  - lib
    - README
- .gitmodules
- .gitlab
  - wait-for-emulator.sh
  - build.sh
- gradlew.bat
- prepareForDistribution.sh
- gradlew
- cleanProject.sh
- build.gradle
- docker
  - android-sdk
    - Dockerfile
  - android-ndk
    - Dockerfile
  - android-emulator
    - Dockerfile
- .tx
  - config
- CAA
- cleanGit.sh
- README.md
- ics-openvpn
- app
  - src
    - main
      - cpp
      - res
        values-br
        strings.xml
        drawable-mdpi
        ic_stat_vpn_outline.png
        values-et
        plurals-icsopenvpn.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        values-uk
        plurals-icsopenvpn.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        values-hr
        strings.xml
        values-no
        plurals-icsopenvpn.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        layout
        allowed_application_layout.xml
        f_log.xml
        a_provider_detail.xml
        f_about.xml
        f_drawer_main.xml
        a_custom_provider_setup_tablet_linear_layout.xml
        a_add_provider.xml
        a_provider_list.xml
        custom_toast.xml
        v_icon_select_text_list_item.xml
        a_provider_credentials.xml
        v_loading_screen.xml
        a_provider_detail_tablet_linear_layout.xml
        v_provider_credentials.xml
        v_switch_list_item.xml
        a_add_provider_tablet_scrollview.xml
        v_provider_list_item.xml
        allowed_vpn_apps.xml
        v_icon_text_list_item.xml
        v_main_button.xml
        v_provider_header.xml
        v_add_provider.xml
        a_provider_credentials_tablet_linear_layout.xml
        d_list_selection.xml
        d_checkbox_confirm.xml
        donation_reminder_dialog.xml
        v_single_list_item.xml
        a_provider_list_tablet_linear_layout.xml
        s_layout.xml
        f_log_sliders.xml
        a_main.xml
        v_vpn_status.xml
        a_custom_provider_setup.xml
        f_eip.xml
        v_custom_notification.xml
        values-fr
        plurals-icsopenvpn.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        drawable-xhdpi
        ic_stat_vpn_outline.png
        values-pt
        plurals-icsopenvpn.xml
        strings-icsopenvpn.xml
        strings.xml
        values-da
        plurals-icsopenvpn.xml
        strings-icsopenvpn.xml
        values-brx
        strings.xml
        values-fa-rIR
        strings.xml
        values-be
        plurals-icsopenvpn.xml
        strings-icsopenvpn.xml
        values-kn-rIN
        strings.xml
        values-ca
        plurals-icsopenvpn.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        values-ta
        strings.xml
        values-v21
        styles.xml
        themes.xml
        colours.xml
        refs.xml
        values-pt-rPT
        strings.xml
        values-w820dp
        dimens.xml
        menu
        f_log.xml
        allowed_apps.xml
        drawable-ldpi
        ic_stat_vpn_outline.png
        values-ro
        plurals-icsopenvpn.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        values-bg
        strings.xml
        values-pl
        plurals-icsopenvpn.xml
        strings-icsopenvpn.xml
        strings.xml
        drawable-xxhdpi
        bg_switchbar.xml
        values-zh-rCN
        plurals-icsopenvpn.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        values-fi
        strings.xml
        values-ar
        strings.xml
        values-nb
        strings.xml
        values-sv
        plurals-icsopenvpn.xml
        strings-icsopenvpn.xml
        values-gl
        strings.xml
        values-az
        strings.xml
        values-sl
        plurals-icsopenvpn.xml
        strings-icsopenvpn.xml
        strings.xml
        drawable-xxxhdpi
        layout-xlarge
        f_log.xml
        a_provider_detail.xml
        f_about.xml
        a_add_provider.xml
        a_provider_list.xml
        a_provider_credentials.xml
        v_loading_screen.xml
        v_switch_list_item.xml
        v_provider_list_item.xml
        v_icon_text_list_item.xml
        v_provider_header.xml
        v_single_list_item.xml
        v_vpn_status.xml
        a_custom_provider_setup.xml
        f_eip.xml
        values-sw600dp
        dimens.xml
        values-mk
        strings.xml
        values-nl
        plurals-icsopenvpn.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        values-ja
        plurals-icsopenvpn.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        drawable-hdpi
