Commit 432a9885 authored by cyberta's avatar cyberta

Show error toast and reset root feature settings if app could not obtain root permissions

parent 394d4ead
Pipeline #35660 passed with stages
in 24 minutes and 17 seconds
......@@ -15,7 +15,6 @@ public interface Constants {
String LAST_USED_PROFILE = "last_used_profile";
String EXCLUDED_APPS = "excluded_apps";
String USE_PLUGGABLE_TRANSPORTS = "usePluggableTransports";
String SU_PERMISSION = "su_permission";
String ALLOW_TETHERING_BLUETOOTH = "tethering_bluetooth";
String ALLOW_TETHERING_WIFI = "tethering_wifi";
String ALLOW_TETHERING_USB = "tethering_usb";
......
......@@ -50,7 +50,6 @@ import java.util.Observer;
import java.util.Set;
import de.blinkt.openvpn.core.VpnStatus;
import se.leap.bitmaskclient.Constants;
import se.leap.bitmaskclient.EipFragment;
import se.leap.bitmaskclient.FragmentManagerEnhanced;
import se.leap.bitmaskclient.MainActivity;
......@@ -80,6 +79,8 @@ import static se.leap.bitmaskclient.Constants.ENABLE_DONATION;
import static se.leap.bitmaskclient.Constants.PROVIDER_KEY;
import static se.leap.bitmaskclient.Constants.REQUEST_CODE_SWITCH_PROVIDER;
import static se.leap.bitmaskclient.Constants.SHARED_PREFERENCES;
import static se.leap.bitmaskclient.Constants.USE_IPv6_FIREWALL;
import static se.leap.bitmaskclient.Constants.USE_PLUGGABLE_TRANSPORTS;
import static se.leap.bitmaskclient.R.string.about_fragment_title;
import static se.leap.bitmaskclient.R.string.exclude_apps_fragment_title;
import static se.leap.bitmaskclient.R.string.log_fragment_title;
......@@ -130,6 +131,7 @@ public class NavigationDrawerFragment extends Fragment implements SharedPreferen
private final static String KEY_SHOW_SAVE_BATTERY_ALERT = "KEY_SHOW_SAVE_BATTERY_ALERT";
private volatile boolean showSaveBattery = false;
AlertDialog alertDialog;
private FirewallManager firewallManager;
@Override
public void onCreate(Bundle savedInstanceState) {
......@@ -139,6 +141,8 @@ public class NavigationDrawerFragment extends Fragment implements SharedPreferen
preferences = getContext().getSharedPreferences(SHARED_PREFERENCES, MODE_PRIVATE);
userLearnedDrawer = preferences.getBoolean(PREF_USER_LEARNED_DRAWER, false);
preferences.registerOnSharedPreferenceChangeListener(this);
firewallManager = new FirewallManager(getContext().getApplicationContext(), false);
}
@Override
......@@ -398,13 +402,12 @@ public class NavigationDrawerFragment extends Fragment implements SharedPreferen
firewall = drawerView.findViewById(R.id.enableIPv6Firewall);
boolean show = showExperimentalFeatures(getContext());
firewall.setVisibility(show ? VISIBLE : GONE);
firewall.setChecked(PreferenceHelper.useIpv6Firewall(this.getContext()));
firewall.setChecked(PreferenceHelper.useIpv6Firewall(getContext()));
firewall.setOnCheckedChangeListener((buttonView, isChecked) -> {
if (!buttonView.isPressed()) {
return;
}
PreferenceHelper.setUseIPv6Firewall(getContext(), isChecked);
FirewallManager firewallManager = new FirewallManager(getContext().getApplicationContext(), false);
if (VpnStatus.isVPNActive()) {
if (isChecked) {
firewallManager.startIPv6Firewall();
......@@ -650,8 +653,10 @@ public class NavigationDrawerFragment extends Fragment implements SharedPreferen
@Override
public void onSharedPreferenceChanged(SharedPreferences sharedPreferences, String key) {
if (key.equals(Constants.USE_PLUGGABLE_TRANSPORTS)) {
if (key.equals(USE_PLUGGABLE_TRANSPORTS)) {
initUseBridgesEntry();
} else if (key.equals(USE_IPv6_FIREWALL)) {
initFirewallEntry();
}
}
......
......@@ -17,11 +17,15 @@ package se.leap.bitmaskclient.firewall;
*/
import android.content.Context;
import android.os.Handler;
import android.os.Looper;
import android.widget.Toast;
import java.util.Observable;
import java.util.Observer;
import de.blinkt.openvpn.core.VpnStatus;
import se.leap.bitmaskclient.R;
import se.leap.bitmaskclient.tethering.TetheringObservable;
import se.leap.bitmaskclient.tethering.TetheringState;
import se.leap.bitmaskclient.utils.PreferenceHelper;
......@@ -80,9 +84,18 @@ public class FirewallManager implements FirewallCallback, Observer {
@Override
public void onSuRequested(boolean success) {
PreferenceHelper.setSuPermission(context, success);
if (!success) {
VpnStatus.logError("[FIREWALL] Root permission needed to execute custom firewall rules.");
new Handler(Looper.getMainLooper()).post(() -> {
Toast.makeText(context.getApplicationContext(), context.getString(R.string.root_permission_error, context.getString(R.string.app_name)), Toast.LENGTH_LONG).show();
});
TetheringObservable.allowVpnWifiTethering(false);
TetheringObservable.allowVpnUsbTethering(false);
TetheringObservable.allowVpnBluetoothTethering(false);
PreferenceHelper.allowWifiTethering(context, false);
PreferenceHelper.allowUsbTethering(context, false);
PreferenceHelper.allowBluetoothTethering(context, false);
PreferenceHelper.setUseIPv6Firewall(context, false);
}
}
......
......@@ -29,7 +29,6 @@ import static se.leap.bitmaskclient.Constants.PROVIDER_PRIVATE_KEY;
import static se.leap.bitmaskclient.Constants.PROVIDER_VPN_CERTIFICATE;
import static se.leap.bitmaskclient.Constants.SHARED_PREFERENCES;
import static se.leap.bitmaskclient.Constants.SHOW_EXPERIMENTAL;
import static se.leap.bitmaskclient.Constants.SU_PERMISSION;
import static se.leap.bitmaskclient.Constants.USE_IPv6_FIREWALL;
import static se.leap.bitmaskclient.Constants.USE_PLUGGABLE_TRANSPORTS;
......@@ -121,14 +120,6 @@ public class PreferenceHelper {
apply();
}
public static boolean hasSuPermission(Context context) {
return getBoolean(context, SU_PERMISSION, false);
}
public static void setSuPermission(Context context, boolean allowed) {
putBoolean(context, SU_PERMISSION, allowed);
}
public static boolean getUsePluggableTransports(Context context) {
return getBoolean(context, USE_PLUGGABLE_TRANSPORTS, false);
}
......
......@@ -140,4 +140,5 @@
<string name="warning_option_try_pt">Try obfuscated connection</string>
<string name="warning_option_try_ovpn">Try standard connection</string>
<string name="vpn_error_establish">Android failed to establish the VPN service.</string>
<string name="root_permission_error">%s cannot execute features like VPN Hotspot or IPv6 firewall without root permissions.</string>
</resources>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment