From 1e4b541e589741556d4b80af44ce3910be4401b9 Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Tue, 1 Jun 2021 18:34:12 +0530 Subject: [PATCH 01/11] Add blocker service with permission Change-Id: Ib19c6a26824c584caa2b142b5bf7c60818037e17 --- .../internal/BlockerInterfaceService.java | 104 ++++++++++++++++++ lineage/res/AndroidManifest.xml | 7 ++ lineage/res/res/values/config.xml | 1 + lineage/res/res/values/strings.xml | 4 + .../app/LineageContextConstants.java | 18 +++ .../lineageos/blockers/BlockerInterface.java | 96 ++++++++++++++++ .../lineageos/blockers/IBlockerInterface.aidl | 24 ++++ 7 files changed, 254 insertions(+) create mode 100644 lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java create mode 100644 sdk/src/java/lineageos/blockers/BlockerInterface.java create mode 100644 sdk/src/java/lineageos/blockers/IBlockerInterface.aidl diff --git a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java new file mode 100644 index 00000000..d57b0a1a --- /dev/null +++ b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java @@ -0,0 +1,104 @@ +/* + * Copyright (C) 2018-2020 The LineageOS Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.lineageos.platform.internal; + +import android.app.Notification; +import android.app.NotificationChannel; +import android.app.NotificationManager; +import android.app.PendingIntent; +import android.app.admin.DevicePolicyManager; +import android.content.BroadcastReceiver; +import android.content.ContentResolver; +import android.content.Context; +import android.content.Intent; +import android.content.IntentFilter; +import android.net.Uri; +import android.os.Build; +import android.os.IBinder; +import android.os.RemoteException; +import android.os.SELinux; +import android.os.ServiceManager; +import android.os.SystemProperties; +import android.os.UserHandle; +import android.util.Log; +import android.util.Pair; +import android.text.TextUtils; + +import lineageos.app.LineageContextConstants; +import lineageos.providers.LineageSettings; +import lineageos.blockers.IBlockerInterface; +import lineageos.blockers.BlockerInterface; + +import java.util.NoSuchElementException; + +/** @hide **/ +public class BlockerInterfaceService extends LineageSystemService { + private static final String TAG = "LineageBlockerInterfaceService"; + + private Context mContext; + + public BlockerInterfaceService(Context context) { + super(context); + mContext = context; + if (context.getPackageManager().hasSystemFeature(LineageContextConstants.Features.BLOCKER)) { + publishBinderService(LineageContextConstants.LINEAGE_BLOCKER_INTERFACE, mService); + } else { + Log.wtf(TAG, "Blocker service started by system server but feature xml not" + + " declared. Not publishing binder service!"); + } + } + + @Override + public String getFeatureDeclaration() { + return LineageContextConstants.Features.BLOCKER; + } + + @Override + public void onStart() { + runTestInternal(true); + } + + + private void runTestInternal(boolean fromStart) { + // TODO: Dummy method. replace with appropriate methods. + Log.d(TAG, "RunTestInternal called with "+fromStart); + } + + /* Utils */ + + private void enforceBlockerPermission() { + mContext.enforceCallingOrSelfPermission(BlockerInterface.BLOCKER_INTERFACE_PERMISSION, + "You do not have permissions to use the Blocker interface"); + } + + /* Service */ + + private final IBinder mService = new IBlockerInterface.Stub() { + @Override + public void runTest() { + enforceBlockerPermission(); + /* + * We need to clear the caller's identity in order to + * allow this method call to modify settings + * not allowed by the caller's permissions. + */ + long token = clearCallingIdentity(); + runTestInternal(false); + restoreCallingIdentity(token); + } + }; +} diff --git a/lineage/res/AndroidManifest.xml b/lineage/res/AndroidManifest.xml index e6ec86d2..3ec22090 100644 --- a/lineage/res/AndroidManifest.xml +++ b/lineage/res/AndroidManifest.xml @@ -125,6 +125,13 @@ android:icon="@drawable/ic_trust" android:protectionLevel="signature|privileged" /> + + + org.lineageos.platform.internal.LineageAudioService org.lineageos.platform.internal.TrustInterfaceService org.lineageos.platform.internal.LineageSettingsService + org.lineageos.platform.internal.BlockerInterfaceService diff --git a/lineage/res/res/values/strings.xml b/lineage/res/res/values/strings.xml index ab06347f..4ff33cca 100644 --- a/lineage/res/res/values/strings.xml +++ b/lineage/res/res/values/strings.xml @@ -171,4 +171,8 @@ Discover Trust Get to know how to assure your device is safe Manage alerts + + + Access Blocker interface + Allows an app to access Blocker diff --git a/sdk/src/java/lineageos/app/LineageContextConstants.java b/sdk/src/java/lineageos/app/LineageContextConstants.java index 0b435b4d..b0eceaf3 100644 --- a/sdk/src/java/lineageos/app/LineageContextConstants.java +++ b/sdk/src/java/lineageos/app/LineageContextConstants.java @@ -107,6 +107,16 @@ public final class LineageContextConstants { */ public static final String LINEAGE_TRUST_INTERFACE = "lineagetrust"; + /** + * Use with {@link android.content.Context#getSystemService} to retrieve a + * {@link lineageos.blockers.BlockerInterface} to access the Blocker interface. + * + * @see android.content.Context#getSystemService + * @see lineageos.blockers.BlockerInterface + * + * @hide + */ + public static final String LINEAGE_BLOCKER_INTERFACE = "lineageblocker"; /** * Features supported by the Lineage SDK. */ @@ -182,5 +192,13 @@ public final class LineageContextConstants { */ @SdkConstant(SdkConstant.SdkConstantType.FEATURE) public static final String FOD = "vendor.lineage.biometrics.fingerprint.inscreen"; + + /** + * Feature for {@link PackageManager#getSystemAvailableFeatures} and + * {@link PackageManager#hasSystemFeature}: The device includes the /e/ blocker service + * utilized by the lineage sdk. + */ + @SdkConstant(SdkConstant.SdkConstantType.FEATURE) + public static final String BLOCKER = "org.lineageos.blocker"; } } diff --git a/sdk/src/java/lineageos/blockers/BlockerInterface.java b/sdk/src/java/lineageos/blockers/BlockerInterface.java new file mode 100644 index 00000000..fd1169ce --- /dev/null +++ b/sdk/src/java/lineageos/blockers/BlockerInterface.java @@ -0,0 +1,96 @@ +/** + * Copyright (C) 2018-2019 The LineageOS Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package lineageos.blockers; + +import android.content.Context; +import android.os.IBinder; +import android.os.RemoteException; +import android.os.ServiceManager; +import android.util.Log; + +import lineageos.app.LineageContextConstants; + +public class BlockerInterface { + /** + * Allows an application to use the Blocker interface to provide blocking trackers/ads + * feature to the user. + * This is a system-only permission, user-installed apps cannot use it + */ + public static final String BLOCKER_INTERFACE_PERMISSION = "lineageos.permission.ACCESS_BLOCKER"; + + private static final String TAG = "BlockerInterface"; + + private static IBlockerInterface sService; + private static BlockerInterface sInstance; + + private Context mContext; + + private BlockerInterface(Context context) { + Context appContext = context.getApplicationContext(); + mContext = appContext == null ? context : appContext; + sService = getService(); + if (context.getPackageManager().hasSystemFeature( + LineageContextConstants.Features.BLOCKER) && sService == null) { + throw new RuntimeException("Unable to get BlockerInterfaceService. The service" + + " either crashed, was not started, or the interface has been called to early" + + " in SystemServer init"); + } + } + + /** + * Get or create an instance of the {@link lineageos.blockers.BlockerInterface} + * + * @param context Used to get the service + * @return {@link BlockerInterface} + */ + public static