feat: add TUN2SOCKS(root) mode and unify root runtime

Author: whalechoi

README.md

@@ -1,35 +1,51 @@
 # AsteriskNG
 
-An Xray client for Android, powered by [Xray-core](https://github.com/XTLS/Xray-core) and [AndroidLibXrayLite](https://github.com/2dust/AndroidLibXrayLite).
+An Xray client for Android, powered by [Xray-core](https://github.com/XTLS/Xray-core), [AndroidLibXrayLite](https://github.com/2dust/AndroidLibXrayLite), and [hev-socks5-tunnel](https://github.com/heiher/hev-socks5-tunnel).
 
-### Telegram Channel
+## Telegram Channel
 
 [Asterisk4Magisk](https://t.me/Asterisk4Magisk)
 
-### Features
+## Features
 
-- VPN Service and TPROXY(ROOT) run modes
+- VPN Service, TPROXY(ROOT), and TUN2SOCKS(ROOT) run modes
 - VMess, VLESS, Trojan, Shadowsocks, Socks, HTTP, Hysteria2, WireGuard, strategy group, and chain proxy
-- Subscription groups, QR code import, latency testing, and per-app proxy
-- Resource file management for `geoip.dat`, `geosite.dat`, and Xray-core
+- Subscription groups, QR code import, latency testing, and app proxy modes
+- Resource file management for `geoip.dat`, `geosite.dat`, and the Xray executable
+- ROOT start-on-boot script generation through Magisk `service.d`
 - MIUIX Compose UI
 
-### Usage
+## Run Modes
 
-#### Geoip and Geosite
+### VPN Service
 
-- `geoip.dat` and `geosite.dat` are stored in the app private `files/xray` directory, commonly `/data/user/0/org.asterisk.zcc.ang/files/xray`.
-- Resource files can be updated in the app from [Loyalsoldier/v2ray-rules-dat](https://github.com/Loyalsoldier/v2ray-rules-dat), [v2fly/geoip](https://github.com/v2fly/geoip) and [v2fly/domain-list-community](https://github.com/v2fly/domain-list-community), or [Chocolate4U/Iran-v2ray-rules](https://github.com/Chocolate4U/Iran-v2ray-rules).
-- Third-party `geoip.dat` and `geosite.dat` files can be imported manually from Resource management.
-- Xray-core can also be replaced manually with an `xray` executable file or a zip archive containing `xray`.
+- Works without root permission.
+- Uses Android `VpnService`.
+- Suitable for normal Android app-level VPN usage.
 
-#### Run Mode
+### TPROXY(ROOT)
 
-- VPN Service mode works without root permission and uses Android `VpnService`.
-- TPROXY mode requires ROOT permission and uses the local Xray executable with iptables rules.
-- Start on boot can generate a Magisk `service.d` script for TPROXY mode.
+- Requires root permission.
+- Runs the local Xray executable directly with libsu.
+- Uses iptables and policy routing for transparent proxy traffic.
+- Uses the configured transparent proxy port as the Xray inbound.
 
-### Development guide
+### TUN2SOCKS(ROOT)
+
+- Requires root permission.
+- Runs the local Xray executable directly with libsu.
+- Uses `hev-socks5-tunnel` to create the fixed TUN device `asterisk0`.
+- Uses Xray's local SOCKS5 inbound as the tunnel target.
+- Shares most ROOT routing and app proxy behavior with TPROXY, but routes traffic through the TUN device instead of Xray's TPROXY inbound.
+
+## Resource Files
+
+- Runtime files are stored in the app private `files/xray` directory, commonly `/data/user/0/org.asterisk.zcc.ang/files/xray`.
+- The bundled Xray executable is restored from native libraries and can be replaced manually with an `xray` executable file or a zip archive containing `xray`.
+- `geoip.dat` and `geosite.dat` can be restored from bundled assets, updated from online sources, or replaced manually.
+- Built-in update sources include [Loyalsoldier/v2ray-rules-dat](https://github.com/Loyalsoldier/v2ray-rules-dat), [v2fly/geoip](https://github.com/v2fly/geoip), [v2fly/domain-list-community](https://github.com/v2fly/domain-list-community), and [Chocolate4U/Iran-v2ray-rules](https://github.com/Chocolate4U/Iran-v2ray-rules).
+
+## Development
 
 Open the project root in Android Studio, or build it with Gradle wrapper:
 
@@ -43,21 +59,34 @@ On macOS or Linux:
 ./gradlew assembleDebug
 ```
 
-The build downloads the bundled Xray-core asset and compiles the native `setuidgid` helper. If Gradle cannot find Android NDK, set `ndk.dir` in `local.properties`, set `ANDROID_NDK_HOME`, or install an NDK under the Android SDK.
+The build:
+
+- uses the Android SDK and NDK
+- downloads or prepares the bundled Xray-core asset
+- builds the native `setuidgid` helper
+- packages native runtime components for `arm64-v8a`, `armeabi-v7a`, `x86`, and `x86_64`
+
+If Gradle cannot find Android NDK, set `ndk.dir` in `local.properties`, set `ANDROID_NDK_HOME`, or install an NDK under the Android SDK.
+
+## WSA
 
 For WSA, VPN permission can be granted with:
 
 ```bash
 appops set org.asterisk.zcc.ang ACTIVATE_VPN allow
 ```
-### License
+
+## License
 
 [GPL-3.0](LICENSE)
 
-### Credits
+## Credits
 
 - [@XTLS/Xray-core](https://github.com/XTLS/Xray-core)
 - [@2dust/AndroidLibXrayLite](https://github.com/2dust/AndroidLibXrayLite)
+- [@heiher/hev-socks5-tunnel](https://github.com/heiher/hev-socks5-tunnel)
+- [@topjohnwu/libsu](https://github.com/topjohnwu/libsu)
+- [@compose-miuix-ui/miuix](https://github.com/compose-miuix-ui/miuix)
 - [@2dust/v2rayNG](https://github.com/2dust/v2rayNG)
 - [@Loyalsoldier/v2ray-rules-dat](https://github.com/Loyalsoldier/v2ray-rules-dat)
 - [@v2fly/geoip](https://github.com/v2fly/geoip)

app/build.gradle.kts

@@ -8,6 +8,7 @@ plugins {
 
 val generatedSrcDir: Provider<Directory> = layout.buildDirectory.dir("generated/projectInfo")
 val generatedXrayCoreJniLibsDir: Provider<Directory> = layout.buildDirectory.dir("generated/xrayCoreJniLibs")
+val generatedHevSocks5TunnelJniLibsDir: Provider<Directory> = layout.buildDirectory.dir("generated/hevSocks5TunnelJniLibs")
 
 android {
     namespace = "app"
@@ -132,6 +133,7 @@ val generateProjectInfo by tasks.registering(GenerateProjectInfoTask::class) {
     versionCode.set(getGitVersionCode())
     xrayCoreVersion.set(ProjectConfig.XRAY_CORE_VERSION)
     androidLibXrayLiteVersion.set(ProjectConfig.ANDROID_LIB_XRAY_LITE_VERSION)
+    hevSocks5TunnelVersion.set(ProjectConfig.HEV_SOCKS5_TUNNEL_VERSION)
     outputDirectory.set(generatedSrcDir.map { it.dir("kotlin") })
 }
 
@@ -141,6 +143,7 @@ androidComponents {
             task.outputDirectory
         }
         variant.sources.jniLibs?.addStaticSourceDirectory("build/generated/xrayCoreJniLibs")
+        variant.sources.jniLibs?.addStaticSourceDirectory("build/generated/hevSocks5TunnelJniLibs")
     }
 }
 

app/src/main/assets/aboutlibraries.json

@@ -91,6 +91,19 @@
                 "Apache-2.0"
             ]
         },
+        {
+            "uniqueId": "github:heiher/hev-socks5-tunnel",
+            "artifactVersion": "2.15.0",
+            "name": "hev-socks5-tunnel",
+            "description": "A tun2socks tunnel that forwards TUN traffic to a SOCKS5 server.",
+            "website": "https://github.com/heiher/hev-socks5-tunnel",
+            "scm": {
+                "url": "https://github.com/heiher/hev-socks5-tunnel"
+            },
+            "licenses": [
+                "MIT"
+            ]
+        },
         {
             "uniqueId": "org.jetbrains.kotlin:kotlin-stdlib",
             "artifactVersion": "2.3.21",

app/src/main/kotlin/app/App.kt

@@ -15,7 +15,8 @@ import androidx.compose.ui.unit.dp
 import app.effects.ProxyStatusSynchronizer
 import app.effects.ResourceFileSynchronizer
 import app.effects.SubscriptionAutoUpdater
-import app.effects.TproxyBootScriptSynchronizer
+import app.effects.RootBootScriptSynchronizer
