archive
/
tailscale-android
mirror of https://github.com/tailscale/tailscale-android
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
release-branch/1.76
kari/bumposs
main
kari/insttest
kari/undocode
kari/tkalockedout
kari/androidlogs
release-branch/1.74
kari/toolchain
revert-482-main
release-branch/1.72
jonathan/bump_fix
angott/magicdns-privatedns-warn
jwhited/revert-gvisor-gro
angott/dot-915
release-branch/1.70
jonathan/bump_oss
release-branch/1.68
jonathan/npe_crash_1
angott/l10n-it
release-branch/1.66
ox/reenable_quick_settings
percy/psychic_quicksettings
jonathan/build_apk
jonathan/remember-exit-node
bradfitz/docs
jonathan/auth_keys
jonathan/compose_previews
jonathan/machine_auth
release-branch/1.64
jonathan/decorate_settings
jonathan/corp-19070
phirework/unstable-64
jonathan/androidTV
ox/move_admin_account_info
ox/allow_lan_access_toggle
jonathan/cleanup
jonathan/runasexitnode
jonathan/intro_screen
jonathan/switch-state
ox/detectlogin
ox/styling_bak
ox/exit_node_clickable
ox/taildrop
ox/eng-2988
raggi/builds3
oxtoacart/remove_dead_code
oxtoacart/reactive_exit_node_bak
jonathan/mdm-debug
knyar/unstable
knyar/makefile
oxtoacart/android-nextgen-infra
raggi/buildport
release-branch/1.60
oxtocart/bugreportvialocalapi_codereview_suggestion
kari/unstable-1.58
catzkorn/notag
catzkorn/menu
release-branch/1.58
oxtoacart/gomobilepoc
release-branch/1.56
release-branch/1.54
version
release-branch/1.52
bradfitz/sharer_or_user
raggi/emulator
release-branch/1.48
maisem/bumposs
catzkorn/fixit
raggi/assert-goroot
catzkorn/routing
raggi/destructivepurege
bradfitz/authkey_intent
raggi/tailscale-version-workspace
release-branch/1.46
dns
unstable1_47
release-branch/1.44
revert-86-feature/preference-toggles
release-branch/1.42
bradfitz/tsd_fix
bradfitz/bump_tscom
bradfitz/dns_google
bradfitz/shared_user_dev
release-branch/1.40
mihaip/readme
mihaip/build-tags
mihaip/flush
release-branch/1.38
release-branch/1.36
googlehome
gio
sonos
release-branch/1.34
release-branch/1.32
raggi/vader
release-branch/1.30
release-branch/1.28
release-branch/1.26
release-branch/1.24
bradfitz/netstack_localbackend
bradfitz/android_studio
bradfitz/firedoc
release-branch/1.22
bradfitz/tidy
release-branch/1.20
bradfitz/corp_dns_setting
bradfitz/allow_lan
bradfitz/bump_target
bradfitz/be_exit_node
bradfitz/bugreport
bradfitz/make_darwin
bradfitz/gorev
bradfitz/qr_firestick
release-branch/1.18
release-branch/1.16
release-branch/1.14
always-on
release-branch/1.12
notification
file-share
bradfitz/netns
bradfitz/1.9
split-dns-1695
1.76.2-t088d78591-gfafffd2aeba
1.76.1-t24929f6b6-ga20b1114dd5
1.76.0-t51fb4ce51-g5f19730c7a4
1.74.1-t0ca17be4a-gafa257e57b7
1.75.11-t8b962f23d-gf07d419a125
1.75.4-t124ff3b03-g001e79546c2
1.75.3-tafec2d41b-gffbc556cde8
1.75.2-t93f61aa4c-gfe6f9c6110a
1.75.2-t93f61aa4c-ge195def5e23
1.73.114-t0970615b1-gab7ab737364
1.73.104-te7b5e8c8c-g161457b99b5
1.73.69-ta584d04f8-gd94125e7670
1.73.0-t1e8f8ee5f-ga843c93669f
1.71.135-tccf091e4a-g7e5e0f25cf6
1.71.72-t1ed958fe2-g2a32ed1f301
1.70.0-td601f16e1-g6deb61a20e5
1.68.2-tc79c500c7-g242d97ac2ac
1.69.75-t27033c627-gb6cacdfd6a2
1.68.1-t92eacec73-g4a5d087d56d
1.68.0-t52ddf0d01-g4528ee61760
1.67.105-t916c4db75-g0e82e54ffb6
1.66.3-teae73f821-g63a2bbc8e71
1.67.13-t7b3e30f39-g46cdbb7b9b2
1.67.13-t7b3e30f39-gb587bc2a18c
1.67.12-t79b2d425c-gff4ce8d9346
1.65.192-te968b0ecd-g48543799b1a
1.65.192-te968b0ecd-g7f66c373eaf-dirty
1.65.182-t80df8ffb8-g6a15347453c