BlockerInterface getInstance(Context context) { + if (sInstance == null) { + sInstance = new BlockerInterface(context); + } + return sInstance; + } + + /** @hide **/ + public static IBlockerInterface getService() { + if (sService != null) { + return sService; + } + IBinder b = ServiceManager.getService(LineageContextConstants.LINEAGE_BLOCKER_INTERFACE); + sService = IBlockerInterface.Stub.asInterface(b); + + if (b == null) { + Log.e(TAG, "null service. SAD!"); + return null; + } + + sService = IBlockerInterface.Stub.asInterface(b); + return sService; + } + + public void runTest() { + if (sService == null) { + return; + } + try { + Log.d(TAG, "Service method called."); + sService.runTest(); + } catch (RemoteException e) { + Log.e(TAG, e.getLocalizedMessage(), e); + } + return; + } +} diff --git a/sdk/src/java/lineageos/blockers/IBlockerInterface.aidl b/sdk/src/java/lineageos/blockers/IBlockerInterface.aidl new file mode 100644 index 00000000..93d872bb --- /dev/null +++ b/sdk/src/java/lineageos/blockers/IBlockerInterface.aidl @@ -0,0 +1,24 @@ +/* + * Copyright (C) 2021 E FOUNDATION + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package lineageos.blockers; + +/** {@hide} */ +interface IBlockerInterface { + + void runTest(); +} -- GitLab From 8b005eb152ebea1696bee77dfc9fb2383cb0729c Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Wed, 2 Jun 2021 19:10:17 +0530 Subject: [PATCH 02/11] Add test root command Change-Id: Ia54582a0a3b736a2376a73017fe09539d7d2281f --- .../internal/BlockerInterfaceService.java | 40 +++++++++++-------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java index d57b0a1a..95cbaf9d 100644 --- a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java +++ b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java @@ -16,27 +16,14 @@ package org.lineageos.platform.internal; -import android.app.Notification; -import android.app.NotificationChannel; -import android.app.NotificationManager; -import android.app.PendingIntent; -import android.app.admin.DevicePolicyManager; -import android.content.BroadcastReceiver; -import android.content.ContentResolver; import android.content.Context; -import android.content.Intent; -import android.content.IntentFilter; -import android.net.Uri; -import android.os.Build; import android.os.IBinder; import android.os.RemoteException; -import android.os.SELinux; -import android.os.ServiceManager; -import android.os.SystemProperties; -import android.os.UserHandle; import android.util.Log; -import android.util.Pair; -import android.text.TextUtils; + +import java.io.BufferedReader; +import java.io.InputStreamReader; +import java.io.IOException; import lineageos.app.LineageContextConstants; import lineageos.providers.LineageSettings; @@ -76,6 +63,25 @@ public class BlockerInterfaceService extends LineageSystemService { private void runTestInternal(boolean fromStart) { // TODO: Dummy method. replace with appropriate methods. Log.d(TAG, "RunTestInternal called with "+fromStart); + Runtime r = Runtime.getRuntime(); + try { + Process p = r.exec("su -c iptables -L -w"); + String result=""; + String temp= null; + BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream())); + while((temp = reader.readLine()) != null) { + Log.d(TAG, "RunTestInternal tempResult: "+temp); + result.concat(temp); + } + Log.d(TAG, "RunTestInternal result: "+result); + + BufferedReader reader = new BufferedReader(new InputStreamReader(p.getErrorStream())); + while((temp = reader.readLine()) != null) { + Log.d(TAG, "RunTestInternal error: "+temp); + } + } catch (IOException e) { + e.printStackTrace(); + } } /* Utils */ -- GitLab From 004360758cf5d08438880b13fadf2766167baead Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Wed, 2 Jun 2021 19:35:43 +0530 Subject: [PATCH 03/11] Change error reader name Change-Id: I3574a8c62d638c0a6566f385d3a09cd0bb791fc7 --- .../lineageos/platform/internal/BlockerInterfaceService.