        ic_stat_vpn_outline.png
        values-id
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        values-zh-rTW
        plurals-icsopenvpn.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        values-sr
        strings.xml
        values-hu
        plurals-icsopenvpn.xml
        strings-icsopenvpn.xml
        strings.xml
        values-it
        plurals-icsopenvpn.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        values-el
        strings.xml
        values-he
        strings.xml
        values-pt-rBR
        strings.xml
        values-de
        plurals-icsopenvpn.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        values-es
        plurals-icsopenvpn.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        values-es-rAR
        strings.xml
        values-eu
        strings.xml
        values-in
        plurals-icsopenvpn.xml
        strings-icsopenvpn.xml
        strings.xml
        values
        styles.xml
        attrs.xml
        themes.xml
        colours.xml
        refs.xml
        untranslatable.xml
        colors.xml
        plurals-icsopenvpn.xml
        dimens.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        values-vi
        plurals-icsopenvpn.xml
        strings-icsopenvpn.xml
        strings.xml
        values-ru
        plurals-icsopenvpn.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        values-cs
        plurals-icsopenvpn.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        drawable
        cust_button_primary_rect.xml
        vpn_connected.xml
        cust_button_primary_released.xml
        ic_launcher_background.xml
        black_circle.xml
        vpn_disconnected.xml
        splash_page.xml
        cust_toast_background.xml
        vpn_blocking.xml
        cust_button_primary_black_pressed.xml
        cust_button_primary_pressed.xml
        action_history.xml
        white_rect.xml
        cust_button_primary_black.xml
        black_circle_released.xml
        cust_button_primary_black_released.xml
        black_circle_pressed.xml
        progressbar_circle.xml
        vpn_connecting.xml
        background_onboarding_tablet.xml
        cust_button_primary.xml
        cust_button_secondary.xml
        cust_button_primary_disabled.xml
        values-tr
        plurals-icsopenvpn.xml
        strings-icsopenvpn.xml
        strings.xml
        values-ko
        plurals-icsopenvpn.xml
        arrays.xml
        strings-icsopenvpn.xml
        strings.xml
        values-bn
        strings.xml
        layout-xlarge-port
        f_log.xml
        a_provider_detail.xml
        a_add_provider.xml
        a_provider_list.xml
        a_provider_credentials.xml
        a_custom_provider_setup.xml
        values-fil
        strings.xml
      - AndroidManifest.xml
      - java
        se
        leap
        bitmaskclient
        PRNGFixes.java
        ProviderApiSetupBroadcastReceiver.java
        SrpRegistrationData.java
        MainActivityErrorDialog.java
        ProviderRenderer.java
        utils
        InputStreamHelper.java
        PreferenceHelper.java
        ConfigHelper.java
        Cmd.java
        IPAddress.java
        DateHelper.java
        ViewHelper.java
        KeyStoreHelper.java
        FileHelper.java
        ProviderApiConnector.java
        views
        IconCheckboxEntry.java
        IconTextEntry.java
        VpnStateImage.java
        ProviderHeaderView.java
        IconTextView.java
        IconSwitchEntry.java
        ButterKnifeActivity.java
        ProviderSetupFailedDialog.java
        MainActivity.java
        ProviderListAdapter.java
        BitmaskApp.java
        ProviderListBaseActivity.java
        EipSetupListener.java
        FragmentManagerEnhanced.java
        drawer
        NavigationDrawerFragment.java
        FeatureVersionCode.java
        ProviderAPIResultReceiver.java
        SignupActivity.java
        DnsResolver.java
        DefaultedURL.java
        EipSetupObserver.java
        Constants.java
        pluggableTransports
        Obfs4Options.java
        Shapeshifter.java
        BinaryInstaller.java
        Dispatcher.java
        tethering
        TetheringStateManager.java
        TetheringBroadcastReceiver.java
        TetheringState.java
        TetheringObservable.java
        WifiManagerWrapper.java
        WifiHotspotState.java
        ConfigWizardBaseActivity.java
        LoginActivity.java
