+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is
+ * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and limitations under the License.
+ */
+
+package com.twofortyfouram.locale;
+
+import android.os.Parcelable;
+
+/**
+ * Contains Intent constants necessary for interacting with the Locale Developer Platform.
+ */
+public final class Intent
+{
+ /**
+ * Private constructor prevents instantiation.
+ *
+ * @throws UnsupportedOperationException because this class cannot be instantiated.
+ */
+ private Intent()
+ {
+ throw new UnsupportedOperationException("This class is non-instantiable"); //$NON-NLS-1$
+ }
+
+ /**
+ * Ordered broadcast result code indicating that a plug-in condition's state is satisfied (true).
+ *
+ * @see Intent#ACTION_QUERY_CONDITION
+ */
+ public static final int RESULT_CONDITION_SATISFIED = 16;
+
+ /**
+ * Ordered broadcast result code indicating that a plug-in condition's state is not satisfied (false).
+ *
+ * @see Intent#ACTION_QUERY_CONDITION
+ */
+ public static final int RESULT_CONDITION_UNSATISFIED = 17;
+
+ /**
+ * Ordered broadcast result code indicating that a plug-in condition's state is unknown (neither true nor
+ * false).
+ *
+ * If a condition returns UNKNOWN, then Locale will use the last known return value on a best-effort
+ * basis. Best-effort means that Locale may not persist known values forever (e.g. last known values could
+ * hypothetically be cleared after a device reboot, a restart of the Locale process, or other events). If
+ * there is no last known return value, then unknown is treated as not satisfied (false).
+ *
+ * The purpose of an UNKNOWN result is to allow a plug-in condition more than 10 seconds to process a
+ * requery. A {@code BroadcastReceiver} must return within 10 seconds, otherwise it will be killed by
+ * Android. A plug-in that needs more than 10 seconds might initially return
+ * {@link #RESULT_CONDITION_UNKNOWN}, subsequently request a requery, and then return either
+ * {@link #RESULT_CONDITION_SATISFIED} or {@link #RESULT_CONDITION_UNSATISFIED}.
+ *
+ * @see Intent#ACTION_QUERY_CONDITION
+ */
+ public static final int RESULT_CONDITION_UNKNOWN = 18;
+
+ /**
+ * {@code Intent} action {@code String} broadcast by Locale to create or edit a plug-in setting. When
+ * Locale broadcasts this {@code Intent}, it will be sent directly to the package and class of the
+ * plug-in's {@code Activity}. The {@code Intent} may contain a {@link #EXTRA_BUNDLE} that was previously
+ * set by the {@code Activity} result of {@link #ACTION_EDIT_SETTING}.
+ *
+ * There SHOULD be only one {@code Activity} per APK that implements this {@code Intent}. If a single APK
+ * wishes to export multiple plug-ins, it MAY implement multiple Activity instances that implement this
+ * {@code Intent}, however there must only be a single {@link #ACTION_FIRE_SETTING} receiver. In this
+ * scenario, it is the responsibility of the Activities to store enough data in {@link #EXTRA_BUNDLE} to
+ * allow this receiver to disambiguate which "plug-in" is being fired. To avoid user confusion, it is
+ * recommended that only a single plug-in be implemented per APK.
+ *
+ * @see Intent#EXTRA_BUNDLE
+ * @see Intent#EXTRA_STRING_BREADCRUMB
+ */
+ public static final String ACTION_EDIT_SETTING = "com.twofortyfouram.locale.intent.action.EDIT_SETTING"; //$NON-NLS-1$
+
+ /**
+ * {@code Intent} action {@code String} broadcast by Locale to fire a plug-in setting. When Locale
+ * broadcasts this {@code Intent}, it will be sent directly to the package and class of the plug-in's
+ * {@code BroadcastReceiver}. The {@code Intent} will contain a {@link #EXTRA_BUNDLE} that was previously
+ * set by the {@code Activity} result of {@link #ACTION_EDIT_SETTING}.
+ *
+ * There MUST be only one {@code BroadcastReceiver} per APK that implements this {@code Intent}.
+ *
+ * @see Intent#EXTRA_BUNDLE
+ */
+ public static final String ACTION_FIRE_SETTING = "com.twofortyfouram.locale.intent.action.FIRE_SETTING"; //$NON-NLS-1$
+
+ /**
+ * {@code Intent} action {@code String} broadcast by Locale to create or edit a plug-in condition. When
+ * Locale broadcasts this {@code Intent}, it will be sent directly to the package and class of the
+ * plug-in's {@code Activity}. The {@code Intent} may contain a store-and-forward {@link #EXTRA_BUNDLE}
+ * that was previously set by the {@code Activity} result of {@link #ACTION_EDIT_CONDITION}.
+ *
+ * There SHOULD be only one {@code Activity} per APK that implements this {@code Intent}. If a single APK
+ * wishes to export multiple plug-ins, it MAY implement multiple Activity instances that implement this
+ * {@code Intent}, however there must only be a single {@link #ACTION_QUERY_CONDITION} receiver. In this
+ * scenario, it is the responsibility of the Activities to store enough data in {@link #EXTRA_BUNDLE} to
+ * allow this receiver to disambiguate which "plug-in" is being queried. To avoid user confusion, it is
+ * recommended that only a single plug-in be implemented per APK.
+ *
+ * @see Intent#EXTRA_BUNDLE
+ * @see Intent#EXTRA_STRING_BREADCRUMB
+ */
+ public static final String ACTION_EDIT_CONDITION = "com.twofortyfouram.locale.intent.action.EDIT_CONDITION"; //$NON-NLS-1$
+
+ /**
+ * Ordered {@code Intent} action {@code String} broadcast by Locale to query a plug-in condition. When
+ * Locale broadcasts this {@code Intent}, it will be sent directly to the package and class of the
+ * plug-in's {@code BroadcastReceiver}. The {@code Intent} will contain a {@link #EXTRA_BUNDLE} that was
+ * previously set by the {@code Activity} result of {@link #ACTION_EDIT_CONDITION}.
+ *
+ * Since this is an ordered broadcast, the receiver is expected to set an appropriate result code from
+ * {@link #RESULT_CONDITION_SATISFIED}, {@link #RESULT_CONDITION_UNSATISFIED}, and
+ * {@link #RESULT_CONDITION_UNKNOWN}.
+ *
+ * There MUST be only one {@code BroadcastReceiver} per APK that implements this {@code Intent}.
+ *
+ * @see Intent#EXTRA_BUNDLE
+ * @see Intent#RESULT_CONDITION_SATISFIED
+ * @see Intent#RESULT_CONDITION_UNSATISFIED
+ * @see Intent#RESULT_CONDITION_UNKNOWN
+ */
+ public static final String ACTION_QUERY_CONDITION = "com.twofortyfouram.locale.intent.action.QUERY_CONDITION"; //$NON-NLS-1$
+
+ /**
+ * {@code Intent} action {@code String} to notify Locale that a plug-in condition is requesting that
+ * Locale query it via {@link #ACTION_QUERY_CONDITION}. This merely serves as a hint to Locale that a
+ * condition wants to be queried. There is no guarantee as to when or if the plug-in will be queried after
+ * this {@code Intent} is broadcast. If Locale does not respond to the plug-in condition after a
+ * {@link #ACTION_REQUEST_QUERY} Intent is sent, the plug-in SHOULD shut itself down and stop requesting
+ * requeries. A lack of response from Locale indicates that Locale is not currently interested in this
+ * plug-in. When Locale becomes interested in the plug-in again, Locale will send
+ * {@link #ACTION_QUERY_CONDITION}.
+ *
+ * The extra {@link #EXTRA_ACTIVITY} MUST be included, otherwise Locale will ignore this {@code Intent}.
+ *
+ * Plug-in conditions SHOULD NOT use this unless there is some sort of asynchronous event that has
+ * occurred, such as a broadcast {@code Intent} being received by the plug-in. Plug-ins SHOULD NOT
+ * periodically request a requery as a way of implementing polling behavior.
+ *
+ * @see Intent#EXTRA_ACTIVITY
+ */
+ public static final String ACTION_REQUEST_QUERY = "com.twofortyfouram.locale.intent.action.REQUEST_QUERY"; //$NON-NLS-1$
+
+ /**
+ * Type: {@code String}
+ *
+ * Maps to a {@code String} that represents the {@code Activity} bread crumb path.
+ *
+ * @see BreadCrumber
+ */
+ public static final String EXTRA_STRING_BREADCRUMB = "com.twofortyfouram.locale.intent.extra.BREADCRUMB"; //$NON-NLS-1$
+
+ /**
+ * Type: {@code String}
+ *
+ * Maps to a {@code String} that represents a blurb. This is returned as an {@code Activity} result extra
+ * from {@link #ACTION_EDIT_CONDITION} or {@link #ACTION_EDIT_SETTING}.
+ *
+ * The blurb is a concise description displayed to the user of what the plug-in is configured to do.
+ */
+ public static final String EXTRA_STRING_BLURB = "com.twofortyfouram.locale.intent.extra.BLURB"; //$NON-NLS-1$
+
+ /**
+ * Type: {@code Bundle}
+ *
+ * Maps to a {@code Bundle} that contains all of a plug-in's extras.
+ *
+ * Plug-ins MUST NOT store {@link Parcelable} objects in this {@code Bundle}, because {@code Parcelable}
+ * is not a long-term storage format. Also, plug-ins MUST NOT store any serializable object that is not
+ * exposed by the Android SDK.
+ *
+ * The maximum size of a Bundle that can be sent across process boundaries is on the order of 500
+ * kilobytes (base-10), while Locale further limits plug-in Bundles to about 100 kilobytes (base-10).
+ * Although the maximum size is about 100 kilobytes, plug-ins SHOULD keep Bundles much smaller for
+ * performance and memory usage reasons.
+ */
+ public static final String EXTRA_BUNDLE = "com.twofortyfouram.locale.intent.extra.BUNDLE"; //$NON-NLS-1$
+
+ /**
+ * Type: {@code String}
+ *
+ * Maps to a {@code String} that represents the name of a plug-in's {@code Activity}.
+ *
+ * @see Intent#ACTION_REQUEST_QUERY
+ */
+ public static final String EXTRA_ACTIVITY = "com.twofortyfouram.locale.intent.extra.ACTIVITY"; //$NON-NLS-1$
+}
\ No newline at end of file
diff --git a/app/src/main/java/com/twofortyfouram/locale/PackageUtilities.java b/app/src/main/java/com/twofortyfouram/locale/PackageUtilities.java
new file mode 100644
index 0000000..a1ef768
--- /dev/null
+++ b/app/src/main/java/com/twofortyfouram/locale/PackageUtilities.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2012 two forty four a.m. LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ *
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is
+ * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and limitations under the License.
+ */
+
+package com.twofortyfouram.locale;
+
+import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * A simple utility class to find a package that is compatible with hosting the Locale Developer Platform.
+ */
+/*
+ * This class is NOT part of the public Locale Developer Platform API
+ */
+public final class PackageUtilities
+{
+ /**
+ * A hard-coded set of Android packages that support the Locale Developer Platform.
+ */
+ /*
+ * This is NOT a public field and is subject to change in future releases of the Developer Platform. A
+ * conscious design decision was made to use hard-coded package names, rather than dynamic discovery of
+ * packages that might be compatible with hosting the Locale Developer Platform API. This is for two
+ * reasons: to ensure the host is implemented correctly (hosts must pass the extensive Locale Platform
+ * Host compatibility test suite) and to prevent malicious applications from crashing plug-ins by
+ * providing bad values. As additional apps implement the Locale Developer Platform, their package names
+ * will also be added to this list.
+ */
+ /*
+ * Note: this is implemented as a Set rather than a String[], in order to enforce immutability.
+ */
+ private static final Set COMPATIBLE_PACKAGES = constructPackageSet();
+
+ /**
+ * @return a list wrapped in {@link Collections#unmodifiableList(List)} that represents the set of
+ * Locale-compatible packages.
+ */
+ private static Set constructPackageSet()
+ {
+ final HashSet packages = new HashSet();
+
+ packages.add(Constants.LOCALE_PACKAGE);
+
+ /*
+ * Note: Tasker is not 100% compatible with Locale's plug-in API, but it is close enough that these
+ * packages are enabled. Tasker's known incompatibilities are documented on the Tasker website.
+ */
+ packages.add("net.dinglisch.android.taskerm"); //$NON-NLS-1$
+ packages.add("net.dinglisch.android.tasker"); //$NON-NLS-1$
+ packages.add("net.dinglisch.android.taskercupcake"); //$NON-NLS-1$
+
+ return Collections.unmodifiableSet(packages);
+ }
+
+ /**
+ * Obtains the {@code String} package name of a currently-installed package which implements the host
+ * component of the Locale Developer Platform.
+ *
+ * Note: A TOCTOU error exists, due to the fact that the package could be uninstalled at any time.
+ *
+ * Note: If there are multiple hosts, this method will return one of them. The interface of this method
+ * makes no guarantee which host will returned, nor whether that host will be consistently returned.
+ *
+ * @param manager an instance of {@code PackageManager}. Cannot be null.
+ * @param packageHint hint as to which package should take precedence. This parameter may be null.
+ * @return {@code String} package name of a host for the Locale Developer Platform, such as
+ * "com.twofortyfouram.locale". If no such package is found, returns null.
+ */
+ public static String getCompatiblePackage(final PackageManager manager, final String packageHint)
+ {
+ /*
+ * The interface for this method makes no guarantees as to which host will be returned. However the
+ * implementation is more predictable.
+ */
+
+ final List installedPackages = manager.getInstalledPackages(0);
+
+ if (COMPATIBLE_PACKAGES.contains(packageHint))
+ {
+ for (final PackageInfo packageInfo : installedPackages)
+ {
+ final String temp = packageInfo.packageName;
+ if (packageHint.equals(temp))
+ {
+ return temp;
+ }
+ }
+ }
+
+ for (final String compatiblePackageName : COMPATIBLE_PACKAGES)
+ {
+ if (compatiblePackageName.equals(packageHint))
+ {
+ continue;
+ }
+
+ for (final PackageInfo packageInfo : installedPackages)
+ {
+ final String temp = packageInfo.packageName;
+ if (compatiblePackageName.equals(temp))
+ {
+ return temp;
+ }
+ }
+ }
+
+ return null;
+ }
+}
\ No newline at end of file
diff --git a/app/src/main/java/dev/ukanth/ufirewall/Api.java b/app/src/main/java/dev/ukanth/ufirewall/Api.java
new file mode 100644
index 0000000..1f52351
--- /dev/null
+++ b/app/src/main/java/dev/ukanth/ufirewall/Api.java
@@ -0,0 +1,4419 @@
+/**
+ * All iptables "communication" is handled by this class.
+ *
+ * Copyright (C) 2009-2011 Rodrigo Zechin Rosauro
+ * Copyright (C) 2011-2012 Umakanthan Chandran
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ *
+ * @author Rodrigo Zechin Rosauro, Umakanthan Chandran
+ * @version 1.2
+ */
+
+package dev.ukanth.ufirewall;
+
+import static dev.ukanth.ufirewall.util.G.ctx;
+import static dev.ukanth.ufirewall.util.G.ipv4Fwd;
+import static dev.ukanth.ufirewall.util.G.ipv4Input;
+import static dev.ukanth.ufirewall.util.G.ipv6Fwd;
+import static dev.ukanth.ufirewall.util.G.ipv6Input;
+import static dev.ukanth.ufirewall.util.G.showAllApps;
+
+import android.Manifest;
+import android.annotation.SuppressLint;
+import android.annotation.TargetApi;
+import android.app.Notification;
+import android.app.NotificationChannel;
+import android.app.NotificationManager;
+import android.app.PendingIntent;
+import android.content.ClipData;
+import android.content.ClipboardManager;
+import android.content.Context;
+import android.content.Intent;
+import android.content.SharedPreferences;
+import android.content.SharedPreferences.Editor;
+import android.content.pm.ApplicationInfo;
+import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
+import android.content.pm.PackageManager.NameNotFoundException;
+import android.content.res.Configuration;
+import android.content.res.Resources;
+import android.graphics.Bitmap;
+import android.graphics.Canvas;
+import android.graphics.drawable.Drawable;
+import android.net.ConnectivityManager;
+import android.net.NetworkInfo;
+import android.net.Uri;
+import android.os.AsyncTask;
+import android.os.Build;
+import android.os.Environment;
+import android.os.Handler;
+import android.os.Looper;
+import android.os.PowerManager;
+import android.os.UserHandle;
+import android.os.UserManager;
+import android.provider.Settings;
+import android.text.TextUtils;
+import android.util.Base64;
+import android.util.SparseArray;
+import android.widget.Toast;
+import android.app.Activity;
+
+import androidx.annotation.NonNull;
+import androidx.core.app.NotificationCompat;
+import androidx.core.app.TaskStackBuilder;
+
+import com.afollestad.materialdialogs.DialogAction;
+import com.afollestad.materialdialogs.MaterialDialog;
+import com.raizlabs.android.dbflow.sql.language.Delete;
+import com.raizlabs.android.dbflow.sql.language.SQLite;
+import com.raizlabs.android.dbflow.sql.language.Select;
+import com.stericson.roottools.RootTools;
+import com.topjohnwu.superuser.Shell;
+
+import org.json.JSONArray;
+import org.json.JSONException;
+import org.json.JSONObject;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.lang.reflect.Method;
+import java.nio.charset.StandardCharsets;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Set;
+import java.util.StringTokenizer;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.concurrent.RejectedExecutionException;
+import java.util.concurrent.TimeUnit;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.DESKeySpec;
+
+import dev.ukanth.ufirewall.MainActivity.GetAppList;
+import dev.ukanth.ufirewall.log.Log;
+import dev.ukanth.ufirewall.log.LogData;
+import dev.ukanth.ufirewall.log.LogData_Table;
+import dev.ukanth.ufirewall.preferences.DefaultConnectionPref;
+import dev.ukanth.ufirewall.preferences.DefaultConnectionPref_Table;
+import dev.ukanth.ufirewall.profiles.ProfileData;
+import dev.ukanth.ufirewall.profiles.ProfileHelper;
+import dev.ukanth.ufirewall.service.FirewallService;
+import dev.ukanth.ufirewall.service.RootCommand;
+import dev.ukanth.ufirewall.util.G;
+import dev.ukanth.ufirewall.util.JsonHelper;
+import dev.ukanth.ufirewall.util.UidResolver;
+import dev.ukanth.ufirewall.widget.StatusWidget;
+
+/**
+ * Contains shared programming interfaces.
+ * All iptables "communication" is handled by this class.
+ */
+public final class Api {
+ /**
+ * application logcat tag
+ */
+ public static final String TAG = "AFWall";
+
+ /**
+ * special application UID used to indicate "any application"
+ */
+ public static final int SPECIAL_UID_ANY = -10;
+ /**
+ * special application UID used to indicate the Linux Kernel
+ */
+ public static final int SPECIAL_UID_KERNEL = -11;
+ /**
+ * special application UID used for dnsmasq DHCP/DNS
+ */
+ public static final int SPECIAL_UID_TETHER = -12;
+
+ /**
+ * special application UID used for NTP
+ */
+ public static final int SPECIAL_UID_NTP = -14;
+
+ public static final int NOTIFICATION_ID = 1;
+ public static final String PREF_FIREWALL_STATUS = "AFWallStatus";
+ public static final String DEFAULT_PREFS_NAME = "AFWallPrefs";
+ //for import/export rules
+ //revertback to old approach for performance
+ public static final String PREF_3G_PKG_UIDS = "AllowedPKG3G_UIDS";
+ public static final String PREF_WIFI_PKG_UIDS = "AllowedPKGWifi_UIDS";
+ public static final String PREF_ROAMING_PKG_UIDS = "AllowedPKGRoaming_UIDS";
+ public static final String PREF_VPN_PKG_UIDS = "AllowedPKGVPN_UIDS";
+ public static final String PREF_TETHER_PKG_UIDS = "AllowedPKGTether_UIDS";
+ public static final String PREF_LAN_PKG_UIDS = "AllowedPKGLAN_UIDS";
+ public static final String PREF_TOR_PKG_UIDS = "AllowedPKGTOR_UIDS";
+ public static final String PREF_CUSTOMSCRIPT = "CustomScript";
+ public static final String PREF_CUSTOMSCRIPT2 = "CustomScript2"; // Executed on shutdown
+ public static final String PREF_MODE = "BlockMode";
+ public static final String PREF_ENABLED = "Enabled";
+ // Modes
+ public static final String MODE_WHITELIST = "whitelist";
+ public static final String MODE_BLACKLIST = "blacklist";
+ public static final String STATUS_CHANGED_MSG = "dev.ukanth.ufirewall.intent.action.STATUS_CHANGED";
+ public static final String TOGGLE_REQUEST_MSG = "dev.ukanth.ufirewall.intent.action.TOGGLE_REQUEST";
+ public static final String CUSTOM_SCRIPT_MSG = "dev.ukanth.ufirewall.intent.action.CUSTOM_SCRIPT";
+ // Message extras (parameters)
+ public static final String STATUS_EXTRA = "dev.ukanth.ufirewall.intent.extra.STATUS";
+ public static final String SCRIPT_EXTRA = "dev.ukanth.ufirewall.intent.extra.SCRIPT";
+ public static final String SCRIPT2_EXTRA = "dev.ukanth.ufirewall.intent.extra.SCRIPT2";
+ public static final int ERROR_NOTIFICATION_ID = 9;
+ private static final int WIFI_EXPORT = 0;
+ private static final int DATA_EXPORT = 1;
+ private static final int ROAM_EXPORT = 2;
+ // Messages
+ private static final int VPN_EXPORT = 3;
+ private static final int TETHER_EXPORT = 6;
+ private static final int LAN_EXPORT = 4;
+ private static final int TOR_EXPORT = 5;
+ private static final String[] ITFS_WIFI = InterfaceTracker.ITFS_WIFI;
+ private static final String[] ITFS_3G = InterfaceTracker.ITFS_3G;
+ private static final String[] ITFS_VPN = InterfaceTracker.ITFS_VPN;
+ private static final String[] ITFS_TETHER = InterfaceTracker.ITFS_TETHER;
+ // iptables can exit with status 4 if two processes tried to update the same table
+ private static final int IPTABLES_TRY_AGAIN = 4;
+ private static final String[] dynChains = {"-3g-postcustom", "-3g-fork", "-wifi-postcustom", "-wifi-fork"};
+ private static final String[] natChains = {"", "-tor-check", "-tor-filter"};
+ private static final String[] staticChains = {"", "-input", "-3g", "-wifi", "-reject", "-vpn", "-3g-tether", "-3g-home", "-3g-roam", "-wifi-tether", "-wifi-wan", "-wifi-lan", "-usb-tether", "-tor", "-tor-reject", "-tether", "-3g-home-reject", "-3g-roam-reject", "-wifi-wan-reject", "-wifi-lan-reject", "-vpn-reject", "-tether-reject"};
+ private static volatile boolean globalStatus = false;
+
+ private static final Object GLOBAL_STATUS_LOCK = new Object();
+
+ public static List getListOfUids() {
+ return listOfUids;
+ }
+
+ private static List listOfUids = new ArrayList<>();
+
+
+ private static Map uidToApplicationInfoMap = null;
+
+
+ private static final Pattern dual_pattern = Pattern.compile("package:(.*) uid:(.*)", Pattern.MULTILINE);
+
+ /**
+ * @brief Special user/group IDs that aren't associated with
+ * any particular app.
+ *
+ * See:
+ * include/private/android_filesystem_config.h
+ * in platform/system/core.git.
+ *
+ * The accounts listed below are the only ones from
+ * android_filesystem_config.h that are known to be used as
+ * the UID of a process that uses the network. The other
+ * accounts in that .h file are either:
+ * * used as supplemental group IDs for granting extra
+ * privileges to apps,
+ * * used as UIDs of processes that don't need the network,
+ * or
+ * * have not yet been reported by users as needing the
+ * network.
+ *
+ * The list is sorted in ascending UID order.