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java index 95cbaf9d..70fb179e 100644 --- a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java +++ b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java @@ -75,8 +75,8 @@ public class BlockerInterfaceService extends LineageSystemService { } Log.d(TAG, "RunTestInternal result: "+result); - BufferedReader reader = new BufferedReader(new InputStreamReader(p.getErrorStream())); - while((temp = reader.readLine()) != null) { + BufferedReader errReader = new BufferedReader(new InputStreamReader(p.getErrorStream())); + while((temp = errReader.readLine()) != null) { Log.d(TAG, "RunTestInternal error: "+temp); } } catch (IOException e) { -- GitLab From 72e90e1cc1f9b87b7c45bb8be19902f1047e0af9 Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Wed, 2 Jun 2021 21:27:35 +0530 Subject: [PATCH 04/11] Try to execute iptables without su Change-Id: Ib43a234f8e8e085cb323b2da8a3924bb860eeb14 --- .../lineageos/platform/internal/BlockerInterfaceService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java index 70fb179e..a4a7ad6d 100644 --- a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java +++ b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java @@ -65,7 +65,7 @@ public class BlockerInterfaceService extends LineageSystemService { Log.d(TAG, "RunTestInternal called with "+fromStart); Runtime r = Runtime.getRuntime(); try { - Process p = r.exec("su -c iptables -L -w"); + Process p = r.exec("iptables -L -w"); String result=""; String temp= null; BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream())); -- GitLab From 09801911638341be3d8a9c094e83a1f677f3b887 Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Mon, 14 Jun 2021 11:15:26 +0530 Subject: [PATCH 05/11] Add block and unblock methods to blocker service Change-Id: I716d6402c671d57fdc9e337f16b5ec4845f71d5d --- .../internal/BlockerInterfaceService.java | 119 ++++++++++++++++++ .../lineageos/blockers/BlockerInterface.java | 53 ++++++++ .../lineageos/blockers/IBlockerInterface.aidl | 8 ++ 3 files changed, 180 insertions(+) diff --git a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java index a4a7ad6d..381fea80 100644 --- a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java +++ b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java @@ -84,6 +84,69 @@ public class BlockerInterfaceService extends LineageSystemService { } } + private boolean blockIpOrDomainInternal(String ipOrDomain) { + Log.d(TAG, "blockIpOrDomainInternal called with " + ipOrDomain); + String iptableCmd = "iptables -A INPUT -s " + ipOrDomain + " -j DROP"; + String[] cmds = new String[] {"su", "-c", iptableCmd}; + Runtime r = Runtime.getRuntime(); + try { + Process p = r.exec(cmds); + + String result=""; + String temp= null; + BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream())); + while((temp = reader.readLine()) != null) { + Log.d(TAG, "blockIpOrDomainInternal tempResult: "+temp); + result.concat(temp); + } + Log.d(TAG, "blockIpOrDomainInternal result: "+result); + + BufferedReader errReader = new BufferedReader(new InputStreamReader(p.getErrorStream())); + while((temp = errReader.readLine()) != null) { + Log.d(TAG, "blockIpOrDomainInternal error: "+temp); + } + p.waitFor(); + + if (p.exitValue() == 0) return true; + else return false; + } catch (IOException e) { + e.printStackTrace(); + return false; + } + } + + private boolean unblockIpOrDomainInternal(String ipOrDomain) { + Log.d(TAG, "unblockIpOrDomainInternal called with " + ipOrDomain); + String iptableCmd = "iptables -D INPUT -s " + ipOrDomain + " -j DROP"; + String[] cmds = new String[] {"su", "-c", iptableCmd}; + Runtime r = Runtime.getRuntime(); + try { + Process p = r.exec(cmds); + + String result=""; + String temp= null; + BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream())); + while((temp = reader.readLine()) != null) { + Log.d(TAG, "unblockIpOrDomainInternal