1.65.167-t258b5042f-g5c494450af4
1.65.4-t7a77a2edf-gfab2f183b34
1.64.0-t78dc8622d-gfd2ca6fa940
1.63.93-t1fbaf2610-ge0020f8c4bf
1.57.100-t8250582fe-g9e8dfbb2ab0
1.58.2-tb0e1bbb62-gcd1f0649958
1.57.72-tca48db0d6-gdcca09fe7f8
1.56.0-tf51793b90-g49ed1df6cc9
1.55.148-t86aa0485a-g5ef7bbaff0a
1.55.47-tb88929edf-g0a44d50e8b0
1.54.0-tc82fd1256-g8e8e1d0f76a
1.53.115-t6cce5fe00-gab4a672a4eb
1.51.207-t35d7b3aa2-g3a305b158ca
1.48.2-tab970fe55-g52607bf35ef
1.48.0-t77c732357-g388b71affe8
1.44.1-ta377e1363-g584245cc823
1.44.0-tb3138a71a-gfcf1b101b70
1.43.55-tc783f2822-g0ccb93e1156
1.42.0-tab797f0ab-gccfe73ba474
1.41.69-te3cb98213-g38061656a57
1.40.0-t9bdaece3d-ge0ba590be3e
1.39.194-te3b2250e2-gaa32919ac3d
1.39.174-t280255aca-g1a4a0884663
1.39.138-tcef0a474f-ga5346dcc26a
1.38.2-t3db61d07c-g30af1bea6c7
1.39.35-t731688e5c-gdf47a609279
1.38.2-t3db61d07c-g3a45784fce8
1.38.1-t3eeff9e7f-g8725a9e98e2
1.37.262-t047b32493-g814cd3c43a9
1.37.259-tb64d78d58-gd53da4ac65e
1.36.2-t0438c67e2-gd4f0ac0b58c
1.37.108-t01d58c9b6-g813b770cdf7
1.36.1-t576b08e5e-g28a435b67d6
1.36.0-tab998de98-g9ccba36ca1b
1.35.165-t2df38b1fe-gf643488f7a1
1.35.158-tb657187a6-g9562c27766e
1.34.2-tc5ef9103d-g4727c9c4b63
1.35.108-t692eac23a-g365b0ce6b0e
1.35.108-t692eac23a-g30e46fb8545
1.35.80-t237f030cd-gfd874ed58e9
1.34.1-t331d553a5-g14e42b2de7e
1.35.5-t4b34c8842-gc5e20b297c0
1.34.0-t988801d5d-gca20b46c925
1.33.385-t86b6ff61e-g80b896e71cd
1.33.299-t300aba61a-g1181155b7d1
1.32.3-t9dd89b8c2-g79fdccd8e3e
1.33.97-t81fd25913-g26e72f15efe
1.32.2-t54e8fa172-gd9ef1cad8ab
1.33.21-t63ad49890-g80dfbd8a0c5
1.33.20-t899b4cae1-g185cc3dd8f9
1.32.0-tfc688fe02-g13fc35a8bd5
1.31.167-t6d76764f3-g5ed3921ad62
1.31.84-t42f1d92ae-g03970952d53
1.30.2-t118545749-g9d01824d01f
1.30.2-t118545749-gb1033503280
1.31.40-t2aade349f-g033f7d87b43
1.31.40-t2aade349f-g5d209e6122b
1.30.1-t949c40030-gda453c0f676
1.30.0-t0b00b7a13-gdbd2b98eaea
1.29.194-t70f9fc8c7-gd0812b9476b
1.29.183-te4b5b92b8-gc9d2b97402e
1.29.175-t472529af3-gac01ced297a
v1.10.2-36fe8addc39-g31f2cfa9c9c
1.29.72-tb905db7a5-g9e6ef85d269
1.29.70-tc06758c83-g140149ef876
1.29.70-tc06758c83-g34ae6109d03
1.29.0-t3c892d106-g42f688f1292
1.28.0-taabca3a4c-gd900a87f4b4
1.27.81-t755396d6f-g21ea21f4f03
1.26.2-t5a60f1ffe-g4b32a50bc96
1.27.69-t9584d8aa7-g7abc94c4eae
1.27.57-t06aa14163-gbc1b0e24950
1.27.57-t06aa14163-g4fa037b636b
1.27.24-t467eb2eca-g0c11377ca10
1.26.1-t5b81baa7d-gd2fd1453038
1.26.1-t5b81baa7d-g2ac46a95b0f
1.26.0-t9fc6551b4-g3502f448874
1.26.0-t9fc6551b4-g0ed48c78500
1.25.91-tfc5839864-g1845f173179
1.25.35-te3619b890-ge66e57fbb08
1.24.2-tdce2409b1-gb8ed6272bdb
1.24.2-tdce2409b1-gc32eb8e27e8-dirty
1.24.2-tdce2409b1-gc32eb8e27e8
1.24.0-tf0e71f4a2-g772e6ae6f06
1.23.238-t695f8a1d7-gbd5ef3fd68d
1.23.238-t695f8a1d7-g60f461e5e79
1.23.237-t53588f632-g94762403ce1
1.23.230-t13f75b966-gb8af14c0098
1.23.210-tc13be0c50-g3f8df48d23d
1.23.192-tc591c9165-g4ccafba8f7f
1.23.152-t9f604f2bd-gcc70ae7aa62
1.23.148-t7c7f37342-gb4f8e7f90a4
1.23.53-t012098ec3-gb0f1428443e
1.23.53-t012098ec3-g7203980ecc8
1.22.0-t4e0b00ad8-g56cf5b6132d
1.21.114-te921e1b02-g4a1c0cb2ee7
1.21.112-td19a63ddf-g5868fdb7b04
1.21.52-taaba49ca1-g467ddfc6052-dirty
1.21.52-taaba49ca1-g467ddfc6052
1.20.2-t8e643357d-ge1751fa2802
1.21.24-t0ada42684-g213009e9af5
1.21.8-t8cf1af8a0-g6b83c6ae21f
1.20.0-t958917dce-gdbbb71c2e39
1.19.190-tc5243562d-g039124db792
1.19.190-tc5243562d-g14b849f0e85-dirty
1.19.189-t1a4e8da08-g1be9000a6ac-dirty
