VpnService: require root access

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

app/src/main/java/com/wireguard/android/backends/RootShell.java

@@ -10,6 +10,8 @@ import java.io.InputStreamReader;
 import java.io.OutputStream;
 import java.nio.charset.StandardCharsets;
 import java.util.List;
+import java.util.regex.Pattern;
+import java.util.regex.Matcher;
 
 /**
  * Helper class for running commands as root.
@@ -22,6 +24,7 @@ class RootShell {
      */
     private static final String SETUP_TEMPLATE = "export TMPDIR=%s\ntrap 'echo $?' EXIT\n";
     private static final String TAG = "RootShell";
+    private static final Pattern ERRNO_EXTRACTOR = Pattern.compile("error=(\\d+)");
 
     private final byte[] setupCommands;
     private final String shell;
@@ -80,6 +83,9 @@ class RootShell {
             Log.d(TAG, "Session completed with exit value " + exitValue);
         } catch (IOException | InterruptedException | NumberFormatException e) {
             Log.w(TAG, "Session failed with exception", e);
+            final Matcher match = ERRNO_EXTRACTOR.matcher(e.toString());
+            if (match.find())
+                exitValue = Integer.valueOf(match.group(1));
         }
         return exitValue;
     }

app/src/main/java/com/wireguard/android/backends/VpnService.java

@@ -283,9 +283,14 @@ public class VpnService extends Service
                 return -0xfff0001;
             if (!existsInPath("wg") || !existsInPath("wg-quick"))
                 return -0xfff0002;
+            if (!existsInPath("su"))
+                return -0xfff0003;
             Log.i(TAG, "Running wg-quick up for " + config.getName());
             final File configFile = new File(getFilesDir(), config.getName() + ".conf");
-            return rootShell.run(null, "wg-quick up '" + configFile.getPath() + "'");
+            final int ret = rootShell.run(null, "wg-quick up '" + configFile.getPath() + "'");
+            if (ret == 13 /* EPERM */)
+                return -0xfff0003;
+            return ret;
         }
 
         private boolean existsInPath(final String file) {
@@ -304,6 +309,9 @@ public class VpnService extends Service
                 } else if (ret == -0xfff0002) {
                     Toast.makeText(getApplicationContext(), getString(R.string.error_missing),
                             Toast.LENGTH_LONG).show();
+                } else if (ret == -0xfff0003) {
+                    Toast.makeText(getApplicationContext(), getString(R.string.error_su),
+                            Toast.LENGTH_LONG).show();
                 } else {
                     Toast.makeText(getApplicationContext(), getString(R.string.error_up),
                             Toast.LENGTH_SHORT).show();

app/src/main/res/values/strings.xml

@@ -19,6 +19,7 @@
     <string name="endpoint">Endpoint</string>
     <string name="error_down">Error bringing down WireGuard tunnel</string>
     <string name="error_missing">Missing wg(8) and/or wg-quick(8) in PATH</string>
+    <string name="error_su">WireGuard currently requires root access</string>
     <string name="error_up">Error bringing up WireGuard tunnel</string>
     <string name="generate">Generate</string>
     <string name="hint_automatic">(auto)</string>