Merge branch 'release/1.4.0'

lparam · Oct 18, 2015 · 2b6b107 · 2b6b107
2 parents d4bd103 + 6436516
commit 2b6b107
Show file tree

Hide file tree

Showing 21 changed files with 1,529 additions and 2,670 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,3 +1,9 @@
+v1.4.0 (2015-10-18)
+-----------
+* Feature: Protect VpnService
+* Change: Black list
+
+
 v1.3.0 (2015-10-9)
 -----------
 * Feature: Support ACL

diff --git a/Makefile b/Makefile
@@ -1,26 +1,23 @@
-all: app/src/main/jniLibs/armeabi/libsystem.so
+
+LIB_SYSTEM=app/src/main/jniLibs/armeabi/libsystem.so
+
+all: $(LIB_SYSTEM)
 
 .PHONY: clean
 
 clean:
-	$(ANDROID_NDK_HOME)/ndk-build clean
 	rm -rf libs
 	rm -rf app/src/main/jniLibs
-	rm -rf jni/xsocks/xsocks-android-i686
-	rm -rf jni/xsocks/xsocks-android-armv7-a
+	$(ANDROID_NDK_HOME)/ndk-build clean
 
-app/src/main/jniLibs/armeabi/libsystem.so: jni/system.cpp jni/Android.mk
+$(LIB_SYSTEM): jni/system.cpp jni/Android.mk
 	if [ a == a$(ANDROID_NDK_HOME) ]; then \
 		echo ANDROID_NDK_HOME is not set ;\
 		exit 1 ;\
 	fi ;\
 	pushd jni/xsocks || exit 1 ;\
-	if [ ! -f xsocks-android-i686/xsocks ]; then \
-		dist-build/android-x86.sh || exit 1 ;\
-	fi ;\
-	if [ ! -f xsocks-android-armv7-a/xsocks ]; then \
-		dist-build/android-armv7-a.sh || exit 1 ;\
-	fi ;\
+	dist-build/android-x86.sh || exit 1 ;\
+	dist-build/android-armv7-a.sh || exit 1 ;\
 	popd ;\
 	pushd jni ;\
 	$(ANDROID_NDK_HOME)/ndk-build NDK_LOG=1 V=0 || exit 1 ;\
@@ -31,14 +28,13 @@ app/src/main/jniLibs/armeabi/libsystem.so: jni/system.cpp jni/Android.mk
 	mkdir -p app/src/main/assets/armeabi-v7a ;\
 	install -d app/src/main/jniLibs/x86 ;\
 	install -d app/src/main/jniLibs/armeabi-v7a ;\
-	install libs/x86/libsystem.so app/src/main/jniLibs/x86 ;\
-	install libs/x86/tun2socks app/src/main/assets/x86 ;\
 	install libs/x86/pdnsd app/src/main/assets/x86 ;\
-	install jni/xsocks/xsocks-android-i686/xsocks app/src/main/assets/x86 ;\
-	install jni/xsocks/xsocks-android-i686/xforwarder app/src/main/assets/x86 ;\
-	install libs/armeabi-v7a/tun2socks app/src/main/assets/armeabi-v7a ;\
+	install libs/x86/tun2socks app/src/main/assets/x86 ;\
+	install libs/x86/libsystem.so app/src/main/jniLibs/x86 ;\
 	install libs/armeabi-v7a/pdnsd app/src/main/assets/armeabi-v7a ;\
+	install libs/armeabi-v7a/tun2socks app/src/main/assets/armeabi-v7a ;\
 	install libs/armeabi-v7a/libsystem.so app/src/main/jniLibs/armeabi-v7a ;\
+	install jni/xsocks/xsocks-android-i686/xsocks app/src/main/assets/x86 ;\
+	install jni/xsocks/xsocks-android-i686/xforwarder app/src/main/assets/x86 ;\
 	install jni/xsocks/xsocks-android-armv7-a/xsocks app/src/main/assets/armeabi-v7a ;\
 	install jni/xsocks/xsocks-android-armv7-a/xforwarder app/src/main/assets/armeabi-v7a ;
-
diff --git a/app/build.gradle b/app/build.gradle
@@ -14,8 +14,8 @@ android {
         applicationId "io.github.xsocks"
         minSdkVersion 18
         targetSdkVersion 23
-        versionCode 130
-        versionName '1.3.0'
+        versionCode 140
+        versionName '1.4.0'
     }
     lintOptions {
         abortOnError true

diff --git a/app/src/main/java/io/github/xsocks/System.java b/app/src/main/java/io/github/xsocks/System.java
@@ -7,4 +7,6 @@ public class System {
 