1.18.2-tb04815c9c-g08e1f97a38e
1.19.127-tcced414c7-ga3d2dc95dbc
1.19.127-tcced414c7-gc63656926aa
1.19.116-t878a20df2-gb2665ab2ff5
1.19.111-te34ba3223-gca696b116ce
1.18.0-t71f1dd5aa-g6e464cc68f9
1.17.235-t773af7292-gda175ba2212
1.17.205-td6dde5a1a-gdb53a314eb3
1.17.191-t0532eb30d-g0ecb2a25874
1.16.2-tb56ba2054-g377795b3b67
1.17.81-tc60806b55-g61f90a1975b
1.16.1-t4f4000fbe-g0e7d23df47d
1.17.52-t9af27ba82-g82ea8df1dc8
1.16.0-tb0f4f3161-g2840d54aade
1.16.0-tb0f4f3161-gf0dcec6c275-dirty
1.15.210-tbabd163aa-g9b52c6b357b
1.14.6-tdfc4042ec-gb1b53ce7b58
1.15.196-t173bbaa1a-g0637d599af4
1.15.191-t52737c14a-g75ef65dd501
1.15.3-t1925fb584-g7aa8ae9a47e
1.14.0-t62a458f7f-gff91342ecc8
1.14.0-t62a458f7f-g0f6f5a30323
1.13.116-t0ac213059-gae2df120327
1.13.73-t954867fef-g3e299e873d8
1.13.53-t8bdf87883-g30324736c98
1.13.53-t8bdf87883-g15a27d2336b
1.13.52-t360223fcc-g18e6fe24db7
1.13.52-t360223fcc-gd81f8a03b65-dirty
1.13.42-tfd7b738e5-ga68462ec65f
1.12.3-t2be791762-gf6ecdd058da
1.12.3-t2be791762-g2ea501279cf
1.13.19-td37451bac-g82b6b8dbd36
1.13.19-td37451bac-g0f46117f9c0
1.13.6-tf414a9cc0-gd98827df030
1.13.6-f414a9cc01f-gf59e53e41d8
1.12.1-1d7592eb117-g1fc94ccf979
1.12.1-1d7592eb117-gf4742b7d907
1.11.151-d145c594ad6-g7b2e61e80cd
1.11.151-d145c594ad6-g7ebedfd62a9
1.11.151-d145c594ad6-g7a00ad639b4
1.11.151-d145c594ad6-g20c35d55f57
1.11.109-798b0da4703-g480b1a62eb2
1.11.109-798b0da4703-g4d32c6da4f6-dirty
1.11.106-1bb6abc604c-g2c1f35d5607
1.11.106-1bb6abc604c-g27283a8bb0a
v1.10.2-36fe8addc39-g74a18b3359b
v1.10.1-cd3fd076cc7-gadfcedb0972
v1.10.1-cd3fd076cc7-gad31a689393
v1.10.0-405ea978f8b-g242c936b2cd
v1.10.0-405ea978f8b-g10ded1bad29
v1.10.0-405ea978f8b-ge8f2409cb3d-dirty
v1.10.0-405ea978f8b-g6c005dab135-dirty
v1.10.0-405ea978f8b-g47b732aaab1
v1.10.0-t405ea978f-g07616236fc2
v1.10.0-t405ea978f-g5bb36e740cf
v-g2f7b27412a0
v1.8.6-t28a8f9c90-g04890797712
v-g90351e73923
v1.8.6-t28a8f9c90-gff16a75a65c
v1.8.3-td0e86b08c-g8ea1d4ced73
v1.8.3-td0e86b08c-g06e461d7038
v1.6.0-tddc975fcb-g05212e770b0
v1.6.0-tddc975fcb-ge2d731dbbab
v1.6.0-tddc975fcb-g05ddfd5d90e
v1.4.5-tb89c65304-gd3e0b420939
v1.4.4-t64a9656c0-g3e758d0fe21
v1.4.0-t3d7cff91b-g33cf7c0aa19
v1.4.0-t3d7cff91b-gc4f626c5a79
v1.3.267-t9936cffc1-g96e2661764c
v1.2.2-t76c2982d8-gc26c3b0a3
v1.2.2-t76c2982d8-gb981aa576
v1.2.2-t76c2982d8-g8daee9c43
v1.2.2-t76c2982d8-g33a953fb2
v1.2.2-t76c2982d8-gf2c035a8b
v1.2.2-t76c2982d8-g97a826d11
v0.1.21
v0.1.20
v0.1.19
v0.1.18
v0.1.17
v0.1.16
v0.1.15
v0.1.14
v0.1.13
v0.1.11
v0.1.10
1.60.1-t2caffeeb4-g6f7ae79a31c
1.66.0-te2a0fc0bc-g6bd50e8026d
1.72.0-taa448d5a9-g8c424617ff0
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v1.2.2-t76c2982d8-g39dfd8495
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '20ddae3208'
${ noResults }
tailscale-android/cmd/tailscale/main.go

923 lines
23 KiB
Go
Raw Blame History

// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package main
import (
"crypto/sha1"
"fmt"
"log"
"sort"
"strings"
"time"
"unsafe"
"gioui.org/app"
"gioui.org/io/system"
"gioui.org/layout"
"gioui.org/op"
"inet.af/netaddr"
"github.com/tailscale/tailscale-android/jni"
"tailscale.com/ipn"
"tailscale.com/net/dns"
"tailscale.com/tailcfg"
"tailscale.com/types/netmap"
"tailscale.com/wgengine/router"
)
//go:generate go run github.com/go-bindata/go-bindata/go-bindata -nocompress -o logo.go tailscale.png google.png
type App struct {
jvm *jni.JVM
// appCtx is a global reference to the com.tailscale.ipn.App instance.
