package org.torproject.android.service;

import android.content.Context;
import android.util.Log;
import java.io.File;
import java.util.ArrayList;
import java.util.Iterator;
import org.sufficientlysecure.rootcommands.Shell;
import org.sufficientlysecure.rootcommands.command.SimpleCommand;
import org.torproject.android.TorConstants;
import org.torproject.android.settings.TorifiedApp;

/* loaded from: classes.dex */
public class TorTransProxy implements TorServiceConstants {
    private File mFileXtables;
    private TorService mTorService;
    private boolean useSystemIpTables = false;
    private String mSysIptables = null;

    public TorTransProxy(TorService torService, File file) {
        this.mTorService = null;
        this.mFileXtables = null;
        this.mTorService = torService;
        this.mFileXtables = file;
    }

    private String findSystemIPTables() {
        if (this.mSysIptables != null) {
            return this.mSysIptables;
        }
        File file = new File("/system/xbin/iptables");
        if (file.exists()) {
            this.mSysIptables = file.getAbsolutePath();
        } else {
            File file2 = new File("/system/bin/iptables");
            if (file2.exists()) {
                this.mSysIptables = file2.getAbsolutePath();
            }
        }
        return this.mSysIptables;
    }

    private void logMessage(String str) {
        if (this.mTorService != null) {
            this.mTorService.logMessage(str);
        } else {
            Log.w(TorConstants.TAG, str);
        }
    }

    public int clearTransparentProxyingAll(Context context) throws Exception {
        String ipTablesPath = getIpTablesPath(context);
        new StringBuilder();
        Shell startRootShell = Shell.startRootShell();
        StringBuilder sb = new StringBuilder();
        sb.append(ipTablesPath);
        sb.append(" -t nat");
        sb.append(" -F ").append("OUTPUT");
        startRootShell.add(new SimpleCommand(sb.toString()));
        StringBuilder sb2 = new StringBuilder();
        sb2.append(ipTablesPath);
        sb2.append(" -t filter");
        sb2.append(" -F ").append("OUTPUT");
        SimpleCommand simpleCommand = new SimpleCommand(sb2.toString());
        startRootShell.add(simpleCommand);
        return simpleCommand.getExitCode();
    }

    public int enableTetheringRules(Context context) throws Exception {
        String ipTablesPath = getIpTablesPath(context);
        new StringBuilder();
        String[] strArr = {"usb0", "wl0.1"};
        Shell startRootShell = Shell.startRootShell();
        for (int i = 0; i < strArr.length; i++) {
            startRootShell.add(new SimpleCommand(ipTablesPath + " -t nat -A PREROUTING -i " + strArr[i] + " -p udp --dport 53 -j REDIRECT --to-ports " + TorServiceConstants.TOR_DNS_PORT));
            startRootShell.add(new SimpleCommand(ipTablesPath + " -t nat -A PREROUTING -i " + strArr[i] + " -p tcp -j REDIRECT --to-ports " + TorServiceConstants.TOR_TRANSPROXY_PORT));
        }
        return 0;
    }

    public int fixTransproxyLeak(Context context) throws Exception {
        String ipTablesPath = getIpTablesPath(context);
        Shell startRootShell = Shell.startRootShell();
        startRootShell.add(new SimpleCommand(ipTablesPath + " -I OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m tcp --tcp-flags ACK,FIN ACK,FIN -j DROP"));
        startRootShell.add(new SimpleCommand(ipTablesPath + " -I OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m tcp --tcp-flags ACK,RST ACK,RST -j DROP"));
        return 1;
    }

    public String getIpTablesPath(Context context) {
        this.useSystemIpTables = TorService.getSharedPrefs(context.getApplicationContext()).getBoolean(TorConstants.PREF_USE_SYSTEM_IPTABLES, false);
        if (this.useSystemIpTables) {
            return findSystemIPTables();
        }
        return this.mFileXtables.getAbsolutePath() + " iptables";
    }