+ */
+ private static final String[] specialAndroidAccounts = {
+ "root",
+ "adb",
+ "media",
+ "vpn",
+ "drm",
+ "gps",
+ "shell"
+ };
+ private static final Pattern p = Pattern.compile("UserHandle\\{(.*)\\}");
+ // Preferences
+ public static String PREFS_NAME = "AFWallPrefs";
+ // Cached applications
+ public static List applications = null;
+ public static Set recentlyInstalled = new HashSet<>();
+ //for custom scripts
+ //public static String ipPath = null;
+ public static String bbPath = null;
+ private static final String charsetName = "UTF8";
+ private static final String algorithm = "DES";
+ private static final int base64Mode = Base64.DEFAULT;
+ //private static volatile String AFWALL_CHAIN_NAME = "afwall";
+ private static final Object CHAIN_NAME_LOCK = new Object();
+ private static Map specialApps = null;
+ private static volatile boolean rulesUpToDate = false;
+ private static final Object RULES_LOCK = new Object();
+ public static void setRulesUpToDate(boolean rulesUpToDate) {
+ synchronized (RULES_LOCK) {
+ Api.rulesUpToDate = rulesUpToDate;
+ }
+ }
+ public static boolean getRulesUpToDate() {
+ synchronized (RULES_LOCK) {
+ return Api.rulesUpToDate;
+ }
+ }
+
+
+ // returns c.getString(R.string._item)
+ public static String getSpecialDescription(Context ctx, String acct) {
+ try {
+ int rid = ctx.getResources().getIdentifier(acct + "_item", "string", ctx.getPackageName());
+ return ctx.getString(rid);
+ } catch (Resources.NotFoundException exception) {
+ return null;
+ }
+ }
+
+ public static String getSpecialDescriptionSystem(Context ctx, String packageName) {
+ switch (packageName) {
+ case "any":
+ return ctx.getString(R.string.all_item);
+ case "kernel":
+ return ctx.getString(R.string.kernel_item);
+ case "tether":
+ return ctx.getString(R.string.tethering_item);
+ case "ntp":
+ return ctx.getString(R.string.ntp_item);
+ }
+ return "";
+ }
+
+ /**
+ * Display a simple alert box
+ *
+ * @param ctx context
+ * @param msgText message
+ */
+ public static void toast(final Context ctx, final CharSequence msgText) {
+ if (ctx != null) {
+ Handler mHandler = new Handler(Looper.getMainLooper());
+ mHandler.post(() -> Toast.makeText(G.getContext(), msgText, Toast.LENGTH_SHORT).show());
+ }
+ }
+
+ public static void toast(final Context ctx, final CharSequence msgText, final int toastlen) {
+ if (ctx != null) {
+ Handler mHandler = new Handler(Looper.getMainLooper());
+ mHandler.post(() -> Toast.makeText(G.getContext(), msgText, toastlen).show());
+ }
+ }
+
+ public static String getBinaryPath(Context ctx, boolean setv6) {
+ String ip_path = G.ip_path();
+ String binaryName = setv6 ? "ip6tables" : "iptables";
+
+ // If built-in binaries have previously failed with exit 126, prefer system binaries
+ if (G.isBuiltinIptablesFailed() && !ip_path.equals("builtin")) {
+ Log.i(TAG, "Built-in iptables previously failed, preferring system binary for " + binaryName);
+ String systemBinaryPath = findSystemBinary(binaryName);
+ if (systemBinaryPath != null) {
+ if (Api.bbPath == null) {
+ Api.bbPath = getBusyBoxPath(ctx, true);
+ }
+ return systemBinaryPath;
+ }
+ Log.w(TAG, "System binary " + binaryName + " not found despite previous built-in failure");
+ }
+
+ // First priority: check system binary if preference is "system" or "auto"
+ if (ip_path.equals("system") || ip_path.equals("auto")) {
+ String systemBinaryPath = findSystemBinary(binaryName);
+ if (systemBinaryPath != null) {
+ if (Api.bbPath == null) {
+ Api.bbPath = getBusyBoxPath(ctx, true);
+ }
+ return systemBinaryPath;
+ }
+
+ // If system binary not found and preference is "system", log warning
+ if (ip_path.equals("system")) {
+ Log.w(TAG, "System binary " + binaryName + " not found, falling back to built-in");
+ }
+ }
+
+ // Second priority: use built-in binary
+ // Check if built-in binary exists for current architecture
+ String builtinDir = ctx.getDir("bin", 0).getAbsolutePath() + "/";
+ String builtinPath = builtinDir + binaryName;
+
+ File builtinFile = new File(builtinPath);
+ if (builtinFile.exists() && builtinFile.canExecute()) {
+ if (Api.bbPath == null) {
+ Api.bbPath = getBusyBoxPath(ctx, true);
+ }
+ return builtinPath;
+ }
+
+ // Fallback: try to install built-in binaries if they don't exist
+ Log.w(TAG, "Built-in binary " + binaryName + " not found, attempting to install binaries");
+ if (assertBinaries(ctx, false)) {
+ if (Api.bbPath == null) {
+ Api.bbPath = getBusyBoxPath(ctx, true);
+ }
+ return builtinPath;
+ }
+
+ // Last resort: return the path even if binary doesn't exist (will likely fail at runtime)
+ Log.e(TAG, "No working " + binaryName + " binary found, returning built-in path anyway");
+ if (Api.bbPath == null) {
+ Api.bbPath = getBusyBoxPath(ctx, true);
+ }
+ return builtinPath;
+ }
+
+ /**
+ * Find system binary by checking common system paths
+ *
+ * @param binaryName the name of the binary to find
+ * @return full path to the binary if found, null otherwise
+ */
+ public static String findSystemBinary(String binaryName) {
+ // Common paths where system iptables/ip6tables binaries are located
+ String[] systemPaths = {
+ "/system/bin/" + binaryName,
+ "/system/xbin/" + binaryName,
+ "/vendor/bin/" + binaryName,
+ "/sbin/" + binaryName,
+ "/usr/bin/" + binaryName,
+ "/bin/" + binaryName
+ };
+
+ for (String path : systemPaths) {
+ File binaryFile = new File(path);
+ if (binaryFile.exists() && binaryFile.canExecute()) {
+ Log.i(TAG, "Found system binary: " + path);
+ return path;
+ }
+ }
+
+ // Also try using 'which' command if available
+ try {
+ Shell.Result result = Shell.cmd("which " + binaryName).exec();
+ if (result.isSuccess() && !result.getOut().isEmpty()) {
+ String whichPath = result.getOut().get(0).trim();
+ File whichFile = new File(whichPath);
+ if (whichFile.exists() && whichFile.canExecute()) {
+ Log.i(TAG, "Found system binary via 'which': " + whichPath);
+ return whichPath;
+ }
+ }
+ } catch (Exception e) {
+ Log.d(TAG, "Unable to use 'which' command to find " + binaryName + ": " + e.getMessage());
+ }
+
+ Log.d(TAG, "System binary " + binaryName + " not found in any standard location");
+ return null;
+ }
+
+ /**
+ * Determine toybox/busybox or built in
+ *
+ * @param ctx
+ * @param considerSystem
+ * @return
+ */
+ public static String getBusyBoxPath(Context ctx, boolean considerSystem) {
+ String bb_path = G.bb_path();
+
+ // First priority: check system busybox if preference is "system" or "auto" and considerSystem is true
+ if (considerSystem && (bb_path.equals("system") || bb_path.equals("auto"))) {
+ String systemBusybox = findSystemBinary("busybox");
+ if (systemBusybox != null) {
+ return systemBusybox + " ";
+ }
+
+ // If system busybox not found and preference is "system", log warning and fall back
+ if (bb_path.equals("system")) {
+ Log.w(TAG, "System busybox not found, falling back to built-in");
+ }
+ }
+
+ // Second priority: use built-in busybox
+ String dir = ctx.getDir("bin", 0).getAbsolutePath();
+ String builtinPath = dir + "/busybox";
+
+ File builtinFile = new File(builtinPath);
+ if (builtinFile.exists() && builtinFile.canExecute()) {
+ return builtinPath + " ";
+ }
+
+ // Fallback: return built-in path even if it doesn't exist yet (may be installed later)
+ if (!builtinFile.exists()) {
+ Log.w(TAG, "Built-in busybox not found at " + builtinPath + ", returning path anyway");
+ } else {
+ Log.w(TAG, "Built-in busybox exists but not executable at " + builtinPath + ", permissions: " +
+ (builtinFile.canRead() ? "R" : "-") +
+ (builtinFile.canWrite() ? "W" : "-") +
+ (builtinFile.canExecute() ? "X" : "-"));
+ }
+ return builtinPath + " ";
+ }
+
+ /**
+ * Get NFLog Path - Enhanced version with fallback support
+ *
+ * @param ctx Context
+ * @return path to best available nflog binary
+ */
+ public static String getNflogPath(Context ctx) {
+ String dir = ctx.getDir("bin", 0).getAbsolutePath();
+ String originalPath = dir + "/nflog";
+ File originalFile = new File(originalPath);
+
+ if (!originalFile.exists()) {
+ Log.w(TAG, "No NFLOG binary found at: " + originalPath);
+ return null;
+ }
+
+ if (!originalFile.canExecute()) {
+ Log.w(TAG, "NFLOG binary not executable at: " + originalPath);
+ // Try to make it executable
+ try {
+ originalFile.setExecutable(true);
+ if (!originalFile.canExecute()) {
+ Log.e(TAG, "Failed to make nflog executable");
+ return null;
+ }
+ } catch (Exception e) {
+ Log.e(TAG, "Failed to make nflog executable: " + e.getMessage());
+ return null;
+ }
+ }
+
+ Log.i(TAG, "Using original NFLOG binary");
+ return originalPath;
+ }
+
+ /**
+ * Get enhanced NFLOG command with optimized parameters
+ *
+ * @param ctx Context
+ * @param queueNum NFLOG queue number
+ * @return complete command string with optimizations
+ */
+ public static String getEnhancedNflogCommand(Context ctx, int queueNum) {
+ String nflogPath = getNflogPath(ctx);
+ if (nflogPath == null) {
+ return null;
+ }
+
+ // Use standard nflog command with queue number
+ return nflogPath + " " + queueNum;
+ }
+
+
+ /**
+ * Copies a raw resource file, given its ID to the given location
+ *
+ * @param ctx context
+ * @param resid resource id
+ * @param file destination file
+ * @param mode file permissions (E.g.: "755")
+ * @throws IOException on error
+ * @throws InterruptedException when interrupted
+ */
+ private static void copyRawFile(Context ctx, int resid, File file, String mode) throws IOException, InterruptedException {
+ final String abspath = file.getAbsolutePath();
+ // Write the iptables binary
+ final FileOutputStream out = new FileOutputStream(file);
+ final InputStream is = ctx.getResources().openRawResource(resid);
+ byte[] buf = new byte[1024];
+ int len;
+ while ((len = is.read(buf)) > 0) {
+ out.write(buf, 0, len);
+ }
+ out.close();
+ is.close();
+ // Change the permissions
+
+ executeSecureCommand(new String[]{"chmod", mode, abspath});
+ }
+
+ /**
+ * Execute system commands securely using ProcessBuilder to prevent command injection
+ *
+ * @param command Array of command and arguments (prevents shell interpretation)
+ * @throws IOException if command execution fails
+ * @throws InterruptedException if command is interrupted
+ */
+ private static void executeSecureCommand(String[] command) throws IOException, InterruptedException {
+ if (command == null || command.length == 0) {
+ throw new IllegalArgumentException("Command cannot be null or empty");
+ }
+
+ // Validate command and arguments don't contain dangerous characters
+ for (String arg : command) {
+ if (arg == null || arg.contains("\n") || arg.contains("\r") ||
+ arg.contains(";") || arg.contains("&") || arg.contains("|") ||
+ arg.contains("`") || arg.contains("$")) {
+ Log.w(TAG, "Rejecting command with potentially dangerous characters: " + java.util.Arrays.toString(command));
+ throw new SecurityException("Command contains illegal characters");
+ }
+ }
+
+ ProcessBuilder pb = new ProcessBuilder(command);
+ pb.environment().clear(); // Clear environment to prevent injection via env vars
+ Process process = pb.start();
+ int exitCode = process.waitFor();
+
+ if (exitCode != 0) {
+ // For chmod commands, permission denied is expected on Android - don't fail the installation
+ if (command.length > 0 && "chmod".equals(command[0])) {
+ Log.w(TAG, "chmod command failed (expected on Android without root): exit code " + exitCode + " for " + java.util.Arrays.toString(command));
+ return; // Don't throw exception for chmod failures
+ }
+ Log.w(TAG, "Command failed with exit code " + exitCode + ": " + java.util.Arrays.toString(command));
+ throw new IOException("Command execution failed with exit code: " + exitCode);
+ }
+ }
+
+ /**
+ * Look up uid for each user by name, and if he exists, append an iptables rule.
+ *
+ * @param listCommands current list of iptables commands to execute
+ * @param users list of users to whom the rule applies
+ * @param prefix "iptables" command and the portion of the rule preceding "-m owner --uid-owner X"
+ * @param suffix the remainder of the iptables rule, following "-m owner --uid-owner X"
+ */
+ private static void addRuleForUsers(List listCommands, String[] users, String prefix, String suffix) {
+ for (String user : users) {
+ int uid = android.os.Process.getUidForName(user);
+ if (uid != -1)
+ listCommands.add(prefix + " -m owner --uid-owner " + uid + " " + suffix);
+ }
+ }
+
+ private static void addRulesForUidlist(List cmds, List uids, String chain, boolean whitelist) {
+ String action = whitelist ? " -j RETURN" : " -j " + chain + "-reject";
+
+ if (uids.contains(SPECIAL_UID_ANY)) {
+ if (!whitelist) {
+ cmds.add("-A " + chain + action);
+ } else {
+ cmds.add("-A " + chain + " -j RETURN");
+ }
+ } else {
+ for (Integer uid : uids) {
+ if (uid != null && uid >= 0) {
+ cmds.add("-A " + chain + " -m owner --uid-owner " + uid + action);
+ }
+ }
+
+ /*// netd runs as root, and on Android 4.3+ it handles all DNS queries
+ if (uids.indexOf(SPECIAL_UID_DNSPROXY) >= 0) {
+ addRuleForUsers(cmds, new String[]{"root"}, "-A " + chain + " -p udp --dport 53", action);
+ }*/
+
+ if (whitelist) {
+ addRuleForUsers(cmds, new String[]{"root"}, "-A " + chain + " -p udp --dport 53", " -j RETURN");
+ addRuleForUsers(cmds, new String[]{"root"}, "-A " + chain + " -p tcp --dport 53", " -j RETURN");
+ } else {
+ addRuleForUsers(cmds, new String[]{"root"}, "-A " + chain + " -p udp --dport 53", " -j RETURN");
+ addRuleForUsers(cmds, new String[]{"root"}, "-A " + chain + " -p tcp --dport 53", " -j RETURN");
+ }
+
+
+ // NTP service runs as "system" user
+ if (uids.contains(SPECIAL_UID_NTP)) {
+ addRuleForUsers(cmds, new String[]{"system"}, "-A " + chain + " -p udp --dport 123", action);
+ }
+
+
+ if (G.getPrivateDnsStatus()) {
+ cmds.add("-A " + chain + " -p tcp --dport 853" + " -j ACCEPT");
+ // disabling HTTPS over DNS
+ //cmds.add("-A " + chain + " -p tcp --dport 443" + " -j ACCEPT");
+ }
+
+ boolean kernel_checked = uids.contains(SPECIAL_UID_KERNEL);
+
+ if (whitelist) {
+ if (kernel_checked) {
+ // reject any other UIDs, but allow the kernel through
+ // Use fallback rule if owner module is not available
+ if (G.hasOwnerModule()) {
+ Log.d(TAG, "Adding whitelist kernel rule with owner module for chain " + chain);
+ cmds.add("-A " + chain + " -m owner --uid-owner 0:999999999 -j " + chain + "-reject");
+ } else {
+ Log.w(TAG, "Owner module not available, using fallback rule for chain " + chain);
+ cmds.add("-A " + chain + " -j " + chain + "-reject");
+ }
+ } else {
+ // kernel is blocked so reject everything
+ String rejectRule = "-A " + chain + " -j " + chain + "-reject";
+ cmds.add(rejectRule);
+ }
+ } else {
+ if (kernel_checked) {
+ // allow any other UIDs, but block the kernel
+ if (G.hasOwnerModule()) {
+ cmds.add("-A " + chain + " -m owner --uid-owner 0:999999999 -j RETURN");
+ cmds.add("-A " + chain + " -j " + chain + "-reject");
+ } else {
+ Log.w(TAG, "Owner module not available, using fallback rule for chain " + chain);
+ cmds.add("-A " + chain + " -j " + chain + "-reject");
+ }
+ }
+ }
+
+ //add 1052 for LAN
+ if(G.enableLAN() && G.hasOwnerModule()) {
+ cmds.add("-A " + "afwall-wifi-lan" + " -m owner --uid-owner 1052 -j RETURN");
+ }
+
+ if (G.hasOwnerModule()) {
+ cmds.add("-A " + "afwall-wifi-wan" + " -m owner --uid-owner 1052 -j RETURN");
+ }
+ }
+ }
+
+ private static void addRejectRules(List cmds, String chainName) {
+ // set up reject chain to log or not log
+ // this can be changed dynamically through the Firewall Logs activity
+
+ if (G.enableLogService()) {
+ if (G.logTarget().trim().equals("LOG")) {
+ //cmds.add("-A " + chainName + " -m limit --limit 1000/min -j LOG --log-prefix \"{AFL-ALLOW}\" --log-level 4 --log-uid");
+ String logRule = "-A " + chainName + "-reject" + " -m limit --limit 1000/min -j LOG --log-prefix \"{AFL}\" --log-level 4 --log-uid --log-tcp-options --log-ip-options";
+ Log.d(TAG, "Adding LOG rule to reject chain: " + logRule);
+ cmds.add(logRule);
+ } else if (G.logTarget().trim().equals("NFLOG")) {
+ //cmds.add("-A " + chainName + " -j NFLOG --nflog-prefix \"{AFL-ALLOW}\" --nflog-group 40");
+ String nflogRule = "-A " + chainName + "-reject" + " -j NFLOG --nflog-prefix \"{AFL}\" --nflog-group 40";
+ Log.d(TAG, "Adding NFLOG rule to reject chain: " + nflogRule);
+ cmds.add(nflogRule);
+ }
+ }
+ String rejectRule = "-A " + chainName + "-reject" + " -j REJECT";
+ Log.d(TAG, "Adding final REJECT rule: " + rejectRule);
+ cmds.add(rejectRule);
+
+ // Also populate individual reject chains that are used by whitelist mode
+ String[] rejectChainSuffixes = {"-3g-home-reject", "-3g-roam-reject", "-wifi-wan-reject",
+ "-wifi-lan-reject", "-vpn-reject", "-tether-reject"};
+ for (String suffix : rejectChainSuffixes) {
+ String individualRejectChain = chainName + suffix;
+ Log.d(TAG, "Populating individual reject chain: " + individualRejectChain);
+ if (G.enableLogService() && G.logTarget().trim().equals("NFLOG")) {
+ String nflogRule = "-A " + individualRejectChain + " -j NFLOG --nflog-prefix \"{AFL}\" --nflog-group 40";
+ Log.d(TAG, "Adding NFLOG to individual reject chain: " + nflogRule);
+ cmds.add(nflogRule);
+ }
+ String individualRejectRule = "-A " + individualRejectChain + " -j REJECT";
+ Log.d(TAG, "Adding REJECT to individual reject chain: " + individualRejectRule);
+ cmds.add(individualRejectRule);
+ }
+ }
+
+ private static void addTorRules(List cmds, List uids, Boolean whitelist, Boolean ipv6, String chainName) {
+ for (Integer uid : uids) {
+ if (uid != null && uid >= 0) {
+ if (G.enableInbound() || ipv6) {
+ cmds.add("-A " + chainName + "-tor-reject -m owner --uid-owner " + uid + " -j " + chainName + "-reject");
+ }
+ if (!ipv6) {
+ cmds.add("-t nat -A " + chainName + "-tor-check -m owner --uid-owner " + uid + " -j " + chainName + "-tor-filter");
+ }
+ }
+ }
+ if (ipv6) {
+ cmds.add("-A " + chainName + " -j " + chainName + "-tor-reject");
+ } else {
+ Integer socks_port = 9050;
+ Integer http_port = 8118;
+ Integer dns_port = 5400;
+ Integer tcp_port = 9040;
+ cmds.add("-t nat -A " + chainName + "-tor-filter -d 127.0.0.1 -p tcp --dport " + socks_port + " -j RETURN");
+ cmds.add("-t nat -A " + chainName + "-tor-filter -d 127.0.0.1 -p tcp --dport " + http_port + " -j RETURN");
+ cmds.add("-t nat -A " + chainName + "-tor-filter -p udp --dport 53 -j REDIRECT --to-ports " + dns_port);
+ cmds.add("-t nat -A " + chainName + "-tor-filter -p tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports " + tcp_port);
+ cmds.add("-t nat -A " + chainName + "-tor-filter -j MARK --set-mark 0x500");
+ cmds.add("-t nat -A " + chainName + " -j " + chainName + "-tor-check");
+ cmds.add("-A " + chainName + "-tor -m mark --mark 0x500 -j " + chainName + "-reject");
+ cmds.add("-A " + chainName + " -j " + chainName + "-tor");
+ }
+ if (G.enableInbound()) {
+ cmds.add("-A " + chainName + "-input -j " + chainName + "-tor-reject");
+ }
+ }
+
+ private static String sanitizeRule(String rule) {
+ // Remove potentially dangerous characters and commands
+ if (rule.contains("&&") || rule.contains("||") || rule.contains(";") ||
+ rule.contains("|") || rule.contains("`") || rule.contains("$") ||
+ rule.contains("rm ") || rule.contains("dd ") || rule.contains("chmod ") ||
+ rule.contains("chown ") || rule.contains("su ") || rule.contains("sudo ")) {
+ Log.w(TAG, "Rejecting potentially dangerous custom rule: " + rule);
+ return null;
+ }
+
+ // Only allow basic iptables/ip6tables commands
+ if (!rule.startsWith("iptables ") && !rule.startsWith("ip6tables ") &&
+ !rule.startsWith("-A ") && !rule.startsWith("-I ") &&
+ !rule.startsWith("-D ") && !rule.startsWith("-F ") &&
+ !rule.startsWith("-P ") && !rule.startsWith("-N ")) {
+ Log.w(TAG, "Rejecting non-iptables rule: " + rule);
+ return null;
+ }
+
+ return rule;
+ }
+
+ private static void addCustomRules(String prefName, List cmds) {
+ String customRulesStr = G.pPrefs.getString(prefName, "");
+ if (customRulesStr.isEmpty()) return;
+
+ String[] customRules = customRulesStr.split("[\\r\\n]+");
+ for (String rule : customRules) {
+ if (rule.matches(".*\\S.*")) {
+ // Sanitize the rule to prevent command injection
+ String sanitizedRule = sanitizeRule(rule.trim());
+ if (sanitizedRule != null && !sanitizedRule.isEmpty()) {
+ cmds.add("#LITERAL# " + sanitizedRule);
+ }
+ }
+ }
+ }
+
+ /**
+ * Reconfigure the firewall rules based on interface changes seen at runtime: tethering
+ * enabled/disabled, IP address changes, etc. This should only affect a small number of
+ * rules; we want to avoid calling applyIptablesRulesImpl() too often since applying
+ * 100+ rules is expensive.
+ *
+ * @param ctx application context
+ * @param cmds command list
+ */
+ private static void addInterfaceRouting(Context ctx, List cmds, boolean ipv6, String chainName) {
+ try {
+ //force only for v4
+ final InterfaceDetails cfg = InterfaceTracker.getCurrentCfg(ctx, !ipv6);
+ final boolean whitelist = G.pPrefs.getString(PREF_MODE, MODE_WHITELIST).equals(MODE_WHITELIST);
+ for (String s : dynChains) {
+ cmds.add("-F " + chainName + s);
+ }
+
+ if (whitelist) {
+ // always allow the DHCP client full wifi access
+ addRuleForUsers(cmds, new String[]{"dhcp", "wifi"}, "-A " + chainName + "-wifi-postcustom", "-j RETURN");
+ }
+
+ if (cfg.isWifiTethered || cfg.isUsbTethered) {
+ if (cfg.isWifiTethered) {
+ cmds.add("-A " + chainName + "-wifi-postcustom -j " + chainName + "-wifi-tether");
+ } else {
+ cmds.add("-A " + chainName + "-wifi-postcustom -j " + chainName + "-wifi-fork");
+ }
+
+ if (cfg.isUsbTethered) {
+ cmds.add("-A " + chainName + "-3g-postcustom -j " + chainName + "-usb-tether");
+ } else {
+ cmds.add("-A " + chainName + "-3g-postcustom -j " + (cfg.isWifiTethered ? chainName + "-3g-tether" : chainName + "-3g-fork"));
+ }
+ } else {
+ cmds.add("-A " + chainName + "-wifi-postcustom -j " + chainName + "-wifi-fork");
+ cmds.add("-A " + chainName + "-3g-postcustom -j " + chainName + "-3g-fork");
+ }
+
+ if (G.enableLAN() && !cfg.isWifiTethered) {
+ if (ipv6) {
+ if (!cfg.lanMaskV6.equals("")) {
+ cmds.add("-A " + chainName + "-wifi-fork -d " + cfg.lanMaskV6 + " -j " + chainName + "-wifi-lan");
+ cmds.add("-A " + chainName + "-wifi-fork '!' -d " + cfg.lanMaskV6 + " -j " + chainName + "-wifi-wan");
+ } else {
+ Log.i(TAG, "no ipv6 found: " + G.enableIPv6() + "," + cfg.lanMaskV6);
+ }
+ } else {
+ if (!cfg.lanMaskV4.equals("")) {
+ cmds.add("-A " + chainName + "-wifi-fork -d " + cfg.lanMaskV4 + " -j " + chainName + "-wifi-lan");
+ cmds.add("-A " + chainName + "-wifi-fork '!' -d " + cfg.lanMaskV4 + " -j " + chainName + "-wifi-wan");
+ } else {
+ Log.i(TAG, "no ipv4 found:" + G.enableIPv6() + "," + cfg.lanMaskV4);
+ }
+ }
+ if (cfg.lanMaskV4.equals("") && cfg.lanMaskV6.equals("")) {
+ Log.i(TAG, "No ipaddress found for LAN");
+ // lets find one more time
+ //atleast allow internet - don't block completely
+ cmds.add("-A " + chainName + "-wifi-fork -j " + chainName + "-wifi-wan");
+ }
+ } else {
+ cmds.add("-A " + chainName + "-wifi-fork -j " + chainName + "-wifi-wan");
+ }
+
+ if (G.enableRoam() && cfg.isRoaming) {
+ cmds.add("-A " + chainName + "-3g-fork -j " + chainName + "-3g-roam");
+ } else {
+ cmds.add("-A " + chainName + "-3g-fork -j " + chainName + "-3g-home");
+ }
+
+
+ } catch (Exception e) {
+ Log.i(TAG, "Exception while applying shortRules " + e.getMessage());
+ }
+
+ }
+
+ public static String getSpecialAppName(int uid) {
+ // First, try special apps (AFWall+ specific entries)
+ List packageInfoData = getSpecialData();
+ for (PackageInfoData infoData : packageInfoData) {
+ if (infoData.uid == uid) {
+ return infoData.names.get(0);
+ }
+ }
+
+ // If not found in special apps, use comprehensive UID resolver
+ return UidResolver.resolveUid(ctx, uid);
+ }
+
+
+ private static void applyShortRules(Context ctx, List cmds, boolean ipv6) {
+ Log.i(TAG, "Setting OUTPUT chain to DROP");
+ cmds.add("-P OUTPUT DROP");
+ /*FIXME: Adding custom rules might increase the time */
+ Log.i(TAG, "Applying custom rules");
+ addCustomRules(Api.PREF_CUSTOMSCRIPT, cmds);
+ String chainName = getThreadSafeChainName();
+ addInterfaceRouting(ctx, cmds, ipv6, chainName);
+ Log.i(TAG, "Setting OUTPUT chain to ACCEPT");
+ cmds.add("-P OUTPUT ACCEPT");
+ }
+
+
+ /**
+ * Purge and re-add all rules (internal implementation).
