Addresses ASL-22-002 WP1

consuelita · consuelita · commit 217cdae0a75d · 2024-02-27T14:02:48.000-06:00
ASL-22-002 WP1: VPN status disclosure via insecure broadcasts
diff --git a/app/src/main/java/org/OperatorFoundation/MoonbounceAndroidKotlin/MainActivity.kt b/app/src/main/java/org/OperatorFoundation/MoonbounceAndroidKotlin/MainActivity.kt
@@ -14,6 +14,7 @@ import android.widget.TextView
 import androidx.activity.result.contract.ActivityResultContracts
 import androidx.appcompat.app.AppCompatActivity
 import androidx.appcompat.widget.SwitchCompat
+import org.operatorfoundation.moonbouncevpnservice.APP_PACKAGE
 import org.operatorfoundation.moonbouncevpnservice.DISALLOWED_APPS
 import org.operatorfoundation.moonbouncevpnservice.EXCLUDE_ROUTES
 import org.operatorfoundation.moonbouncevpnservice.MBAKVpnService
@@ -274,6 +275,9 @@ class MainActivity : AppCompatActivity()
         // Set the action (start not stop)
         moonbounceVPNIntent.action = START_VPN_ACTION
 
+        // Provide the activity that should receive the vpn status broadcasts
+        moonbounceVPNIntent.putExtra(APP_PACKAGE, MainActivity::class.java)
+
         // Set the IP address of the vpn server (transport server if a transport is being used)
         ipAddress = ipEditText.text.toString()
         moonbounceVPNIntent.putExtra(SERVER_IP, ipAddress)
diff --git a/moonbounceVPNService/src/main/java/org/operatorfoundation/moonbouncevpnservice/MBAKVpnService.kt b/moonbounceVPNService/src/main/java/org/operatorfoundation/moonbouncevpnservice/MBAKVpnService.kt
@@ -34,8 +34,9 @@ const val EXCLUDE_ROUTES = "ExcludeRoute"
 const val USE_PLUGGABLE_TRANSPORTS = "UsePluggableTransports"
 const val STOP_VPN_ACTION = "StopMoonbounce"
 const val START_VPN_ACTION = "StartMoonbounce"
+const val APP_PACKAGE = "CallingActivityClass"
 
-class MBAKVpnService : VpnService()
+class MBAKVpnService() : VpnService()
 {
     val sizeInBits = 32
     val maxBatchSize =  250 // bytes
@@ -61,6 +62,10 @@ class MBAKVpnService : VpnService()
     private var disallowedApps: Array<String>? = null
     private var excludeRoutes: Array<String>? = null
 
+    // Needed to create an explicit intent for broadcasting status to an explicit application package name
+    // Defaults to the example app, pass your package name in as an extra in the VPN intent to override this
+    private var applicationPackageName: String = "org.operatorfoundation.moonbounceAndroidKotlin"
+
     companion object
     {
         const val vpnStatusNotification = "org.operatorfoundation.moonbounceAndroidKotlin.VPNStatusNotification"
@@ -325,6 +330,7 @@ class MBAKVpnService : VpnService()
         val maybeDisallowedApps: Array<String>?
         val maybeExcludeRoutes: Array<String>?
         val maybeUsePluggableTransports: Boolean
+        val maybeApplicationPackage: String?
 
         if (intent != null)
         {
@@ -334,6 +340,8 @@ class MBAKVpnService : VpnService()
             maybeDisallowedApps = intent.getStringArrayExtra(DISALLOWED_APPS)
             maybeExcludeRoutes = intent.getStringArrayExtra(EXCLUDE_ROUTES)
             maybeUsePluggableTransports = intent.getBooleanExtra(USE_PLUGGABLE_TRANSPORTS, false)
+            maybeApplicationPackage = intent.getStringExtra(APP_PACKAGE)
+
             this.usePluggableTransport = maybeUsePluggableTransports
         }
         else
@@ -376,6 +384,11 @@ class MBAKVpnService : VpnService()
             excludeRoutes = maybeExcludeRoutes
         }
 
+        if (maybeApplicationPackage != null)
+        {
+            applicationPackageName = maybeApplicationPackage
+        }
+
         return true
     }
 
@@ -413,6 +426,7 @@ class MBAKVpnService : VpnService()
     fun broadcastStatus(action: String, statusDescription: String, status: Boolean)
     {
         val intent = Intent()
+        intent.setPackage(applicationPackageName)
         intent.putExtra(statusDescription, status)
         intent.action = action
         sendBroadcast(intent)
