Updater: Fix downloads over Tor

+ Update TODO
+ Minor tweaks
This commit is contained in:
Tad 2019-02-08 20:58:15 -05:00
parent 24c291c630
commit 9178760d1a
7 changed files with 97 additions and 34 deletions

View File

@ -1,4 +1,4 @@
From 8953ad8f1c496ea7d483193550ed50bfcfd45009 Mon Sep 17 00:00:00 2001
From 2dbae8b963b4872a9f9a5d7501edebe04a432ca3 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Thu, 20 Sep 2018 21:44:53 -0400
Subject: [PATCH] Add support for routing over Tor
@ -9,12 +9,12 @@ Change-Id: Ibfe080c3d801af34fb64fda1b6b8f4f39a2b1ccf
res/values/strings.xml | 2 +
.../lineageos/updater/UpdatesActivity.java | 12 ++++
.../updater/UpdatesCheckReceiver.java | 4 ++
.../updater/controller/UpdaterController.java | 4 ++
.../updater/controller/UpdaterController.java | 8 +++
.../updater/download/DownloadClient.java | 8 ++-
.../download/HttpURLConnectionClient.java | 20 +++++-
.../download/HttpURLConnectionClient.java | 27 ++++++--
src/org/lineageos/updater/misc/Constants.java | 1 +
src/org/lineageos/updater/misc/Utils.java | 65 +++++++++++++++++++
9 files changed, 120 insertions(+), 4 deletions(-)
9 files changed, 130 insertions(+), 5 deletions(-)
diff --git a/res/layout/preferences_dialog.xml b/res/layout/preferences_dialog.xml
index 999d67f..58e8b6e 100644
@ -128,7 +128,7 @@ index 83348b9..84a6287 100644
downloadClient.start();
} catch (IOException e) {
diff --git a/src/org/lineageos/updater/controller/UpdaterController.java b/src/org/lineageos/updater/controller/UpdaterController.java
index 12b02dd..1515e45 100644
index 12b02dd..ca19dbf 100644
--- a/src/org/lineageos/updater/controller/UpdaterController.java
+++ b/src/org/lineageos/updater/controller/UpdaterController.java
@@ -357,12 +357,16 @@ public class UpdaterController {
@ -148,6 +148,23 @@ index 12b02dd..1515e45 100644
.build();
} catch (IOException exception) {
Log.e(TAG, "Could not build download client");
@@ -399,12 +403,16 @@ public class UpdaterController {
} else {
DownloadClient downloadClient;
try {
+ if(Utils.isOnionRoutingEnabled(mContext)) {
+ Utils.requestStartOrbot(mContext);
+ }
downloadClient = new DownloadClient.Builder()
.setUrl(update.getDownloadUrl())
.setDestination(update.getFile())
.setDownloadCallback(getDownloadCallback(downloadId))
.setProgressListener(getProgressListener(downloadId))
.setUseDuplicateLinks(true)
+ .setUseOnionRouting(Utils.isOnionRoutingEnabled(mContext))
.build();
} catch (IOException exception) {
Log.e(TAG, "Could not build download client");
diff --git a/src/org/lineageos/updater/download/DownloadClient.java b/src/org/lineageos/updater/download/DownloadClient.java
index 6a2a490..374e017 100644
--- a/src/org/lineageos/updater/download/DownloadClient.java
@ -181,7 +198,7 @@ index 6a2a490..374e017 100644
}
}
diff --git a/src/org/lineageos/updater/download/HttpURLConnectionClient.java b/src/org/lineageos/updater/download/HttpURLConnectionClient.java
index 2b7c80e..c76d747 100644
index 2b7c80e..caeaf66 100644
--- a/src/org/lineageos/updater/download/HttpURLConnectionClient.java
+++ b/src/org/lineageos/updater/download/HttpURLConnectionClient.java
@@ -18,12 +18,16 @@ package org.lineageos.updater.download;
@ -217,7 +234,7 @@ index 2b7c80e..c76d747 100644
- mClient = (HttpURLConnection) new URL(url).openConnection();
+ boolean useDuplicateLinks, boolean useOnionRouting) throws IOException {
+ mUseOnionRouting = useOnionRouting;
+ if(useOnionRouting) {
+ if(mUseOnionRouting) {
+ Proxy orbot = new Proxy(Proxy.Type.SOCKS, new InetSocketAddress("127.0.0.1", 9050));
+ mClient = (HttpURLConnection) new URL(url).openConnection(orbot);
+ } else {
@ -226,7 +243,21 @@ index 2b7c80e..c76d747 100644
mDestination = destination;
mProgressListener = progressListener;
mCallback = callback;
@@ -224,7 +235,7 @@ public class HttpURLConnectionClient implements DownloadClient {
@@ -169,7 +180,12 @@ public class HttpURLConnectionClient implements DownloadClient {
private void changeClientUrl(URL newUrl) throws IOException {
String range = mClient.getRequestProperty("Range");
mClient.disconnect();
- mClient = (HttpURLConnection) newUrl.openConnection();
+ if(mUseOnionRouting) {
+ Proxy orbot = new Proxy(Proxy.Type.SOCKS, new InetSocketAddress("127.0.0.1", 9050));
+ mClient = (HttpURLConnection) newUrl.openConnection(orbot);
+ } else {
+ mClient = (HttpURLConnection) newUrl.openConnection();
+ }
if (range != null) {
mClient.setRequestProperty("Range", range);
}
@@ -224,7 +240,7 @@ public class HttpURLConnectionClient implements DownloadClient {
}
Log.d(TAG, "Downloading from " + newUrl);
changeClientUrl(url);
@ -235,7 +266,7 @@ index 2b7c80e..c76d747 100644
mClient.connect();
if (!isSuccessCode(mClient.getResponseCode())) {
throw new IOException("Server replied with " + mClient.getResponseCode());
@@ -246,6 +257,9 @@ public class HttpURLConnectionClient implements DownloadClient {
@@ -246,6 +262,9 @@ public class HttpURLConnectionClient implements DownloadClient {
@Override
public void run() {
try {
@ -347,5 +378,5 @@ index a31492e..bea09ca 100644
return server + "?base=LineageOS&device=" + device + "&inc=" + incrementalVersion;
}
--
2.19.0
2.20.1