+ *
+ * @param ctx application context (mandatory)
+ * @param showErrors indicates if errors should be alerted
+ */
+ private static boolean applyIptablesRulesImpl(final Context ctx, RuleDataSet ruleDataSet, final boolean showErrors,
+ List out, boolean ipv6) {
+ return applyIptablesRulesImpl(ctx, ruleDataSet, showErrors, out, ipv6, null);
+ }
+
+ private static boolean applyIptablesRulesImpl(final Context ctx, RuleDataSet ruleDataSet, final boolean showErrors,
+ List out, boolean ipv6, String threadSafeChainName) {
+ if (ctx == null) {
+ return false;
+ }
+
+ assertBinaries(ctx, showErrors);
+
+ final InterfaceDetails cfg = InterfaceTracker.getCurrentCfg(ctx, !ipv6);
+
+ // Use thread-safe chain name if provided, otherwise determine it safely
+ final String chainName;
+ if (threadSafeChainName != null) {
+ chainName = threadSafeChainName;
+ } else {
+ chainName = getThreadSafeChainName();
+ }
+ final boolean whitelist = G.pPrefs.getString(PREF_MODE, MODE_WHITELIST).equals(MODE_WHITELIST);
+
+ List cmds = new ArrayList();
+
+ Log.i(TAG, "Constructing rules for " + (ipv6 ? "v6": "v4"));
+
+ //check before make them ACCEPT state
+ if (ipv4Input() || (ipv6 && ipv6Input())) {
+ cmds.add("-P INPUT ACCEPT");
+ }
+
+ if (ipv4Fwd() || (ipv6 && ipv6Fwd())) {
+ cmds.add("-P FORWARD ACCEPT");
+ }
+
+ try {
+ // prevent data leaks due to incomplete rules
+ cmds.add("-P OUTPUT DROP");
+
+ // Create and flush all chains first to ensure they exist
+ // Use NOCHK to avoid errors if chain already exists, then flush to ensure clean state
+ for (String s : staticChains) {
+ cmds.add("#NOCHK# -N " + chainName + s);
+ cmds.add("#NOCHK# -F " + chainName + s);
+ }
+ for (String s : dynChains) {
+ cmds.add("#NOCHK# -N " + chainName + s);
+ cmds.add("#NOCHK# -F " + chainName + s);
+ }
+
+
+ cmds.add("#NOCHK# -D OUTPUT -j " + chainName);
+ cmds.add("-I OUTPUT 1 -j " + chainName);
+
+
+ if (G.enableInbound()) {
+ cmds.add("#NOCHK# -D INPUT -j " + chainName + "-input");
+ cmds.add("-I INPUT 1 -j " + chainName + "-input");
+ }
+
+ if (G.enableTor() && !ipv6) {
+ for (String s : natChains) {
+ cmds.add("#NOCHK# -t nat -N " + chainName + s);
+ cmds.add("-t nat -F " + chainName + s);
+ }
+ cmds.add("#NOCHK# -t nat -D OUTPUT -j " + chainName);
+ cmds.add("-t nat -I OUTPUT 1 -j " + chainName);
+ }
+
+ // custom rules in afwall-{3g,wifi,reject} supersede everything else
+ addCustomRules(Api.PREF_CUSTOMSCRIPT, cmds);
+
+ cmds.add("-A " + chainName + "-3g -j " + chainName + "-3g-postcustom");
+ cmds.add("-A " + chainName + "-wifi -j " + chainName + "-wifi-postcustom");
+ addRejectRules(cmds, chainName);
+
+ if (G.enableInbound()) {
+ // we don't have any rules in the INPUT chain prohibiting inbound traffic, but
+ // local processes can't reply to half-open connections without this rule
+ cmds.add("-A " + chainName + " -m state --state ESTABLISHED -j RETURN");
+ cmds.add("-A " + chainName + "-input -m state --state ESTABLISHED -j RETURN");
+ }
+
+ addInterfaceRouting(ctx, cmds, ipv6, chainName);
+
+ // send wifi, 3G, VPN packets to the appropriate dynamic chain based on interface
+ if (G.enableVPN()) {
+ // if !enableVPN then we ignore those interfaces (pass all traffic)
+ for (final String itf : ITFS_VPN) {
+ cmds.add("#NOCHK# -A " + chainName + " -o " + itf + " -j " + chainName + "-vpn");
+ }
+ // KitKat policy based routing - see:
+ // http://forum.xda-developers.com/showthread.php?p=48703545
+ // This covers mark range 0x3c - 0x47. The official range is believed to be
+ // 0x3c - 0x45 but this is close enough.
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
+ cmds.add("-A " + chainName + " -m mark --mark 0x3c/0xfffc -g " + chainName + "-vpn");
+ cmds.add("-A " + chainName + " -m mark --mark 0x40/0xfff8 -g " + chainName + "-vpn");
+ }
+ }
+
+ if (G.enableTether()) {
+ for (final String itf : ITFS_TETHER) {
+ cmds.add("#NOCHK# -A " + chainName + " -o " + itf + " -j " + chainName + "-tether");
+ }
+ }
+
+ for (final String itf : ITFS_WIFI) {
+ cmds.add("#NOCHK# -A " + chainName + " -o " + itf + " -j " + chainName + "-wifi");
+ }
+
+ for (final String itf : ITFS_3G) {
+ cmds.add("#NOCHK# -A " + chainName + " -o " + itf + " -j " + chainName + "-3g");
+ }
+
+ // special rules to allow tethering
+ // note that this can only blacklist DNS/DHCP services, not all tethered traffic
+ String[] users_dhcp = {"root", "nobody", "network_stack"};
+ String[] users_dns = {"root", "nobody", "dns_tether"};
+ String action = " -j " + (whitelist ? "RETURN" : chainName + "-reject");
+
+ if (containsUidOrAny(ruleDataSet.wifiList, SPECIAL_UID_TETHER)) {
+ // DHCP replies to client
+ addRuleForUsers(cmds, users_dhcp, "-A " + chainName + "-wifi-tether", "-p udp --sport=67 --dport=68" + action);
+ // DNS replies to client
+ addRuleForUsers(cmds, users_dns, "-A " + chainName + "-wifi-tether", "-p udp --sport=53" + action);
+ addRuleForUsers(cmds, users_dns, "-A " + chainName + "-wifi-tether", "-p tcp --sport=53" + action);
+
+ }
+
+ // USB tethering rules
+ if (containsUidOrAny(ruleDataSet.wifiList, SPECIAL_UID_TETHER) || containsUidOrAny(ruleDataSet.tetherList, SPECIAL_UID_TETHER)) {
+ // DHCP replies to USB tethered client
+ addRuleForUsers(cmds, users_dhcp, "-A " + chainName + "-usb-tether", "-p udp --sport=67 --dport=68" + action);
+ // DNS replies to USB tethered client
+ addRuleForUsers(cmds, users_dns, "-A " + chainName + "-usb-tether", "-p udp --sport=53" + action);
+ addRuleForUsers(cmds, users_dns, "-A " + chainName + "-usb-tether", "-p tcp --sport=53" + action);
+ }
+ if (containsUidOrAny(ruleDataSet.tetherList, SPECIAL_UID_TETHER)) {
+ // DHCP replies to client
+ addRuleForUsers(cmds, users_dhcp, "-A " + chainName + "-tether", "-p udp --sport=67 --dport=68" + action);
+ // DNS replies to client
+ addRuleForUsers(cmds, users_dns, "-A " + chainName + "-tether", "-p udp --sport=53" + action);
+ addRuleForUsers(cmds, users_dns, "-A " + chainName + "-tether", "-p tcp --sport=53" + action);
+ }
+
+ // DNS requests to upstream servers - support all connection types
+ if (containsUidOrAny(ruleDataSet.dataList, SPECIAL_UID_TETHER)) {
+ // Define all tethering chains that need DNS upstream access
+ String[] tetherChains = {"-3g-tether", "-wifi-tether", "-usb-tether", "-tether"};
+
+ for (String chain : tetherChains) {
+ addRuleForUsers(cmds, users_dns, "-A " + chainName + chain, "-p udp --dport=53" + action);
+ addRuleForUsers(cmds, users_dns, "-A " + chainName + chain, "-p tcp --dport=53" + action);
+ }
+ }
+
+ // if tethered, try to match the above rules (if enabled). no match -> fall through to the
+ // normal 3G/wifi rules
+ cmds.add("-A " + chainName + "-wifi-tether -j " + chainName + "-wifi-fork");
+ cmds.add("-A " + chainName + "-3g-tether -j " + chainName + "-3g-fork");
+
+ // NOTE: we still need to open a hole to let WAN-only UIDs talk to a DNS server
+ // on the LAN - use specific DNS servers instead of opening to all LAN hosts
+ if (whitelist) {
+ // Add rules for specific DNS servers instead of all LAN hosts
+ addDnsServerRules(cmds, cfg, chainName + "-wifi-lan", ipv6);
+
+ // Fallback: if no specific DNS servers found, use the old broad rule
+ if (cfg.dnsServersV4.isEmpty() && cfg.dnsServersV6.isEmpty()) {
+ cmds.add("-A " + chainName + "-wifi-lan -p udp --dport 53 -j RETURN");
+ cmds.add("-A " + chainName + "-wifi-lan -p tcp --dport 53 -j RETURN");
+ }
+
+ //bug fix allow dns to be open on Pie for all connection type
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+ cmds.add("-A " + chainName + "-wifi-wan" + " -p udp --dport 53" + " -j RETURN");
+ cmds.add("-A " + chainName + "-3g-home" + " -p udp --dport 53" + " -j RETURN");
+ cmds.add("-A " + chainName + "-3g-roam" + " -p udp --dport 53" + " -j RETURN");
+ cmds.add("-A " + chainName + "-vpn" + " -p udp --dport 53" + " -j RETURN");
+ cmds.add("-A " + chainName + "-tether" + " -p udp --dport 53" + " -j RETURN");
+
+ cmds.add("-A " + chainName + "-wifi-wan" + " -p tcp --dport 53" + " -j RETURN");
+ cmds.add("-A " + chainName + "-3g-home" + " -p tcp --dport 53" + " -j RETURN");
+ cmds.add("-A " + chainName + "-3g-roam" + " -p tcp --dport 53" + " -j RETURN");
+ cmds.add("-A " + chainName + "-vpn" + " -p tcp --dport 53" + " -j RETURN");
+ cmds.add("-A " + chainName + "-tether" + " -p tcp --dport 53" + " -j RETURN");
+ }
+ }
+ // now add the per-uid rules for 3G home, 3G roam, wifi WAN, wifi LAN, VPN
+ // in whitelist mode the last rule in the list routes everything else to afwall-reject
+ addRulesForUidlist(cmds, ruleDataSet.dataList, chainName + "-3g-home", whitelist);
+ addRulesForUidlist(cmds, ruleDataSet.roamList, chainName + "-3g-roam", whitelist);
+ addRulesForUidlist(cmds, ruleDataSet.wifiList, chainName + "-wifi-wan", whitelist);
+ addRulesForUidlist(cmds, ruleDataSet.lanList, chainName + "-wifi-lan", whitelist);
+ addRulesForUidlist(cmds, ruleDataSet.vpnList, chainName + "-vpn", whitelist);
+ addRulesForUidlist(cmds, ruleDataSet.tetherList, chainName + "-tether", whitelist);
+ if (G.enableTor()) {
+ addTorRules(cmds, ruleDataSet.torList, whitelist, ipv6, chainName);
+ }
+ cmds.add("-P OUTPUT ACCEPT");
+ } catch (Exception e) {
+ Log.e(e.getClass().getName(), e.getMessage(), e);
+ }
+
+ iptablesCommands(cmds, out, ipv6);
+ return true;
+ }
+
+ /**
+ * Checks if a collection contains specified uid or {@code SPECIAL_UID_ANY}
+ *
+ * @param uidList collection of uids
+ * @param uidToCheck uid to check
+ * @return true if {@code uidList} contains {@code SPECIAL_UID_ANY} or {@code uidToCheck}
+ */
+ private static boolean containsUidOrAny(Collection uidList, int uidToCheck) {
+ return uidList.contains(SPECIAL_UID_ANY) || uidList.contains(uidToCheck);
+ }
+
+ /**
+ * Add the repetitive parts (ipPath and such) to an iptables command list
+ *
+ * @param in Commands in the format: "-A foo ...", "#NOCHK# -A foo ...", or "#LITERAL# "
+ * @param out A list of UNIX commands to execute
+ */
+ private static void iptablesCommands(List in, List out, boolean ipv6) {
+ String ipPath = getBinaryPath(G.ctx, ipv6);
+
+ String waitTime = "";
+ if(G.ip_path().equals("system")) {
+ // Always use wait flag with system iptables to prevent lock contention
+ waitTime = " -w 5";
+ }
+ boolean firstLit = true;
+ for (String s : in) {
+ s = s + waitTime;
+ if (s.matches("#LITERAL# .*")) {
+ if (firstLit) {
+ // export vars for the benefit of custom scripts
+ // "true" is a dummy command which needs to return success
+ firstLit = false;
+ out.add("export IPTABLES=\"" + ipPath + "\"; "
+ + "export BUSYBOX=\"" + bbPath + "\"; "
+ + "export IPV6=" + (ipv6 ? "1" : "0") + "; "
+ + "true");
+ }
+ out.add(s.replaceFirst("^#LITERAL# ", ""));
+ } else if (s.matches("#NOCHK# .*")) {
+ out.add(s.replaceFirst("^#NOCHK# ", "#NOCHK# " + ipPath + " "));
+ } else {
+ out.add(ipPath + " " + s);
+ }
+ }
+ }
+
+ private static void fixupLegacyCmds(List cmds) {
+ for (int i = 0; i < cmds.size(); i++) {
+ String s = cmds.get(i);
+ if (s.matches("#NOCHK# .*")) {
+ s = s.replaceFirst("^#NOCHK# ", "");
+ } else {
+ s += " || exit";
+ }
+ cmds.set(i, s);
+ }
+ }
+
+ /**
+ * Get thread-safe chain name, handling multi-user scenarios safely
+ */
+ private static String getThreadSafeChainName() {
+ synchronized (CHAIN_NAME_LOCK) {
+ if (G.isMultiUser() && G.getMultiUserId() > 0) {
+ return "afwall" + G.getMultiUserId();
+ }
+ return "afwall";
+ }
+ }
+
+ public static void waitAndTerminate(ExecutorService executorService) {
+ executorService.shutdown();
+ try {
+ if (!executorService.awaitTermination(60, TimeUnit.SECONDS)) {
+ executorService.shutdownNow();
+ }
+ } catch (InterruptedException ex) {
+ executorService.shutdownNow();
+ Thread.currentThread().interrupt();
+ }
+ }
+
+ public static void applySavedIptablesRules(Context ctx, boolean showErrors, RootCommand callback) {
+ synchronized (GLOBAL_STATUS_LOCK) {
+ if(!globalStatus) {
+ globalStatus = true;
+
+ try {
+ RuleDataSet dataSet = getDataSet();
+ List ipv4cmds = new ArrayList<>();
+ List ipv6cmds = new ArrayList<>();
+
+ // Create thread-safe chain name for this execution
+ final String chainName = getThreadSafeChainName();
+
+ // Apply IPv4 rules first (sequentially)
+ try {
+ Log.i(TAG, "Applying IPv4 rules");
+ applyIptablesRulesImpl(ctx, dataSet, showErrors, ipv4cmds, false, chainName);
+ applySavedIp4tablesRules(ctx, ipv4cmds, callback);
+ Log.i(TAG, "Successfully applied IPv4 rules");
+ } catch (Exception e) {
+ Log.e(TAG, "Error applying IPv4 rules", e);
+ throw new RuntimeException(e);
+ }
+
+ // Apply IPv6 rules second (sequentially after IPv4)
+ if (G.enableIPv6()) {
+ try {
+ Log.i(TAG, "Applying IPv6 rules");
+ applyIptablesRulesImpl(ctx, dataSet, showErrors, ipv6cmds, true, chainName);
+ applySavedIp6tablesRules(ctx, ipv6cmds, new RootCommand());
+ Log.i(TAG, "Successfully applied IPv6 rules");
+ } catch (Exception e) {
+ Log.e(TAG, "Error applying IPv6 rules", e);
+ throw new RuntimeException(e);
+ }
+ }
+
+ Log.i(TAG, "Successfully applied all firewall rules");
+
+ } catch (Exception e) {
+ Log.e(TAG, "Error applying rules", e);
+ } finally {
+ globalStatus = false;
+ setRulesUpToDate(true);
+ }
+ } else {
+ Log.i(TAG, "ignore applySavedIptablesRules as existing thread running");
+ }
+ }
+ }
+
+
+ private static RuleDataSet getDataSet() {
+ initSpecial();
+
+ final String savedPkg_wifi_uid = G.pPrefs.getString(PREF_WIFI_PKG_UIDS, "");
+ final String savedPkg_3g_uid = G.pPrefs.getString(PREF_3G_PKG_UIDS, "");
+ final String savedPkg_roam_uid = G.pPrefs.getString(PREF_ROAMING_PKG_UIDS, "");
+ final String savedPkg_vpn_uid = G.pPrefs.getString(PREF_VPN_PKG_UIDS, "");
+ final String savedPkg_tether_uid = G.pPrefs.getString(PREF_TETHER_PKG_UIDS, "");
+ final String savedPkg_lan_uid = G.pPrefs.getString(PREF_LAN_PKG_UIDS, "");
+ final String savedPkg_tor_uid = G.pPrefs.getString(PREF_TOR_PKG_UIDS, "");
+
+
+ List wifiList = getListFromPref(savedPkg_wifi_uid);
+ List dataList = getListFromPref(savedPkg_3g_uid);
+
+
+ // Warn if no applications are configured - this means no blocking will occur
+ if (wifiList.isEmpty() && dataList.isEmpty()) {
+ Log.w(TAG, "WARNING: No applications configured for firewall rules - firewall will not block any traffic!");
+ Log.w(TAG, "Please configure applications in AFWall+ main screen and apply rules.");
+ }
+
+ return new RuleDataSet(wifiList,
+ dataList,
+ getListFromPref(savedPkg_roam_uid),
+ getListFromPref(savedPkg_vpn_uid),
+ getListFromPref(savedPkg_tether_uid),
+ getListFromPref(savedPkg_lan_uid),
+ getListFromPref(savedPkg_tor_uid));
+
+ }
+
+ /**
+ * Purge and re-add all saved rules (not in-memory ones).
+ * This is much faster than just calling "applyIptablesRules", since it don't need to read installed applications.
+ *
+ * @param ctx application context (mandatory)
+ * @param callback If non-null, use a callback instead of blocking the current thread
+ */
+ public static boolean applySavedIp4tablesRules(Context ctx, List cmds, RootCommand callback) {
+ if (ctx == null) {
+ return false;
+ }
+ try {
+ callback.setRetryExitCode(IPTABLES_TRY_AGAIN).run(ctx, cmds);
+ return true;
+ } catch (Exception e) {
+ Log.e(TAG, "Exception while applying IPv4 rules: " + e.getMessage(), e);
+ // Only apply default chains if it's a critical failure
+ // Avoid overriding user chain preferences unnecessarily
+ if (e.getMessage() != null && !e.getMessage().contains("Chain") && !e.getMessage().contains("policy")) {
+ Log.w(TAG, "Applying default chains due to rule application failure");
+ applyDefaultChains(ctx, callback);
+ } else {
+ Log.w(TAG, "Skipping default chains application to preserve user chain preferences");
+ }
+ return false;
+ }
+ }
+
+
+ public static boolean applySavedIp6tablesRules(Context ctx, List cmds, RootCommand callback) {
+ if (ctx == null) {
+ return false;
+ }
+ try {
+ callback.setRetryExitCode(IPTABLES_TRY_AGAIN).run(ctx, cmds,true);
+ return true;
+ } catch (Exception e) {
+ Log.e(TAG, "Exception while applying IPv6 rules: " + e.getMessage(), e);
+ // Only apply default chains if it's a critical failure
+ // Avoid overriding user chain preferences unnecessarily
+ if (e.getMessage() != null && !e.getMessage().contains("Chain") && !e.getMessage().contains("policy")) {
+ Log.w(TAG, "Applying default chains due to rule application failure");
+ applyDefaultChains(ctx, callback);
+ } else {
+ Log.w(TAG, "Skipping default chains application to preserve user chain preferences");
+ }
+ return false;
+ }
+ }
+
+
+ public static boolean fastApply(Context ctx, RootCommand callback) {
+ try {
+ if (!getRulesUpToDate()) {
+ Log.i(TAG, "Using full Apply");
+ applySavedIptablesRules(ctx, true, callback);
+ } else {
+ Log.i(TAG, "Using fastApply");
+ List out = new ArrayList();
+ List cmds;
+ cmds = new ArrayList();
+ applyShortRules(ctx, cmds, false);
+ iptablesCommands(cmds, out, false);
+ if (G.enableIPv6()) {
+ cmds = new ArrayList();
+ applyShortRules(ctx, cmds, true);
+ iptablesCommands(cmds, out, true);
+ }
+ callback.setRetryExitCode(IPTABLES_TRY_AGAIN).run(ctx, out);
+ }
+ } catch (Exception e) {
+ Log.e(TAG, "Exception in fastApply: " + e.getMessage(), e);
+ // Only apply default chains if it's a critical failure
+ // Avoid overriding user chain preferences unnecessarily
+ if (e.getMessage() != null && !e.getMessage().contains("Chain") && !e.getMessage().contains("policy")) {
+ Log.w(TAG, "Applying default chains due to fastApply failure");
+ applyDefaultChains(ctx, callback);
+ } else {
+ Log.w(TAG, "Skipping default chains application in fastApply to preserve user chain preferences");
+ }
+ }
+ setRulesUpToDate(true);
+ return true;
+ }
+
+ /**
+ * Save current rules using the preferences storage.
+ *
+ * @param ctx application context (mandatory)
+ */
+ public static RuleDataSet generateRules(Context ctx, List apps, boolean store) {
+
+ setRulesUpToDate(false);
+ RuleDataSet dataSet = null;
+
+ if (apps != null) {
+ // Builds a pipe-separated list of names
+ HashSet newpkg_wifi = new HashSet();
+ HashSet newpkg_3g = new HashSet();
+ HashSet newpkg_roam = new HashSet();
+ HashSet newpkg_vpn = new HashSet();
+ HashSet newpkg_tether = new HashSet();
+ HashSet newpkg_lan = new HashSet();
+ HashSet newpkg_tor = new HashSet();
+
+ for (int i = 0; i < apps.size(); i++) {
+ if (apps.get(i) != null) {
+ if (apps.get(i).selected_wifi) {
+ newpkg_wifi.add(apps.get(i).uid);
+ } else {
+ if (!store) newpkg_wifi.add(-apps.get(i).uid);
+ }
+ if (apps.get(i).selected_3g) {
+ newpkg_3g.add(apps.get(i).uid);
+ } else {
+ if (!store) newpkg_3g.add(-apps.get(i).uid);
+ }
+ if (G.enableRoam()) {
+ if (apps.get(i).selected_roam) {
+ newpkg_roam.add(apps.get(i).uid);
+ } else {
+ if (!store) newpkg_roam.add(-apps.get(i).uid);
+ }
+ }
+ if (G.enableVPN()) {
+ if (apps.get(i).selected_vpn) {
+ newpkg_vpn.add(apps.get(i).uid);
+ } else {
+ if (!store) newpkg_vpn.add(-apps.get(i).uid);
+ }
+ }
+ if (G.enableTether()) {
+ if (apps.get(i).selected_tether) {
+ newpkg_tether.add(apps.get(i).uid);
+ } else {
+ if (!store) newpkg_tether.add(-apps.get(i).uid);
+ }
+ }
+ if (G.enableLAN()) {
+ if (apps.get(i).selected_lan) {
+ newpkg_lan.add(apps.get(i).uid);
+ } else {
+ if (!store) newpkg_lan.add(-apps.get(i).uid);
+ }
+ }
+ if (G.enableTor()) {
+ if (apps.get(i).selected_tor) {
+ newpkg_tor.add(apps.get(i).uid);
+ } else {
+ if (!store) newpkg_tor.add(-apps.get(i).uid);
+ }
+ }
+ }
+ }
+
+ String wifi = android.text.TextUtils.join("|", newpkg_wifi);
+ String data = android.text.TextUtils.join("|", newpkg_3g);
+ String roam = android.text.TextUtils.join("|", newpkg_roam);
+ String vpn = android.text.TextUtils.join("|", newpkg_vpn);
+ String tether = android.text.TextUtils.join("|", newpkg_tether);
+ String lan = android.text.TextUtils.join("|", newpkg_lan);
+ String tor = android.text.TextUtils.join("|", newpkg_tor);
+ // save the new list of UIDs
+ if (store) {
+ SharedPreferences prefs = ctx.getSharedPreferences(PREFS_NAME, Context.MODE_PRIVATE);
+ Editor edit = prefs.edit();
+ edit.putString(PREF_WIFI_PKG_UIDS, wifi);
+ edit.putString(PREF_3G_PKG_UIDS, data);
+ edit.putString(PREF_ROAMING_PKG_UIDS, roam);
+ edit.putString(PREF_VPN_PKG_UIDS, vpn);
+ edit.putString(PREF_TETHER_PKG_UIDS, tether);
+ edit.putString(PREF_LAN_PKG_UIDS, lan);
+ edit.putString(PREF_TOR_PKG_UIDS, tor);
+ edit.apply();
+ } else {
+ dataSet = new RuleDataSet(new ArrayList<>(newpkg_wifi),
+ new ArrayList<>(newpkg_3g),
+ new ArrayList<>(newpkg_roam),
+ new ArrayList<>(newpkg_vpn),
+ new ArrayList<>(newpkg_tether),
+ new ArrayList<>(newpkg_lan),
+ new ArrayList<>(newpkg_tor));
+ }
+ }
+ return dataSet;
+
+ }
+
+ /**
+ * Purge all iptables rules.