tempResult: "+temp); + result.concat(temp); + } + Log.d(TAG, "unblockIpOrDomainInternal result: "+result); + + BufferedReader errReader = new BufferedReader(new InputStreamReader(p.getErrorStream())); + while((temp = errReader.readLine()) != null) { + Log.d(TAG, "unblockIpOrDomainInternal error: "+temp); + } + p.waitFor(); + + if (p.exitValue() == 0) return true; + else return false; + } catch (IOException e) { + e.printStackTrace(); + return false; + } + } + + /* Utils */ private void enforceBlockerPermission() { @@ -106,5 +169,61 @@ public class BlockerInterfaceService extends LineageSystemService { runTestInternal(false); restoreCallingIdentity(token); } + + @Override + public boolean blockIp(String ipAddress) { + enforceBlockerPermission(); + /* + * We need to clear the caller's identity in order to + * allow this method call to modify settings + * not allowed by the caller's permissions. + */ + long token = clearCallingIdentity(); + boolean result = blockIpOrDomainInternal(ipAddress); + restoreCallingIdentity(token); + return result; + } + + @Override + public boolean unblockIp(String ipAddress) { + enforceBlockerPermission(); + /* + * We need to clear the caller's identity in order to + * allow this method call to modify settings + * not allowed by the caller's permissions. + */ + long token = clearCallingIdentity(); + boolean result = unblockIpOrDomainInternal(ipAddress); + restoreCallingIdentity(token); + return result; + } + + @Override + public boolean blockDomain(String domainName) { + enforceBlockerPermission(); + /* + * We need to clear the caller's identity in order to + * allow this method call to modify settings + * not allowed by the caller's permissions. + */ + long token = clearCallingIdentity(); + boolean result = blockIpOrDomainInternal(domainName); + restoreCallingIdentity(token); + return result; + } + + @Override + public boolean unblockDomain(String domainName) { + enforceBlockerPermission(); + /* + * We need to clear the caller's identity in order to + * allow this method call to modify settings + * not allowed by the caller's permissions. + */ + long token = clearCallingIdentity(); + boolean result = unblockIpOrDomainInternal(domainName); + restoreCallingIdentity(token); + return result; + } }; } diff --git a/sdk/src/java/lineageos/blockers/BlockerInterface.java b/sdk/src/java/lineageos/blockers/BlockerInterface.java index fd1169ce..500b5581 100644 --- a/sdk/src/java/lineageos/blockers/BlockerInterface.java +++ b/sdk/src/java/lineageos/blockers/BlockerInterface.java @@ -93,4 +93,57 @@ public class BlockerInterface { } return; } + + public boolean blockIp(String ipAddress) { + if (sService == null) { + return false; + } + try { + Log.d(TAG, "BlockIP method called."); + return sService.blockIp(ipAddress); + } catch (RemoteException e) { + Log.e(TAG, e.getLocalizedMessage(), e); + return false; + } + } + + public boolean unblockIp(String ipAddress) { + if (sService == null) { + return false; + } + try { + Log.d(TAG, "BlockIP method called."); + return sService.unblockIp(ipAddress); + } catch (RemoteException e) { + Log.e(TAG, e.getLocalizedMessage(), e); + return false; + } + } + + public boolean blockDomain(String domainName) { + if (sService == null) { + return false; + } + try { + Log.d(TAG, "BlockIP method called."); + return sService.blockDomain(domainName); + } catch (RemoteException e) { + Log.e(TAG, e.getLocalizedMessage(), e); + return false; + } + } + + public boolean unblockDomain(String domainName) { + if (sService == null) { + return false; + } + try { + Log.d(TAG, "BlockIP method called."); + return sService.unblockDomain(domainName); + } catch (RemoteException e) { + Log.e(TAG, e.getLocalizedMessage(), e); + return false; + } + } + } diff --git a/sdk/src/java/lineageos/blockers/IBlockerInterface.aidl b/sdk/src/java/lineageos/blockers/IBlockerInterface.aidl index 