Delivery-Date: Fri, 25 Jul 2014 21:42:11 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id B1F9D1E0240
	for <archiver@seul.org>; Fri, 25 Jul 2014 21:42:09 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id DF7172F8DF;
	Sat, 26 Jul 2014 01:42:07 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id ADA4E2F30D
 for <tor-talk@lists.torproject.org>; Sat, 26 Jul 2014 01:36:09 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id PYK5JlW2AX2S for <tor-talk@lists.torproject.org>;
 Sat, 26 Jul 2014 01:36:09 +0000 (UTC)
Received: from turtles.fscked.org (turtles.fscked.org [76.73.17.194])
 by eugeni.torproject.org (Postfix) with ESMTP id 812042E96D
 for <tor-talk@lists.torproject.org>; Sat, 26 Jul 2014 01:36:09 +0000 (UTC)
Date: Fri, 25 Jul 2014 18:36:01 -0700
From: Mike Perry <mikeperry@torproject.org>
To: tor-talk@lists.torproject.org
Message-ID: <20140726013601.GC7153@torproject.org>
References: <53D0A151.6030801@tengu.ch> <20140724093138.GC5476@loar>
 <53D0ECB9.7040205@451f.org> <53D0F5C9.6090509@tengu.ch>
 <53D1102B.4060806@451f.org> <53D12334.4080702@tengu.ch>
 <20140725072410.GM7899@patternsinthevoid.net>
 <53D2118C.6040909@tengu.ch>
MIME-Version: 1.0
In-Reply-To: <53D2118C.6040909@tengu.ch>
Subject: Re: [tor-talk] Android app: Torrific
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============4177550028240389105=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============4177550028240389105==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="6zdv2QT/q3FMhpsV"
Content-Disposition: inline


--6zdv2QT/q3FMhpsV
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

CJ:
> On 07/25/2014 09:24 AM, isis wrote:
> > CJ transcribed 2.5K bytes:
> >>
> >> On 07/24/2014 03:54 PM, u wrote:
> >>> CJ:
> >>>> On 07/24/2014 01:23 PM, u wrote:
> >>>>> Lunar:
> >>>>>> CJ:
> >>>>>>> Just a small announce (not sure if this is the right ML, sorry).
> >>>>>>> I'm developing an Android app allowing to block all IP traffic, a=
nd
> >>>>>>> force only selected app through Orbot.
> >>>>>>> This is done because neither Orbot nor AFWall (or other free, ope=
nsource
> >>>>>>> Android iptables managment interface) seem to be able to do that=
=E2=80=A6
> >>>>>> Orbot is free software. Isn't there a way to add the needed featur=
es
> >>>>>> directly to it?
> >>>>>>
> >>>>>> Sorry if it's a naive question, I'm not very knowledgable regarding
> >>>>>> Android. But I know that asking our users to install 3 different a=
pps or
> >>>>>> even more is not friendly.
> >>>>> AFAIK this works in Orbot if you have a rooted Android device.
> >>>> Not the "block all other output" part in fact :)
> >>> That said, I am also interested in your answer to Lunar's question :)
> >>> Why not contribute to Orbot instead?
> >>>
> >>> Cheers!
> >> It's possible I push some pull-request later, yes.
> >> But, as said in some previous email, I'm not really sure it's Orbot job
> >> to set up firewall=E2=80=A6 I rather prefer dedicated app for dedicate=
d task =E2=80=94
> >> Orbot main task is, for me, connecting to Tor network=E2=80=A6 Basical=
ly, this
> >> just doesn't involve the firewall at all.
> >>
> >> But yeah, I know, users like "all-in-one apps" =E2=80=94 who knows, on=
ce
> >> torrific is ready (i.e. no more broken rules, no more bugs like "craps,
> >> network's broken")=E2=80=A6 the devs may get some PR ;).
> >> Torrific is also, for me, a way to play with android without annoying
> >> other applications.
> >>
> >> To be honest, I'd rather contribute this function in AFWall than Orbot,
> >> as it already is a firewall manager (and not a bad one).
> >>
> >> Cheers,
> >>
> >> C.
> >=20
> > I agree that this should be done outside Orbot, for several reasons tha=
t I'm
> > not going to get dragged into again. And FWIW, Mike's blog post on Andr=
oid
> > security specifically recommends setting up DroidWall (a similar AOS
> > iptables-based firewall app) with some bash scripts to log and deny all=
 leaky
> > traffic from Orbot.
> >=20
> > My primary concern would be regarding whether Torrific's iptables rules=
 are
> > applied ASAP after Orbot starts Tor, and I actually can't recommend any=
thing
> > there (short of building a new initramfs which enforces starting the fi=
rewall
> > from there, early during the boot process).
>=20
> torrific works with an init-script blocking all the traffic =E2=80=94 sam=
e way
> droidwall or afwall are working, same problem with older android versions.
> torrific starts on boot, maybe earlier than orbot, which is a good
> thing. it also uses orbot uid (as well as app uid) in order to set the
> redirects and allow orbot to go out.
>=20
> >=20
> > DroidWall already has a mechanism for running user-specified scripts at
> > startup... Perhaps the most portable way to do what you're trying to do=
 would
> > be to add a similar script-sourcing mechanism to AFWall? Then you could=
 simply
> > maintain a repo of startup scripts which (hopefully) work for any Andro=
id
> > firewall app which supports this mechanism.
>=20
> problems with handmade scripts: how to catch app uid automatically?
> that's not userfriendly. Not at all=E2=80=A6
> That was the first version of this app: an init-script, a "lib" written
> in shell, and a script applying the rules, using a shell array as source
> for application information.