+ *
+ * @param ctx mandatory context
+ * @param showErrors indicates if errors should be alerted
+ * @param callback If non-null, use a callback instead of blocking the current thread
+ * @return true if the rules were purged
+ */
+ public static void purgeIptables(Context ctx, boolean showErrors, RootCommand callback) {
+ String chainName = getThreadSafeChainName();
+
+ List cmds = new ArrayList<>();
+ List cmdsv4 = new ArrayList<>();
+ List out = new ArrayList<>();
+
+ for (String s : staticChains) {
+ cmds.add("-F " + chainName + s);
+ }
+ for (String s : dynChains) {
+ cmds.add("-F " + chainName + s);
+ }
+ if (G.enableTor()) {
+ for (String s : natChains) {
+ cmdsv4.add("-t nat -F " + chainName + s);
+ }
+ cmdsv4.add("#NOCHK# -t nat -D OUTPUT -j " + chainName);
+ } else {
+ cmdsv4.add("#NOCHK# -D OUTPUT -j " + chainName);
+ }
+
+ //make sure reset the OUTPUT chain to accept state.
+ cmds.add("-P OUTPUT ACCEPT");
+
+ //Delete only when the afwall chain exist !
+ //cmds.add("-D OUTPUT -j " + chainName);
+
+ if (G.enableInbound()) {
+ cmds.add("-D INPUT -j " + chainName + "-input");
+ }
+
+ addCustomRules(Api.PREF_CUSTOMSCRIPT2, cmds);
+
+ // Execute the purge commands and call the callback
+ Log.i(TAG, "Executing purge commands for IPv4");
+ cmds.addAll(cmdsv4);
+ iptablesCommands(cmds, out, false);
+
+ if (G.enableIPv6()) {
+ Log.i(TAG, "Executing purge commands for IPv6");
+ List cmdsv6 = new ArrayList<>();
+ for (String s : staticChains) {
+ cmdsv6.add("-F " + chainName + s);
+ }
+ for (String s : dynChains) {
+ cmdsv6.add("-F " + chainName + s);
+ }
+ cmdsv6.add("#NOCHK# -D OUTPUT -j " + chainName);
+ cmdsv6.add("-P OUTPUT ACCEPT");
+ if (G.enableInbound()) {
+ cmdsv6.add("-D INPUT -j " + chainName + "-input");
+ }
+ iptablesCommands(cmdsv6, out, true);
+ }
+
+ Log.i(TAG, "Purge completed, calling callback");
+ callback.setRetryExitCode(IPTABLES_TRY_AGAIN).run(ctx, out);
+ }
+
+ /**
+ * Add DNS-specific iptables rules for identified DNS servers instead of broad LAN access
+ */
+ private static void addDnsServerRules(List cmds, InterfaceDetails cfg, String chain, boolean ipv6) {
+ String protocol = ipv6 ? "ip6tables" : "iptables";
+ java.util.List dnsServers = ipv6 ? cfg.dnsServersV6 : cfg.dnsServersV4;
+
+ for (String dnsServer : dnsServers) {
+ if (dnsServer != null && !dnsServer.isEmpty()) {
+ // Add rules for both UDP and TCP DNS traffic to specific servers
+ cmds.add("-A " + chain + " -d " + dnsServer + " -p udp --dport 53 -j RETURN");
+ cmds.add("-A " + chain + " -d " + dnsServer + " -p tcp --dport 53 -j RETURN");
+ }
+ }
+ }
+
+
+ /**
+ * Retrieve the current set of IPv4 or IPv6 rules and pass it to a callback
+ *
+ * @param ctx application context
+ * @param callback callback to receive rule list
+ * @param useIPV6 true to list IPv6 rules, false to list IPv4 rules
+ */
+ public static void fetchIptablesRules(Context ctx, boolean useIPV6, RootCommand callback) {
+ List cmds = new ArrayList<>();
+ List out = new ArrayList<>();
+ cmds.add("-n -v -L");
+ iptablesCommands(cmds, out, false);
+ if (useIPV6) {
+ iptablesCommands(cmds, out, true);
+ }
+ callback.run(ctx, out);
+ }
+
+ /**
+ * Run a list of commands with both iptables and ip6tables
+ *
+ * @param ctx application context
+ * @param cmds list of commands to run
+ * @param callback callback for completion
+ */
+ public static void apply46(Context ctx, List cmds, RootCommand callback) {
+ List out = new ArrayList();
+ iptablesCommands(cmds, out, false);
+
+ if (G.enableIPv6()) {
+ iptablesCommands(cmds, out, true);
+ }
+ callback.setRetryExitCode(IPTABLES_TRY_AGAIN).run(ctx, out);
+ }
+
+ public static void applyIPv6Quick(Context ctx, List cmds, RootCommand callback) {
+ List out = new ArrayList();
+ ////setBinaryPath(ctx, true);
+ iptablesCommands(cmds, out, true);
+ callback.setRetryExitCode(IPTABLES_TRY_AGAIN).run(ctx, out);
+ }
+
+ public static void applyQuick(Context ctx, List cmds, RootCommand callback) {
+ List out = new ArrayList();
+
+ //setBinaryPath(ctx, false);
+ iptablesCommands(cmds, out, false);
+
+ //related to #511, disable ipv6 but use startup leak.
+ if (G.enableIPv6() || G.fixLeak()) {
+ //setBinaryPath(ctx, true);
+ iptablesCommands(cmds, out, true);
+ }
+ callback.setRetryExitCode(IPTABLES_TRY_AGAIN).run(ctx, out);
+ }
+
+ /**
+ * Delete all kingroot firewall rules. For diagnostic purposes only.
+ *
+ * @param ctx application context
+ * @param callback callback for completion
+ */
+ public static void flushAllRules(Context ctx, RootCommand callback) {
+ List cmds = new ArrayList();
+ cmds.add("-F");
+ cmds.add("-X");
+ apply46(ctx, cmds, callback);
+ }
+
+ /**
+ * Enable or disable logging by rewriting the afwall-reject chain. Logging
+ * will be enabled or disabled based on the preference setting.
+ *
+ * @param ctx application context
+ * @param callback callback for completion
+ */
+ public static void updateLogRules(Context ctx, RootCommand callback) {
+ if (!isEnabled(ctx)) {
+ return;
+ }
+ String chainName = getThreadSafeChainName();
+ List cmds = new ArrayList();
+ cmds.add("#NOCHK# -N " + chainName + "-reject");
+ cmds.add("-F " + chainName + "-reject");
+ addRejectRules(cmds, chainName);
+ apply46(ctx, cmds, callback);
+ }
+
+
+ //purge 2 hour data
+ public static void purgeOldLog() {
+ long purgeInterval = System.currentTimeMillis() - 7200000;
+ long count = new Select(com.raizlabs.android.dbflow.sql.language.Method.count()).from(LogData.class).count();
+ //records are more
+ if(count > 5000) {
+ new Delete().from(LogData.class).where(LogData_Table.timestamp.lessThan(purgeInterval)).async().execute();
+ }
+ }
+
+ /**
+ * Fetch kernel logs via busybox dmesg. This will include {AFL} lines from
+ * logging rejected packets.
+ *
+ * @return true if logging is enabled, false otherwise
+ */
+ public static List fetchLogs() {
+ //load hour data due to performance issue with old view
+ long loadInterval = System.currentTimeMillis() - 3600000;
+ List log = SQLite.select()
+ .from(LogData.class)
+ .where(LogData_Table.timestamp.greaterThan(loadInterval))
+ .orderBy(LogData_Table.timestamp, true)
+ .queryList();
+ purgeOldLog();
+ //fetch last 100 records
+ if (log.size() > 100) {
+ return log.subList((log.size() - 100), log.size());
+ } else {
+ return log;
+ }
+ }
+
+ /**
+ * List all interfaces via "ifconfig -a"
+ *
+ * @param ctx application context
+ * @param callback Callback for completion status
+ */
+ public static void runIfconfig(Context ctx, RootCommand callback) {
+ // Try system ifconfig first, then busybox for all versions
+ callback.run(ctx, "ifconfig -a || " + getBusyBoxPath(ctx, true) + " ifconfig -a");
+ }
+
+ public static void runNetworkInterface(Context ctx, RootCommand callback) {
+ // Try Android API method first for all versions
+ try {
+ StringBuilder result = new StringBuilder();
+ java.util.Enumeration interfaces = java.net.NetworkInterface.getNetworkInterfaces();
+ while (interfaces.hasMoreElements()) {
+ java.net.NetworkInterface networkInterface = interfaces.nextElement();
+ result.append(networkInterface.getName()).append("\n");
+ }
+ if (result.length() > 0) {
+ // Create a mock RootCommand with API results
+ RootCommand apiResult = new RootCommand();
+ apiResult.res = result;
+ apiResult.exitCode = 0;
+ apiResult.done = true;
+ if (callback.cb != null) {
+ callback.cb.cbFunc(apiResult);
+ }
+ return;
+ }
+ } catch (Exception e) {
+ Log.d(TAG, "Android API network interface detection failed: " + e.getMessage());
+ }
+
+ // Fallback to shell commands with multiple options
+ String cmd = "ls /sys/class/net 2>/dev/null || " +
+ getBusyBoxPath(ctx, true) + " ls /sys/class/net 2>/dev/null || " +
+ "ip link show 2>/dev/null";
+ callback.run(ctx, cmd);
+ }
+
+
+ public static void fixFolderPermissionsAsync(Context mContext) {
+ AsyncTask.execute(() -> {
+ try {
+ mContext.getFilesDir().setExecutable(true, false);
+ mContext.getFilesDir().setReadable(true, false);
+ File sharedPrefsFolder = new File(mContext.getFilesDir().getAbsolutePath()
+ + "/../shared_prefs");
+ sharedPrefsFolder.setExecutable(true, false);
+ sharedPrefsFolder.setReadable(true, false);
+ } catch (Exception e) {
+ Log.e(Api.TAG, e.getMessage(), e);
+ }
+ });
+ }
+
+ /**
+ * @param ctx application context (mandatory)
+ * @return a list of applications
+ */
+ public static List getApps(Context ctx, GetAppList appList) {
+
+ initSpecial();
+ if (applications != null && applications.size() > 0) {
+ // return cached instance
+ return applications;
+ }
+
+ SharedPreferences prefs = ctx.getSharedPreferences(PREFS_NAME, Context.MODE_PRIVATE);
+
+ String savedPkg_wifi_uid = prefs.getString(PREF_WIFI_PKG_UIDS, "");
+ String savedPkg_3g_uid = prefs.getString(PREF_3G_PKG_UIDS, "");
+ String savedPkg_roam_uid = prefs.getString(PREF_ROAMING_PKG_UIDS, "");
+ String savedPkg_vpn_uid = prefs.getString(PREF_VPN_PKG_UIDS, "");
+ String savedPkg_tether_uid = prefs.getString(PREF_TETHER_PKG_UIDS, "");
+ String savedPkg_lan_uid = prefs.getString(PREF_LAN_PKG_UIDS, "");
+ String savedPkg_tor_uid = prefs.getString(PREF_TOR_PKG_UIDS, "");
+
+ List selected_wifi;
+ List selected_3g;
+ List selected_roam = new ArrayList<>();
+ List selected_vpn = new ArrayList<>();
+ List selected_tether = new ArrayList<>();
+ List selected_lan = new ArrayList<>();
+ List selected_tor = new ArrayList<>();
+
+
+ selected_wifi = getListFromPref(savedPkg_wifi_uid);
+ selected_3g = getListFromPref(savedPkg_3g_uid);
+
+ if (G.enableRoam()) {
+ selected_roam = getListFromPref(savedPkg_roam_uid);
+ }
+ if (G.enableVPN()) {
+ selected_vpn = getListFromPref(savedPkg_vpn_uid);
+ }
+ if (G.enableTether()) {
+ selected_tether = getListFromPref(savedPkg_tether_uid);
+ }
+ if (G.enableLAN()) {
+ selected_lan = getListFromPref(savedPkg_lan_uid);
+ }
+ if (G.enableTor()) {
+ selected_tor = getListFromPref(savedPkg_tor_uid);
+ }
+ //revert back to old approach
+
+ //always use the defaul preferences to store cache value - reduces the application usage size
+ SharedPreferences cachePrefs = ctx.getSharedPreferences(DEFAULT_PREFS_NAME, Context.MODE_PRIVATE);
+
+ int count = 0;
+ try {
+ listOfUids = new ArrayList<>();
+ //this code will be executed on devices running ICS or later
+ final UserManager um = (UserManager) ctx.getSystemService(Context.USER_SERVICE);
+ List list = um.getUserProfiles();
+
+ for (UserHandle user : list) {
+ Matcher m = p.matcher(user.toString());
+ if (m.find() && m.groupCount() > 0) {
+ int id = Integer.parseInt(m.group(1));
+ if (id > 0) {
+ listOfUids.add(id);
+ }
+ }
+ }
+ //use pm list packages -f -U --user 10
+ int pkgManagerFlags = PackageManager.GET_META_DATA;
+ // it's useless to iterate over uninstalled packages if we don't support multi-profile apps
+ if (G.supportDual()) {
+ pkgManagerFlags |= PackageManager.GET_UNINSTALLED_PACKAGES;
+ }
+ PackageManager pkgmanager = ctx.getPackageManager();
+ List installed = pkgmanager.getInstalledApplications(pkgManagerFlags);
+ SparseArray syncMap = new SparseArray<>();
+ Editor edit = cachePrefs.edit();
+ boolean changed = false;
+ String name;
+ String cachekey;
+ String cacheLabel = "cache.label.";
+ PackageInfoData app;
+ ApplicationInfo apinfo;
+
+ Date install = new Date();
+ install.setTime(System.currentTimeMillis() - (180000));
+
+ SparseArray multiUserAppsMap = new SparseArray<>();
+ HashMap packagesForUser = new HashMap<>();
+ if(G.supportDual()) {
+ packagesForUser = getPackagesForUser(listOfUids);
+ }
+
+ for (int i = 0; i < installed.size(); i++) {
+ //for (ApplicationInfo apinfo : installed) {
+ count = count + 1;
+ apinfo = installed.get(i);
+
+ if (appList != null) {
+ appList.doProgress(count);
+ }
+
+ boolean firstseen = false;
+ app = syncMap.get(apinfo.uid);
+ // filter applications which are not allowed to access the Internet
+ if (app == null && PackageManager.PERMISSION_GRANTED != pkgmanager.checkPermission(Manifest.permission.INTERNET, apinfo.packageName) && !showAllApps()) {
+ continue;
+ }
+ // try to get the application label from our cache - getApplicationLabel() is horribly slow!!!!
+ cachekey = cacheLabel + apinfo.packageName;
+ name = prefs.getString(cachekey, "");
+ if (name.length() == 0 || isRecentlyInstalled(apinfo.packageName)) {
+ // get label and put on cache
+ name = pkgmanager.getApplicationLabel(apinfo).toString();
+ edit.putString(cachekey, name);
+ changed = true;
+ firstseen = true;
+ }
+ if (app == null) {
+ app = new PackageInfoData();
+ app.uid = apinfo.uid;
+ app.installTime = new File(apinfo.sourceDir).lastModified();
+ app.names = new ArrayList();
+ app.names.add(name);
+ app.appinfo = apinfo;
+ if (app.appinfo != null && (app.appinfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0) {
+ //user app
+ app.appType = 1;
+ } else {
+ //system app
+ app.appType = 0;
+ }
+ app.pkgName = apinfo.packageName;
+ if ((apinfo.flags & ApplicationInfo.FLAG_INSTALLED) != 0)
+ syncMap.put(apinfo.uid, app);
+ } else {
+ app.names.add(name);
+ }
+
+ app.firstseen = firstseen;
+ // check if this application is selected
+ if (!app.selected_wifi && Collections.binarySearch(selected_wifi, app.uid) >= 0) {
+ app.selected_wifi = true;
+ }
+ if (!app.selected_3g && Collections.binarySearch(selected_3g, app.uid) >= 0) {
+ app.selected_3g = true;
+ }
+ if (G.enableRoam() && !app.selected_roam && Collections.binarySearch(selected_roam, app.uid) >= 0) {
+ app.selected_roam = true;
+ }
+ if (G.enableVPN() && !app.selected_vpn && Collections.binarySearch(selected_vpn, app.uid) >= 0) {
+ app.selected_vpn = true;
+ }
+ if (G.enableTether() && !app.selected_tether && Collections.binarySearch(selected_tether, app.uid) >= 0) {
+ app.selected_tether = true;
+ }
+ if (G.enableLAN() && !app.selected_lan && Collections.binarySearch(selected_lan, app.uid) >= 0) {
+ app.selected_lan = true;
+ }
+ if (G.enableTor() && !app.selected_tor && Collections.binarySearch(selected_tor, app.uid) >= 0) {
+ app.selected_tor = true;
+ }
+ if (G.supportDual()) {
+ checkPartOfMultiUser(apinfo, name, listOfUids, packagesForUser, multiUserAppsMap);
+ }
+ }
+
+ if (G.supportDual()) {
+ //run through multi user map
+ for (int i = 0; i < multiUserAppsMap.size(); i++) {
+ app = multiUserAppsMap.valueAt(i);
+ if (!app.selected_wifi && Collections.binarySearch(selected_wifi, app.uid) >= 0) {
+ app.selected_wifi = true;
+ }
+ if (!app.selected_3g && Collections.binarySearch(selected_3g, app.uid) >= 0) {
+ app.selected_3g = true;
+ }
+ if (G.enableRoam() && !app.selected_roam && Collections.binarySearch(selected_roam, app.uid) >= 0) {
+ app.selected_roam = true;
+ }
+ if (G.enableVPN() && !app.selected_vpn && Collections.binarySearch(selected_vpn, app.uid) >= 0) {
+ app.selected_vpn = true;
+ }
+ if (G.enableTether() && !app.selected_tether && Collections.binarySearch(selected_tether, app.uid) >= 0) {
+ app.selected_tether = true;
+ }
+ if (G.enableLAN() && !app.selected_lan && Collections.binarySearch(selected_lan, app.uid) >= 0) {
+ app.selected_lan = true;
+ }
+ if (G.enableTor() && !app.selected_tor && Collections.binarySearch(selected_tor, app.uid) >= 0) {
+ app.selected_tor = true;
+ }
+ syncMap.put(app.uid, app);
+ }
+ }
+
+ List specialData = getSpecialData();
+
+ if (specialApps == null) {
+ specialApps = new HashMap();
+ }
+ for (int i = 0; i < specialData.size(); i++) {
+ app = specialData.get(i);
+ //core apps
+ app.appType = 2;
+ specialApps.put(app.pkgName, app.uid);
+ //default DNS/NTP
+ if (app.uid != -1 && syncMap.get(app.uid) == null) {
+ // check if this application is allowed
+ if (!app.selected_wifi && Collections.binarySearch(selected_wifi, app.uid) >= 0) {
+ app.selected_wifi = true;
+ }
+ if (!app.selected_3g && Collections.binarySearch(selected_3g, app.uid) >= 0) {
+ app.selected_3g = true;
+ }
+ if (G.enableRoam() && !app.selected_roam && Collections.binarySearch(selected_roam, app.uid) >= 0) {
+ app.selected_roam = true;
+ }
+ if (G.enableVPN() && !app.selected_vpn && Collections.binarySearch(selected_vpn, app.uid) >= 0) {
+ app.selected_vpn = true;
+ }
+ if (G.enableTether() && !app.selected_tether && Collections.binarySearch(selected_tether, app.uid) >= 0) {
+ app.selected_tether = true;
+ }
+ if (G.enableLAN() && !app.selected_lan && Collections.binarySearch(selected_lan, app.uid) >= 0) {
+ app.selected_lan = true;
+ }
+ if (G.enableTor() && !app.selected_tor && Collections.binarySearch(selected_tor, app.uid) >= 0) {
+ app.selected_tor = true;
+ }
+ syncMap.put(app.uid, app);
+ }
+ }
+
+ if (changed) {
+ edit.apply();
+ }
+ /* convert the map into an array */
+ applications = Collections.synchronizedList(new ArrayList());
+ for (int i = 0; i < syncMap.size(); i++) {
+ applications.add(syncMap.valueAt(i));
+ }
+ return applications;
+ } catch (Exception e) {
+ Log.i(TAG, "Exception in getting app list", e);
+ }
+ return new ArrayList<>();
+ }
+
+ /* public boolean isSuPackage(PackageManager pm, String suPackage) {
+ boolean found = false;
+ try {
+ PackageInfo info = pm.getPackageInfo(suPackage, 0);
+ if (info.applicationInfo != null) {
+ found = true;
+ }
+ //found = s + " v" + info.versionName;
+ } catch (NameNotFoundException e) {
+ }
+ return found;
+ }*/
+
+ public static List getSpecialData() {
+ List specialData = new ArrayList<>();
+ specialData.add(new PackageInfoData(SPECIAL_UID_ANY, ctx.getString(R.string.all_item), "dev.afwall.special.any"));
+ specialData.add(new PackageInfoData(SPECIAL_UID_KERNEL, ctx.getString(R.string.kernel_item), "dev.afwall.special.kernel"));
+ specialData.add(new PackageInfoData(SPECIAL_UID_TETHER, ctx.getString(R.string.tethering_item), "dev.afwall.special.tether"));
+ specialData.add(new PackageInfoData(SPECIAL_UID_NTP, ctx.getString(R.string.ntp_item), "dev.afwall.special.ntp"));
+
+
+ specialData.add(new PackageInfoData(1020, ctx.getString(R.string.mdnslabel), "dev.afwall.special.mdnsr"));
+
+ if (android.os.Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+ specialData.add(new PackageInfoData(1029, ctx.getString(R.string.clat), "dev.afwall.special.clat"));
+ }
+
+ /*if (additional) {
+ specialData.add(new PackageInfoData(1020, "mDNS", "dev.afwall.special.mDNS"));
+ }*/
+ for (String acct : specialAndroidAccounts) {
+ String dsc = getSpecialDescription(ctx, acct);
+ if (dsc != null) {
+ String pkg = "dev.afwall.special." + acct;
+ specialData.add(new PackageInfoData(acct, dsc, pkg));
+ }
+ }
+ return specialData;
+ }
+
+ private static void checkPartOfMultiUser(ApplicationInfo apinfo, String name, List uid1, HashMap pkgs, SparseArray syncMap) {
+ try {
+ for (Integer integer : uid1) {
+ int appUid = Integer.parseInt(integer + "" + apinfo.uid + "");
+ try{
+ //String[] pkgs = pkgmanager.getPackagesForUid(appUid);
+ if (packagesExistForUserUid(pkgs, appUid)) {
+ PackageInfoData app = new PackageInfoData();
+ app.uid = appUid;
+ app.installTime = new File(apinfo.sourceDir).lastModified();
+ app.names = new ArrayList();
+ app.names.add(name + "(M)");
+ app.appinfo = apinfo;
+ if (app.appinfo != null && (app.appinfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0) {
+ //user app
+ app.appType = 1;
+ } else {
+ //system app
+ app.appType = 0;
+ }
+ app.pkgName = apinfo.packageName;
+ syncMap.put(appUid, app);
+ }
+ }catch (Exception e) {
+ Log.e(TAG, e.getMessage(), e);
+ }
+ }
+ } catch (Exception e) {
+ Log.e(TAG, e.getMessage(), e);
+ }
+ }
+
+ private static boolean packagesExistForUserUid(HashMap pkgs, int appUid) {
+ if(pkgs.containsKey(appUid)){
+ return true;
+ }
+ return false;
+ }
+
+ public static HashMap getPackagesForUser(List userProfile) {
+ HashMap listApps = new HashMap<>();
+ for(Integer integer: userProfile) {
+ try {
+ Shell.Result result = Shell.cmd("pm list packages -U --user " + integer).exec();
+ List out = result.getOut();
+ Matcher matcher;
+ for (String item : out) {
+ matcher = dual_pattern.matcher(item);
+ if (matcher.find() && matcher.groupCount() > 0) {
+ String packageName = matcher.group(1);
+ String packageId = matcher.group(2);
+ Log.i(TAG, packageId + " " + packageName);
+ listApps.put(Integer.parseInt(packageId), packageName);
+ }
+ }
+ } catch (java.util.concurrent.RejectedExecutionException e) {
+ Log.w(TAG, "Package listing rejected for user " + integer + ": " + e.getMessage());
+ break; // Stop processing other users if execution rejected
+ } catch (Exception e) {
+ Log.e(TAG, "Failed to list packages for user " + integer + ": " + e.getMessage());
+ // Continue with next user on other errors
+ }
+ }
+ return listApps.size() > 0 ? listApps : null;
+ }
+
+ private static boolean isRecentlyInstalled(String packageName) {
+ boolean isRecent = false;
+ if (recentlyInstalled != null && recentlyInstalled.contains(packageName)) {
+ isRecent = true;
+ recentlyInstalled.remove(packageName);
+ }
+ return isRecent;
+ }
+
+ private static List getListFromPref(String savedPkg_uid) {
+ StringTokenizer tok = new StringTokenizer(savedPkg_uid, "|");
+ List listUids = new ArrayList<>();
+ while (tok.hasMoreTokens()) {
+ String uid = tok.nextToken();
+ if (!uid.equals("")) {
+ listUids.add(Integer.parseInt(uid));
+ }
+ }
+ // Sort the array to allow using "Arrays.binarySearch" later
+ Collections.sort(listUids);
+ return listUids;
+ }
+
+ /*public static boolean isAppAllowed(Context context, ApplicationInfo applicationInfo, SharedPreferences sharedPreferences, SharedPreferences pPrefs) {
+ InterfaceDetails details = InterfaceTracker.getCurrentCfg(context, true);
+ //allow webview to download since webview requires INTERNET permission
+ if (applicationInfo.packageName.equals("com.android.webview") || applicationInfo.packageName.equals("com.google.android.webview")) {
+ return true;
+ }
+ if (details != null && details.netEnabled) {
+ String mode = pPrefs.getString(Api.PREF_MODE, Api.MODE_WHITELIST);
+ Log.i(TAG, "Calling isAppAllowed method from DM with Mode: " + mode);
+ switch ((details.netType)) {
+ case ConnectivityManager.TYPE_WIFI:
+ String savedPkg_wifi_uid = pPrefs.getString(PREF_WIFI_PKG_UIDS, "");
+ if (savedPkg_wifi_uid.isEmpty()) {
+ savedPkg_wifi_uid = sharedPreferences.getString(PREF_WIFI_PKG_UIDS, "");
+ }
+ Log.i(TAG, "DM check for UID: " + applicationInfo.uid);
+ Log.i(TAG, "DM allowed UIDs: " + savedPkg_wifi_uid);
+ if (mode.equals(Api.MODE_WHITELIST) && savedPkg_wifi_uid.contains(applicationInfo.uid + "")) {
+ return true;
+ } else return mode.equals(Api.MODE_BLACKLIST) && !savedPkg_wifi_uid.contains(applicationInfo.uid + "");
+
+ case ConnectivityManager.TYPE_MOBILE:
+ String savedPkg_3g_uid = pPrefs.getString(PREF_3G_PKG_UIDS, "");
+ if (details.isRoaming) {
+ savedPkg_3g_uid = pPrefs.getString(PREF_ROAMING_PKG_UIDS, "");
+ }
+ Log.i(TAG, "DM check for UID: " + applicationInfo.uid);
