Add changes to support network extension

bindToDevice implementation added (but commented out, as it's unused for now).

Compiler flag requiring use of extension-okay APIs turned on. This necessitated removing some jailbreak-check code.

MobileLibrary/iOS/PsiphonTunnel/PsiphonTunnel.xcodeproj/project.pbxproj

@@ -493,6 +493,7 @@
 		66BDB0351DA6BFCC0079384C /* Debug */ = {
 			isa = XCBuildConfiguration;
 			buildSettings = {
+				APPLICATION_EXTENSION_API_ONLY = YES;
 				CODE_SIGN_IDENTITY = "";
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = Q6HLNEX92A;
@@ -517,6 +518,7 @@
 		66BDB0361DA6BFCC0079384C /* Release */ = {
 			isa = XCBuildConfiguration;
 			buildSettings = {
+				APPLICATION_EXTENSION_API_ONLY = YES;
 				CODE_SIGN_IDENTITY = "";
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = Q6HLNEX92A;

MobileLibrary/iOS/PsiphonTunnel/PsiphonTunnel/JailbreakCheck/JailbreakCheck.m

@@ -35,6 +35,10 @@
 
 BOOL checkReadWritePermissions()
 {
+    // UIApplication:sharedApplication is disallowed in an application exetension
+    // (such as would be used by a whole-device Psiphon VPN). We may re-enable
+    // this code later, but leave it out for now to avoid confusion.
+    /*
     if([[UIApplication sharedApplication] canOpenURL:
         [NSURL URLWithString:@"cydia://package/com.com.com"]])
     {
@@ -50,6 +54,7 @@ BOOL checkReadWritePermissions()
     {
         return TRUE;
     }
+     */
     
     return FALSE;
 }

MobileLibrary/iOS/PsiphonTunnel/PsiphonTunnel/PsiphonTunnel.m

@@ -17,6 +17,7 @@
  *
  */
 
+#import <net/if.h>
 #import <CoreTelephony/CTTelephonyNetworkInfo.h>
 #import <CoreTelephony/CTCarrier.h>
 #import "LookupIPv6.h"
@@ -547,7 +548,25 @@
 #pragma mark - GoPsiPsiphonProvider protocol implementation (private)
 
 - (BOOL)bindToDevice:(long)fileDescriptor error:(NSError **)error {
-    // This PsiphonProvider function is only called in TunnelWholeDevice mode
+    /*
+    This code is not currently used, so we won't leave it in untested. However, 
+    this implementation info will probably be useful later.
+     
+    // DEBUG
+    [self logMessage:[NSString stringWithFormat: @"***** DEBUG: bindToDevice called"]];
+    
+    // This function is only called in TunnelWholeDevice mode
+    
+    // TODO: Determine if this is robust.
+    unsigned int interfaceIndex = if_nametoindex("ap1");
+    
+    int ret = setsockopt(fileDescriptor, IPPROTO_TCP, IP_BOUND_IF, &interfaceIndex, sizeof(interfaceIndex));
+    if (ret != 0) {
+        [self logMessage:[NSString stringWithFormat: @"bindToDevice: setsockopt failed; errno: %d", errno]];
+        return FALSE;
+    }
+    */
+
     return TRUE;
 }