    public int setTransparentProxyingAll(Context context) throws Exception {
        String ipTablesPath = getIpTablesPath(context);
        Shell startRootShell = Shell.startRootShell();
        int i = context.getApplicationInfo().uid;
        StringBuilder sb = new StringBuilder();
        sb.append(ipTablesPath);
        sb.append(" -t filter");
        sb.append(" -A ").append("OUTPUT");
        sb.append(" -m owner --uid-owner ");
        sb.append(i);
        sb.append(" -j ACCEPT");
        startRootShell.add(new SimpleCommand(sb.toString()));
        StringBuilder sb2 = new StringBuilder();
        sb2.append(ipTablesPath);
        sb2.append(" -t nat");
        sb2.append(" -A ").append("OUTPUT");
        sb2.append(" -p tcp");
        sb2.append(" ! -d 127.0.0.1");
        sb2.append(" -m owner ! --uid-owner ");
        sb2.append(i);
        sb2.append(" -m tcp --syn");
        sb2.append(" -j REDIRECT --to-ports ");
        sb2.append(TorServiceConstants.TOR_TRANSPROXY_PORT);
        startRootShell.add(new SimpleCommand(sb2.toString()));
        StringBuilder sb3 = new StringBuilder();
        sb3.append(ipTablesPath);
        sb3.append(" -t nat");
        sb3.append(" -A ").append("OUTPUT");
        sb3.append(" -p udp");
        sb3.append(" ! -d 127.0.0.1");
        sb3.append(" -m owner ! --uid-owner ");
        sb3.append(i);
        sb3.append(" -m udp --dport ");
        sb3.append(53);
        sb3.append(" -j REDIRECT --to-ports ");
        sb3.append(TorServiceConstants.TOR_DNS_PORT);
        startRootShell.add(new SimpleCommand(sb3.toString()));
        StringBuilder sb4 = new StringBuilder();
        sb4.append(ipTablesPath);
        sb4.append(" -t filter");
        sb4.append(" -A ").append("OUTPUT");
        sb4.append(" -p tcp");
        sb4.append(" -o lo");
        sb4.append(" -j ACCEPT");
        startRootShell.add(new SimpleCommand(sb4.toString()));
        StringBuilder sb5 = new StringBuilder();
        if (TorService.ENABLE_DEBUG_LOG) {
            sb5.append(ipTablesPath);
            sb5.append(" -t filter");
            sb5.append(" -A ").append("OUTPUT");
            sb5.append(" -p udp");
            sb5.append(" --dport ");
            sb5.append(53);
            sb5.append(" -j LOG");
            sb5.append(" --log-prefix='ORBOT_DNSLEAK_PROTECTION'");
            sb5.append(" --log-uid");
            startRootShell.add(new SimpleCommand(sb5.toString()));
            StringBuilder sb6 = new StringBuilder();
            sb6.append(ipTablesPath);
            sb6.append(" -t filter");
            sb6.append(" -A ").append("OUTPUT");
            sb6.append(" -p tcp");
            sb6.append(" -j LOG");
            sb6.append(" --log-prefix='ORBOT_TCPLEAK_PROTECTION'");
            sb6.append(" --log-uid");
            startRootShell.add(new SimpleCommand(sb6.toString()));
            sb5 = new StringBuilder();
        }
        sb5.append(ipTablesPath);
        sb5.append(" -t filter");
        sb5.append(" -A ").append("OUTPUT");
        sb5.append(" -m owner ! --uid-owner ");
        sb5.append(i);
        sb5.append(" -p tcp");
        sb5.append(" ! -d 127.0.0.1");
        sb5.append(" -j REJECT");
        startRootShell.add(new SimpleCommand(sb5.toString()));
        StringBuilder sb7 = new StringBuilder();
        sb7.append(ipTablesPath);
        sb7.append(" -t filter");
        sb7.append(" -A ").append("OUTPUT");
        sb7.append(" -m owner ! --uid-owner ");
        sb7.append(i);
        sb7.append(" -p udp");
        sb7.append(" ! -d 127.0.0.1");
        sb7.append(" -j REJECT");
        SimpleCommand simpleCommand = new SimpleCommand(sb7.toString());
        startRootShell.add(simpleCommand);
        fixTransproxyLeak(context);
        return simpleCommand.getExitCode();
    }