93d872bb..d7953a0c 100644 --- a/sdk/src/java/lineageos/blockers/IBlockerInterface.aidl +++ b/sdk/src/java/lineageos/blockers/IBlockerInterface.aidl @@ -21,4 +21,12 @@ package lineageos.blockers; interface IBlockerInterface { void runTest(); + + boolean blockIp(String ipAddress); + + boolean unblockIp(String ipAddress); + + boolean blockDomain(String domainName); + + boolean unblockDomain(String domainName); } -- GitLab From d5f667f1ddae304e0b5fe012960b3657fede94f3 Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Mon, 14 Jun 2021 13:42:20 +0530 Subject: [PATCH 06/11] Catch interrupted exception Change-Id: I1672e8596ba10543e5616c40db622d4c946a0214 --- .../lineageos/platform/internal/BlockerInterfaceService.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java index 381fea80..a0fb9850 100644 --- a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java +++ b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java @@ -24,6 +24,7 @@ import android.util.Log; import java.io.BufferedReader; import java.io.InputStreamReader; import java.io.IOException; +import java.lang.InterruptedException; import lineageos.app.LineageContextConstants; import lineageos.providers.LineageSettings; @@ -79,7 +80,7 @@ public class BlockerInterfaceService extends LineageSystemService { while((temp = errReader.readLine()) != null) { Log.d(TAG, "RunTestInternal error: "+temp); } - } catch (IOException e) { + } catch (InterruptedException | IOException e) { e.printStackTrace(); } } @@ -109,7 +110,7 @@ public class BlockerInterfaceService extends LineageSystemService { if (p.exitValue() == 0) return true; else return false; - } catch (IOException e) { + } catch (InterruptedException | IOException e) { e.printStackTrace(); return false; } -- GitLab From dce3d304646336d6b27dbe347c2b18062ec2e21b Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Mon, 14 Jun 2021 14:15:50 +0530 Subject: [PATCH 07/11] Remove InterruptedException from runTestInternal which is never thrown and catch it in unblockInternal Change-Id: Ib5abbec20913a69a9bb24071517ba7e97c043d86 --- .../lineageos/platform/internal/BlockerInterfaceService.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java index a0fb9850..43920d76 100644 --- a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java +++ b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java @@ -80,7 +80,7 @@ public class BlockerInterfaceService extends LineageSystemService { while((temp = errReader.readLine()) != null) { Log.d(TAG, "RunTestInternal error: "+temp); } - } catch (InterruptedException | IOException e) { + } catch (IOException e) { e.printStackTrace(); } } @@ -141,7 +141,7 @@ public class BlockerInterfaceService extends LineageSystemService { if (p.exitValue() == 0) return true; else return false; - } catch (IOException e) { + } catch (InterruptedException | IOException e) { e.printStackTrace(); return false; } -- GitLab From aa7770e05417455924ddd301e5f620ddb4f032a2 Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Tue, 15 Jun 2021 18:09:29 +0000 Subject: [PATCH 08/11] Use su with iptables command --- .../lineageos/platform/internal/BlockerInterfaceService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java index 43920d76..2355fc1d 100644 --- a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java +++ b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java @@ -66,7 +66,7 @@ public class BlockerInterfaceService extends LineageSystemService { Log.d(TAG, "RunTestInternal called with "+fromStart); Runtime r = Runtime.getRuntime(); try { - Process p = r.exec("iptables -L -w"); + Process p = r.exec("su -c iptables -L -w"); String result=""; String temp= null; BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream())); -- GitLab From f02b18e6f63de733a9da3d2ef5a28ad7fc2c2f30 Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Wed, 16 Jun 2021 06:06:13 +0000 Subject: [PATCH 09/11] Add /sbin/su