     public static native void exec(String cmd);
     public static native String getABI();
+    public static native int sendfd(int fd);
+    public static native void jniclose(int fd);
 }
diff --git a/app/src/main/java/io/github/xsocks/service/XsocksVpnService.java b/app/src/main/java/io/github/xsocks/service/XsocksVpnService.java
@@ -30,15 +30,16 @@
 import io.github.xsocks.BuildConfig;
 import io.github.xsocks.R;
 import io.github.xsocks.aidl.Config;
-import io.github.xsocks.aidl.IXsocksService;
-import io.github.xsocks.aidl.IXsocksServiceCallback;
 import io.github.xsocks.model.ProxiedApp;
 import io.github.xsocks.ui.AppManagerActivity;
 import io.github.xsocks.ui.MainActivity;
 import io.github.xsocks.ui.XsocksRunnerActivity;
 import io.github.xsocks.utils.ConfigUtils;
 import io.github.xsocks.utils.Constants;
 import io.github.xsocks.utils.Utils;
+import io.github.xsocks.aidl.IXsocksService;
+import io.github.xsocks.aidl.IXsocksServiceCallback;
+
 import rx.schedulers.Schedulers;
 import rx.util.async.Async;
 
@@ -58,6 +59,8 @@ public class XsocksVpnService extends VpnService {
     private int callbackCount = 0;
     private final RemoteCallbackList<IXsocksServiceCallback> callbacks = new RemoteCallbackList<>();
 
+    private XsocksVpnThread vpnThread;
+
     private IXsocksService.Stub binder = new IXsocksService.Stub() {
         @Override
         public int getState() throws RemoteException {
@@ -190,7 +193,7 @@ private void startXsocksDaemon() {
             }
         }
 
-        String cmd = String.format("%sxsocks -s %s:%d -k %s -p %sxsocks.pid -t 600",
+        String cmd = String.format("%sxsocks -s %s:%d -k %s -p %sxsocks.pid -t 600 --vpn -V",
                 Constants.Path.BASE, config.proxy, config.remotePort, config.sitekey,
                 Constants.Path.BASE);
 
@@ -207,7 +210,7 @@ private void startXsocksDaemon() {
     }
 
     private void startDnsForwarder() {
-        String cmd = String.format("%sxforwarder -l 0.0.0.0:%d -d 8.8.8.8:53 "
+        String cmd = String.format("%sxforwarder -l 0.0.0.0:%d -d 8.8.8.8:53 -V "
                         + "-s %s:%d "
                         + "-k %s "
                         + "-p %sxforwarder.pid",
@@ -236,7 +239,7 @@ private void startDnsDaemon() {
 
         if (config.route.equals(Constants.Route.BYPASS_CHN)) {
             content = readFromRaw(R.raw.pdnsd_direct);
-            conf = String.format(Locale.ENGLISH, content, pdnsdPort, rejectList, blackList, forwarderPort, blackList);
+            conf = String.format(Locale.ENGLISH, content, pdnsdPort, blackList, forwarderPort, blackList);
 
         } else {
             content = readFromRaw(R.raw.pdnsd_local);
@@ -257,7 +260,8 @@ private void startDnsDaemon() {
     private void route_bypass(Builder builder) {
         String line;
         final BufferedReader reader = new BufferedReader(
-                new InputStreamReader(this.getResources().openRawResource(R.raw.route_bypass)));
+                new InputStreamReader(
+                        this.getResources().openRawResource(R.raw.route_bypass)));
 
         try {
             while ((line = reader.readLine()) != null) {
@@ -266,18 +270,21 @@ private void route_bypass(Builder builder) {
                     builder.addRoute(route[0], Integer.parseInt(route[1]));
                 }
             }
+
         } catch (final Throwable t) {
             Log.e(TAG, "", t);
+
         } finally {
             try {
                 reader.close();
+
             } catch (final IOException ioe) {
                 // ignore
             }
         }
     }
 
-    private void startVpn(){
+    private int startVpn(){
         int VPN_MTU = 1500;
         Builder builder = new Builder();
         builder.setSession(config.profileName);
@@ -297,13 +304,6 @@ private void startVpn(){
                             builder.addAllowedApplication(app.getPackageName());
                         }
                     }
-
-                    if (config.isBypassApps) {
-                        builder.addDisallowedApplication(this.getPackageName());
-                    }
-
-                } else {
-                    builder.addDisallowedApplication(this.getPackageName());
                 }
 
             } catch (PackageManager.NameNotFoundException e) {
@@ -323,6 +323,7 @@ private void startVpn(){
         vpnInterface = builder.establish();
         if (vpnInterface == null) {
             Log.e(TAG, "vpn interface is null");
+            return -1;
         }
 
         int fd = vpnInterface.getFd();
@@ -332,7 +333,7 @@ private void startVpn(){
                         + "--socks-server-addr 127.0.0.1:%d "
                         + "--tunfd %d "
                         + "--tunmtu %d "
-                        + "--loglevel 3 "
+                        + "--loglevel 4 "
                         + "--pid %stun2socks.pid",
                 Constants.Path.BASE, "26.26.26.2", config.localPort, fd, VPN_MTU,
                 Constants.Path.BASE);
@@ -343,15 +344,13 @@ private void startVpn(){
             cmd += " --dnsgw 26.26.26.1:" + Integer.toString(pdnsdPort);
         }
 