View File

@ -1,4 +1,4 @@
From b2c506b55254ad9d21cc0718ca7f093b7207b424 Mon Sep 17 00:00:00 2001
From d6ba2b0633832e34760e0d38091a10a5488b2b09 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Thu, 20 Sep 2018 21:44:53 -0400
Subject: [PATCH] Add support for routing over Tor
@ -9,12 +9,12 @@ Change-Id: Ibfe080c3d801af34fb64fda1b6b8f4f39a2b1ccf
res/values/strings.xml | 2 +
.../lineageos/updater/UpdatesActivity.java | 12 ++++
.../updater/UpdatesCheckReceiver.java | 4 ++
.../updater/controller/UpdaterController.java | 4 ++
.../updater/controller/UpdaterController.java | 8 +++
.../updater/download/DownloadClient.java | 8 ++-
.../download/HttpURLConnectionClient.java | 20 +++++-
.../download/HttpURLConnectionClient.java | 27 ++++++--
src/org/lineageos/updater/misc/Constants.java | 1 +
src/org/lineageos/updater/misc/Utils.java | 65 +++++++++++++++++++
9 files changed, 120 insertions(+), 4 deletions(-)
9 files changed, 130 insertions(+), 5 deletions(-)
diff --git a/res/layout/preferences_dialog.xml b/res/layout/preferences_dialog.xml
index 898f53e..db88a41 100644
@ -130,7 +130,7 @@ index c7f1b4e..0abbde5 100644
downloadClient.start();
} catch (IOException e) {
diff --git a/src/org/lineageos/updater/controller/UpdaterController.java b/src/org/lineageos/updater/controller/UpdaterController.java
index 8fd5760..7287146 100644
index 8fd5760..f89c7fd 100644
--- a/src/org/lineageos/updater/controller/UpdaterController.java
+++ b/src/org/lineageos/updater/controller/UpdaterController.java
@@ -357,12 +357,16 @@ public class UpdaterController {
@ -150,6 +150,24 @@ index 8fd5760..7287146 100644
.build();
} catch (IOException exception) {
Log.e(TAG, "Could not build download client");
@@ -397,6 +401,9 @@ public class UpdaterController {
verifyUpdateAsync(downloadId);
notifyUpdateChange(downloadId);
} else {
+ if(Utils.isOnionRoutingEnabled(mContext)) {
+ Utils.requestStartOrbot(mContext);
+ }
DownloadClient downloadClient;
try {
downloadClient = new DownloadClient.Builder()
@@ -405,6 +412,7 @@ public class UpdaterController {
.setDownloadCallback(getDownloadCallback(downloadId))
.setProgressListener(getProgressListener(downloadId))
.setUseDuplicateLinks(true)
+ .setUseOnionRouting(Utils.isOnionRoutingEnabled(mContext))
.build();
} catch (IOException exception) {
Log.e(TAG, "Could not build download client");
diff --git a/src/org/lineageos/updater/download/DownloadClient.java b/src/org/lineageos/updater/download/DownloadClient.java
index 6a2a490..374e017 100644
--- a/src/org/lineageos/updater/download/DownloadClient.java
@ -183,7 +201,7 @@ index 6a2a490..374e017 100644
}
}
diff --git a/src/org/lineageos/updater/download/HttpURLConnectionClient.java b/src/org/lineageos/updater/download/HttpURLConnectionClient.java
index 2b7c80e..c76d747 100644
index 2b7c80e..caeaf66 100644
--- a/src/org/lineageos/updater/download/HttpURLConnectionClient.java
+++ b/src/org/lineageos/updater/download/HttpURLConnectionClient.java
@@ -18,12 +18,16 @@ package org.lineageos.updater.download;
@ -219,7 +237,7 @@ index 2b7c80e..c76d747 100644
- mClient = (HttpURLConnection) new URL(url).openConnection();
+ boolean useDuplicateLinks, boolean useOnionRouting) throws IOException {
+ mUseOnionRouting = useOnionRouting;
+ if(useOnionRouting) {
+ if(mUseOnionRouting) {
+ Proxy orbot = new Proxy(Proxy.Type.SOCKS, new InetSocketAddress("127.0.0.1", 9050));
+ mClient = (HttpURLConnection) new URL(url).openConnection(orbot);
+ } else {
@ -228,7 +246,21 @@ index 2b7c80e..c76d747 100644
mDestination = destination;
mProgressListener = progressListener;
mCallback = callback;
@@ -224,7 +235,7 @@ public class HttpURLConnectionClient implements DownloadClient {
@@ -169,7 +180,12 @@ public class HttpURLConnectionClient implements DownloadClient {
private void changeClientUrl(URL newUrl) throws IOException {
String range = mClient.getRequestProperty("Range");
mClient.disconnect();
- mClient = (HttpURLConnection) newUrl.openConnection();
+ if(mUseOnionRouting) {
+ Proxy orbot = new Proxy(Proxy.Type.SOCKS, new InetSocketAddress("127.0.0.1", 9050));
+ mClient = (HttpURLConnection) newUrl.openConnection(orbot);
+ } else {
+ mClient = (HttpURLConnection) newUrl.openConnection();
+ }
if (range != null) {
mClient.setRequestProperty("Range", range);
}
@@ -224,7 +240,7 @@ public class HttpURLConnectionClient implements DownloadClient {
}
Log.d(TAG, "Downloading from " + newUrl);
changeClientUrl(url);
@ -237,7 +269,7 @@ index 2b7c80e..c76d747 100644
mClient.connect();
if (!isSuccessCode(mClient.getResponseCode())) {
throw new IOException("Server replied with " + mClient.getResponseCode());
@@ -246,6 +257,9 @@ public class HttpURLConnectionClient implements DownloadClient {
@@ -246,6 +262,9 @@ public class HttpURLConnectionClient implements DownloadClient {
@Override
public void run() {
try {
@ -349,5 +381,5 @@ index d97a492..a151c75 100644
return server + "?base=LineageOS&device=" + device + "&inc=" + incrementalVersion;
}
--
2.19.0
2.20.1

