Do not store whitelist configuration files in external storage

[oasiscifr]

Many applications can access and even modify files in external storage.

[TchaikovDriver]

In the early days, users had to uninstall Igniter and then install the latest version, which made it annoying to configure the whitelist, because whitelist configuration file would be removed once the app is uninstalled (It was stored in cache directory). In order to avoid configuring whitelist file over and over again, I chose to store the file in external storage. If users do not have to uninstall Igniter for updating in following releases, I store it in interal cache directory. AFAIC, modifying this file is of no benefit. If you are concerning the privacy, I would say any application can easily access all the installed applications on your phones. If it is necessary to move the file in private cache directory, I would consider a simple way to migrate file for loyal users.

[oasiscifr]

@TchaikovDriver For example, we all know there is a security problem if we enabled the bypass mode(GEO IP). We expect to avoid this problem by turning off the bypass mode. But an attacker can now attack by modifying this configuration file.

[TchaikovDriver]

Understood, I will fix it when I am spare.

[TchaikovDriver]

239

[wongsyrone]

Fixed via https://github.com/trojan-gfw/igniter/commit/ddea3b7abb864d160ded939ff7b4edb99731b190