appCtx jni.Object
store *stateStore
// netStates receives the most recent network state.
netStates chan BackendState
// prefs receives new preferences from the backend.
prefs chan *ipn.Prefs
// browseURLs receives URLs when the backend wants to browse.
browseURLs chan string
// backend is the channel for events from the frontend to the
// backend.
backendEvents chan UIEvent
}
var (
// googleClass is a global reference to the com.tailscale.ipn.Google class.
googleClass jni.Class
)
type clientState struct {
browseURL string
backend BackendState
// query is the search query, in lowercase.
query string
Peers []UIPeer
}
type ExitStatus uint8
const (
// No exit node selected.
ExitNone ExitStatus = iota
// Exit node selected and exists, but is offline or missing.
ExitOffline
// Exit node selected and online.
ExitOnline
)
type ExitNode struct {
Label string
Online bool
ID tailcfg.StableNodeID
}
type BackendState struct {
Prefs *ipn.Prefs
State ipn.State
NetworkMap *netmap.NetworkMap
LostInternet bool
// Exits are the peers that can act as exit node.
Exits []ExitNode
// ExitState describes the state of our exit node.
ExitStatus ExitStatus
// Exit is our current exit node, if any.
Exit ExitNode
}
// UIEvent is an event flowing from the UI to the backend.
type UIEvent interface{}
type RouteAllEvent struct {
ID tailcfg.StableNodeID
}
type ConnectEvent struct {
Enable bool
}
type CopyEvent struct {
Text string
}
type SearchEvent struct {
Query string
}
type OAuth2Event struct {
Token *tailcfg.Oauth2Token
}
// UIEvent types.
type (
ToggleEvent struct{}
ReauthEvent struct{}
WebAuthEvent struct{}
GoogleAuthEvent struct{}
LogoutEvent struct{}
)
// serverOAuthID is the OAuth ID of the tailscale-android server, used
// by GoogleSignInOptions.Builder.requestIdToken.
const serverOAuthID = "744055068597-hv4opg0h7vskq1hv37nq3u26t8c15qk0.apps.googleusercontent.com"
// releaseCertFingerprint is the SHA-1 fingerprint of the Google Play Store signing key.
// It is used to check whether the app is signed for release.
const releaseCertFingerprint = "86:9D:11:8B:63:1E:F8:35:C6:D9:C2:66:53:BC:28:22:2F:B8:C1:AE"
// backendEvents receives events from the UI (Activity, Tile etc.) to the backend.
var backendEvents = make(chan UIEvent)
func main() {
a := &App{
jvm: (*jni.JVM)(unsafe.Pointer(app.JavaVM())),
appCtx: jni.Object(app.AppContext()),
netStates: make(chan BackendState, 1),
browseURLs: make(chan string, 1),
prefs: make(chan *ipn.Prefs, 1),
}
err := jni.Do(a.jvm, func(env *jni.Env) error {
loader := jni.ClassLoaderFor(env, a.appCtx)
cl, err := jni.LoadClass(env, loader, "com.tailscale.ipn.Google")
if err != nil {
// Ignore load errors; the Google class is not included in F-Droid builds.
return nil
}
googleClass = jni.Class(jni.NewGlobalRef(env, jni.Object(cl)))
return nil
})
if err != nil {
fatalErr(err)
}
a.store = newStateStore(a.jvm, a.appCtx)
go func() {
if err := a.runBackend(); err != nil {
fatalErr(err)
}
}()
go func() {
if err := a.runUI(); err != nil {
fatalErr(err)
}
}()
app.Main()
}
func (a *App) runBackend() error {
appDir, err := app.DataDir()
if err != nil {
fatalErr(err)
}
type configPair struct {
rcfg *router.Config
dcfg *dns.OSConfig
}
configs := make(chan configPair)
configErrs := make(chan error)
b, err := newBackend(appDir, a.jvm, a.store, func(rcfg *router.Config, dcfg *dns.OSConfig) error {
if rcfg == nil {
return nil
}
configs <- configPair{rcfg, dcfg}
return <-configErrs
})
if err != nil {
return err
}
defer b.CloseTUNs()
// Contrary to the documentation for VpnService.Builder.addDnsServer,
// ChromeOS doesn't fall back to the underlying network nameservers if
// we don't provide any.