View File

@ -209,7 +209,7 @@ hardenLocationConf() {
}
export -f hardenLocationConf;
hardenLocationDir() {
hardenLocationFWB() {
dir=$1;
#Debugging (adb logcat | grep -i -e locsvc -e izat -e gps -e gnss -e location)
#sed -i 's|DEBUG_LEVEL = .|DEBUG_LEVEL = 4|' "$gpsConfig" &> /dev/null || true;
@ -232,7 +232,7 @@ hardenLocationDir() {
#sed -i 's|http://gllto|https://gllto|' "$dir"/frameworks/base/core/res/res/values*/*.xml &>/dev/null || true; XXX: GLPals has an invaid certificate
echo "Enhanced location services for $dir";
}
export -f hardenLocationDir;
export -f hardenLocationFWB;
enableZram() {
cd "$DOS_BUILD_BASE$1";

View File

@ -77,7 +77,7 @@ enterAndClear "external/sqlite";
patch -p1 < "$DOS_PATCHES/android_external_sqlite/0001-Secure_Delete.patch"; #Enable secure_delete by default (CopperheadOS-13.0)
enterAndClear "frameworks/base";
hardenLocationDir "$DOS_BUILD_BASE";
hardenLocationFWB "$DOS_BUILD_BASE";
sed -i 's/com.android.mms/org.smssecure.smssecure/' core/res/res/values/config.xml; #Change default SMS app to Silence
sed -i 's|db_default_journal_mode">PERSIST|db_default_journal_mode">TRUNCATE|' core/res/res/values/config.xml; #Mirror SQLite secure_delete
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0001-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
@ -147,7 +147,7 @@ patch -p1 < "$DOS_PATCHES/android_kernel_zte_msm8930/0001-MDP-Fix.patch";
cd "$DOS_BUILD_BASE";
find "hardware/qcom/gps" -name "gps\.conf" -type f -exec bash -c 'hardenLocationConf "$0"' {} \;;
find "device" -name "gps\.conf" -type f -exec bash -c 'hardenLocationConf "$0"' {} \;;
find "device" -type d -name "overlay" -mindepth 2 -exec bash -c 'hardenLocationDir "$0"' {} \;;
find "device" -type d -name "overlay" -exec bash -c 'hardenLocationFWB "$0"' {} \;;
find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'hardenUserdata "$0"' {} \;;
find "kernel" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'hardenDefconfig "$0"' {} \;;
cd "$DOS_BUILD_BASE";