-        if (Utils.isLollipopOrAbove()) {
-            cmd += " --fake-proc";
-        }
-
         if (BuildConfig.DEBUG) {
             Log.d(TAG, cmd);
         }
 
         io.github.xsocks.System.exec(cmd);
+
+        return fd;
     }
 
     private boolean startDaemons() {
@@ -360,11 +359,30 @@ private boolean startDaemons() {
             startDnsDaemon();
             startDnsForwarder();
         }
-        startVpn();
-        return true;
+
+        int fd = startVpn();
+        if (fd != -1) {
+            int tries = 1;
+            while (tries < 5) {
+                try {
+                    Thread.sleep(1000 * tries);
+                }  catch (InterruptedException e) {
+                    // ignore
+                }
+                if (io.github.xsocks.System.sendfd(fd) != -1) {
+                    return true;
+                }
+                tries++;
+            }
+        }
+
+        return false;
     }
 
     private void startRunner(Config c) {
+        vpnThread = new XsocksVpnThread(this);
+        vpnThread.start();
+
         config = c;
 
         // register close closeReceiver
@@ -420,6 +438,11 @@ public void onReceive(Context context, Intent intent) {
     }
 
     private void stopRunner() {
+        if (vpnThread != null) {
+            vpnThread.stopThread();
+            vpnThread = null;
+        }
+
         stopForeground(true);
 
         changeState(Constants.State.STOPPING);

diff --git a/app/src/main/java/io/github/xsocks/service/XsocksVpnThread.java b/app/src/main/java/io/github/xsocks/service/XsocksVpnThread.java
@@ -0,0 +1,112 @@
+package io.github.xsocks.service;
+
+
+import android.net.LocalServerSocket;
+import android.net.LocalSocket;
+import android.net.LocalSocketAddress;
+import android.util.Log;
+
+import java.io.File;
+import java.io.FileDescriptor;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.lang.reflect.Method;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public class XsocksVpnThread extends Thread {
+    private String TAG = "XsocksVpnService";
+
+    private volatile boolean isRunning = true;
+    private volatile LocalServerSocket serverSocket = null;
+
+    private XsocksVpnService vpnService;
+
+    public XsocksVpnThread(XsocksVpnService vpnService) {
+        this.vpnService = vpnService;
+    }
+
+    private void closeServerSocket() {
+        if (serverSocket != null) {
+            try {
+                serverSocket.close();
+            } catch (IOException e) {
+                // ignore
+            }
+            serverSocket = null;
+        }
+    }
+
+    public void stopThread() {
+        isRunning = false;
+        closeServerSocket();
+    }
+
+    @Override
+    public void run() {
+        String PATH = "/data/data/io.github.xsocks/protect_path";
+
+        try {
+            new File(PATH).delete();
+        } catch (Exception e) {
+        }
+
+        try {
+            LocalSocket localSocket = new LocalSocket();
+            localSocket.bind(new LocalSocketAddress(PATH, LocalSocketAddress.Namespace.FILESYSTEM));
+            serverSocket = new LocalServerSocket(localSocket.getFileDescriptor());
+
+        } catch (IOException e) {
+            Log.e(TAG, "unable to bind", e);
+            return;
+        }
+
+        ExecutorService pool = Executors.newFixedThreadPool(4);
+
+        while (isRunning) {
+            try {
+                LocalSocket socket = serverSocket.accept();
+
+                pool.execute(() -> {
+                    try {
+                        InputStream input = socket.getInputStream();
+                        OutputStream output = socket.getOutputStream();
+
+                        input.read();
+
+                        FileDescriptor[] fds = socket.getAncillaryFileDescriptors();
+
+                        if (fds != null && fds.length > 0) {
+                            Method getInt = FileDescriptor.class.getDeclaredMethod("getInt$");
+                            int fd = (int) getInt.invoke(fds[0]);
+                            boolean ret = vpnService.protect(fd);
+
+                            io.github.xsocks.System.jniclose(fd);
+
+                            output.write(ret ? 0 : 1);
+
+                            input.close();
+                            output.close();
+                        }
+
+                    } catch (Exception e) {
+                        Log.e(TAG, "Error when protect socket", e);
+                    }
+
+                    // close socket
+                    try {
+                        socket.close();
+                    } catch (Exception e) {
+                        // ignore
+                    }
+                });
+
+            } catch (IOException e) {
+                Log.e(TAG, "Error when accept socket", e);
+                return;
+            }
+        }
+    }
+
+}