b.avoidEmptyDNS = a.isChromeOS()
var timer *time.Timer
var alarmChan <-chan time.Time
alarm := func(t *time.Timer) {
if timer != nil {
timer.Stop()
}
timer = t
if timer != nil {
alarmChan = timer.C
}
}
notifications := make(chan ipn.Notify, 1)
startErr := make(chan error)
// Start from a goroutine to avoid deadlock when Start
// calls the callback.
go func() {
startErr <- b.Start(func(n ipn.Notify) {
notifications <- n
})
}()
var (
cfg configPair
state BackendState
service jni.Object
signingIn bool
)
for {
select {
case err := <-startErr:
if err != nil {
return err
}
case s := <-configs:
cfg = s
if b == nil || service == 0 || cfg.rcfg == nil {
configErrs <- nil
break
}
configErrs <- b.updateTUN(service, cfg.rcfg, cfg.dcfg)
case n := <-notifications:
exitWasOnline := state.ExitStatus == ExitOnline
if p := n.Prefs; p != nil {
first := state.Prefs == nil
state.Prefs = p.Clone()
state.updateExitNodes()
if first {
state.Prefs.Hostname = a.hostname()
state.Prefs.OSVersion = a.osVersion()
state.Prefs.DeviceModel = a.modelName()
go b.backend.SetPrefs(state.Prefs)
}
a.setPrefs(state.Prefs)
}
if s := n.State; s != nil {
oldState := state.State
state.State = *s
if service != 0 {
a.updateNotification(service, state.State)
}
if service != 0 {
if cfg.rcfg != nil && state.State >= ipn.Starting {
if err := b.updateTUN(service, cfg.rcfg, cfg.dcfg); err != nil {
log.Printf("VPN update failed: %v", err)
notifyVPNClosed()
}
} else {
b.CloseTUNs()
}
}
// Stop VPN if we logged out.
if oldState > ipn.Stopped && state.State <= ipn.Stopped {
if err := a.callVoidMethod(a.appCtx, "stopVPN", "()V"); err != nil {
fatalErr(err)
}
}
a.notify(state)
}
if u := n.BrowseToURL; u != nil {
signingIn = false
a.setURL(*u)
}
if m := n.NetMap; m != nil {
state.NetworkMap = m
state.updateExitNodes()
a.notify(state)
if service != 0 {
alarm(a.notifyExpiry(service, m.Expiry))
}
}
// Notify if a previously online exit is not longer online (or missing).
if service != 0 && exitWasOnline && state.ExitStatus == ExitOffline {
a.pushNotify(service, "Connection Lost", "Your exit node is offline. Disable your exit node or contact your network admin for help.")
}
case <-alarmChan:
if m := state.NetworkMap; m != nil && service != 0 {
alarm(a.notifyExpiry(service, m.Expiry))
}
case e := <-backendEvents:
switch e := e.(type) {
case OAuth2Event:
go b.backend.Login(e.Token)
case ToggleEvent:
state.Prefs.WantRunning = !state.Prefs.WantRunning
go b.backend.SetPrefs(state.Prefs)
case WebAuthEvent:
if !signingIn {
go b.backend.StartLoginInteractive()
signingIn = true
}
case LogoutEvent:
go b.backend.Logout()
case ConnectEvent:
state.Prefs.WantRunning = e.Enable
go b.backend.SetPrefs(state.Prefs)
case RouteAllEvent:
state.Prefs.ExitNodeID = e.ID
go b.backend.SetPrefs(state.Prefs)
state.updateExitNodes()
a.notify(state)
}
case s := <-onConnect:
jni.Do(a.jvm, func(env *jni.Env) error {
if jni.IsSameObject(env, s, service) {
// We already have a reference.
jni.DeleteGlobalRef(env, s)
return nil
}
if service != 0 {
jni.DeleteGlobalRef(env, service)
}
service = s
return nil
})
a.updateNotification(service, state.State)
if m := state.NetworkMap; m != nil {
alarm(a.notifyExpiry(service, m.Expiry))
}
if cfg.rcfg != nil && state.State >= ipn.Starting {
if err := b.updateTUN(service, cfg.rcfg, cfg.dcfg); err != nil {
log.Printf("VPN update failed: %v", err)
notifyVPNClosed()
}
}
case connected := <-onConnectivityChange:
state.LostInternet = !connected
if b != nil {
go b.LinkChange()
}
a.notify(state)
case s := <-onDisconnect:
b.CloseTUNs()
jni.Do(a.jvm, func(env *jni.Env) error {
defer jni.DeleteGlobalRef(env, s)
if jni.IsSameObject(env, service, s) {
jni.DeleteGlobalRef(env, service)
service = 0
}
return nil
})
if state.State >= ipn.Starting {
notifyVPNClosed()
}
}
}
}
func (a *App) isChromeOS() bool {
var chromeOS bool
err := jni.Do(a.jvm, func(env *jni.Env) error {
cls := jni.GetObjectClass(env, a.appCtx)
m := jni.GetMethodID(env, cls, "isChromeOS", "()Z")
b, err := jni.CallBooleanMethod(env, a.appCtx, m)
chromeOS = b
return err
})
if err != nil {
panic(err)
}
return chromeOS
}
func (s *BackendState) updateExitNodes() {
s.ExitStatus = ExitNone
var exitID tailcfg.StableNodeID
if p := s.Prefs; p != nil {
exitID = p.ExitNodeID
if exitID != "" {
s.ExitStatus = ExitOffline
}
}
hasMyExit := exitID == ""
s.Exits = nil
var peers []*tailcfg.Node
if s.NetworkMap != nil {
peers = s.NetworkMap.Peers
}
for _, p := range peers {
canRoute := false
for _, r := range p.AllowedIPs {
if r == netaddr.MustParseIPPrefix("0.0.0.0/0") || r == netaddr.MustParseIPPrefix("::/0") {
canRoute = true
break
}
}
myExit := p.StableID == exitID
hasMyExit = hasMyExit || myExit
exit := ExitNode{
Label: p.DisplayName(true),
Online: canRoute,
ID: p.StableID,
}
if myExit {
s.Exit = exit
if canRoute {
s.ExitStatus = ExitOnline
}
}
if canRoute || myExit {
s.Exits = append(s.Exits, exit)
}
}
sort.Slice(s.Exits, func(i, j int) bool {
return s.Exits[i].Label < s.Exits[j].Label
})
if !hasMyExit {
// Insert node missing from netmap.