        ProviderCredentialsBaseActivity.java
        ProviderApiManagerBase.java
        TLSCompatSocketFactory.java
        VpnNotificationManager.java
        ProviderAPICommand.java
        CustomProviderSetupActivity.java
        fragments
        ExcludeAppsFragment.java
        DonationReminderDialog.java
        TetheringDialog.java
        AlwaysOnDialog.java
        AboutFragment.java
        LogFragment.java
        ProviderSetupInterface.java
        ProviderObservable.java
        SrpCredentials.java
        ProviderAPI.java
        EipFragment.java
        OkHttpClientGenerator.java
        Provider.java
        ProviderRendererBuilder.java
        AddProviderBaseActivity.java
        ProviderManager.java
        ProviderSetupBaseActivity.java
        AbstractProviderDetailActivity.java
        firewall
        ShutdownTetheringTask.java
        StartIPv6FirewallTask.java
        SetupTetheringTask.java
        FirewallCallback.java
        FirewallManager.java
        ShutdownIPv6FirewallTask.java
        StartActivity.java
        LeapSRPSession.java
        OnBootReceiver.java
        DrawerSettingsAdapter.java
        eip
        CalendarProviderInterface.java
        EipResultBroadcast.java
        EipStatus.java
        VpnConfigGenerator.java
        VpnCertificateValidator.java
        EipCommand.java
        VoidVpnService.java
        CalendarProvider.java
        GatewaySelector.java
        EIP.java
        Gateway.java
        VoidVpnLauncher.java
        GatewaysManager.java
        de
        blinkt
        openvpn
        views
        SeekBarTicks.java
        LaunchVPN.java
        api
        APIVpnProfile.java
        core
        PasswordCache.java
        PRNGFixes.java
        OpenVpnManagementThread.java
        LogFileHandler.java
        ConfigParser.java
        TrafficHistory.java
        CIDRIP.java
        OpenVPNService.java
        OpenVPNThread.java
        Preferences.java
        OpenVPNManagement.java
        NativeUtils.java
        OpenVPNStatusService.java
        VpnStatus.java
        connection
        OpenvpnConnection.java
        Connection.java
        Obfs4Connection.java
        OrbotHelper.java
        Connection.java
        ExtAuthHelper.java
        NetworkUtils.java
        VPNLaunchHelper.java
        X509Utils.java
        NetworkSpace.java
        LogItem.java
        LollipopDeviceStateListener.java
        DeviceStateReceiver.java
        ConnectionInterface.java
        GetRestrictionReceiver.java
        ConnectionStatus.java
        ProxyDetection.java
        ProfileManager.java
        VpnProfile.java
        org
        spongycastle
        util
        encoders
        Base64.java
        Encoder.java
        Base64Encoder.java
        io
        pem
        PemHeader.java
        PemReader.java
        PemWriter.java
        PemGenerationException.java
        PemObject.java
        PemObjectGenerator.java
        jboss
        security
        srp
        SRPParameters.java
      - aidl
        de
        blinkt
        openvpn
        api
        APIVpnProfile.aidl
        ExternalCertificateProvider.aidl
        IOpenVPNStatusCallback.aidl
        IOpenVPNAPIService.aidl
        core
        ConnectionStatus.aidl
        TrafficHistory.aidl
        IStatusCallbacks.aidl
        LogItem.aidl
        IServiceStatus.aidl
        IOpenVPNServiceInternal.aidl
    - androidTest
      - legacy
        TestEipFragment.java
        VpnTestController.java
        FromAssets.java
        TestConstants.java
        TestProviderListActivity.java
        TestLeapSRPSession.java
        TestVpnCertificateValidator.java
        TestGatewaysManager.java
        Screenshot.java
        TestUserStatusFragment.java
        ConnectionManager.java
        UserStatusTestController.java
        BaseTestDashboardFragment.java
        TestDashboardIntegration.java
        TestCalendarProvider.java
    - sharedTest
      - java
        se.leap.bitmaskclient
        testutils
        TestSetupHelper.java
    - insecure
      - res
        values
        strings.xml
      - AndroidManifest.xml
      - java
        se
        leap
        bitmaskclient
        ProviderApiManager.java
        ProviderDetailActivity.java
        ProviderListActivity.java
        AddProviderActivity.java
      - assets
        urls
        cdev.bitmask.net.url
        dev.bitmask.net.url
    - ovpn3
      - java
        de
        blinkt