+ Log.i(TAG, "DM allowed UIDs: " + savedPkg_3g_uid);
+ if (mode.equals(Api.MODE_WHITELIST) && savedPkg_3g_uid.contains(applicationInfo.uid + "")) {
+ return true;
+ } else return mode.equals(Api.MODE_BLACKLIST) && !savedPkg_3g_uid.contains(applicationInfo.uid + "");
+ }
+ }
+
+ return true;
+ }*/
+
+ /**
+ * Get Default Chain status
+ *
+ * @param ctx
+ * @param callback
+ */
+ public static void getChainStatus(Context ctx, RootCommand callback) {
+ List cmds = new ArrayList();
+ cmds.add("-S INPUT");
+ cmds.add("-S OUTPUT");
+ cmds.add("-S FORWARD");
+ List out = new ArrayList<>();
+
+ iptablesCommands(cmds, out, false);
+
+ ArrayList base = new ArrayList();
+ base.add("-S INPUT");
+ base.add("-S OUTPUT");
+ cmds.add("-S FORWARD");
+ iptablesCommands(base, out, true);
+
+ callback.run(ctx, out);
+ }
+
+ /**
+ * Apply single rule
+ *
+ * @param ctx
+ * @param rule
+ * @param isIpv6
+ * @param callback
+ */
+ public static void applyRule(Context ctx, String rule, boolean isIpv6, RootCommand callback) {
+ List cmds = new ArrayList();
+ cmds.add(rule);
+ //setBinaryPath(ctx, isIpv6);
+ List out = new ArrayList<>();
+ iptablesCommands(cmds, out, isIpv6);
+ callback.run(ctx, out);
+ }
+
+ /**
+ * Runs a script as root (multiple commands separated by "\n")
+ *
+ * @param ctx mandatory context
+ * @param script the script to be executed
+ * @param res the script output response (stdout + stderr)
+ * @return the script exit code
+ * @throws IOException on any error executing the script, or writing it to disk
+ */
+ public static int runScriptAsRoot(Context ctx, List script, StringBuilder res) throws IOException {
+ int returnCode = -1;
+
+ if ((Looper.myLooper() != null) && (Looper.myLooper() == Looper.getMainLooper())) {
+ Log.e(TAG, "runScriptAsRoot should not be called from the main thread\nCall Trace:\n");
+ for (StackTraceElement e : new Throwable().getStackTrace()) {
+ Log.e(TAG, e.toString());
+ }
+ }
+
+ try {
+ RunCommand runCommand = new RunCommand();
+ returnCode = runCommand.execute(script, res, ctx).get();
+ } catch (RejectedExecutionException r) {
+ Log.w(TAG, "Shell execution rejected, likely due to app shutdown: " + r.getLocalizedMessage());
+ returnCode = -1;
+ } catch (InterruptedException e) {
+ Log.w(TAG, "Shell execution was interrupted: " + e.getLocalizedMessage());
+ Thread.currentThread().interrupt(); // Restore interrupted status
+ returnCode = -1;
+ } catch (java.util.concurrent.ExecutionException e) {
+ Throwable cause = e.getCause();
+ if (cause instanceof java.io.InterruptedIOException) {
+ Log.w(TAG, "Shell execution interrupted (IO): " + cause.getMessage());
+ } else if (cause instanceof java.util.concurrent.RejectedExecutionException) {
+ Log.w(TAG, "Shell execution rejected in wrapped exception: " + cause.getMessage());
+ } else {
+ Log.e(TAG, "Shell execution failed with ExecutionException: " + e.getLocalizedMessage());
+ }
+ returnCode = -1;
+ } catch (Exception e) {
+ Log.e(TAG, "Unexpected error during shell execution: " + e.getLocalizedMessage());
+ returnCode = -1;
+ }
+
+ return returnCode;
+ }
+
+ private static boolean installBinary(Context ctx, int resId, String filename) {
+ try {
+ File binDir = ctx.getDir("bin", 0);
+ File f = new File(binDir, filename);
+
+ Log.d(TAG, "Installing binary: " + filename + " to " + f.getAbsolutePath());
+
+ if (f.exists()) {
+ Log.d(TAG, "Removing existing binary: " + filename);
+ if (!f.delete()) {
+ Log.w(TAG, "Failed to delete existing binary: " + filename);
+ }
+ }
+
+ copyRawFile(ctx, resId, f, "0755");
+
+ // Verify the binary was installed correctly
+ if (!f.exists()) {
+ Log.e(TAG, "Binary installation failed - file does not exist: " + filename);
+ return false;
+ }
+
+ if (!f.canExecute()) {
+ Log.w(TAG, "Binary installed but not executable: " + filename);
+ // Try to fix permissions manually
+ try {
+ f.setExecutable(true, false);
+ Log.d(TAG, "Fixed permissions for: " + filename);
+ } catch (Exception e) {
+ Log.e(TAG, "Failed to fix permissions for: " + filename + " - " + e.getMessage());
+ }
+ }
+
+ Log.d(TAG, "Successfully installed binary: " + filename +
+ " (size: " + f.length() + " bytes, executable: " + f.canExecute() + ")");
+ return true;
+
+ } catch (Exception e) {
+ Log.e(TAG, "installBinary failed for " + filename + ": " + e.getClass().getSimpleName() +
+ " - " + e.getLocalizedMessage(), e);
+ return false;
+ }
+ }
+
+ /**
+ * Install binary if the resource exists, using reflection to check for resource availability
+ * @param ctx Context
+ * @param resourceName Name of the resource (e.g., "busybox_arm64")
+ * @param filename Target filename
+ * @return true if installed successfully or resource doesn't exist, false on installation error
+ */
+ private static boolean installBinaryIfExists(Context ctx, String resourceName, String filename) {
+ try {
+ // Use reflection to check if the resource exists
+ Class rawClass = R.raw.class;
+ java.lang.reflect.Field field = rawClass.getDeclaredField(resourceName);
+ int resId = field.getInt(null);
+
+ // Resource exists, try to install it
+ return installBinary(ctx, resId, filename);
+ } catch (NoSuchFieldException e) {
+ // Resource doesn't exist - this is expected when binaries are not yet added
+ Log.d(TAG, "Resource " + resourceName + " not found - this is expected if binary is not yet available");
+ return false;
+ } catch (Exception e) {
+ Log.e(TAG, "Error checking/installing binary " + resourceName + ": " + e.getMessage());
+ return false;
+ }
+ }
+
+ private static boolean installBinariesX86(Context ctx) {
+ if (!installBinary(ctx, R.raw.busybox_x86, "busybox")) return false;
+ if (!installBinary(ctx, R.raw.iptables_x86, "iptables")) return false;
+ if (!installBinary(ctx, R.raw.ip6tables_x86, "ip6tables")) return false;
+ if (!installBinary(ctx, R.raw.nflog_x86, "nflog")) return false;
+
+
+ return true;
+ }
+
+
+ private static boolean installBinariesArm64(Context ctx) {
+ if (!installBinary(ctx, R.raw.busybox_arm64, "busybox")) return false;
+ if (!installBinary(ctx, R.raw.iptables_arm64, "iptables")) return false;
+ if (!installBinary(ctx, R.raw.ip6tables_arm64, "ip6tables")) return false;
+ if (!installBinary(ctx, R.raw.nflog_arm64, "nflog")) return false;
+
+
+ return true;
+ }
+
+ private static boolean installBinariesArm(Context ctx) {
+ if (!installBinary(ctx, R.raw.busybox_arm, "busybox")) return false;
+ if (!installBinary(ctx, R.raw.iptables_arm, "iptables")) return false;
+ if (!installBinary(ctx, R.raw.ip6tables_arm, "ip6tables")) return false;
+ if (!installBinary(ctx, R.raw.nflog_arm, "nflog")) return false;
+
+
+ return true;
+ }
+
+ private static boolean installBinariesForAbi(Context ctx, String abi) {
+ if (abi.startsWith("x86")) {
+ return installBinariesX86(ctx);
+ } else if (abi.startsWith("arm64")) {
+ return installBinariesArm64(ctx);
+ } else {
+ return installBinariesArm(ctx);
+ }
+ }
+
+ private static int getPackageVersion(Context ctx) {
+ try {
+ return ctx.getPackageManager().getPackageInfo(ctx.getPackageName(), 0).versionCode;
+ } catch (NameNotFoundException e) {
+ Log.e(TAG, "Can't determine the package version!");
+ return -1;
+ }
+ }
+
+ private static String getAbi() {
+ if (Build.VERSION.SDK_INT > 21) {
+ return Build.SUPPORTED_ABIS[0];
+ } else {
+ return Build.CPU_ABI;
+ }
+ }
+
+ // Static lock object for synchronizing binary installation
+ private static final Object BINARY_INSTALL_LOCK = new Object();
+
+ /**
+ * Asserts that the binary files are installed in the cache directory.
+ *
+ * @param ctx context
+ * @param showErrors indicates if errors should be alerted
+ * @return false if the binary files could not be installed
+ */
+ public static boolean assertBinaries(Context ctx, boolean showErrors) {
+ synchronized (BINARY_INSTALL_LOCK) {
+ Log.d(TAG, "assertBinaries() called - Entry point");
+
+ int currentVer = getPackageVersion(ctx);
+ boolean wasAlreadyInstalled = (G.appVersion() == currentVer);
+ Log.d(TAG, "assertBinaries() - currentVer=" + currentVer + ", storedVer=" + G.appVersion() + ", wasAlreadyInstalled=" + wasAlreadyInstalled);
+
+ if (wasAlreadyInstalled) {
+ // The version hasn't changed: Check if binaries are still functional
+ Log.d(TAG, "assertBinaries() - Verifying existing binaries...");
+ if (verifyBinaries(ctx)) {
+ Log.d(TAG, "assertBinaries() - Verification passed, returning true (no reinstall needed)");
+ return true;
+ } else {
+ Log.w(TAG, "Binaries verification failed, forcing reinstallation");
+ }
+ }
+
+ String abi = getAbi();
+
+ Log.d(TAG, "Installing binaries for " + abi + " (currentVer=" + currentVer +
+ ", storedVer=" + G.appVersion() + ", wasAlreadyInstalled=" + wasAlreadyInstalled + ")...");
+
+ if (!installBinariesForAbi(ctx, abi))
+ {
+ Log.e(TAG, "Installation of the binaries for " + abi + " failed!");
+ toast(ctx, ctx.getString(R.string.error_binary), Toast.LENGTH_LONG);
+ return false;
+ }
+
+ // Arch-independent scripts:
+ if (!installBinary(ctx, R.raw.afwallstart, "afwallstart"))
+ {
+ Log.e(TAG, "Installation of the arch-independent binaries failed!");
+ toast(ctx, ctx.getString(R.string.error_binary));
+ return false;
+ }
+
+ Log.d(TAG, "Installed binaries for " + abi + ".");
+
+ // Only show toast for actual new installations (not verification failures)
+ if (!wasAlreadyInstalled) {
+ Log.d(TAG, "New installation completed - showing toast");
+ toast(ctx, ctx.getString(R.string.toast_bin_installed), Toast.LENGTH_SHORT);
+ } else {
+ Log.d(TAG, "Binaries reinstalled (wasAlreadyInstalled=true) - no toast shown");
+ }
+
+ G.appVersion(currentVer); // This indicates that the installation of the binaries for this version was successful.
+
+ return true;
+ } // End synchronized block
+ }
+
+ /**
+ * Force reinstallation of binaries regardless of version
+ *
+ * @param ctx Context
+ * @param showErrors indicates if errors should be alerted
+ * @return true if installation successful
+ */
+ public static boolean forceReinstallBinaries(Context ctx, boolean showErrors) {
+ Log.i(TAG, "Forcing binary reinstallation...");
+
+ // Clear the version to force reinstallation
+ G.appVersion(-1);
+
+ return assertBinaries(ctx, showErrors);
+ }
+
+ /**
+ * Verify that installed binaries are functional
+ *
+ * @param ctx Context
+ * @return true if binaries are functional, false if they need reinstallation
+ */
+ private static boolean verifyBinaries(Context ctx) {
+ Log.d(TAG, "verifyBinaries() called - Starting verification");
+ String dir = ctx.getDir("bin", 0).getAbsolutePath();
+ Log.d(TAG, "verifyBinaries() - Binary directory: " + dir);
+
+ // Check if busybox exists and is executable
+ File busybox = new File(dir, "busybox");
+ boolean exists = busybox.exists();
+ boolean canExecute = busybox.canExecute();
+ boolean canRead = busybox.canRead();
+ long size = busybox.length();
+ Log.d(TAG, "verifyBinaries() - Checking busybox: exists=" + exists + ", canExecute=" + canExecute + ", canRead=" + canRead + ", size=" + size + " bytes");
+ if (!exists || !canExecute) {
+ Log.w(TAG, "Busybox binary missing or not executable");
+ return false;
+ }
+
+ // Test busybox functionality by running a simple command
+ // Note: On modern Android, binaries in app private directories may not be executable
+ // from the app context, but they will work when executed with root privileges
+ try {
+ Log.d(TAG, "verifyBinaries() - Testing busybox functionality with 'echo test'");
+ ProcessBuilder pb = new ProcessBuilder(busybox.getAbsolutePath(), "echo", "test");
+ pb.environment().clear();
+ Process process = pb.start();
+ int exitCode = process.waitFor();
+ Log.d(TAG, "verifyBinaries() - Busybox test exitCode: " + exitCode);
+
+ if (exitCode != 0) {
+ Log.w(TAG, "Busybox test command failed with exit code: " + exitCode);
+ return false;
+ }
+
+ // Read and verify output
+ java.util.Scanner scanner = new java.util.Scanner(process.getInputStream());
+ if (scanner.hasNextLine()) {
+ String output = scanner.nextLine().trim();
+ Log.d(TAG, "verifyBinaries() - Busybox test output: '" + output + "'");
+ scanner.close();
+ if (!"test".equals(output)) {
+ Log.w(TAG, "Busybox test output unexpected: " + output);
+ return false;
+ }
+ } else {
+ scanner.close();
+ Log.w(TAG, "Busybox test produced no output");
+ return false;
+ }
+
+ } catch (Exception e) {
+ String errorMsg = e.getMessage();
+ if (errorMsg != null && (errorMsg.contains("Permission denied") || errorMsg.contains("error=13"))) {
+ Log.w(TAG, "Busybox execution test failed due to Android security restrictions (expected behavior)");
+ Log.w(TAG, "Binary will be available for root execution. Skipping direct execution test.");
+ // Don't fail verification for permission denied - the binary will work with root
+ // Just log the issue and continue with other checks
+ } else {
+ Log.w(TAG, "Busybox verification failed: " + errorMsg);
+ return false;
+ }
+ }
+
+ // Check other critical binaries exist
+ Log.d(TAG, "verifyBinaries() - Checking other required binaries");
+ String[] requiredBinaries = {"iptables", "ip6tables"};
+ for (String binary : requiredBinaries) {
+ File binaryFile = new File(dir, binary);
+ Log.d(TAG, "verifyBinaries() - Checking " + binary + ": exists=" + binaryFile.exists() + ", canExecute=" + binaryFile.canExecute());
+ if (!binaryFile.exists() || !binaryFile.canExecute()) {
+ Log.w(TAG, "Required binary missing or not executable: " + binary);
+ return false;
+ }
+ }
+
+ Log.d(TAG, "Binary verification successful - All checks passed");
+ return true;
+ }
+
+ /**
+ * Check if the firewall is enabled
+ *
+ * @param ctx mandatory context
+ * @return boolean
+ */
+ public static boolean isEnabled(Context ctx) {
+ if (ctx == null) return false;
+ return ctx.getSharedPreferences(PREF_FIREWALL_STATUS, Context.MODE_PRIVATE).getBoolean(PREF_ENABLED, false);
+ }
+
+ /**
+ * Defines if the firewall is enabled and broadcasts the new status
+ *
+ * @param ctx mandatory context
+ * @param enabled enabled flag
+ */
+ public static void setEnabled(Context ctx, boolean enabled, boolean showErrors) {
+ if (ctx == null) return;
+ SharedPreferences prefs = ctx.getSharedPreferences(PREF_FIREWALL_STATUS, Context.MODE_PRIVATE);
+ if (prefs.getBoolean(PREF_ENABLED, false) == enabled) {
+ return;
+ }
+ setRulesUpToDate(false);
+
+ Editor edit = prefs.edit();
+ edit.putBoolean(PREF_ENABLED, enabled);
+ if (!edit.commit()) {
+ if (showErrors) toast(ctx, ctx.getString(R.string.error_write_pref));
+ return;
+ }
+
+ Intent myService = new Intent(ctx, FirewallService.class);
+ ctx.stopService(myService);
+ if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.O) {
+ ctx.startForegroundService(myService);
+ } else {
+ ctx.startService(myService);
+ }
+
+ /* notify */
+ Intent message = new Intent(ctx, StatusWidget.class);
+ message.setAction(STATUS_CHANGED_MSG);
+ message.putExtra(Api.STATUS_EXTRA, enabled);
+ ctx.sendBroadcast(message);
+ }
+
+
+ public static void errorNotification(Context ctx) {
+
+ String NOTIFICATION_CHANNEL_ID = "firewall.error";
+ String channelName = ctx.getString(R.string.firewall_error_notify);
+
+ NotificationManager manager = (NotificationManager) ctx.getSystemService(Context.NOTIFICATION_SERVICE);
+ manager.cancel(ERROR_NOTIFICATION_ID);
+
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
+ NotificationChannel notificationChannel = new NotificationChannel(NOTIFICATION_CHANNEL_ID, channelName, NotificationManager.IMPORTANCE_DEFAULT);
+ notificationChannel.setLockscreenVisibility(Notification.VISIBILITY_PRIVATE);
+ if (G.getNotificationPriority() == 0) {
+ notificationChannel.setImportance(NotificationManager.IMPORTANCE_DEFAULT);
+ }
+ notificationChannel.setSound(null, null);
+ notificationChannel.setShowBadge(false);
+ notificationChannel.enableLights(false);
+ notificationChannel.enableVibration(false);
+
+ // Android 16+ specific notification channel configurations
+ if (Build.VERSION.SDK_INT >= 36) {
+ notificationChannel.setAllowBubbles(false);
+ }
+
+ manager.createNotificationChannel(notificationChannel);
+ }
+
+
+ Intent appIntent = new Intent(ctx, MainActivity.class);
+ appIntent.setAction(Intent.ACTION_MAIN);
+ appIntent.addCategory(Intent.CATEGORY_LAUNCHER);
+ appIntent.setFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP);
+
+ // Artificial stack so that navigating backward leads back to the Home screen
+ TaskStackBuilder stackBuilder = TaskStackBuilder.create(ctx)
+ .addParentStack(MainActivity.class)
+ .addNextIntent(new Intent(ctx, MainActivity.class));
+
+ PendingIntent notifyPendingIntent = PendingIntent.getActivity(ctx, 0, appIntent, PendingIntent.FLAG_IMMUTABLE);
+ NotificationCompat.Builder notificationBuilder = new NotificationCompat.Builder(ctx, NOTIFICATION_CHANNEL_ID);
+ notificationBuilder.setContentIntent(notifyPendingIntent);
+
+ Notification notification = notificationBuilder.setOngoing(false)
+ .setCategory(NotificationCompat.CATEGORY_ERROR)
+ .setVisibility(NotificationCompat.VISIBILITY_SECRET)
+ .setContentTitle(ctx.getString(R.string.error_notification_title))
+ .setContentText(ctx.getString(R.string.error_notification_text))
+ .setTicker(ctx.getString(R.string.error_notification_ticker))
+ .setSmallIcon(R.drawable.notification_warn)
+ .setAutoCancel(true)
+ .setContentIntent(notifyPendingIntent)
+ .build();
+
+ manager.notify(ERROR_NOTIFICATION_ID, notification);
+ }
+
+ public static void updateNotification(boolean status, Context ctx) {
+
+ String NOTIFICATION_CHANNEL_ID = "firewall.service";
+ String channelName = ctx.getString(R.string.firewall_service);
+
+ NotificationManager manager = (NotificationManager) ctx.getSystemService(Context.NOTIFICATION_SERVICE);
+ manager.cancel(NOTIFICATION_ID);
+
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
+ NotificationChannel notificationChannel = new NotificationChannel(NOTIFICATION_CHANNEL_ID, channelName, NotificationManager.IMPORTANCE_LOW);
+ notificationChannel.setLockscreenVisibility(Notification.VISIBILITY_PRIVATE);
+ if (G.getNotificationPriority() == 0) {
+ notificationChannel.setImportance(NotificationManager.IMPORTANCE_DEFAULT);
+ }
+ notificationChannel.setSound(null, null);
+ notificationChannel.setShowBadge(false);
+ notificationChannel.enableLights(false);
+ notificationChannel.enableVibration(false);
+
+ // Android 16+ specific notification channel configurations
+ if (Build.VERSION.SDK_INT >= 36) {
+ notificationChannel.setAllowBubbles(false);
+ }
+
+ manager.createNotificationChannel(notificationChannel);
+ }
+
+ Intent appIntent = new Intent(ctx, MainActivity.class);
+ appIntent.setAction(Intent.ACTION_MAIN);
+ appIntent.addCategory(Intent.CATEGORY_LAUNCHER);
+ appIntent.setFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP);
+
+ int icon = status ? R.drawable.notification : R.drawable.notification_error;
+ String notificationText = status ? getNotificationText(ctx) : ctx.getString(R.string.inactive);
+
+ PendingIntent notifyPendingIntent = PendingIntent.getActivity(ctx, 0, appIntent, PendingIntent.FLAG_IMMUTABLE);
+ NotificationCompat.Builder notificationBuilder = new NotificationCompat.Builder(ctx, NOTIFICATION_CHANNEL_ID);
+ notificationBuilder.setContentIntent(notifyPendingIntent);
+
+ Notification notification = notificationBuilder.setOngoing(true)
+ .setContentTitle(ctx.getString(R.string.app_name))
+ .setTicker(ctx.getString(R.string.app_name))
+ .setSound(null)
+ .setPriority(NotificationCompat.PRIORITY_LOW)
+ .setCategory(NotificationCompat.CATEGORY_SERVICE)
+ .setVisibility(NotificationCompat.VISIBILITY_SECRET)
+ .setContentText(notificationText)
+ .setSmallIcon(icon)
+ .build();
+
+ notification.flags |= Notification.FLAG_ONGOING_EVENT | Notification.FLAG_FOREGROUND_SERVICE | Notification.FLAG_NO_CLEAR;
+ manager.notify(NOTIFICATION_ID, notification);
+ }
+
+ private static String getNotificationText(Context ctx) {
+ if (G.enableMultiProfile()) {
+ String storedProfile = G.storedProfile();
+ switch (storedProfile) {
+ case "AFWallPrefs":
+ return ctx.getString(R.string.active) + " (" + G.gPrefs.getString("default", ctx.getString(R.string.defaultProfile)) + ")";
+ case "AFWallProfile1":
+ return ctx.getString(R.string.active) + " (" + G.gPrefs.getString("profile1", ctx.getString(R.string.profile1)) + ")";
+ case "AFWallProfile2":
+ return ctx.getString(R.string.active) + " (" + G.gPrefs.getString("profile2", ctx.getString(R.string.profile2)) + ")";
+ case "AFWallProfile3":
+ return ctx.getString(R.string.active) + " (" + G.gPrefs.getString("profile3", ctx.getString(R.string.profile3)) + ")";
+ default:
+ return ctx.getString(R.string.active) + " (" + storedProfile + ")";
+ }
+ } else {
+ return ctx.getString(R.string.active);
+ }
+ }
+
+
+ private static boolean removePackageRef(Context ctx, String pkg, int pkgRemoved, SharedPreferences.Editor editor, String store) {
+ StringBuilder newUids = new StringBuilder();
+ StringTokenizer tokenizer = new StringTokenizer(pkg, "|");
+ boolean changed = false;
+ String uidStr = String.valueOf(pkgRemoved);
+
+ while (tokenizer.hasMoreTokens()) {
+ String token = tokenizer.nextToken();
+ if (!uidStr.equals(token)) {
+ if (newUids.length() > 0) {
+ newUids.append('|');
+ }
+ newUids.append(token);
+ } else {
+ changed = true;
+ }
+ }
+
+ if (changed) {
+ editor.putString(store, newUids.toString());
+ editor.apply();
+ }
+ return changed;
+ }
+
+
+ /**
+ * Remove the cache.label key from preferences, so that next time the app appears on the top
+ *
+ * @param pkgName
+ * @param ctx
+ */
+ public static void removeCacheLabel(String pkgName, Context ctx) {
+ SharedPreferences prefs = ctx.getSharedPreferences("AFWallPrefs", Context.MODE_PRIVATE);
+ try {
+ prefs.edit().remove("cache.label." + pkgName).commit();
+ } catch (Exception e) {
+ Log.e(TAG, e.getLocalizedMessage());
+ }
+ }
+
+ /**
+ * Cleansup the uninstalled packages from the cache - will have slight performance
+ *
+ * @param ctx
+ */
+ public static void removeAllUnusedCacheLabel(Context ctx) {
+ try {
+ SharedPreferences prefs = ctx.getSharedPreferences("AFWallPrefs", Context.MODE_PRIVATE);
+ final String cacheLabel = "cache.label.";
+ String pkgName;
+ String cacheKey;
+ PackageManager pm = ctx.getPackageManager();
+ Map allPrefs = prefs.getAll();
+
+ for (Map.Entry prefEntry : allPrefs.entrySet()) {
+ String key = prefEntry.getKey();
+ if (key.startsWith(cacheLabel)) {
+ cacheKey = key;
+ pkgName = key.replace(cacheLabel, "");
+ if (prefs.getString(cacheKey, "").length() > 0 && !isPackageExists(pm, pkgName)) {
+ prefs.edit().remove(cacheKey).apply();
+ }
+ }
+ }
+ } catch (Exception e) {
+ // Handle the exception appropriately (e.g., log or print the stack trace)
+ }
+ }
+
+
+ /**
+ * Cleanup the cache from profiles - Improve performance.