s.Exit = ExitNode{Label: "Unknown device", ID: exitID}
s.Exits = append([]ExitNode{s.Exit}, s.Exits...)
}
}
// hostname builds a hostname from android.os.Build fields, in place of a
// useless os.Hostname().
func (a *App) hostname() string {
var hostname string
err := jni.Do(a.jvm, func(env *jni.Env) error {
cls := jni.GetObjectClass(env, a.appCtx)
getHostname := jni.GetMethodID(env, cls, "getHostname", "()Ljava/lang/String;")
n, err := jni.CallObjectMethod(env, a.appCtx, getHostname)
hostname = jni.GoString(env, jni.String(n))
return err
})
if err != nil {
panic(err)
}
return hostname
}
// osVersion returns android.os.Build.VERSION.RELEASE. " [nogoogle]" is appended
// if Google Play services are not compiled in.
func (a *App) osVersion() string {
var version string
err := jni.Do(a.jvm, func(env *jni.Env) error {
cls := jni.GetObjectClass(env, a.appCtx)
m := jni.GetMethodID(env, cls, "getOSVersion", "()Ljava/lang/String;")
n, err := jni.CallObjectMethod(env, a.appCtx, m)
version = jni.GoString(env, jni.String(n))
return err
})
if err != nil {
panic(err)
}
if !googleSignInEnabled() {
version += " [nogoogle]"
}
return version
}
// modelName return the MANUFACTURER + MODEL from
// android.os.Build.
func (a *App) modelName() string {
var model string
err := jni.Do(a.jvm, func(env *jni.Env) error {
cls := jni.GetObjectClass(env, a.appCtx)
m := jni.GetMethodID(env, cls, "getModelName", "()Ljava/lang/String;")
n, err := jni.CallObjectMethod(env, a.appCtx, m)
model = jni.GoString(env, jni.String(n))
return err
})
if err != nil {
panic(err)
}
return model
}
func googleSignInEnabled() bool {
return googleClass != 0
}
// updateNotification updates the foreground persistent status notification.
func (a *App) updateNotification(service jni.Object, state ipn.State) error {
var msg, title string
switch state {
case ipn.Starting:
title, msg = "Connecting...", ""
case ipn.Running:
title, msg = "Connected", ""
default:
return nil
}
return jni.Do(a.jvm, func(env *jni.Env) error {
cls := jni.GetObjectClass(env, service)
update := jni.GetMethodID(env, cls, "updateStatusNotification", "(Ljava/lang/String;Ljava/lang/String;)V")
jtitle := jni.JavaString(env, title)
jmessage := jni.JavaString(env, msg)
return jni.CallVoidMethod(env, service, update, jni.Value(jtitle), jni.Value(jmessage))
})
}
// notifyExpiry notifies the user of imminent session expiry and
// returns a new timer that triggers when the user should be notified
// again.
func (a *App) notifyExpiry(service jni.Object, expiry time.Time) *time.Timer {
if expiry.IsZero() {
return nil
}
d := time.Until(expiry)
var title string
const msg = "Reauthenticate to maintain the connection to your network."
var t *time.Timer
const (
aday = 24 * time.Hour
soon = 5 * time.Minute
)
switch {
case d <= 0:
title = "Your authentication has expired!"
case d <= soon:
title = "Your authentication expires soon!"
t = time.NewTimer(d)
case d <= aday:
title = "Your authentication expires in a day."