    public int setTransparentProxyingByApp(Context context, ArrayList<TorifiedApp> arrayList) throws Exception {
        String ipTablesPath = getIpTablesPath(context);
        Shell startRootShell = Shell.startRootShell();
        Iterator<TorifiedApp> it = arrayList.iterator();
        while (it.hasNext()) {
            TorifiedApp next = it.next();
            if (next.isTorified() && !next.getUsername().equals(TorServiceConstants.TOR_APP_USERNAME)) {
                StringBuilder sb = new StringBuilder();
                logMessage("enabling transproxy for app: " + next.getUsername() + "(" + next.getUid() + ")");
                sb.append(ipTablesPath);
                sb.append(" -t nat");
                sb.append(" -A ").append("OUTPUT");
                sb.append(" -p tcp");
                sb.append(" ! -d 127.0.0.1");
                sb.append(" -m owner --uid-owner ");
                sb.append(next.getUid());
                sb.append(" -m tcp --syn");
                sb.append(" -j REDIRECT --to-ports ");
                sb.append(TorServiceConstants.TOR_TRANSPROXY_PORT);
                startRootShell.add(new SimpleCommand(sb.toString()));
                StringBuilder sb2 = new StringBuilder();
                sb2.append(ipTablesPath);
                sb2.append(" -t nat");
                sb2.append(" -A ").append("OUTPUT");
                sb2.append(" -p udp -m owner --uid-owner ");
                sb2.append(next.getUid());
                sb2.append(" -m udp --dport ");
                sb2.append(53);
                sb2.append(" -j REDIRECT --to-ports ");
                sb2.append(TorServiceConstants.TOR_DNS_PORT);
                startRootShell.add(new SimpleCommand(sb2.toString()));
                StringBuilder sb3 = new StringBuilder();
                for (int i : new int[]{TorServiceConstants.TOR_DNS_PORT, TorServiceConstants.TOR_TRANSPROXY_PORT, TorServiceConstants.PORT_SOCKS, TorServiceConstants.PORT_HTTP}) {
                    sb3.append(ipTablesPath);
                    sb3.append(" -t filter");
                    sb3.append(" -A ").append("OUTPUT");
                    sb3.append(" -m owner --uid-owner ");
                    sb3.append(next.getUid());
                    sb3.append(" -p tcp");
                    sb3.append(" -d 127.0.0.1");
                    sb3.append(" --dport ");
                    sb3.append(i);
                    sb3.append(" -j ACCEPT");
                    startRootShell.add(new SimpleCommand(sb3.toString()));
                    sb3 = new StringBuilder();
                }
                sb3.append(ipTablesPath);
                sb3.append(" -t filter");
                sb3.append(" -A ").append("OUTPUT");
                sb3.append(" -m owner --uid-owner ");
                sb3.append(next.getUid());
                sb3.append(" -p tcp");
                sb3.append(" -o lo");
                sb3.append(" -j ACCEPT");
                startRootShell.add(new SimpleCommand(sb3.toString()));
                StringBuilder sb4 = new StringBuilder();
                sb4.append(ipTablesPath);
                sb4.append(" -t filter");
                sb4.append(" -A ").append("OUTPUT");
                sb4.append(" -m owner --uid-owner ");
                sb4.append(next.getUid());
                sb4.append(" -p tcp");
                sb4.append(" ! -d 127.0.0.1");
                sb4.append(" -j REJECT");
                startRootShell.add(new SimpleCommand(sb4.toString()));
                StringBuilder sb5 = new StringBuilder();
                sb5.append(ipTablesPath);
                sb5.append(" -t filter");
                sb5.append(" -A ").append("OUTPUT");
                sb5.append(" -m owner --uid-owner ");
                sb5.append(next.getUid());
                sb5.append(" -p udp");
                sb5.append(" ! -d 127.0.0.1");
                sb5.append(" -j REJECT");
                startRootShell.add(new SimpleCommand(sb5.toString()));
            }
        }
        fixTransproxyLeak(context);
        return 1;
    }
}
