[guardian-dev] Orfox / Fennec browser build latest assessment
Nathan of Guardian
nathan at guardianproject.info
Tue Apr 7 18:34:15 EDT 2015
Amogh got the latest Fennec code building, to get our Orfox effort
started again. I thought I would share some of his findings below.
*****
After going through the source code for firefox for andoroid which can
be found at http://hg.mozilla.org/mozilla-central/ , these were the
network related findings that I've made.
The application uses maily 3 layers to work.
1) The core layer, written in C++.
2) A JS layer with some more functional code.
3) A Java layer that makes uses the Android API's and other code used
for android.
Out of the 3 layers, 2 of them make network calls.
1) The C++ layer.
There is an advantage of this layer making the network calls as all
the calls made by this layer are proxied. They obey the fennec
settings for proxy that has currently been set at
mozilla-central/mobile/android/app/mobile.js . Hence, we do not need
to bother about setting proxy to these connections and calls.
2) The Java layer.
The Java code, the code run by android also has many network calls
but the problem is that these calls are not done obeying the tor
proxy and hence they are harmful.
List of places where these calls are made are:
a) any class which imports org.apache.* (commons.net.ftp.*,
http.*):
build/mobile/sutagent/android/DoCommand.java
build/mobile/sutagent/android/SUTAgentAndroid.java
mobile/android/base/distribution/Distribution.java
mobile/android/base/favicons/LoadFaviconTask.java
mobile/android/base/tests/BaseRobocopTest.java
b) The browser also seems to be using another library for
network communications and that lies at
mobile/android/thirdparty/ch/boye/httpclientandroidlib
This library seems to have proxy support but the calls made
to this library have not been proxied, a list of those are
here:
mobile/android/base/background/bagheera/BagheeraClient.java
mobile/android/base/background/bagheera/BagheeraRequestDelegate.java
mobile/android/base/background/bagheera/BoundedByteArrayEntity.java
mobile/android/base/background/bagheera/DeflateHelper.java
mobile/android/base/background/fxa/FxAccountClient10.java
mobile/android/base/background/fxa/FxAccountClient20.java
mobile/android/base/background/fxa/FxAccountClientException.java
mobile/android/base/background/fxa/SkewHandler.java
mobile/android/base/background/fxa/oauth/FxAccountAbstractClient.java
mobile/android/base/background/fxa/oauth/FxAccountAbstractClientException.java
mobile/android/base/background/fxa/oauth/FxAccountOAuthClient10.java
mobile/android/base/background/healthreport/upload/AndroidSubmissionClient.java
mobile/android/base/browserid/verifier/AbstractBrowserIDRemoteVerifierClient.java
mobile/android/base/browserid/verifier/BrowserIDRemoteVerifierClient10.java
mobile/android/base/sync/GlobalSession.java
mobile/android/base/sync/jpake/JPakeClient.java
mobile/android/base/sync/jpake/stage/DeleteChannel.java
mobile/android/base/sync/jpake/stage/GetChannelStage.java
mobile/android/base/sync/jpake/stage/GetRequestStage.java
mobile/android/base/sync/jpake/stage/PutRequestStage.java
mobile/android/base/sync/net/AbstractBearerTokenAuthHeaderProvider.java
mobile/android/base/sync/net/AuthHeaderProvider.java
mobile/android/base/sync/net/BaseResource.java
mobile/android/base/sync/net/BaseResourceDelegate.java
mobile/android/base/sync/net/BasicAuthHeaderProvider.java
mobile/android/base/sync/net/HMACAuthHeaderProvider.java
mobile/android/base/sync/net/HawkAuthHeaderProvider.java
mobile/android/base/sync/net/HttpResponseObserver.java
mobile/android/base/sync/net/MozResponse.java
mobile/android/base/sync/net/Resource.java
mobile/android/base/sync/net/ResourceDelegate.java
mobile/android/base/sync/net/SyncResponse.java
mobile/android/base/sync/net/SyncStorageCollectionRequest.java
mobile/android/base/sync/net/SyncStorageRequest.java
mobile/android/base/sync/net/SyncStorageResponse.java
mobile/android/base/sync/net/TLSSocketFactory.java
mobile/android/base/sync/repositories/Server11RepositorySession.java
mobile/android/base/sync/setup/auth/AuthenticateAccountStage.java
mobile/android/base/sync/setup/auth/EnsureUserExistenceStage.java
mobile/android/base/sync/setup/auth/FetchUserNodeStage.java
mobile/android/base/sync/stage/EnsureClusterURLStage.java
mobile/android/base/sync/stage/SyncClientsEngineStage.java
mobile/android/base/tokenserver/TokenServerClient.java
mobile/android/tests/background/junit3/src/sync/TestUpgradeRequired.java
This is the url for the query,
https://dxr.mozilla.org/mozilla-central/search?q=ch.boye.httpclientandroidlib&case=false&offset=700
NOTE:
Not all these classes make network calls, I will
make a shorter list of this in the next few days.
More information about the guardian-dev
mailing list