View File

@ -77,7 +77,7 @@ enterAndClear "external/sqlite";
patch -p1 < "$DOS_PATCHES/android_external_sqlite/0001-Secure_Delete.patch"; #Enable secure_delete by default (CopperheadOS-13.0)
enterAndClear "frameworks/base";
hardenLocationDir "$DOS_BUILD_BASE";
hardenLocationFWB "$DOS_BUILD_BASE";
git revert 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #re-enable doze on devices without gms
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480
@ -231,7 +231,7 @@ cd "$DOS_BUILD_BASE";
if [ "$DOS_LOWRAM_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enableLowRam "$0"' {} \;; fi;
find "hardware/qcom/gps" -name "gps\.conf" -type f -exec bash -c 'hardenLocationConf "$0"' {} \;;
find "device" -name "gps\.conf" -type f -exec bash -c 'hardenLocationConf "$0"' {} \;;
find "device" -type d -name "overlay" -mindepth 2 -exec bash -c 'hardenLocationDir "$0"' {} \;;
find "device" -type d -name "overlay" -exec bash -c 'hardenLocationFWB "$0"' {} \;;
find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enableDexPreOpt "$0"' {} \;;
find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'hardenUserdata "$0"' {} \;;
if [ "$DOS_STRONG_ENCRYPTION_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enableStrongEncryption "$0"' {} \;; fi;

View File

@ -79,7 +79,7 @@ enterAndClear "external/svox";
git revert 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles
enterAndClear "frameworks/base";
hardenLocationDir "$DOS_BUILD_BASE";
hardenLocationFWB "$DOS_BUILD_BASE";
#git revert https://review.lineageos.org/#/c/202875/ #re-enable doze on devices without gms
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
@ -204,7 +204,7 @@ cd "$DOS_BUILD_BASE";
if [ "$DOS_LOWRAM_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enableLowRam "$0"' {} \;; fi;
find "hardware/qcom/gps" -name "gps\.conf" -type f -exec bash -c 'hardenLocationConf "$0"' {} \;;
find "device" -name "gps\.conf" -type f -exec bash -c 'hardenLocationConf "$0"' {} \;;
find "device" -type d -name "overlay" -mindepth 2 -exec bash -c 'hardenLocationDir "$0"' {} \;;
find "device" -type d -name "overlay" -exec bash -c 'hardenLocationFWB "$0"' {} \;;
find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enableDexPreOpt "$0"' {} \;;
find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'hardenUserdata "$0"' {} \;;
if [ "$DOS_STRONG_ENCRYPTION_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enableStrongEncryption "$0"' {} \;; fi;

12
TODO
View File

@ -1,4 +1,4 @@
Last updated: 2018-08-30
Last updated: 2019-02-08
High Priority (Release blockers)
Build
@ -21,7 +21,6 @@ High Priority (Release blockers)
Medium Priority
Build
- Add more device overclocks
- Add support for more devices
Design
- Facelift of Extirpater
@ -35,9 +34,10 @@ Medium Priority
Low Priority
Build
- Add more device overclocks
- Move overclocks to separate repo
Website
- Switch to a wiki
- Switch to a wiki (?)
WiFiDatabaseMerger
- Batch/scripted generation
- Documentation
@ -46,7 +46,7 @@ Low Priority
Longterm
Build
- Add automated testing/verification of edits
- Consider rewriting various utilities in different languages
- Consider rewriting various utilities in more suitable languages
- Switch to AOSP and create clean trees for all of the major devices
Linux Patches
- Automate pulling of CVE patches from Android and Qualcomm bulletins
@ -56,7 +56,7 @@ Longterm
- Proper backports of security features
Project
- Create an Mobile Device Manager solution
- Create our own device (free hardware, isolated modem, kernel, 4.9+, etc.)
- Create our own device (free hardware, isolated modem, kernel 5.0+, etc.)
- General auditing of everything
- Partner with various projects
- Purchase one of each supported device
@ -64,7 +64,7 @@ Longterm
- Create a 'Video Tutorials' page
Contributions to other projects (via labor or funding)
Add Tor support: Materialistic, microG, RadioDroid, Slide, Wikipedia
Add Tor support: Materialistic, microG, Slide, Transistor, Wikipedia
Resurrect: Blockinger, microG, Pandoroid
Amexia
- More icons