t = time.NewTimer(d - soon)
default:
return time.NewTimer(d - aday)
}
if err := a.pushNotify(service, title, msg); err != nil {
fatalErr(err)
}
return t
}
func (a *App) pushNotify(service jni.Object, title, msg string) error {
return jni.Do(a.jvm, func(env *jni.Env) error {
cls := jni.GetObjectClass(env, service)
notify := jni.GetMethodID(env, cls, "notify", "(Ljava/lang/String;Ljava/lang/String;)V")
jtitle := jni.JavaString(env, title)
jmessage := jni.JavaString(env, msg)
return jni.CallVoidMethod(env, service, notify, jni.Value(jtitle), jni.Value(jmessage))
})
}
func (a *App) notify(state BackendState) {
select {
case <-a.netStates:
default:
}
a.netStates <- state
ready := jni.Bool(state.State >= ipn.Stopped)
if err := a.callVoidMethod(a.appCtx, "setTileReady", "(Z)V", jni.Value(ready)); err != nil {
fatalErr(err)
}
}
func (a *App) setPrefs(prefs *ipn.Prefs) {
wantRunning := jni.Bool(prefs.WantRunning)
if err := a.callVoidMethod(a.appCtx, "setTileStatus", "(Z)V", jni.Value(wantRunning)); err != nil {
fatalErr(err)
}
select {
case <-a.prefs:
default:
}
a.prefs <- prefs
}
func (a *App) setURL(url string) {
select {
case <-a.browseURLs:
default:
}
a.browseURLs <- url
}
func (a *App) runUI() error {
w := app.NewWindow()
ui, err := newUI(a.store)
if err != nil {
return err
}
var ops op.Ops
state := new(clientState)
var (
// activity is the most recent Android Activity reference as reported
// by Gio ViewEvents.
activity jni.Object
)
deleteActivityRef := func() {
if activity == 0 {
return
}
jni.Do(a.jvm, func(env *jni.Env) error {
jni.DeleteGlobalRef(env, activity)
return nil
})
activity = 0
}
defer deleteActivityRef()
for {
select {
case <-onVPNClosed:
requestBackend(ConnectEvent{Enable: false})
case tok := <-onGoogleToken:
ui.signinType = noSignin
if tok != "" {
requestBackend(OAuth2Event{
Token: &tailcfg.Oauth2Token{
AccessToken: tok,
TokenType: ipn.GoogleIDTokenType,
},
})
} else {
// Warn about possible debug certificate.
if !a.isReleaseSigned() {
ui.ShowMessage("Google Sign-In failed because the app is not signed for Play Store")
w.Invalidate()
}
}
case p := <-a.prefs:
ui.enabled.Value = p.WantRunning
w.Invalidate()
case state.browseURL = <-a.browseURLs:
ui.signinType = noSignin
w.Invalidate()
a.updateState(activity, state)
case newState := <-a.netStates:
oldState := state.backend.State
state.backend = newState
a.updateState(activity, state)
w.Invalidate()
if activity != 0 {
newState := state.backend.State
// Start VPN if we just logged in.
if oldState <= ipn.Stopped && newState > ipn.Stopped {
if err := a.prepareVPN(activity); err != nil {
fatalErr(err)
}
}
}
case <-onVPNPrepared:
if state.backend.State > ipn.Stopped {
if err := a.callVoidMethod(a.appCtx, "startVPN", "()V"); err != nil {
return err
}
}
case <-onVPNRevoked:
ui.ShowMessage("VPN access denied or another VPN service is always-on")
w.Invalidate()
case e := <-w.Events():
switch e := e.(type) {
case app.ViewEvent:
deleteActivityRef()
view := jni.Object(e.View)
if view == 0 {
break
}
activity = a.contextForView(view)
w.Invalidate()
a.attachPeer(activity)
if state.backend.State > ipn.Stopped {
if err := a.prepareVPN(activity); err != nil {
return err
}
}
case system.DestroyEvent:
return e.Err
case *system.CommandEvent:
if e.Type == system.CommandBack {
if ui.onBack() {
e.Cancel = true
}
}
case system.FrameEvent:
ins := e.Insets
e.Insets = system.Insets{}
gtx := layout.NewContext(&ops, e)
events := ui.layout(gtx, ins, state)
e.Frame(gtx.Ops)
a.processUIEvents(w, events, activity, state)
}
}
}
}
// isReleaseSigned reports whether the app is signed with a release
// signature.
func (a *App) isReleaseSigned() bool {
var cert []byte
err := jni.Do(a.jvm, func(env *jni.Env) error {
cls := jni.GetObjectClass(env, a.appCtx)
m := jni.GetMethodID(env, cls, "getPackageCertificate", "()[B")
str, err := jni.CallObjectMethod(env, a.appCtx, m)
if err != nil {
return err
}
cert = jni.GetByteArrayElements(env, jni.ByteArray(str))
return nil
})
if err != nil {
fatalErr(err)
}
h := sha1.New()
h.Write(cert)
fingerprint := h.Sum(nil)
hex := fmt.Sprintf("%x", fingerprint)
// Strip colons and convert to lower case to ease comparing.
wantFingerprint := strings.ReplaceAll(strings.ToLower(releaseCertFingerprint), ":", "")
return hex == wantFingerprint
}
// attachPeer registers an Android Fragment instance for
// handling onActivityResult callbacks.
func (a *App) attachPeer(act jni.Object) {
err := a.callVoidMethod(a.appCtx, "attachPeer", "(Landroid/app/Activity;)V", jni.Value(act))
if err != nil {
fatalErr(err)
}
}
func (a *App) updateState(act jni.Object, state *clientState) {
if act != 0 && state.browseURL != "" {
a.browseToURL(act, state.browseURL)
state.browseURL = ""
}
netmap := state.backend.NetworkMap
var (
peers []*tailcfg.Node
myID tailcfg.UserID
)
if netmap != nil {
peers = netmap.Peers
myID = netmap.User
}
// Split into sections.
users := make(map[tailcfg.UserID]struct{})
var uiPeers []UIPeer
for _, p := range peers {
if q := state.query; q != "" {
// Filter peers according to search query.