+ *
+ * @param pm
+ * @param targetPackage
+ */
+
+ public static boolean isPackageExists(PackageManager pm, String targetPackage) {
+ try {
+ pm.getPackageInfo(targetPackage, PackageManager.GET_META_DATA);
+ } catch (NameNotFoundException e) {
+ return false;
+ }
+ return true;
+ }
+
+ public static PackageInfo getPackageDetails(Context ctx, HashMap listMaps, int uid) {
+ try {
+ final PackageManager pm = ctx.getPackageManager();
+ if (listMaps != null && listMaps.containsKey(uid)) {
+ return pm.getPackageInfo(listMaps.get(uid), PackageManager.GET_META_DATA);
+ } else {
+ return null;
+ }
+ } catch (NameNotFoundException e) {
+ return null;
+ }
+ }
+
+
+ public static Drawable getApplicationIcon(Context context, int appUid) {
+ if (uidToApplicationInfoMap == null) {
+ PackageManager packageManager = context.getPackageManager();
+ List installedApplications = packageManager.getInstalledApplications(PackageManager.GET_UNINSTALLED_PACKAGES);
+ uidToApplicationInfoMap = new HashMap<>();
+ for (ApplicationInfo applicationInfo : installedApplications) {
+ if (!uidToApplicationInfoMap.containsKey(applicationInfo.uid)) {
+ uidToApplicationInfoMap.put(applicationInfo.uid, applicationInfo);
+ }
+ }
+ }
+
+ ApplicationInfo applicationInfo = uidToApplicationInfoMap.get(appUid);
+ if (applicationInfo != null) {
+ PackageManager packageManager = context.getPackageManager();
+ return applicationInfo.loadIcon(packageManager); // The application icon.
+ } else {
+ return context.getDrawable(R.drawable.ic_unknown); // The default icon.
+ }
+ }
+
+ /**
+ * Called when an application in removed (un-installed) from the system.
+ * This will look for that application in the selected list and update the persisted values if necessary
+ *
+ * @param ctx mandatory app context
+ */
+ public static void applicationRemoved(Context ctx, int pkgRemoved, RootCommand callback) {
+ SharedPreferences prefs = ctx.getSharedPreferences(PREFS_NAME, Context.MODE_PRIVATE);
+ SharedPreferences.Editor editor = prefs.edit();
+ boolean isRuleChanged = false;
+
+ String[] prefKeys = {
+ PREF_WIFI_PKG_UIDS,
+ PREF_3G_PKG_UIDS,
+ PREF_ROAMING_PKG_UIDS,
+ PREF_VPN_PKG_UIDS,
+ PREF_TETHER_PKG_UIDS,
+ PREF_LAN_PKG_UIDS,
+ PREF_TOR_PKG_UIDS
+ };
+
+ String[] savedPackages = {
+ prefs.getString(PREF_WIFI_PKG_UIDS, ""),
+ prefs.getString(PREF_3G_PKG_UIDS, ""),
+ prefs.getString(PREF_ROAMING_PKG_UIDS, ""),
+ prefs.getString(PREF_VPN_PKG_UIDS, ""),
+ prefs.getString(PREF_TETHER_PKG_UIDS, ""),
+ prefs.getString(PREF_LAN_PKG_UIDS, ""),
+ prefs.getString(PREF_TOR_PKG_UIDS, "")
+ };
+
+ boolean[] ruleChanged = new boolean[savedPackages.length];
+
+ for (int i = 0; i < savedPackages.length; i++) {
+ ruleChanged[i] = removePackageRef(ctx, savedPackages[i], pkgRemoved, editor, prefKeys[i]);
+ if (ruleChanged[i]) {
+ isRuleChanged = true;
+ }
+ }
+
+ if (isRuleChanged) {
+ editor.apply();
+ if (isEnabled(ctx)) {
+ applySavedIptablesRules(ctx, false, new RootCommand());
+ }
+ }
+ }
+
+
+ public static void donateDialog(final Context ctx, boolean showToast) {
+ if (showToast) {
+ Toast.makeText(ctx, ctx.getText(R.string.donate_only), Toast.LENGTH_LONG).show();
+ } else {
+ try {
+ new MaterialDialog.Builder(ctx).cancelable(false)
+ .title(R.string.buy_donate)
+ .content(R.string.donate_only)
+ .positiveText(R.string.buy_donate)
+ .negativeText(R.string.close)
+ .icon(ctx.getResources().getDrawable(R.drawable.ic_launcher))
+ .onPositive(new MaterialDialog.SingleButtonCallback() {
+ @Override
+ public void onClick(@NonNull MaterialDialog dialog, @NonNull DialogAction which) {
+ Intent intent = new Intent(Intent.ACTION_VIEW);
+ intent.setData(Uri.parse("market://search?q=pub:ukpriya"));
+ ctx.startActivity(intent);
+ }
+ })
+
+ .onNegative(new MaterialDialog.SingleButtonCallback() {
+ @Override
+ public void onClick(@NonNull MaterialDialog dialog, @NonNull DialogAction which) {
+ dialog.cancel();
+ G.isDo(false);
+ }
+ })
+ .show();
+ } catch (Exception e) {
+ Toast.makeText(ctx, ctx.getText(R.string.donate_only), Toast.LENGTH_LONG).show();
+ }
+ }
+ }
+
+ public static void exportRulesToFileConfirm(final Context ctx) {
+ String fileName = "afwall-backup-" + new SimpleDateFormat("yyyy-MM-dd-HH-mm-ss").format(new Date()) + ".json";
+ if (exportRules(ctx, fileName)) {
+ Api.toast(ctx, ctx.getString(R.string.export_rules_success) + " " + fileName);
+ } else {
+ Api.toast(ctx, ctx.getString(R.string.export_rules_fail));
+ }
+ }
+
+ public static void exportAllPreferencesToFileConfirm(final Context ctx) {
+ String fileName = "afwall-backup-all-" + new SimpleDateFormat("yyyy-MM-dd-HH-mm-ss").format(new Date()) + ".json";
+ if (exportAll(ctx, fileName)) {
+ Api.toast(ctx, ctx.getString(R.string.export_rules_success) + " " + fileName);
+ } else {
+ Api.toast(ctx, ctx.getString(R.string.export_rules_fail));
+ }
+ }
+
+ public static void exportRulesToFileWithPicker(final Context ctx) {
+ showExportFileDialog(ctx, false);
+ }
+
+ public static void exportAllPreferencesToFileWithPicker(final Context ctx) {
+ showExportFileDialog(ctx, true);
+ }
+
+ private static void showExportFileDialog(final Context ctx, final boolean exportAll) {
+ try {
+ File defaultPath;
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
+ defaultPath = new File(ctx.getExternalFilesDir(Environment.DIRECTORY_DOCUMENTS), "/");
+ } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
+ defaultPath = new File(ctx.getExternalFilesDir(null), "/");
+ } else {
+ defaultPath = new File(Environment.getExternalStorageDirectory().getAbsolutePath() + "/afwall/");
+ defaultPath.mkdirs();
+ }
+
+ dev.ukanth.ufirewall.util.FileDialog fileDialog = new dev.ukanth.ufirewall.util.FileDialog((Activity) ctx, defaultPath, true);
+ fileDialog.setSelectDirectoryOption(true);
+ fileDialog.addDirectoryListener(directory -> {
+ String fileName = "afwall-backup" + (exportAll ? "-all" : "") + "-" +
+ new SimpleDateFormat("yyyy-MM-dd-HH-mm-ss").format(new Date()) + ".json";
+ File fullPath = new File(directory, fileName);
+
+ boolean success;
+ if (exportAll) {
+ success = exportAllToFile(ctx, fullPath);
+ } else {
+ success = exportRulesToFile(ctx, fullPath);
+ }
+
+ if (success) {
+ Api.toast(ctx, ctx.getString(R.string.export_rules_success) + " " + fullPath.getAbsolutePath());
+ } else {
+ Api.toast(ctx, ctx.getString(R.string.export_rules_fail));
+ }
+ });
+ fileDialog.showDialog();
+ } catch (Exception e) {
+ // Fallback to original method if file dialog fails
+ if (exportAll) {
+ exportAllPreferencesToFileConfirm(ctx);
+ } else {
+ exportRulesToFileConfirm(ctx);
+ }
+ }
+ }
+
+ private static boolean exportRulesToFile(Context ctx, File file) {
+ boolean res = false;
+ try (FileOutputStream fOut = new FileOutputStream(file);
+ OutputStreamWriter myOutWriter = new OutputStreamWriter(fOut)) {
+
+ JSONObject obj = new JSONObject(getCurrentRulesAsMap(ctx));
+ JSONArray jArray = new JSONArray("[" + obj.toString() + "]");
+ JSONObject exportObject = new JSONObject();
+ exportObject.put("rules", jArray);
+ String mode = G.pPrefs.getString(Api.PREF_MODE, Api.MODE_WHITELIST);
+ exportObject.put("mode", mode);
+
+ myOutWriter.write(exportObject.toString());
+ myOutWriter.flush(); // Ensure data is written
+ res = true;
+ Log.i(TAG, "Successfully exported rules to: " + file.getAbsolutePath());
+ } catch (Exception e) {
+ Log.e(TAG, "Error exporting rules to file: " + file.getAbsolutePath(), e);
+ }
+ return res;
+ }
+
+ private static boolean exportAllToFile(Context ctx, File file) {
+ boolean res = false;
+ try (FileOutputStream fOut = new FileOutputStream(file);
+ OutputStreamWriter myOutWriter = new OutputStreamWriter(fOut)) {
+
+ JSONObject exportObject = new JSONObject();
+ if (G.enableMultiProfile()) {
+ if (!G.isProfileMigrated()) {
+ JSONObject profileObject = new JSONObject();
+ for (String profile : G.profiles) {
+ profileObject.put(profile, new JSONObject(getRulesForProfile(ctx, profile)));
+ }
+ exportObject.put("profiles", profileObject);
+
+ JSONObject addProfileObject = new JSONObject();
+ for (String profile : G.getAdditionalProfiles()) {
+ addProfileObject.put(profile, new JSONObject(getRulesForProfile(ctx, profile)));
+ }
+ exportObject.put("additional_profiles", addProfileObject);
+ } else {
+ JSONObject profileObject = new JSONObject();
+ String profileName = "AFWallPrefs";
+ profileObject.put(profileName, new JSONObject(getRulesForProfile(ctx, profileName)));
+
+ List profileDataList = ProfileHelper.getProfiles();
+ for (ProfileData profile : profileDataList) {
+ profileName = profile.getName();
+ if (profile.getIdentifier().startsWith("AFWallProfile")) {
+ profileName = profile.getIdentifier();
+ }
+ profileObject.put(profile.getName(), new JSONObject(getRulesForProfile(ctx, profileName)));
+ }
+ exportObject.put("_profiles", profileObject);
+ }
+ } else {
+ JSONObject obj = new JSONObject(getCurrentRulesAsMap(ctx));
+ exportObject.put("default", obj);
+ }
+
+ exportObject.put("prefs", getAllAppPreferences(ctx, G.gPrefs));
+ // Export profile-specific preferences (mode, custom rules, etc.)
+ if (G.pPrefs != null) {
+ exportObject.put("profilePrefs", getAllAppPreferences(ctx, G.pPrefs));
+ }
+
+ myOutWriter.write(exportObject.toString());
+ myOutWriter.flush(); // Ensure data is written
+ res = true;
+ Log.i(TAG, "Successfully exported all preferences to: " + file.getAbsolutePath());
+ } catch (Exception e) {
+ Log.e(TAG, "Error exporting all preferences to file: " + file.getAbsolutePath(), e);
+ }
+ return res;
+ }
+
+ private static void updateExportPackage(Map exportMap, String packageName, boolean isChecked, int identifier) throws JSONException {
+ if (!isChecked) {
+ return;
+ }
+ JSONObject obj;
+ if (packageName != null) {
+ if (exportMap.containsKey(packageName)) {
+ obj = exportMap.get(packageName);
+ obj.put(identifier + "", true);
+ } else {
+ obj = new JSONObject();
+ obj.put(identifier + "", true);
+ exportMap.put(packageName, obj);
+ }
+ }
+ }
+
+ private static void updatePackage(Context ctx, String savedPkg_uid, Map exportMap, int identifier) throws JSONException {
+ StringTokenizer tok = new StringTokenizer(savedPkg_uid, "|");
+ while (tok.hasMoreTokens()) {
+ String uid = tok.nextToken();
+ if (!uid.isEmpty()) {
+ String packageName = ctx.getPackageManager().getNameForUid(Integer.parseInt(uid));
+ updateExportPackage(exportMap, packageName, /*is_checked=*/ true, identifier);
+ }
+ }
+ }
+
+ private static Map getCurrentRulesAsMap(Context ctx) {
+ List apps = getApps(ctx, null);
+ Map exportMap = new HashMap<>();
+
+ try {
+ for (PackageInfoData app : apps) {
+ updateExportPackage(exportMap, app.pkgName, app.selected_wifi, WIFI_EXPORT);
+ updateExportPackage(exportMap, app.pkgName, app.selected_3g, DATA_EXPORT);
+ updateExportPackage(exportMap, app.pkgName, app.selected_roam, ROAM_EXPORT);
+ updateExportPackage(exportMap, app.pkgName, app.selected_vpn, VPN_EXPORT);
+ updateExportPackage(exportMap, app.pkgName, app.selected_tether, TETHER_EXPORT);
+ updateExportPackage(exportMap, app.pkgName, app.selected_lan, LAN_EXPORT);
+ updateExportPackage(exportMap, app.pkgName, app.selected_tor, TOR_EXPORT);
+ }
+ } catch (JSONException e) {
+ Log.e(TAG, e.getLocalizedMessage());
+ }
+ return exportMap;
+ }
+
+
+ public static boolean exportAll(Context ctx, final String fileName) {
+ boolean res = false;
+ try {
+ File file;
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
+ // Android 11+ (API 30+): Use scoped storage
+ file = new File(ctx.getExternalFilesDir(Environment.DIRECTORY_DOCUMENTS), fileName);
+ } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
+ // Android 10 (API 29): Use app-specific directory
+ file = new File(ctx.getExternalFilesDir(null), fileName);
+ } else {
+ // Android 9 and below: Use legacy external storage
+ File dir = new File(Environment.getExternalStorageDirectory().getAbsolutePath() + File.separator + "afwall");
+ dir.mkdirs();
+ file = new File(dir, fileName);
+ }
+
+ try (FileOutputStream fOut = new FileOutputStream(file);
+ OutputStreamWriter myOutWriter = new OutputStreamWriter(fOut)) {
+
+ JSONObject exportObject = new JSONObject();
+ if (G.enableMultiProfile()) {
+ if (!G.isProfileMigrated()) {
+ JSONObject profileObject = new JSONObject();
+ for (String profile : G.profiles) {
+ profileObject.put(profile, new JSONObject(getRulesForProfile(ctx, profile)));
+ }
+ exportObject.put("profiles", profileObject);
+
+ JSONObject addProfileObject = new JSONObject();
+ for (String profile : G.getAdditionalProfiles()) {
+ addProfileObject.put(profile, new JSONObject(getRulesForProfile(ctx, profile)));
+ }
+ exportObject.put("additional_profiles", addProfileObject);
+ } else {
+ JSONObject profileObject = new JSONObject();
+ String profileName = "AFWallPrefs";
+ profileObject.put(profileName, new JSONObject(getRulesForProfile(ctx, profileName)));
+
+ List profileDataList = ProfileHelper.getProfiles();
+ for (ProfileData profile : profileDataList) {
+ profileName = profile.getName();
+ if (profile.getIdentifier().startsWith("AFWallProfile")) {
+ profileName = profile.getIdentifier();
+ }
+ profileObject.put(profile.getName(), new JSONObject(getRulesForProfile(ctx, profileName)));
+ }
+ exportObject.put("_profiles", profileObject);
+ }
+ } else {
+ JSONObject obj = new JSONObject(getCurrentRulesAsMap(ctx));
+ exportObject.put("default", obj);
+ }
+
+ exportObject.put("prefs", getAllAppPreferences(ctx, G.gPrefs));
+ // Export profile-specific preferences (mode, custom rules, etc.)
