禁止App联网
<pre><code class="language-js">
//作者: 家 QQ203118908
//本来打算用iptables-restore用文件形式更新防火墙规则,
//可是iptables-restore出现了bug,2013年就有人提过这个bug
//https://linux.debian.bugs.dist.narkive.com/J0hbJiR6/bug-710379-xtables-addons-common-quota2-module-iptables-save-creates-invalid-record
//又得改,坑爹
//马丹,iptables -D INPUT -lineNumber也有BUG,
//提示 index of deletion too big
//日了够了
//又得改,坑爹
// sudo iptables -D OUTPUT 1 -t nat
//
// uid=`cat /data/system/packages.list | grep com.sohu.inputmethod.sogou | busybox awk '{print $2}'`
// iptables -t filter -A OUTPUT -m owner --uid-owner=$uid -j DROP
// 以上是android iptables 屏蔽某个app网络访问的内容,
function 联网控制(appName) {
// -A OUTPUT -m owner --uid-owner 10105 -j ACCEPT
// -A OUTPUT -m owner --uid-owner 10105 -j DROP
this.等待shell执行完毕的时间 = 0
this.防火墙规则路径 = '/sdcard/iptables.txt'
this.uid路径 = '/sdcard/' + appName + 'uidOwner.txt'
this.appName = appName
this.packageName = getPackageName(this.appName)
this.执行shell = (cmd) => {
var result = shell(cmd, true);
console.show();
log(result);
if (result.code == 0) {
toastLog("执行成功");
} else {
toastLog("执行失败!请到控制台查看错误信息");
}
sleep(this.等待shell执行完毕的时间)
}
this.uid = () => {
var cmd = 'cat /data/system/packages.list | grep ' + this.packageName + ' > ' + this.uid路径
log('cmd=', cmd)
this.执行shell(cmd)
// cat /data/system/packages.list | grep com.tencent.mobileqq > /sdcard/QQuidOwner.txt
var 包含uid的文本 = files.read('/sdcard/' + appName + 'uidOwner.txt')
log('包含uid的文本=', 包含uid的文本)
var uidReg = new RegExp(this.packageName + '\\s*(\\d+)')
log('uidReg=', uidReg)
var uid = 包含uid的文本.match(uidReg)[1]
log(uid)
return uid
}
this.允许联网规则 = 'iptables -t filter -A OUTPUT -m owner --uid-owner ' + this.uid() + ' -j ACCEPT'
this.禁止联网规则 = 'iptables -t filter -A OUTPUT -m owner --uid-owner ' + this.uid() + ' -j DROP'
this.允许 = () => {
this.清空该app的防火墙规则()
this.将防火墙规则写入系统(this.允许联网规则)
}
this.禁止 = () => {
this.清空该app的防火墙规则()
this.将防火墙规则写入系统(this.禁止联网规则)
}
this.将防火墙规则写入系统 = (防火墙规则) => {
var cmd = 防火墙规则
this.执行shell(cmd)
}
this.导出防火墙规则 = () => {
var cmd = 'iptables-save > ' + this.防火墙规则路径
this.执行shell(cmd)
}
this.防火墙规则 = () => {
this.导出防火墙规则()
var 防火墙规则 = files.read(this.防火墙规则路径)
log('防火墙规则=', 防火墙规则)
return 防火墙规则
}
this.清空该app的防火墙规则 = () => {
var 防火墙规则 = this.防火墙规则()
// stringObject.replace(regexp/substr,replacement)
// -A OUTPUT -m owner --uid-owner 10105 -j ACCEPT
// -A OUTPUT -m owner --uid-owner 10105 -j ACCEPT
// -A OUTPUT -m owner --uid-owner 10105 -j DROP
// -A OUTPUT -m owner --uid-owner 10105 -j ACCEPT
// -A OUTPUT -m owner --uid-owner 10105 -j ACCEPT
// 删除之前添加的规则(iptables -A INPUT -s 192.168.1.5 -j DROP):
// [root@test ~]# iptables -D INPUT -s 192.168.1.5 -j DROP
// iptables -t filter -A OUTPUT -m owner --uid-owner=$uid -j DROP
var 要删除的规则reg = new RegExp('-A (OUT|IN)PUT -m owner --uid-owner ' + this.uid() + ' -j (ACCEPT|DROP)', 'g')
// 要删除的规则reg= /-A OUTPUT -m owner --uid-owner 10105 -j (ACCEPT|DROP)/
// -A OUTPUT -m owner --uid-owner 10105 -j (ACCEPT|DROP)
// iptables -D OUTPUT -m owner --uid-owner 10105 -j ACCEPT
log('要删除的规则reg=', 要删除的规则reg)
var new防火墙规则 = 防火墙规则.match(要删除的规则reg, '')
log('new防火墙规则=', new防火墙规则)
// new防火墙规则= [
// '-A OUTPUT -m owner --uid-owner 10105 -j ACCEPT',
// '-A OUTPUT -m owner --uid-owner 10105 -j DROP'
// ]
if(new防火墙规则){
for (let i = 0; i < new防火墙规则.length; i++) {
var 规则 = new防火墙规则[i]
规则 = 规则.replace('-A', '-D')
var cmd = 'iptables ' + 规则
this.执行shell(cmd)
}
}
log('清空了指定app的防火墙规则')
}
}
// var appName = 'QQ'
// var appName = '哔哩哔哩'
var appName = '微信'
var app联网控制 = new 联网控制(appName)
// app联网控制.禁止()
app联网控制.允许()
</code></pre>