        openvpn
        core
        OpenVPNThreadv3.java
    - test
      - resources
        gateway_udp_tcp.json
        eip-service-four-gateways.json
        ptdemo_pt_tcp_udp.eip-service.json
        preconfigured
        demo.bitmask.net.json
        calyx.net.json
        riseup.net.json
        demo.bitmask.net.pem
        calyx.net.pem
        urls
        calyx.net.url
        demo.bitmask.net.url
        riseup.net.url
        riseup.net.pem
        eip-service-one-gateway.json
        riseup_net_outdated_config.json
        eip-service-two-gateways.json
        riseup.net.json
        ptdemo_two_openvpn_one_pt_gateways.json
        error_messages.json
        general_configuration.json
        riseup.net.vpn_cert.pem
        ptdemo_misconfigured_gateway.json
        private_rsa_key.pem
        ptdemo_pt_udp_tcp.eip-service.json
        gateway_tcp_udp.json
        secrets.json
        ptdemo_misconfigured_mixed_gateways.json
        ptdemo_three_mixed_gateways.json
        outdated_cert.pem
        externalDir
        leapcolombia.json
        riseup.net.pem
        riseup_net_invalid_config.json
        riseup.service.json
        updated_cert.pem
        ptdemo.bitmask.eip-service.json
        openvpnConfigs
        tcp_udp.ovpn
        udp_tcp.ovpn
      - java
        se
        leap
        bitmaskclient
        testutils
        matchers
        BundleMatcher.java
        MockSharedPreferences.java
        BackendMockResponses
        MisconfiguredProviderBackendResponse.java
        BackendMockProvider.java
        UpdatedCertificateBackendResponse.java
        NoErrorBackendResponse.java
        BaseBackendResponse.java
        EipSerivceJsonInvalidCertificateBackendResponse.java
        MockHelper.java
        ProviderManagerTest.java
        PreferenceHelperTest.java
        DefaultedURLTest.java
        tethering
        TetheringStateManagerTest.java
        ProviderTest.java
        eip
        GatewaysManagerTest.java
        ProviderApiManagerTest.java
        EipStatusTest.java
        GatewaySelectorTest.java
        VpnConfigGeneratorTest.java
    - normal
      - res
        drawable-mdpi
        mipmap-xhdpi
        drawable-xhdpi
        drawable-ldpi
        mipmap-xxxhdpi
        mipmap-xxhdpi
        drawable-xxxhdpi
        mipmap-hdpi
        mipmap-anydpi-v26
        ic_launcher.xml
        ic_launcher_round.xml
        drawable-hdpi
        mipmap-mdpi
        drawable
        background_main.xml
        donation_img.xml
        background_drawer.xml
        background_eip.xml
        drawer_logo.xml
      - assets
        pt.demo.bitmask.net.json
        demo.bitmask.net.json
        pt.demo.bitmask.net.pem
        calyx.net.json
        riseup.net.json
        demo.bitmask.net.pem
        calyx.net.pem
        urls
        pt.demo.bitmask.net.url
        calyx.net.url
        demo.bitmask.net.url
        riseup.net.url
        riseup.net.pem
    - custom
      - res
        drawable-sw600dp-port
        background_main.webp
        ic_splash_background.webp
        drawable-mdpi
        mipmap-xhdpi
        drawable-sw600dp
        background_main.webp
        ic_splash_background.webp
        drawable-ldpi
        drawable-xxxhdpi
        mipmap-hdpi
        values
        custom-theme.xml
        strings.xml
        drawable-land
        background_main.webp
        ic_splash_background.webp
        mipmap-mdpi
        drawable
        background_main.webp
        splash_page.xml
        ic_splash_background.webp
        logo_square.webp
        donation_img.xml
        background_drawer.webp
        background_eip.xml
        drawer_logo.xml
      - assets
        riseup.net.json
        riseup.net.pem
    - production
      - res
        layout
        d_new_provider.xml
        layout-xlarge
        d_new_provider.xml
      - java
        se
        leap
        bitmaskclient
        ProviderApiManager.java
        ProviderDetailActivity.java
        ProviderListActivity.java
        AddProviderActivity.java
  - build.gradle
  - vpndialogxposed
    - src
      - main
        res
        values
        strings-icsopenvpn.xml
  - remoteExample
    - src
      - main
        res
        values-w820dp
        dimens.xml
        values
        styles.xml
        dimens.xml
        strings-icsopenvpn.xml
- settings.gradle
- .gitlab-ci.yml
- .gitignore
- LICENSE.txt
- shapeshifter
  - build.gradle
- build_deps.sh