host := strings.ToLower(p.Hostinfo.Hostname)
name := strings.ToLower(p.Name)
var addr string
if len(p.Addresses) > 0 {
addr = p.Addresses[0].IP.String()
}
if !strings.Contains(host, q) && !strings.Contains(name, q) && !strings.Contains(addr, q) {
continue
}
}
users[p.User] = struct{}{}
uiPeers = append(uiPeers, UIPeer{
Owner: p.User,
Peer: p,
})
}
// Add section (user) headers.
for u := range users {
name := netmap.UserProfiles[u].DisplayName
name = strings.ToUpper(name)
uiPeers = append(uiPeers, UIPeer{Owner: u, Name: name})
}
sort.Slice(uiPeers, func(i, j int) bool {
lhs, rhs := uiPeers[i], uiPeers[j]
if lu, ru := lhs.Owner, rhs.Owner; ru != lu {
// Sort own peers first.
if lu == myID {
return true
}
if ru == myID {
return false
}
return lu < ru
}
lp, rp := lhs.Peer, rhs.Peer
// Sort headers first.
if lp == nil {
return true
}
if rp == nil {
return false
}
lName := lp.DisplayName(lp.User == myID)
rName := rp.DisplayName(rp.User == myID)
return lName < rName || lName == rName && lp.ID < rp.ID
})
state.Peers = uiPeers
}
func (a *App) prepareVPN(act jni.Object) error {
return a.callVoidMethod(a.appCtx, "prepareVPN", "(Landroid/app/Activity;I)V",
jni.Value(act), jni.Value(requestPrepareVPN))
}
func requestBackend(e UIEvent) {
go func() {
backendEvents <- e
}()
}
func (a *App) processUIEvents(w *app.Window, events []UIEvent, act jni.Object, state *clientState) {
for _, e := range events {
switch e := e.(type) {
case ReauthEvent:
method, _ := a.store.ReadString(loginMethodPrefKey, loginMethodWeb)
switch method {
case loginMethodGoogle:
a.googleSignIn(act)
default:
requestBackend(WebAuthEvent{})
}
case WebAuthEvent:
a.store.WriteString(loginMethodPrefKey, loginMethodWeb)
requestBackend(e)
case LogoutEvent:
a.signOut()
requestBackend(e)
case ConnectEvent:
requestBackend(e)
case RouteAllEvent:
requestBackend(e)
case CopyEvent:
w.WriteClipboard(e.Text)
case GoogleAuthEvent:
a.store.WriteString(loginMethodPrefKey, loginMethodGoogle)
a.googleSignIn(act)
case SearchEvent:
state.query = strings.ToLower(e.Query)
a.updateState(act, state)
}
}
}
func (a *App) signOut() {
if googleClass == 0 {
return
}
err := jni.Do(a.jvm, func(env *jni.Env) error {
m := jni.GetStaticMethodID(env, googleClass,
"googleSignOut", "(Landroid/content/Context;)V")
return jni.CallStaticVoidMethod(env, googleClass, m, jni.Value(a.appCtx))
})
if err != nil {
fatalErr(err)
}
}
func (a *App) googleSignIn(act jni.Object) {
if act == 0 || googleClass == 0 {
return
}
err := jni.Do(a.jvm, func(env *jni.Env) error {
sid := jni.JavaString(env, serverOAuthID)
m := jni.GetStaticMethodID(env, googleClass,
"googleSignIn", "(Landroid/app/Activity;Ljava/lang/String;I)V")
return jni.CallStaticVoidMethod(env, googleClass, m,
jni.Value(act), jni.Value(sid), jni.Value(requestSignin))
})
if err != nil {
fatalErr(err)
}
}
func (a *App) browseToURL(act jni.Object, url string) {
if act == 0 {
return
}
err := jni.Do(a.jvm, func(env *jni.Env) error {
jurl := jni.JavaString(env, url)
return a.callVoidMethod(a.appCtx, "showURL", "(Landroid/app/Activity;Ljava/lang/String;)V", jni.Value(act), jni.Value(jurl))
})
if err != nil {
fatalErr(err)
}
}
func (a *App) callVoidMethod(obj jni.Object, name, sig string, args ...jni.Value) error {
if obj == 0 {
panic("invalid object")
}
return jni.Do(a.jvm, func(env *jni.Env) error {
cls := jni.GetObjectClass(env, obj)
m := jni.GetMethodID(env, cls, name, sig)
return jni.CallVoidMethod(env, obj, m, args...)
})
}
// activityForView calls View.getContext and returns a global
// reference to the result.
func (a *App) contextForView(view jni.Object) jni.Object {
if view == 0 {
panic("invalid object")
}
var ctx jni.Object
err := jni.Do(a.jvm, func(env *jni.Env) error {
cls := jni.GetObjectClass(env, view)
m := jni.GetMethodID(env, cls, "getContext", "()Landroid/content/Context;")
var err error
ctx, err = jni.CallObjectMethod(env, view, m)
ctx = jni.NewGlobalRef(env, ctx)
return err
})
if err != nil {
panic(err)
}
return ctx
}
func fatalErr(err error) {
// TODO: expose in UI.
log.Printf("fatal error: %v", err)
}
Reference in New Issue View Git Blame Copy Permalink