+import app.effects.Tun2SocksRuntimeFileSynchronizer
 import features.logs.AndroidAccessLogRepository
 import features.logs.AndroidCoreLogRepository
 import features.logs.AndroidLogcatRepository
@@ -28,7 +29,7 @@ import features.resources.ResourceFileUseCase
 import features.settings.locale.ProvideAppLanguage
 import features.settings.locale.RecreateActivityOnAppLanguageChange
 import features.settings.usecase.SwitchRunModeUseCase
-import features.settings.usecase.TproxyBootScriptUseCase
+import features.settings.usecase.RootBootScriptUseCase
 import features.subscription.runtime.AndroidSubscriptionFetcher
 import system.AndroidNetworkInterfaceProvider
 import system.AndroidPackageProvider
@@ -89,17 +90,18 @@ fun App(
             requestVpnPermission = requestVpnPermission,
         )
     }
-    val tproxyBootScriptUseCase = remember(appContext, rootAccess) {
-        TproxyBootScriptUseCase(
+    val rootBootScriptUseCase = remember(appContext, rootAccess) {
+        RootBootScriptUseCase(
             context = appContext,
             rootAccess = rootAccess,
         )
     }
-    val switchRunModeUseCase = remember(proxyEngine, rootAccess, tproxyBootScriptUseCase) {
+    val switchRunModeUseCase = remember(proxyEngine, rootAccess, rootBootScriptUseCase) {
         SwitchRunModeUseCase(
+            context = appContext,
             proxyEngine = proxyEngine,
             rootAccess = rootAccess,
-            tproxyBootScriptUseCase = tproxyBootScriptUseCase,
+            rootBootScriptUseCase = rootBootScriptUseCase,
         )
     }
     val proxyServiceUseCase = remember(proxyEngine) {
@@ -121,7 +123,7 @@ fun App(
         proxyLatencyTester,
         proxyServiceUseCase,
         switchRunModeUseCase,
-        tproxyBootScriptUseCase,
+        rootBootScriptUseCase,
         tipNotifier,
         logFileCreator,
     ) {
@@ -139,7 +141,7 @@ fun App(
             proxyLatencyTester = proxyLatencyTester,
             proxyServiceUseCase = proxyServiceUseCase,
             switchRunModeUseCase = switchRunModeUseCase,
-            tproxyBootScriptUseCase = tproxyBootScriptUseCase,
+            rootBootScriptUseCase = rootBootScriptUseCase,
             tipNotifier = tipNotifier,
             logFileCreator = logFileCreator,
             coreLogRepository = AndroidCoreLogRepository,
@@ -166,9 +168,13 @@ fun App(
         subscriptionFetcher = subscriptionFetcher,
         updateAppState = updateAppState,
     )
-    TproxyBootScriptSynchronizer(
+    RootBootScriptSynchronizer(
+        stateStore = stateStore,
+        rootBootScriptUseCase = rootBootScriptUseCase,
+    )
+    Tun2SocksRuntimeFileSynchronizer(
+        context = appContext,
         stateStore = stateStore,
-        tproxyBootScriptUseCase = tproxyBootScriptUseCase,
     )
 
     ProvideAppLanguage(languageMode = chromeState.languageMode) {

app/src/main/kotlin/app/AppServices.kt

@@ -12,7 +12,7 @@ import features.proxy.server.usecase.ProxyServerImportFileUseCase
 import features.proxy.server.usecase.ProxyServiceUseCase
 import features.resources.ResourceFileUseCase
 import features.settings.usecase.SwitchRunModeUseCase
-import features.settings.usecase.TproxyBootScriptUseCase
+import features.settings.usecase.RootBootScriptUseCase
 import features.subscription.runtime.AndroidSubscriptionFetcher
 import kotlinx.coroutines.CoroutineScope
 import system.AndroidNetworkInterfaceProvider
@@ -35,7 +35,7 @@ internal data class AppServices(
     val proxyLatencyTester: AndroidProxyLatencyTester,
     val proxyServiceUseCase: ProxyServiceUseCase,
     val switchRunModeUseCase: SwitchRunModeUseCase,