+ if (G.pPrefs != null) {
+ exportObject.put("profilePrefs", getAllAppPreferences(ctx, G.pPrefs));
+ }
+
+ String mode = G.pPrefs.getString(Api.PREF_MODE, Api.MODE_WHITELIST);
+ exportObject.put("mode", mode);
+
+ myOutWriter.append(exportObject.toString());
+ res = true;
+ }
+
+ } catch (Exception e) {
+ Log.d(TAG, e.getLocalizedMessage(), e);
+ }
+
+ return res;
+ }
+
+
+ private static Map getRulesForProfile(Context ctx, String profile) throws JSONException {
+ Map exportMap = new HashMap<>();
+ SharedPreferences prefs = ctx.getSharedPreferences(profile, Context.MODE_PRIVATE);
+ updatePackage(ctx, prefs.getString(PREF_WIFI_PKG_UIDS, ""), exportMap, WIFI_EXPORT);
+ updatePackage(ctx, prefs.getString(PREF_3G_PKG_UIDS, ""), exportMap, DATA_EXPORT);
+ updatePackage(ctx, prefs.getString(PREF_ROAMING_PKG_UIDS, ""), exportMap, ROAM_EXPORT);
+ updatePackage(ctx, prefs.getString(PREF_VPN_PKG_UIDS, ""), exportMap, VPN_EXPORT);
+ updatePackage(ctx, prefs.getString(PREF_TETHER_PKG_UIDS, ""), exportMap, TETHER_EXPORT);
+ updatePackage(ctx, prefs.getString(PREF_LAN_PKG_UIDS, ""), exportMap, LAN_EXPORT);
+ updatePackage(ctx, prefs.getString(PREF_TOR_PKG_UIDS, ""), exportMap, TOR_EXPORT);
+ return exportMap;
+ }
+
+ private static JSONArray getAllAppPreferences(Context ctx, SharedPreferences gPrefs) throws JSONException {
+ Map keys = gPrefs.getAll();
+ JSONArray arr = new JSONArray();
+ for (Map.Entry entry : keys.entrySet()) {
+ JSONObject obj = new JSONObject();
+ obj.put(entry.getKey(), entry.getValue().toString());
+ arr.put(obj);
+ }
+ return arr;
+ }
+
+ public static boolean exportRules(Context ctx, final String fileName) {
+ boolean res = false;
+
+ File file;
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
+ // Android 11+ (API 30+): Use scoped storage
+ file = new File(ctx.getExternalFilesDir(Environment.DIRECTORY_DOCUMENTS), fileName);
+ } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
+ // Android 10 (API 29): Use app-specific directory
+ file = new File(ctx.getExternalFilesDir(null), fileName);
+ } else {
+ // Android 9 and below: Use legacy external storage
+ File dir = new File(Environment.getExternalStorageDirectory().getAbsolutePath() + "/afwall/");
+ dir.mkdirs();
+ file = new File(dir, fileName);
+ }
+
+ try {
+
+ FileOutputStream fOut = new FileOutputStream(file);
+ OutputStreamWriter myOutWriter = new OutputStreamWriter(fOut);
+
+ //default Profile - current one
+ JSONObject obj = new JSONObject(getCurrentRulesAsMap(ctx));
+ JSONArray jArray = new JSONArray("[" + obj.toString() + "]");
+
+ JSONObject exportObject = new JSONObject();
+ exportObject.put("rules", jArray);
+
+ String mode = G.pPrefs.getString(Api.PREF_MODE, Api.MODE_WHITELIST);
+ exportObject.put("mode", mode);
+
+ myOutWriter.append(exportObject.toString());
+ res = true;
+ myOutWriter.close();
+ fOut.close();
+
+
+ } catch (FileNotFoundException e) {
+ Log.e(TAG, e.getLocalizedMessage());
+ } catch (JSONException e) {
+ Log.e(TAG, e.getLocalizedMessage());
+ } catch (IOException e) {
+ Log.e(TAG, e.getLocalizedMessage());
+ }
+
+ return res;
+ }
+
+
+ private static boolean importRulesRoot(Context ctx, File file, StringBuilder msg) {
+ boolean returnVal = false;
+ BufferedReader br = null;
+ try {
+ com.topjohnwu.superuser.Shell.Result result = com.topjohnwu.superuser.Shell.cmd("cat " + file.getAbsolutePath()).exec();
+ List out = result.getOut();
+ String data = TextUtils.join("", out);
+
+ try {
+ //old export format
+ JSONArray array = new JSONArray(data);
+ updateRulesFromJson(ctx, (JSONObject) array.get(0), PREFS_NAME);
+ } catch (JSONException e) {
+ //new exported format
+ JSONObject jsonObject = new JSONObject(data);
+ //save mode
+ if(jsonObject.get("mode") != null) {
+ G.pPrefs.edit().putString(PREF_MODE, jsonObject.getString("mode")).apply();
+ }
+ JSONArray array = (JSONArray) jsonObject.get("rules");
+ updateRulesFromJson(ctx, (JSONObject) array.get(0), PREFS_NAME);
+ }
+ returnVal = true;
+ } catch (java.util.concurrent.RejectedExecutionException e) {
+ Log.w(TAG, "Import rules file read rejected: " + e.getMessage());
+ } catch (JSONException e) {
+ Log.e(TAG, "JSON parsing error during import: " + e.getLocalizedMessage());
+ } catch (Exception e) {
+ Log.e(TAG, "Failed to import rules from file: " + e.getLocalizedMessage());
+ } finally {
+ if (br != null) {
+ try {
+ br.close();
+ } catch (IOException e) {
+ Log.e(TAG, e.getLocalizedMessage());
+ }
+ }
+ }
+ return returnVal;
+ }
+ private static boolean importRules(Context ctx, File file, StringBuilder msg) {
+ boolean returnVal = false;
+
+ try (BufferedReader br = new BufferedReader(new FileReader(file))) {
+ StringBuilder text = new StringBuilder();
+ String line;
+ while ((line = br.readLine()) != null) {
+ text.append(line);
+ }
+ String data = text.toString();
+ if (data.trim().isEmpty()) {
+ msg.append("Import file contains no data");
+ return false;
+ }
+
+ JSONObject jsonObject = new JSONObject(data);
+ if (jsonObject.has("mode")) {
+ G.pPrefs.edit().putString(PREF_MODE, jsonObject.getString("mode")).apply();
+ }
+ JSONArray array = jsonObject.optJSONArray("rules");
+ if (array != null) {
+ updateRulesFromJson(ctx, (JSONObject) array.get(0), PREFS_NAME);
+ } else {
+ updateRulesFromJson(ctx, jsonObject, PREFS_NAME);
+ }
+
+ returnVal = true;
+ } catch (FileNotFoundException e) {
+ if (e.getMessage().contains("EACCES")) {
+ return importRulesRoot(ctx, file, msg);
+ } else {
+ msg.append(ctx.getString(R.string.import_rules_missing));
+ }
+ } catch (IOException | JSONException e) {
+ Log.e(TAG, e.getLocalizedMessage());
+ }
+
+ return returnVal;
+ }
+
+
+ private static void updateRulesFromJson(Context ctx, JSONObject object, String preferenceName) throws JSONException {
+ final StringBuilder[] uidBuilders = new StringBuilder[7];
+ uidBuilders[WIFI_EXPORT] = new StringBuilder();
+ uidBuilders[DATA_EXPORT] = new StringBuilder();
+ uidBuilders[ROAM_EXPORT] = new StringBuilder();
+ uidBuilders[VPN_EXPORT] = new StringBuilder();
+ uidBuilders[TETHER_EXPORT] = new StringBuilder();
+ uidBuilders[LAN_EXPORT] = new StringBuilder();
+ uidBuilders[TOR_EXPORT] = new StringBuilder();
+
+ Map json = JsonHelper.toMap(object);
+ final PackageManager pm = ctx.getPackageManager();
+
+ for (Map.Entry entry : json.entrySet()) {
+ String pkgName = entry.getKey();
+ if (pkgName.contains(":")) {
+ pkgName = pkgName.split(":")[0];
+ }
+
+ JSONObject jsonObj = (JSONObject) JsonHelper.toJSON(entry.getValue());
+ Iterator keys = jsonObj.keys();
+ while (keys.hasNext()) {
+ String key = (String) keys.next();
+ int exportType = Integer.parseInt(key);
+ StringBuilder uidBuilder = uidBuilders[exportType];
+
+ if (uidBuilder.length() != 0) {
+ uidBuilder.append('|');
+ }
+
+ if (pkgName.startsWith("dev.afwall.special")) {
+ uidBuilder.append(specialApps.get(pkgName));
+ } else {
+ try {
+ uidBuilder.append(pm.getApplicationInfo(pkgName, 0).uid);
+ } catch (NameNotFoundException e) {
+ // Handle exception if needed
+ }
+ }
+ }
+ }
+
+ final SharedPreferences prefs = ctx.getSharedPreferences(preferenceName, Context.MODE_PRIVATE);
+ final Editor edit = prefs.edit();
+ edit.putString(PREF_WIFI_PKG_UIDS, uidBuilders[WIFI_EXPORT].toString());
+ edit.putString(PREF_3G_PKG_UIDS, uidBuilders[DATA_EXPORT].toString());
+ edit.putString(PREF_ROAMING_PKG_UIDS, uidBuilders[ROAM_EXPORT].toString());
+ edit.putString(PREF_VPN_PKG_UIDS, uidBuilders[VPN_EXPORT].toString());
+ edit.putString(PREF_TETHER_PKG_UIDS, uidBuilders[TETHER_EXPORT].toString());
+ edit.putString(PREF_LAN_PKG_UIDS, uidBuilders[LAN_EXPORT].toString());
+ edit.putString(PREF_TOR_PKG_UIDS, uidBuilders[TOR_EXPORT].toString());
+
+ edit.apply();
+ }
+
+ private static boolean shouldIgnoreKey(String key) {
+ String[] ignore = {"appVersion", "fixLeak", "enableLogService", "sort", "storedProfile", "hasRoot", "logChains", "kingDetect", "fingerprintEnabled"};
+ return Arrays.asList(ignore).contains(key);
+ }
+
+ private static boolean isIntType(String key) {
+ String[] intType = {"logPingTime", "customDelay", "patternMax", "widgetX", "widgetY", "notification_priority"};
+ return Arrays.asList(intType).contains(key);
+ }
+
+ private static void importProfiles(Context ctx, JSONObject profileObject) throws JSONException {
+ Iterator keys = profileObject.keys();
+ while (keys.hasNext()) {
+ String key = keys.next();
+ try {
+ JSONObject obj = profileObject.getJSONObject(key);
+ updateRulesFromJson(ctx, obj, key);
+ } catch (JSONException e) {
+ if (e.getMessage().contains("No value")) {
+ // continue;
+ }
+ }
+ }
+ }
+ private static boolean importAll(Context ctx, File file, StringBuilder msg) {
+ boolean returnVal = false;
+
+ try (BufferedReader br = new BufferedReader(new FileReader(file))) {
+ StringBuilder text = new StringBuilder();
+ String line;
+ while ((line = br.readLine()) != null) {
+ text.append(line);
+ }
+ String data = text.toString();
+ if (data.trim().isEmpty()) {
+ msg.append("Import file contains no data");
+ return false;
+ }
+
+ JSONObject object = new JSONObject(data);
+ // Basic validation of expected JSON structure
+ if (!object.has("prefs") && !object.has("profiles") && !object.has("_profiles") && !object.has("default")) {
+ msg.append("Import file does not contain valid AFWall+ data");
+ Log.w(TAG, "Invalid import file structure - missing expected keys");
+ return false;
+ }
+
+ // Allow/deny rule
+ if (object.has("mode")) {
+ G.pPrefs.edit().putString(PREF_MODE, object.getString("mode")).apply();
+ }
+
+ JSONArray prefArray = object.getJSONArray("prefs");
+ for (int i = 0; i < prefArray.length(); i++) {
+ JSONObject prefObj = prefArray.getJSONObject(i);
+ Iterator keys = prefObj.keys();
+
+ while (keys.hasNext()) {
+ String key = keys.next();
+ String value = prefObj.getString(key);
+ if (shouldIgnoreKey(key)) {
+ continue;
+ }
+ if (value.equals("true") || value.equals("false")) {
+ G.gPrefs.edit().putBoolean(key, Boolean.parseBoolean(value)).apply();
+ } else {
+ try {
+ if (key.equals("multiUserId")) {
+ G.gPrefs.edit().putLong(key, Long.parseLong(value)).apply();
+ } else if (isIntType(key)) {
+ G.gPrefs.edit().putString(key, value).apply();
+ } else {
+ int intValue = Integer.parseInt(value);
+ G.gPrefs.edit().putInt(key, intValue).apply();
+ }
+ } catch (NumberFormatException e) {
+ G.gPrefs.edit().putString(key, value).apply();
+ }
+ }
+ }
+ }
+
+ // Import profile-specific preferences if available
+ if (object.has("profilePrefs")) {
+ JSONArray profilePrefArray = object.getJSONArray("profilePrefs");
+ for (int i = 0; i < profilePrefArray.length(); i++) {
+ JSONObject prefObj = profilePrefArray.getJSONObject(i);
+ Iterator keys = prefObj.keys();
+
+ while (keys.hasNext()) {
+ String key = keys.next();
+ String value = prefObj.getString(key);
+ if (shouldIgnoreKey(key)) {
+ continue;
+ }
+ if (value.equals("true") || value.equals("false")) {
+ G.pPrefs.edit().putBoolean(key, Boolean.parseBoolean(value)).apply();
+ } else {
+ try {
+ if (key.equals("multiUserId")) {
+ G.pPrefs.edit().putLong(key, Long.parseLong(value)).apply();
+ } else if (isIntType(key)) {
+ G.pPrefs.edit().putString(key, value).apply();
+ } else {
+ int intValue = Integer.parseInt(value);
+ G.pPrefs.edit().putInt(key, intValue).apply();
+ }
+ } catch (NumberFormatException e) {
+ G.pPrefs.edit().putString(key, value).apply();
+ }
+ }
+ }
+ }
+ }
+
+ if (G.enableMultiProfile()) {
+ if (G.isProfileMigrated()) {
+ JSONObject profileObject = object.getJSONObject("_profiles");
+ importProfiles(ctx, profileObject);
+ } else {
+ JSONObject profileObject = object.getJSONObject("profiles");
+ importProfiles(ctx, profileObject);
+ JSONObject customProfileObject = object.getJSONObject("additional_profiles");
+ importProfiles(ctx, customProfileObject);
+ }
+ } else {
+ JSONObject defaultRules = object.getJSONObject("default");
+ updateRulesFromJson(ctx, defaultRules, PREFS_NAME);
+ }
+ returnVal = true;
+ } catch (FileNotFoundException e) {
+ msg.append(ctx.getString(R.string.import_rules_missing));
+ } catch (IOException | JSONException e) {
+ Log.e(TAG, e.getLocalizedMessage());
+ }
+
+ return returnVal;
+ }
+
+ public static boolean loadSharedPreferencesFromFile(Context ctx, StringBuilder builder, String fileName, boolean loadAll) {
+ boolean res = false;
+ File file = new File(fileName);
+ if (file.exists()) {
+ // Basic file validation
+ if (file.length() == 0) {
+ builder.append("Import file is empty");
+ Log.w(TAG, "Import file is empty: " + fileName);
+ return false;
+ }
+ if (file.length() > 50 * 1024 * 1024) { // 50MB limit
+ builder.append("Import file is too large (>50MB)");
+ Log.w(TAG, "Import file is too large: " + fileName + " (" + file.length() + " bytes)");
+ return false;
+ }
+
+ Log.i(TAG, "Importing from file: " + fileName + " (loadAll: " + loadAll + ")");
+ if (loadAll) {
+ res = importAll(ctx, file, builder);
+ } else {
+ res = importRules(ctx, file, builder);
+ }
+ } else {
+ builder.append("Import file does not exist: " + fileName);
+ Log.w(TAG, "Import file does not exist: " + fileName);
+ }
+ return res;
+ }
+
+ /**
+ * Probe log target
+ * @param ctx
+ */
+ public static void probeLogTarget(final Context ctx) {
+
+ }
+
+ @SuppressLint("InlinedApi")
+ public static void showInstalledAppDetails(Context context, String packageName) {
+ final String SCHEME = "package";
+ Intent intent = new Intent();
+ final int apiLevel = Build.VERSION.SDK_INT;
+ intent.setAction(Settings.ACTION_APPLICATION_DETAILS_SETTINGS);
+ intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ Uri uri = Uri.fromParts(SCHEME, packageName, null);
+ intent.setData(uri);
+ context.startActivity(intent);
+ }
+
+ public static boolean isNetfilterSupported() {
+ boolean netfiler_exists = new File("/proc/net/netfilter").exists();
+ try {
+ Shell.Result result = Shell.cmd("cat /proc/net/ip_tables_targets").exec();
+ return netfiler_exists && result.isSuccess();
+ } catch (java.util.concurrent.RejectedExecutionException e) {
+ Log.w(TAG, "Netfilter check rejected: " + e.getMessage());
+ return false;
+ } catch (Exception e) {
+ Log.e(TAG, "Failed to check netfilter support: " + e.getMessage());
+ return false;
+ }
+ }
+
+ private static void initSpecial() {
+ if (specialApps == null || specialApps.size() == 0) {
+ specialApps = new HashMap();
+ specialApps.put("dev.afwall.special.any", SPECIAL_UID_ANY);
+ specialApps.put("dev.afwall.special.kernel", SPECIAL_UID_KERNEL);
+ specialApps.put("dev.afwall.special.tether", SPECIAL_UID_TETHER);
+ //specialApps.put("dev.afwall.special.dnsproxy",SPECIAL_UID_DNSPROXY);
+ specialApps.put("dev.afwall.special.ntp", SPECIAL_UID_NTP);
+ for (String acct : specialAndroidAccounts) {
+ String pkg = "dev.afwall.special." + acct;
+ int uid = android.os.Process.getUidForName(acct);
+ specialApps.put(pkg, uid);
+ }
+ }
+ }
+
+ public static void updateLanguage(Context context, String lang) {
+ if (lang.equals("sys")) {
+ Locale defaultLocale = Resources.getSystem().getConfiguration().locale;
+ Locale.setDefault(defaultLocale);
+ Resources res = context.getResources();
+ Configuration conf = res.getConfiguration();
+ conf.locale = defaultLocale;
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
+ context.createConfigurationContext(conf);
+ } else {
+ context.getResources().updateConfiguration(conf, context.getResources().getDisplayMetrics());
+ }
+ } else if (!"".equals(lang)) {
+ Locale locale = new Locale(lang);
+ if (lang.contains("_")) {
+ locale = new Locale(lang.split("_")[0], lang.split("_")[1]);
+ }
+ Locale.setDefault(locale);
+ Resources res = context.getResources();
+ Configuration conf = res.getConfiguration();
+ conf.locale = locale;
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
+ context.createConfigurationContext(conf);
+ } else {
+ context.getResources().updateConfiguration(conf, context.getResources().getDisplayMetrics());
+ }
+ }
+ }
+
+ public static void setUserOwner(Context context) {
+ if (supportsMultipleUsers(context)) {
+ try {
+ Method getUserHandle = UserManager.class.getMethod("getUserHandle");
+ int userHandle = (Integer) getUserHandle.invoke(context.getSystemService(Context.USER_SERVICE));
+ G.setMultiUserId(userHandle);
+ } catch (Exception ex) {
+ Log.e(TAG, "Exception on setUserOwner " + ex.getMessage());
+ }
+ }
+ }
+
+ @SuppressLint("NewApi")
+ public static boolean supportsMultipleUsers(Context context) {
+ final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE);
+ try {
+ Method supportsMultipleUsers = UserManager.class.getMethod("supportsMultipleUsers");
+ return (Boolean) supportsMultipleUsers.invoke(um);
+ } catch (Exception ex) {
+ return false;
+ }
+ }
+
+ public static String loadData(final Context context,
+ final String resourceName) throws IOException {
+ int resourceIdentifier = context
+ .getApplicationContext()
+ .getResources()
+ .getIdentifier(resourceName, "raw",
+ context.getApplicationContext().getPackageName());
+ if (resourceIdentifier != 0) {
+ InputStream inputStream = context.getApplicationContext()
+ .getResources().openRawResource(resourceIdentifier);
+ BufferedReader reader = new BufferedReader(new InputStreamReader(
+ inputStream, StandardCharsets.UTF_8));
+ String line;
+ StringBuffer data = new StringBuffer();
+ while ((line = reader.readLine()) != null) {
+ data.append(line);
+ }
+ reader.close();
+ return data.toString();
+ }
+ return null;
+ }
+
+ /**
+ * Encrypt the password - DEPRECATED: Use SecureCrypto.encryptSecure() for new code
+ * This method is kept for backward compatibility only
+ *
+ * @param key
+ * @param data
+ * @return
+ * @deprecated Use SecureCrypto.encryptSecure() instead for better security
+ */
+ @Deprecated
+ public static String hideCrypt(String key, String data) {
+ if (key == null || data == null)
+ return null;
+ String encodeStr = null;
+ try {
+ DESKeySpec desKeySpec = new DESKeySpec(key.getBytes(charsetName));
+ SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(algorithm);
+ SecretKey secretKey = secretKeyFactory.generateSecret(desKeySpec);
+ byte[] dataBytes = data.getBytes(charsetName);
+ Cipher cipher = Cipher.getInstance(algorithm);
+ cipher.init(Cipher.ENCRYPT_MODE, secretKey);
+ encodeStr = Base64.encodeToString(cipher.doFinal(dataBytes), base64Mode);
+
+ } catch (Exception e) {
+ Log.e(TAG, e.getLocalizedMessage());
+ }
+ return encodeStr;
+ }
+
+ /**
+ * Decrypt the password - DEPRECATED: Use SecureCrypto.decryptSecure() for new code
+ * This method is kept for backward compatibility only
+ *
+ * @param key
+ * @param data
+ * @return
+ * @deprecated Use SecureCrypto.decryptSecure() instead for better security
+ */
+ @Deprecated
+ public static String unhideCrypt(String key, String data) {
+ if (key == null || data == null)
+ return null;
+
+ String decryptStr = null;
+ try {
+ byte[] dataBytes = Base64.decode(data, base64Mode);
+ DESKeySpec desKeySpec = new DESKeySpec(key.getBytes(charsetName));
+ SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(algorithm);
+ SecretKey secretKey = secretKeyFactory.generateSecret(desKeySpec);
+ Cipher cipher = Cipher.getInstance(algorithm);
+ cipher.init(Cipher.DECRYPT_MODE, secretKey);
+ byte[] dataBytesDecrypted = (cipher.doFinal(dataBytes));
+ decryptStr = new String(dataBytesDecrypted);
+ } catch (Exception e) {
+ Log.e(TAG, e.getLocalizedMessage());
+ }
+ return decryptStr;
+ }
+
+ public static boolean isMobileNetworkSupported(final Context ctx) {
+ boolean hasMobileData = true;
+ try {
+ ConnectivityManager cm = (ConnectivityManager) ctx.getSystemService(Context.CONNECTIVITY_SERVICE);
+ if (cm != null) {
+ if (cm.getNetworkInfo(ConnectivityManager.TYPE_MOBILE) == null) {
+ hasMobileData = false;
+ }
+ }
+ } catch (SecurityException e) {
+ Log.e(TAG, e.getMessage(), e);
+ }
+ return hasMobileData;
+ }
+
+ public static String getCurrentPackage(Context ctx) {
+ PackageInfo pInfo = null;
+ try {
+ pInfo = ctx.getPackageManager().getPackageInfo(ctx.getPackageName(), 0);
+ } catch (NameNotFoundException e) {
+ Log.e(Api.TAG, "Package not found", e);
+ }
+ return pInfo.packageName;
+ }
+
+ public static int getConnectivityStatus(Context context) {
+
+ ConnectivityManager cm = (ConnectivityManager) context
+ .getSystemService(Context.CONNECTIVITY_SERVICE);
+
+ assert cm != null;
+ NetworkInfo activeNetwork = cm.getActiveNetworkInfo();
+
+ if (null != activeNetwork) {
+
+ if (activeNetwork.getType() == ConnectivityManager.TYPE_WIFI)
+ return 1;
+
+ if (activeNetwork.getType() == ConnectivityManager.TYPE_MOBILE)
+ return 2;
+
+ if (activeNetwork.getType() == ConnectivityManager.TYPE_BLUETOOTH)
+ return 3;
+ }
+ return 0;
+ }
+
+ /**
+ * Apply default chains based on preference
+ *
+ * @param ctx
+ */
+ public static void applyDefaultChains(Context ctx, RootCommand callback) {
+ List cmds = new ArrayList<>();
+ cmds.add(G.ipv4Input() ? "-P INPUT ACCEPT" : "-P INPUT DROP");
+ cmds.add(G.ipv4Fwd() ? "-P FORWARD ACCEPT" : "-P FORWARD DROP");
+ cmds.add(G.ipv4Output() ? "-P OUTPUT ACCEPT" : "-P OUTPUT DROP");
+ applyQuick(ctx, cmds, callback);
+ applyDefaultChainsv6(ctx, callback);
+ }
+
+ public static void applyDefaultChainsv6(Context ctx, RootCommand callback) {
+ if (G.controlIPv6()) {
+ List cmds = new ArrayList<>();
+ cmds.add(G.ipv6Input() ? "-P INPUT ACCEPT" : "-P INPUT DROP");
+ cmds.add(G.ipv6Fwd() ? "-P FORWARD ACCEPT" : "-P FORWARD DROP");
+ cmds.add(G.ipv6Output() ? "-P OUTPUT ACCEPT" : "-P OUTPUT DROP");
+ applyIPv6Quick(ctx, cmds, callback);
+ }
+ }
+
+ /**
+ * Delete all firewall rules. For diagnostic purposes only.