for test --- .../lineageos/platform/internal/BlockerInterfaceService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java index 2355fc1d..fc2e8970 100644 --- a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java +++ b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java @@ -66,7 +66,7 @@ public class BlockerInterfaceService extends LineageSystemService { Log.d(TAG, "RunTestInternal called with "+fromStart); Runtime r = Runtime.getRuntime(); try { - Process p = r.exec("su -c iptables -L -w"); + Process p = r.exec("/sbin/su -c iptables -L -w"); String result=""; String temp= null; BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream())); -- GitLab From 079b6292e4cd2ab0db26f391a80688acaf034715 Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Wed, 16 Jun 2021 12:22:04 +0000 Subject: [PATCH 10/11] Use string matcher in iptables command --- .../lineageos/platform/internal/BlockerInterfaceService.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java index fc2e8970..c7f09779 100644 --- a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java +++ b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java @@ -87,7 +87,7 @@ public class BlockerInterfaceService extends LineageSystemService { private boolean blockIpOrDomainInternal(String ipOrDomain) { Log.d(TAG, "blockIpOrDomainInternal called with " + ipOrDomain); - String iptableCmd = "iptables -A INPUT -s " + ipOrDomain + " -j DROP"; + String iptableCmd = "iptables -A INPUT -m string --string " + ipOrDomain + " --algo kmp -j DROP"; String[] cmds = new String[] {"su", "-c", iptableCmd}; Runtime r = Runtime.getRuntime(); try { @@ -118,7 +118,7 @@ public class BlockerInterfaceService extends LineageSystemService { private boolean unblockIpOrDomainInternal(String ipOrDomain) { Log.d(TAG, "unblockIpOrDomainInternal called with " + ipOrDomain); - String iptableCmd = "iptables -D INPUT -s " + ipOrDomain + " -j DROP"; + String iptableCmd = "iptables -D INPUT -m string --string " + ipOrDomain + " --algo kmp -j DROP"; String[] cmds = new String[] {"su", "-c", iptableCmd}; Runtime r = Runtime.getRuntime(); try { -- GitLab From 78e245fd2e25ed1afda9f40c643f75438e7358a0 Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Mon, 21 Jun 2021 20:33:26 +0530 Subject: [PATCH 11/11] Use hex-string and add rules to OUTPUT chain as well Change-Id: I987f8fb44ab39d98338ccda90600abe86d886f27 --- .../lineageos/platform/internal/BlockerInterfaceService.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java index c7f09779..056221ba 100644 --- a/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java +++ b/lineage/lib/main/java/org/lineageos/platform/internal/BlockerInterfaceService.java @@ -87,7 +87,7 @@ public class BlockerInterfaceService extends LineageSystemService { private boolean blockIpOrDomainInternal(String ipOrDomain) { Log.d(TAG, "blockIpOrDomainInternal called with " + ipOrDomain); - String iptableCmd = "iptables -A INPUT -m string --string " + ipOrDomain + " --algo kmp -j DROP"; + String iptableCmd = "iptables -A INPUT -m string --hex-string \"" + ipOrDomain + "\" --algo bm -j DROP && iptables -A OUTPUT -m string --hex-string \"" + ipOrDomain + "\" --algo bm -j DROP"; String[] cmds = new String[] {"su", "-c", iptableCmd}; Runtime r = Runtime.getRuntime(); try { @@ -118,7 +118,7 @@ public class BlockerInterfaceService extends LineageSystemService { private boolean unblockIpOrDomainInternal(String ipOrDomain) { Log.d(TAG, "unblockIpOrDomainInternal called with " + ipOrDomain); - String iptableCmd = "iptables -D INPUT -m string --string " + ipOrDomain + " --algo kmp -j DROP"; + String iptableCmd = "iptables -D INPUT -m string --hex-string \"" + ipOrDomain + "\" --algo bm -j DROP && iptables -D OUTPUT -m string --hex-string \"" + ipOrDomain + "\" --algo bm -j DROP"; String[] cmds = new String[] {"su", "-c", iptableCmd}; Runtime r = Runtime.getRuntime(); try { -- GitLab