FWIW, in the shell scripts in my howto[1], I do this UID detection in
shell with dumpsys. Here's an example script:
https://people.torproject.org/~mikeperry/android-hardening/android-firewall=
/firewall-allow-linphone-udp.sh

The userinit problem I solved in a Cyanogenmod-specific way (I think).
Cyanogenmod has a special init script location in
/data/local/userinit.sh. For extra fun, I think it supports that instead
of more standard Android init-scripts, because the AFWall+ startup
script hack does not work on my devices. That's the main reason I
created this userinit hack:
https://people.torproject.org/~mikeperry/android-hardening/android-firewall=
/userinit.sh

> the app I've done lists the installed application requesting network
> access, you just have to check those you're wanting to allow network
> access and they are forced through orbot :).

That LinPhone example script above also has another neat feature that I
wish were available by default in a firewall app such as this. It allows
only the UDP activity of LinPhone to bypass the Tor proxy. This means I
can make TLS+SIP+ZRTP calls where the call setup and signaling goes over
Tor, but encrypted voice and video data goes directly peer-to-peer over
UDP.

I recognize the UI for supporting this in the general case is a bit
tricky to create without a lot of clutter, and it's questionable if you
want to expose this ability for all apps (because for non peer-to-peer
apps it can mean deanonymization to a central server). However, for this
specific case it is very handy, at least until Tor is performant enough
to support live, unbuffered voice+video data.


1. https://blog.torproject.org/blog/mission-impossible-hardening-android-se=
curity-and-privacy

--=20
Mike Perry

--6zdv2QT/q3FMhpsV
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJT0wYBAAoJEHF/HxMOOpLkFJIP/1eQD+D7rPQAdKSvbzpuevmR
+15mFBbbH1WPE/djlqUpnO0vvDiBcELaJgNYRcYNHoEj3qxgPLWxD/auKasw1e+M
fmAZxliUdDOp4Q9YMA1bEqLM+HWNC0ZgnHPY7y8VBtczrWU3auIm+z6kYlsDOTEE
N7qi/1du78CPfc0SD0TJ+BEc9EilSlyMUlk62uW3HOPgh8MzpYrsdvTWzpjNQd9F
PPynhOrQewO6Pm2tNYEJDBtAsl1Nw3KeDw8PVnMS8w2FmkTUGL8vYTOxH2Fivwni
NB5o6zlXdJKDWk4XE1yQlf3rFfDtw3rv+bCLdL12buxUQLWpXXGWO55qqjiZQEdd
kmJ6Ljzn7d+nndp44nEykAUIbs9JsBTNXclP4SgXb5yKstJ5kghYi42rONyvfFYe
rDjr++aD9TuSuvkAT94By4SVHV6MHadVkHcVVz8OppsNw+Wlkkybl7d4ZqVhHaaa
tMaqodVKaSxx9XmPNTBtgee2p+wleHYhylTbnCjXMCtDHtpFYnmG+YWPc2mwm4uq
Ar2sme0OHhFJFPmza80GvSZw7SdI2ai4iP2itA9h7rx3utl3H/SZwgcRI4kQ0nX3
gBS3xHP/adNbTUps3Mj9j769KQuUoPVA1qYUlkSWJkhBOucMWyewtvEpIle423Sk
YZi7zn26c8tRbCXEBlQk
=EBGo
-----END PGP SIGNATURE-----

--6zdv2QT/q3FMhpsV--

--===============4177550028240389105==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============4177550028240389105==--