-    val tproxyBootScriptUseCase: TproxyBootScriptUseCase,
+    val rootBootScriptUseCase: RootBootScriptUseCase,
     val tipNotifier: AndroidToastTipNotifier,
     val logFileCreator: suspend (String) -> Uri?,
     val coreLogRepository: CoreLogRepository,

app/src/main/kotlin/app/AppState.kt

@@ -6,11 +6,12 @@ package app
 import app.modes.ColorModeSystem
 import app.modes.LanguageModeSystem
 import app.modes.ProxyAppListModeGlobal
+import app.modes.RunModeTun2Socks
 import app.modes.RunModeTproxy
 import app.modes.RunModeVpnService
-import engine.tproxy.DefaultTproxyHttpPort
+import engine.root.DefaultRootHttpProxyPort
+import engine.tun2socks.DefaultTun2SocksProxyPort
 import engine.tproxy.DefaultTproxyPort
-import engine.tproxy.DefaultTproxySocks5Port
 import engine.vpn.VpnDefaults
 import engine.xray.DefaultDirectDnsDomains
 import engine.xray.DefaultFragmentInterval
@@ -44,10 +45,10 @@ data class AppState(
     val localProxyUsername: String = "",
     val localProxyPassword: String = "",
     val enableVpnAppendHttpProxy: Boolean = false,
-    val vpnMtu: String = VpnDefaults.MTU.toString(),
-    val vpnDefaultDns: String = VpnDefaults.IPV4_DNS,
-    val vpnIpv4Cidr: String = VpnDefaults.IPV4_CIDR,
-    val vpnIpv6Cidr: String = VpnDefaults.IPV6_CIDR,
+    val tunMtu: String = VpnDefaults.MTU.toString(),
+    val tunDefaultDns: String = VpnDefaults.IPV4_DNS,
+    val tunIpv4Cidr: String = VpnDefaults.IPV4_CIDR,
+    val tunIpv6Cidr: String = VpnDefaults.IPV6_CIDR,
 
     val proxyServers: List<ProxyServerState> = emptyList(),
     val nextProxyServerId: Int = 10,
@@ -90,11 +91,11 @@ data class AppState(
     val dnsHosts: List<String> = emptyList(),
 
     val transparentProxyPort: String = DefaultTproxyPort.toString(),
-    val enableTproxyBootScript: Boolean = false,
+    val enableRootBootScript: Boolean = false,
     val enableSocks5Proxy: Boolean = false,
-    val socks5ProxyPort: String = DefaultTproxySocks5Port.toString(),
+    val socks5ProxyPort: String = DefaultTun2SocksProxyPort.toString(),
     val enableHttpProxy: Boolean = false,
-    val httpProxyPort: String = DefaultTproxyHttpPort.toString(),
+    val httpProxyPort: String = DefaultRootHttpProxyPort.toString(),
 
     val externalInterfaces: List<String> = emptyList(),
     val ignoredInterfaces: List<String> = emptyList(),
@@ -105,7 +106,7 @@ data class AppState(
 )
 
 val AppState.effectiveLocalDnsEnabled: Boolean
-    get() = runMode == RunModeTproxy || enableVpnLocalDns
+    get() = runMode == RunModeTproxy || runMode == RunModeTun2Socks || enableVpnLocalDns
 
 val AppState.effectiveFakeDnsEnabled: Boolean
     get() = effectiveLocalDnsEnabled && enableFakeDns

app/src/main/kotlin/app/effects/ProxyStatusSynchronizer.kt

@@ -6,6 +6,7 @@ package app.effects
 import androidx.compose.runtime.Composable
 import androidx.compose.runtime.LaunchedEffect
 import app.AppState
+import app.modes.RunModeTun2Socks
 import app.modes.RunModeTproxy
 import data.AndroidAppStateStore
 import engine.proxy.AndroidProxyEngine
@@ -18,7 +19,7 @@ internal fun ProxyStatusSynchronizer(
 ) {
     LaunchedEffect(stateStore, proxyEngine) {
         val currentState = stateStore.state.value
-        if (currentState.runMode != RunModeTproxy && !currentState.proxyRunning) {
+        if (currentState.runMode != RunModeTproxy && currentState.runMode != RunModeTun2Socks && !currentState.proxyRunning) {
             return@LaunchedEffect
         }
         val status = runCatching { proxyEngine.status(currentState.runMode) }.getOrNull() ?: return@LaunchedEffect