package se.leap.bitmaskclient.firewall;
/**
 * Copyright (c) 2019 LEAP Encryption Access Project and contributers
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

import android.content.Context;
import android.os.Handler;
import android.os.Looper;
import android.widget.Toast;

import java.util.Observable;
import java.util.Observer;

import de.blinkt.openvpn.core.VpnStatus;
import se.leap.bitmaskclient.R;
import se.leap.bitmaskclient.tethering.TetheringObservable;
import se.leap.bitmaskclient.tethering.TetheringState;
import se.leap.bitmaskclient.utils.PreferenceHelper;

public class FirewallManager implements FirewallCallback, Observer {
    public static String BITMASK_CHAIN = "bitmask_fw";
    public static String BITMASK_FORWARD = "bitmask_forward";
    public static String BITMASK_POSTROUTING = "bitmask_postrouting";
    static final String TAG = FirewallManager.class.getSimpleName();
    private boolean isRunning = false;

    private Context context;

    public FirewallManager(Context context, boolean observeTethering) {
        this.context = context;
        if (observeTethering) {
            TetheringObservable.getInstance().addObserver(this);
        }
    }

    @Override
    public void onFirewallStarted(boolean success) {
        if (success) {
            VpnStatus.logInfo("[FIREWALL] Custom rules established");
        } else {
            VpnStatus.logError("[FIREWALL] Could not establish custom rules.");
        }
    }

    @Override
    public void onFirewallStopped(boolean success) {
        if (success) {
            VpnStatus.logInfo("[FIREWALL] Custom rules deleted");
        } else {
            VpnStatus.logError("[FIREWALL] Could not delete custom rules");
        }
    }

    @Override
    public void onTetheringStarted(boolean success) {
        if (success) {
            VpnStatus.logInfo("[FIREWALL] Rules for tethering enabled");
        } else {
            VpnStatus.logError("[FIREWALL] Could not enable rules for tethering.");
        }
    }

    @Override
    public void onTetheringStopped(boolean success) {
        if (success) {
            VpnStatus.logInfo("[FIREWALL] Rules for tethering successfully disabled");
        } else {
            VpnStatus.logError("[FIREWALL] Could not disable rules for tethering.");
        }
    }

    @Override
    public void onSuRequested(boolean success) {
        if (!success) {
            VpnStatus.logError("[FIREWALL] Root permission needed to execute custom firewall rules.");
            new Handler(Looper.getMainLooper()).post(() -> {
                Toast.makeText(context.getApplicationContext(), context.getString(R.string.root_permission_error, context.getString(R.string.app_name)), Toast.LENGTH_LONG).show();
            });
            TetheringObservable.allowVpnWifiTethering(false);
            TetheringObservable.allowVpnUsbTethering(false);
            TetheringObservable.allowVpnBluetoothTethering(false);
            PreferenceHelper.allowWifiTethering(context, false);
            PreferenceHelper.allowUsbTethering(context, false);
            PreferenceHelper.allowBluetoothTethering(context, false);
            PreferenceHelper.setUseIPv6Firewall(context, false);
        }
    }

    public void onDestroy() {
        TetheringObservable.getInstance().deleteObserver(this);
    }


    public void start() {
        if (!isRunning) {
            isRunning = true;
            if (PreferenceHelper.useIpv6Firewall(context)) {
                startIPv6Firewall();
            }
            TetheringState tetheringState = TetheringObservable.getInstance().getTetheringState();
            if (tetheringState.hasAnyDeviceTetheringEnabled() && tetheringState.hasAnyVpnTetheringAllowed()) {
                startTethering();
            }
        }

    }

    public void stop() {
        isRunning = false;
        if (PreferenceHelper.useIpv6Firewall(context)) {
            stopIPv6Firewall();
        }
        TetheringState tetheringState = TetheringObservable.getInstance().getTetheringState();
        if (tetheringState.hasAnyDeviceTetheringEnabled() && tetheringState.hasAnyVpnTetheringAllowed()) {
            stopTethering();
        }
    }

    public void startTethering() {
        SetupTetheringTask task = new SetupTetheringTask(this);
        task.execute();
    }

    public void stopTethering() {
        ShutdownTetheringTask task = new ShutdownTetheringTask(this);
        task.execute();
    }

    public void startIPv6Firewall() {
        StartIPv6FirewallTask task = new StartIPv6FirewallTask(this);
        task.execute();
    }

    public void stopIPv6Firewall() {
        ShutdownIPv6FirewallTask task = new ShutdownIPv6FirewallTask(this);
        task.execute();
    }

    @Override
    public void update(Observable o, Object arg) {
        if (o instanceof TetheringObservable) {
            TetheringObservable observable = (TetheringObservable) o;
            TetheringState state = observable.getTetheringState();
            if (state.hasAnyVpnTetheringAllowed() && state.hasAnyDeviceTetheringEnabled()) {
                startTethering();
            } else {
                stopTethering();
            }
        }
    }
}