Add tracker blocking to Android 10.

Author: kasnder

app/build.gradle

@@ -25,8 +25,8 @@ android {
         applicationId 'net.kollnig.missioncontrol'
         minSdkVersion 22
         targetSdkVersion 29
-        versionCode 6
-        versionName "1.0.0-alpha5"
+        versionCode 7
+        versionName "1.0.0-alpha6"
     }
 
     buildTypes {

app/src/main/java/net/kollnig/missioncontrol/vpn/InConsumer.java

@@ -17,13 +17,9 @@
 package net.kollnig.missioncontrol.vpn;
 
 import android.content.Context;
-import android.util.Log;
-
-import java.nio.ByteBuffer;
 
 import edu.uci.calit2.antmonitor.lib.logging.PacketConsumer;
 import edu.uci.calit2.antmonitor.lib.logging.PacketProcessor.TrafficType;
-import edu.uci.calit2.antmonitor.lib.util.IpDatagram;
 import edu.uci.calit2.antmonitor.lib.util.PacketDumpInfo;
 
 public class InConsumer extends PacketConsumer {
@@ -43,13 +39,6 @@ public InConsumer (Context c, TrafficType trafficType) {
 	@Override
 	protected void consumePacket (PacketDumpInfo packetDumpInfo) {
 		// Parse IP packet
-		byte[] packet = packetDumpInfo.getDump();
-		IpDatagram ipDatagram = new IpDatagram(ByteBuffer.wrap(packet));
-		String remoteIp = ipDatagram.getSourceIP().getHostAddress();
-
-		if (remoteIp.equals("8.8.8.8")) {
-			Log.d(TAG, remoteIp);
-		}
 	}
 
 	/**

app/src/main/java/net/kollnig/missioncontrol/vpn/OutConsumer.java

@@ -38,12 +38,11 @@
 import static android.system.OsConstants.IPPROTO_UDP;
 
 public class OutConsumer extends PacketConsumer {
-	private final String TAG = OutConsumer.class.getSimpleName();
+	static PackageManager pm;
 	private final Context mContext;
 	private final Database database;
-	private final PackageManager pm;
-
-	ConnectivityManager connectivityManager;
+	static ConnectivityManager connectivityManager;
+	private static String TAG = OutConsumer.class.getSimpleName();
 
 	public OutConsumer (Context c, TrafficType trafficType) {
 		super(c, trafficType, null);
@@ -58,6 +57,7 @@ static String getHostname (String remoteIp) {
 		return VpnController.retrieveHostname(remoteIp);
 	}
 
+
 	/**
 	 * Logs outgoing packets of apps.
 	 *
@@ -121,7 +121,7 @@ protected void onStop () {
 	 * @return the name of the package of the app with the given uid, or "Unknown" if
 	 * no name could be found for the uid.
 	 */
-	public String getAppName (int uid) {
+	static String getAppName (int uid) {
 		/* IMPORTANT NOTE:
 		 * From https://source.android.com/devices/tech/security/ : "The Android
 		 * system assigns a unique user ID (UID) to each Android application and

app/src/main/java/net/kollnig/missioncontrol/vpn/OutFilter.java

@@ -24,13 +24,21 @@
 import net.kollnig.missioncontrol.data.Database;
 import net.kollnig.missioncontrol.main.AppBlocklistController;
 
+import java.net.InetSocketAddress;
+import java.net.UnknownHostException;
 import java.nio.ByteBuffer;
 
 import edu.uci.calit2.antmonitor.lib.logging.ConnectionValue;
 import edu.uci.calit2.antmonitor.lib.logging.PacketAnnotation;
 import edu.uci.calit2.antmonitor.lib.util.IpDatagram;
 import edu.uci.calit2.antmonitor.lib.vpn.OutPacketFilter;
 
+import static android.os.Process.INVALID_UID;
+import static android.system.OsConstants.IPPROTO_TCP;
+import static android.system.OsConstants.IPPROTO_UDP;
+import static net.kollnig.missioncontrol.vpn.OutConsumer.connectivityManager;
+import static net.kollnig.missioncontrol.vpn.OutConsumer.getAppName;
+
 public class OutFilter extends OutPacketFilter {
 	private final String TAG = OutFilter.class.getSimpleName();
 	private final AppBlocklistController appBlocklist;
@@ -63,17 +71,43 @@ public PacketAnnotation acceptIPDatagram (final ByteBuffer packet) {
 		if (tracker == null)
 			return ALLOW;
 
-		ConnectionValue v = mapDatagramToApp(packet);
-		String appId = v.getAppName();
-		if (appId == null)
+		String appname;
+		if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.Q) {
+			// Only UDP and TCP are supported
+			short protocol = IpDatagram.readProtocol(packet);
+			if (protocol != IpDatagram.UDP && protocol != IpDatagram.TCP)
+				return ALLOW;
+
+			int lookupProtocol = (protocol == IpDatagram.TCP) ? IPPROTO_TCP : IPPROTO_UDP;
+
+			InetSocketAddress local, remote;
+			try {
+				local = new InetSocketAddress
+						(IpDatagram.readSourceIP(packet), IpDatagram.readSourcePort(packet));
+				remote = new InetSocketAddress
+						(IpDatagram.readDestinationIP(packet), IpDatagram.readDestinationPort(packet));
+			} catch (UnknownHostException e) {
+				return ALLOW;
+			}
+
+			int uid = connectivityManager.getConnectionOwnerUid(lookupProtocol, local, remote);
+			if (uid == INVALID_UID)
+				return ALLOW;
+
+			appname = getAppName(uid);
+		} else {
+			ConnectionValue cv = mapDatagramToApp(packet);
+			appname = cv.getAppName();
+		}
+		if (appname == null)
 			return ALLOW;
 
-		if (appBlocklist.blockedApp(appId)
-				&& appBlocklist.blockedTracker(appId, tracker.getRoot())
+		if (appBlocklist.blockedApp(appname)
+				&& appBlocklist.blockedTracker(appname, tracker.getRoot())
 		)
 			return BLOCK;
 
-		// DATABASE.logPacketAsyncTask(mContext, appId, remoteIp, hostname);
+		// DATABASE.logPacketAsyncTask(mContext, appname, remoteIp, hostname);
 		return ALLOW;
 	}
 }

build.gradle

@@ -1,21 +1,6 @@
 ext {
-    var = '3.4.2'
-}/*
- * Copyright (C) 2019 Konrad Kollnig, University of Oxford
- *
- * TrackerControl is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 2 of the License, or
- * (at your option) any later version.
- *
- * TrackerControl is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with TrackerControl. If not, see <http://www.gnu.org/licenses/>.
- */
+    var = '3.5.2'
+}
 
 // Top-level build file where you can add configuration options common to all sub-projects/modules.