+ *
+ * @param ctx application context
+ * @param callback callback for completion
+ */
+ public static void flushOtherRules(Context ctx, RootCommand callback) {
+ List cmds = new ArrayList();
+ cmds.add("-F firewall");
+ cmds.add("-X firewall");
+ apply46(ctx, cmds, callback);
+ }
+
+ // Clipboard
+ public static void copyToClipboard(Context context, String val) {
+ ClipboardManager clipboard = (ClipboardManager) context.getSystemService(Context.CLIPBOARD_SERVICE);
+ ClipData clip = ClipData.newPlainText("label", val);
+ clipboard.setPrimaryClip(clip);
+ }
+
+ public static void sendToastBroadcast(Context ctx, String message) {
+ Intent broadcastIntent = new Intent();
+ broadcastIntent.setAction("TOAST");
+ broadcastIntent.putExtra("MSG", message);
+ ctx.sendBroadcast(broadcastIntent);
+ }
+
+ public static String getFixLeakPath(String fileName) {
+ if (G.initPath() != null) {
+ return G.initPath() + "/" + fileName;
+ }
+ return null;
+ }
+
+ public static boolean isFixPathFileExist(String fileName) {
+ String path = getFixLeakPath(fileName);
+ if (path != null) {
+ File file = new File(path);
+ return file.exists();
+ }
+ return false;
+ }
+
+ public static boolean mountDir(Context context, String path, String mountType) {
+ if (path != null) {
+ String busyboxPath = Api.getBusyBoxPath(context, true);
+ if (!busyboxPath.trim().isEmpty()) {
+ return RootTools.remount(path, mountType, busyboxPath);
+ } else {
+ return false;
+ }
+ }
+ return false;
+ }
+
+ public static void checkAndCopyFixLeak(final Context context, final String fileName) {
+ if (G.initPath() != null && G.fixLeak() && !isFixPathFileExist(fileName)) {
+ final String srcPath = new File(ctx.getDir("bin", 0), fileName)
+ .getAbsolutePath();
+
+ new Thread(() -> {
+ String path = G.initPath();
+ if (path != null) {
+ File f = new File(path);
+ if (mountDir(context, getFixLeakPath(fileName), "RW")) {
+ //make sure it's executable
+ new RootCommand()
+ .setReopenShell(true)
+ .setLogging(true)
+ .run(ctx, "chmod 755 " + f.getAbsolutePath());
+ RootTools.copyFile(srcPath, (f.getAbsolutePath() + "/" + fileName),
+ true, false);
+ mountDir(context, getFixLeakPath(fileName), "RO");
+ }
+ }
+ }).start();
+ }
+ }
+
+ public static Context updateBaseContextLocale(Context context) {
+ String language = G.locale(); // Helper method to get saved language from SharedPreferences
+ Locale locale = new Locale(language);
+
+ if (language.equals("zh") || language.equals("zh_CN")) {
+ locale = Locale.SIMPLIFIED_CHINESE;
+ } else if (language.equals("zh_TW")) {
+ locale = Locale.TRADITIONAL_CHINESE;
+ }
+
+ Locale.setDefault(locale);
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
+ return updateResourcesLocale(context, locale);
+ }
+ return updateResourcesLocaleLegacy(context, locale);
+ }
+
+ @TargetApi(Build.VERSION_CODES.N)
+ private static Context updateResourcesLocale(Context context, Locale locale) {
+ Configuration configuration = context.getResources().getConfiguration();
+ configuration.setLocale(locale);
+ return context.createConfigurationContext(configuration);
+ }
+
+ private static Context updateResourcesLocaleLegacy(Context context, Locale locale) {
+ Resources resources = context.getResources();
+ Configuration configuration = resources.getConfiguration();
+ configuration.locale = locale;
+ resources.updateConfiguration(configuration, resources.getDisplayMetrics());
+ return context;
+ }
+
+ public static void setDefaultPermission(ApplicationInfo applicationInfo) {
+
+ boolean isModified = false;
+ SharedPreferences prefs = ctx.getSharedPreferences(PREFS_NAME, Context.MODE_PRIVATE);
+ Editor edit = prefs.edit();
+
+ // Get the mode type
+ int modeType = G.pPrefs.getString(Api.PREF_MODE, Api.MODE_WHITELIST).equals(Api.MODE_WHITELIST) ? 0 : 1;
+
+ // Get the preference list
+ List list = SQLite.select().from(DefaultConnectionPref.class)
+ .where(DefaultConnectionPref_Table.modeType.eq(modeType))
+ .queryList();
+
+ for (DefaultConnectionPref pref : list) {
+ if (pref.isState()) {
+ int uid = applicationInfo.uid;
+ switch (pref.getUid()) {
+ case 0:
+ edit.putString(PREF_LAN_PKG_UIDS, prefs.getString(PREF_LAN_PKG_UIDS, "") + "|" + uid);
+ isModified = true;
+ break;
+ case 1:
+ edit.putString(PREF_WIFI_PKG_UIDS, prefs.getString(PREF_WIFI_PKG_UIDS, "") + "|" + uid);
+ isModified = true;
+ break;
+ case 2:
+ edit.putString(PREF_3G_PKG_UIDS, prefs.getString(PREF_3G_PKG_UIDS, "") + "|" + uid);
+ isModified = true;
+ break;
+ case 3:
+ edit.putString(PREF_ROAMING_PKG_UIDS, prefs.getString(PREF_ROAMING_PKG_UIDS, "") + "|" + uid);
+ isModified = true;
+ break;
+ case 4:
+ edit.putString(PREF_TOR_PKG_UIDS, prefs.getString(PREF_TOR_PKG_UIDS, "") + "|" + uid);
+ isModified = true;
+ break;
+ case 5:
+ edit.putString(PREF_VPN_PKG_UIDS, prefs.getString(PREF_VPN_PKG_UIDS, "") + "|" + uid);
+ isModified = true;
+ break;
+ case 6:
+ edit.putString(PREF_TETHER_PKG_UIDS, prefs.getString(PREF_TETHER_PKG_UIDS, "") + "|" + uid);
+ isModified = true;
+ break;
+ }
+ }
+ }
+ if (isModified) {
+ edit.apply();
+ // Make sure rules are modified flag is set
+ Api.setRulesUpToDate(false);
+ fastApply(ctx, new RootCommand());
+ }
+ }
+
+ static class RuleDataSet {
+
+ List wifiList;
+ List dataList;
+ List lanList;
+ List roamList;
+ List vpnList;
+ List tetherList;
+ List torList;
+
+ RuleDataSet(List uidsWifi, List uids3g,
+ List uidsRoam, List uidsVPN, List uidsTether,
+ List uidsLAN, List uidsTor) {
+ this.wifiList = uidsWifi;
+ this.dataList = uids3g;
+ this.roamList = uidsRoam;
+ this.vpnList = uidsVPN;
+ this.tetherList = uidsTether;
+ this.lanList = uidsLAN;
+ this.torList = uidsTor;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result
+ + ((wifiList == null) ? 0 : dataList.hashCode());
+ return result;
+ }
+
+ @Override
+ public String toString() {
+ String builder = (wifiList != null ? android.text.TextUtils.join(",", wifiList) : "") +
+ (dataList != null ? android.text.TextUtils.join(",", dataList) : "") +
+ (lanList != null ? android.text.TextUtils.join(",", lanList) : "") +
+ (roamList != null ? android.text.TextUtils.join(",", roamList) : "") +
+ (vpnList != null ? android.text.TextUtils.join(",", vpnList) : "") +
+ (tetherList != null ? android.text.TextUtils.join(",", tetherList) : "") +
+ (torList != null ? android.text.TextUtils.join(",", torList) : "");
+ return builder.trim();
+ }
+ }
+
+ /**
+ * Safe shell command execution that handles library-level crashes
+ */
+ private static List executeSafeShellCommand(String command) {
+ // First try the primary libsu approach
+ try {
+ // Check if we can get a valid shell
+ if (Shell.getShell() == null || !Shell.getShell().isAlive()) {
+ Log.w(TAG, "Shell is not available or not alive, trying fallback");
+ return executeFallbackShellCommand(command);
+ }
+
+ // Execute with timeout and proper error handling
+ Shell.Result result = Shell.cmd(command).exec();
+ return result != null ? result.getOut() : null;
+
+ } catch (java.util.concurrent.RejectedExecutionException e) {
+ Log.w(TAG, "Shell execution rejected - trying fallback: " + e.getMessage());
+ return executeFallbackShellCommand(command);
+ } catch (RuntimeException e) {
+ // Check for wrapped ExecutionException with InterruptedIOException
+ Throwable cause = e.getCause();
+ if (cause instanceof java.util.concurrent.ExecutionException) {
+ java.util.concurrent.ExecutionException execEx = (java.util.concurrent.ExecutionException) cause;
+ if (execEx.getCause() instanceof java.io.InterruptedIOException) {
+ Log.w(TAG, "Shell execution interrupted at library level - trying fallback: " + execEx.getCause().getMessage());
+ return executeFallbackShellCommand(command);
+ }
+ }
+ // Re-throw if it's not a known interruption issue
+ throw e;
+ } catch (Exception e) {
+ Log.w(TAG, "Unexpected error in safe shell execution, trying fallback: " + e.getMessage());
+ return executeFallbackShellCommand(command);
+ }
+ }
+
+ /**
+ * Fallback shell execution using the legacy RootShell library
+ * This provides an alternative when libsu fails due to interruptions
+ */
+ private static List executeFallbackShellCommand(String command) {
+ try {
+ Log.d(TAG, "Using fallback shell execution for command: " + command);
+
+ // Use the legacy RootShell library as fallback
+ final java.util.List output = new java.util.ArrayList<>();
+ final boolean[] completed = {false};
+
+ com.stericson.rootshell.execution.Command cmd = new com.stericson.rootshell.execution.Command(0, command) {
+ @Override
+ public void commandCompleted(int id, int exitcode) {
+ super.commandCompleted(id, exitcode);
+ completed[0] = true;
+ }
+
+ @Override
+ public void commandOutput(int id, String line) {
+ super.commandOutput(id, line);
+ if (line != null) {
+ output.add(line);
+ }
+ }
+ };
+
+ // Execute with timeout
+ com.stericson.roottools.RootTools.getShell(true, 0).add(cmd);
+
+ // Wait for completion with timeout
+ long startTime = System.currentTimeMillis();
+ while (!completed[0] && (System.currentTimeMillis() - startTime) < 30000) {
+ Thread.sleep(100);
+ }
+
+ if (completed[0]) {
+ Log.d(TAG, "Fallback shell execution completed successfully");
+ return output;
+ } else {
+ Log.w(TAG, "Fallback shell execution timed out");
+ return null;
+ }
+
+ } catch (Exception e) {
+ Log.e(TAG, "Fallback shell execution also failed: " + e.getMessage());
+ return null;
+ }
+ }
+
+ private static class RunCommand extends AsyncTask, Integer> {
+
+ private int exitCode = -1;
+
+ @Override
+ protected void onPreExecute() {
+ super.onPreExecute();
+ }
+
+ @Override
+ protected Integer doInBackground(Object... params) {
+ @SuppressWarnings("unchecked")
+
+ List commands = (List) params[0];
+ StringBuilder res = (StringBuilder) params[1];
+ Log.i(TAG, "Executing root commands of" + commands.size());
+ try {
+ // Check if task is cancelled before proceeding
+ if (isCancelled()) {
+ Log.d(TAG, "RunCommand task was cancelled, aborting execution");
+ return -1;
+ }
+
+ if (Shell.getShell().isRoot() && !Shell.isAppGrantedRoot())
+ return -1;
+ if (commands != null && commands.size() > 0) {
+ // Check again before executing shell command
+ if (isCancelled()) {
+ Log.d(TAG, "RunCommand task was cancelled before shell execution");
+ return -1;
+ }
+
+ // Use a safe shell execution wrapper
+ List output = executeSafeShellCommand(String.valueOf(commands));
+ if (output != null) {
+ exitCode = 0;
+ if (output.size() > 0) {
+ for (String str : output) {
+ res.append(str);
+ res.append("\n");
+ }
+ }
+ } else {
+ exitCode = 1;
+ }
+ }
+ } catch (java.util.concurrent.RejectedExecutionException e) {
+ Log.w(TAG, "Shell execution rejected, likely due to app shutdown: " + e.getMessage());
+ exitCode = -1;
+ } catch (RuntimeException ex) {
+ // Check if this is a wrapped ExecutionException with InterruptedIOException
+ Throwable cause = ex.getCause();
+ if (cause instanceof java.util.concurrent.ExecutionException) {
+ java.util.concurrent.ExecutionException execEx = (java.util.concurrent.ExecutionException) cause;
+ if (execEx.getCause() instanceof java.io.InterruptedIOException) {
+ Log.w(TAG, "Shell command execution was interrupted: " + execEx.getCause().getMessage());
+ exitCode = -1;
+ return exitCode;
+ }
+ } else if (ex.getCause() instanceof java.io.InterruptedIOException) {
+ Log.w(TAG, "Shell command execution was interrupted: " + ex.getCause().getMessage());
+ exitCode = -1;
+ return exitCode;
+ }
+ Log.e(TAG, "Shell command execution failed: " + ex.getMessage());
+ if (res != null)
+ res.append("\n").append(ex);
+ exitCode = -1;
+ } catch (Exception ex) {
+ Log.e(TAG, "Shell command execution failed with unexpected exception: " + ex.getMessage());
+ if (res != null)
+ res.append("\n").append(ex);
+ exitCode = -1;
+ }
+ return exitCode;
+ }
+
+ @Override
+ protected void onCancelled() {
+ Log.d(TAG, "RunCommand task was cancelled");
+ super.onCancelled();
+ }
+
+ @Override
+ protected void onCancelled(Integer result) {
+ Log.d(TAG, "RunCommand task was cancelled with result: " + result);
+ super.onCancelled(result);
+ }
+
+
+ }
+
+ /**
+ * Small structure to hold an application info
+ */
+ public static final class PackageInfoData {
+
+ /**
+ * linux user id
+ */
+ public int uid;
+ /**
+ * application names belonging to this user id
+ */
+ public List names;
+ /**
+ * rules saving & load
+ **/
+ public String pkgName;
+
+ /**
+ * Application Type
+ */
+ public int appType;
+
+ /**
+ * indicates if this application is selected for wifi
+ */
+ public boolean selected_wifi;
+ /**
+ * indicates if this application is selected for 3g
+ */
+ public boolean selected_3g;
+ /**
+ * indicates if this application is selected for roam
+ */
+ public boolean selected_roam;
+ /**
+ * indicates if this application is selected for vpn
+ */
+ public boolean selected_vpn;
+ /**
+ * indicates if this application is selected for tether
+ */
+ public boolean selected_tether;
+ /**
+ * indicates if this application is selected for lan
+ */
+ public boolean selected_lan;
+ /**
+ * indicates if this application is selected for tor mode
+ */
+ public boolean selected_tor;
+ /**
+ * toString cache
+ */
+ public String tostr;
+ /**
+ * application info
+ */
+ public ApplicationInfo appinfo;
+ /**
+ * cached application icon
+ */
+ public Drawable cached_icon;
+ /**
+ * indicates if the icon has been loaded already
+ */
+ public boolean icon_loaded;
+
+ /* install time */
+ public long installTime;
+
+ /**
+ * first time seen?
+ */
+ public boolean firstseen;
+
+ public PackageInfoData() {
+ }
+
+ public PackageInfoData(int uid, String name, String pkgNameStr) {
+ this.uid = uid;
+ this.names = new ArrayList();
+ this.names.add(name);
+ this.pkgName = pkgNameStr;
+ }
+
+ public PackageInfoData(String user, String name, String pkgNameStr) {
+ this(android.os.Process.getUidForName(user), name, pkgNameStr);
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (o == this) return true;
+ if (!(o instanceof PackageInfoData)) {
+ return false;
+ }
+
+ PackageInfoData pkg = (PackageInfoData) o;
+
+ return pkg.uid == uid &&
+ pkg.pkgName.equals(pkgName);
+ }
+
+ @Override
+ public int hashCode() {
+ int result = 17;
+ if (appinfo != null) {
+ result = 31 * result + appinfo.hashCode();
+ }
+ result = 31 * result + uid;
+ result = 31 * result + pkgName.hashCode();
+ return result;
+ }
+
+ /**
+ * Screen representation of this application
+ */
+ @Override
+ public String toString() {
+ if (tostr == null) {
+ StringBuilder s = new StringBuilder();
+ //if (uid > 0) s.append(uid + ": ");
+ for (int i = 0; i < names.size(); i++) {
+ if (i != 0) s.append(", ");
+ s.append(names.get(i));
+ }
+ s.append("\n");
+ tostr = s.toString();
+ }
+ return tostr;
+ }
+
+ public String toStringWithUID() {
+ if (tostr == null) {
+ StringBuilder s = new StringBuilder();
+ s.append("[ ");
+ s.append(uid);
+ s.append(" ] ");
+ for (int i = 0; i < names.size(); i++) {
+ if (i != 0) s.append(", ");
+ s.append(names.get(i));
+ }
+ s.append("\n");
+ tostr = s.toString();
+ }
+ return tostr;
+ }
+
+ }
+
+ public static void copySharedPreferences(SharedPreferences fromPreferences, SharedPreferences.Editor toEditor) {
+ for (Map.Entry entry : fromPreferences.getAll().entrySet()) {
+ Object value = entry.getValue();
+ String key = entry.getKey();
+ if (value instanceof String) {
+ toEditor.putString(key, ((String) value));
+ } else if (value instanceof Set) {
+ toEditor.putStringSet(key, (Set) value); // EditorImpl.putStringSet already creates a copy of the set
+ } else if (value instanceof Integer) {
+ toEditor.putInt(key, (Integer) value);
+ } else if (value instanceof Long) {
+ toEditor.putLong(key, (Long) value);
+ } else if (value instanceof Float) {
+ toEditor.putFloat(key, (Float) value);
+ } else if (value instanceof Boolean) {
+ toEditor.putBoolean(key, (Boolean) value);
+ }
+ }
+ toEditor.commit();
+ }
+
+ @NonNull
+ public static Bitmap getBitmapFromDrawable(@NonNull Drawable drawable) {
+ final Bitmap bmp = Bitmap.createBitmap(drawable.getIntrinsicWidth(), drawable.getIntrinsicHeight(), Bitmap.Config.ARGB_8888);
+ final Canvas canvas = new Canvas(bmp);
+ drawable.setBounds(0, 0, canvas.getWidth(), canvas.getHeight());
+ drawable.draw(canvas);
+ return bmp;
+ }
+
+
+
+ @TargetApi(Build.VERSION_CODES.M)
+ public static boolean batteryOptimized(Context context) {
+ PowerManager pm = (PowerManager) context.getSystemService(Context.POWER_SERVICE);
+ return !pm.isIgnoringBatteryOptimizations(context.getPackageName());
+ }
+
+}
diff --git a/app/src/main/java/dev/ukanth/ufirewall/InterfaceDetails.java b/app/src/main/java/dev/ukanth/ufirewall/InterfaceDetails.java
new file mode 100644
index 0000000..28f6197
--- /dev/null
+++ b/app/src/main/java/dev/ukanth/ufirewall/InterfaceDetails.java
@@ -0,0 +1,68 @@
+/**
+ * Class to store wifi/3G/tethering status and LAN IP ranges.
+ *
+ * Copyright (C) 2013 Kevin Cernekee
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ *
+ * @author Kevin Cernekee
+ * @version 1.0
+ */
+
+package dev.ukanth.ufirewall;
+
+public class InterfaceDetails {
+ // firewall policy
+ public boolean isRoaming = false;
+
+ public boolean isWifiTethered = false;
+ public boolean tetherWifiStatusKnown = false;
+
+ public boolean isBluetoothTethered = false;
+ public boolean tetherBluetoothStatusKnown = false;
+
+ public boolean isUsbTethered = false;
+ public boolean tetherUsbStatusKnown = false;
+
+ public String lanMaskV4 = "";
+ public String lanMaskV6 = "";
+
+ // DNS servers for targeted rules instead of opening port 53 to all LAN hosts
+ public java.util.List dnsServersV4 = new java.util.ArrayList<>();
+ public java.util.List dnsServersV6 = new java.util.ArrayList<>();
+
+ // supplementary info
+ String wifiName = "";
+ boolean netEnabled = false;
+ boolean noIP = false;
+ public int netType = -1;
+
+ public boolean equals(InterfaceDetails that) {
+ return this.isRoaming == that.isRoaming &&
+ this.isWifiTethered == that.isWifiTethered &&
+ this.tetherWifiStatusKnown == that.tetherWifiStatusKnown &&
+ this.isBluetoothTethered == that.isBluetoothTethered &&
+ this.tetherBluetoothStatusKnown == that.tetherBluetoothStatusKnown &&
+ this.isUsbTethered == that.isUsbTethered &&
+ this.tetherUsbStatusKnown == that.tetherUsbStatusKnown &&
+ this.lanMaskV4.equals(that.lanMaskV4) &&
+ this.lanMaskV6.equals(that.lanMaskV6) &&
+ this.dnsServersV4.equals(that.dnsServersV4) &&
+ this.dnsServersV6.equals(that.dnsServersV6) &&
+ this.wifiName.equals(that.wifiName) &&
+ this.netEnabled == that.netEnabled &&
+ this.netType == that.netType &&
+ this.noIP == that.noIP;
+ }
+}
\ No newline at end of file
diff --git a/app/src/main/java/dev/ukanth/ufirewall/InterfaceTracker.java b/app/src/main/java/dev/ukanth/ufirewall/InterfaceTracker.java
new file mode 100644
index 0000000..02b42a0
--- /dev/null
+++ b/app/src/main/java/dev/ukanth/ufirewall/InterfaceTracker.java
@@ -0,0 +1,523 @@
+/**
+ * Keep track of wifi/3G/tethering status and LAN IP ranges.
+ *
+ * Copyright (C) 2013 Kevin Cernekee
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ *
+ * @author Kevin Cernekee
+ * @version 1.0
+ */
+
+package dev.ukanth.ufirewall;
+
+import static dev.ukanth.ufirewall.util.G.ctx;
+
+import android.bluetooth.BluetoothAdapter;
+import android.bluetooth.BluetoothProfile;
+import android.content.Context;
+import android.content.pm.PackageManager;
+import android.net.ConnectivityManager;
+import android.net.NetworkInfo;
+import android.net.wifi.WifiManager;
+
+import java.lang.reflect.Method;
+import java.net.Inet4Address;
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.net.InterfaceAddress;
+import java.net.NetworkInterface;
+import java.util.Enumeration;
+import java.util.Iterator;
+
+import dev.ukanth.ufirewall.log.Log;
+import dev.ukanth.ufirewall.service.FirewallService;
+import dev.ukanth.ufirewall.service.RootCommand;
+import dev.ukanth.ufirewall.util.G;
+
+public final class InterfaceTracker {
+
+ public static final String TAG = "AFWall";
+
+ public static final String[] ITFS_WIFI = {"eth+", "wlan+", "tiwlan+", "ra+", "bnep+"};
+
+ public static final String[] ITFS_3G = {"rmnet+", "pdp+", "uwbr+", "wimax+", "vsnet+",
+ "rmnet_sdio+", "ccmni+", "qmi+", "svnet0+", "ccemni+",
+ "wwan+", "cdma_rmnet+", "clat4+", "cc2mni+", "bond1+", "rmnet_smux+", "ccinet+",
+ "v4-rmnet+", "seth_w+", "v4-rmnet_data+", "rmnet_ipa+", "rmnet_data+", "r_rmnet_data+"};
+
+ public static final String[] ITFS_VPN = {"tun+", "ppp+", "tap+"};
+
+ public static final String[] ITFS_TETHER = {"bt-pan", "usb+", "rndis+", "rmnet_usb+"};
+
+ public static final String BOOT_COMPLETED = "BOOT_COMPLETED";
+ public static final String CONNECTIVITY_CHANGE = "CONNECTIVITY_CHANGE";
+ public static final String TETHER_STATE_CHANGED = "TETHER_STATE_CHANGED";
+
+
+ private static InterfaceDetails currentCfg = null;
+
+ private static String truncAfter(String in, String regexp) {
+ return in.split(regexp)[0];
+ }
+
+ private static void getTetherStatus(Context context, InterfaceDetails d) {
+ getWifiTetherStatus(context, d);
+ getBluetoothTetherStatus(context, d);
+ getUsbTetherStatus(context, d);
+ }
+
+ private static void getWifiTetherStatus(Context context, InterfaceDetails d) {
+ WifiManager wifi = (WifiManager) context.getApplicationContext().getSystemService(Context.WIFI_SERVICE);
+ Method[] wmMethods = wifi.getClass().getDeclaredMethods();
+
+ d.isWifiTethered = false;
+ d.tetherWifiStatusKnown = false;
+
+ for (Method method : wmMethods) {
+ if (method.getName().equals("isWifiApEnabled")) {
+ try {
+ d.isWifiTethered = ((Boolean) method.invoke(wifi)).booleanValue();
+ d.tetherWifiStatusKnown = true;
+ Log.d(TAG, "isWifiApEnabled is " + d.isWifiTethered);
+ } catch (Exception e) {
+ Log.e(G.TAG, "Exception in getting Wifi tether status");
+ Log.e(Api.TAG, android.util.Log.getStackTraceString(e));
+ }
+ }
+ }
+ }
+
+
+
+
+ // To get bluetooth tethering, we need valid BluetoothPan instance
+ // It is obtainable only in ServiceListener.onServiceConnected callback
+
+
+ public static BluetoothProfile getBtProfile() {
+ return FirewallService.getBtPanProfile();
+ }
+
+ private static void getBluetoothTetherStatus(Context context, InterfaceDetails d) {
+ if (FirewallService.getBtPanProfile() != null) {
+ Method[] btMethods = FirewallService.getBtPanProfile().getClass().getDeclaredMethods();
+
+ d.isBluetoothTethered = false;
+ d.tetherBluetoothStatusKnown = false;
+
+ for (Method method : btMethods) {
+ if (method.getName().equals("isTetheringOn")) {
+ try {
+ d.isBluetoothTethered = ((Boolean) method.invoke(FirewallService.getBtPanProfile())).booleanValue();
+ d.tetherBluetoothStatusKnown = true;
+ Log.d(TAG, "isBluetoothTetheringOn is " + d.isBluetoothTethered);
+ } catch (Exception e) {
+ Log.e(Api.TAG, android.util.Log.getStackTraceString(e));
+ }
+ }
+ }
+ }
+ }
+
+ private static void getUsbTetherStatus(Context context, InterfaceDetails d) {
+ ConnectivityManager cm = (ConnectivityManager) context.getSystemService(Context.CONNECTIVITY_SERVICE);
+ if (cm == null) {
+ d.isUsbTethered = false;
+ d.tetherUsbStatusKnown = false;
+ return;
+ }
+
+ d.isUsbTethered = false;
+ d.tetherUsbStatusKnown = false;
+
+ try {
+ // Use reflection to access hidden getTetheredIfaces() method
+ Method getTetheredIfaces = cm.getClass().getDeclaredMethod("getTetheredIfaces");
+ getTetheredIfaces.setAccessible(true);
+ String[] tetheredIfaces = (String[]) getTetheredIfaces.invoke(cm);
+
+ if (tetheredIfaces != null) {
+ for (String iface : tetheredIfaces) {
+ // USB tethering typically uses interfaces like "rndis0", "usb0", etc.
+ if (iface != null && (iface.startsWith("rndis") || iface.startsWith("usb"))) {
+ d.isUsbTethered = true;
+ break;
+ }
+ }
+ }
+ d.tetherUsbStatusKnown = true;
+ Log.d(TAG, "USB tethering status: " + d.isUsbTethered);
+
+ } catch (Exception e) {
+ Log.e(G.TAG, "Exception in getting USB tether status");
+ Log.e(Api.TAG, android.util.Log.getStackTraceString(e));
+
+ // Fallback: Check if USB tethering interface exists using NetworkInterface
+ try {
+ d.isUsbTethered = isUsbTetherInterfaceUp();
+ d.tetherUsbStatusKnown = true;
+ Log.d(TAG, "USB tethering status (fallback): " + d.isUsbTethered);
+ } catch (Exception fallbackException) {
+ Log.e(Api.TAG, "Fallback USB tether detection failed: " + android.util.Log.getStackTraceString(fallbackException));
+ }
+ }
+ }
+
+ private static boolean isUsbTetherInterfaceUp() {
+ try {
+ java.util.Enumeration interfaces = java.net.NetworkInterface.getNetworkInterfaces();
+ while (interfaces.hasMoreElements()) {
+ java.net.NetworkInterface networkInterface = interfaces.nextElement();
+ String name = networkInterface.getName();
+ if (name != null && (name.startsWith("rndis") || name.startsWith("usb")) && networkInterface.isUp()) {
+ return true;
+ }
+ }
+ } catch (Exception e) {
+ Log.e(Api.TAG, "Error checking network interfaces: " + android.util.Log.getStackTraceString(e));
+ }
+ return false;
+ }
+
+ private static InterfaceDetails getInterfaceDetails(Context context) {
+
+ InterfaceDetails ret = new InterfaceDetails();
+
+ ConnectivityManager cm = (ConnectivityManager) context
+ .getSystemService(Context.CONNECTIVITY_SERVICE);
+
+ NetworkInfo info = cm.getActiveNetworkInfo();
+
+ if (info == null || !info.isConnected()) {
+ return ret;
+ }
+
+ switch (info.getType()) {
+ case ConnectivityManager.TYPE_MOBILE:
+ case ConnectivityManager.TYPE_MOBILE_DUN:
+ case ConnectivityManager.TYPE_MOBILE_HIPRI:
+ case ConnectivityManager.TYPE_MOBILE_MMS:
+ case ConnectivityManager.TYPE_MOBILE_SUPL:
+ case ConnectivityManager.TYPE_WIMAX:
+ ret.isRoaming = info.isRoaming();
+ ret.netType = ConnectivityManager.TYPE_MOBILE;
+ ret.netEnabled = true;
+ break;
+ case ConnectivityManager.TYPE_WIFI:
+ case ConnectivityManager.TYPE_BLUETOOTH:
+ case ConnectivityManager.TYPE_ETHERNET:
+ ret.netType = ConnectivityManager.TYPE_WIFI;
+ ret.netEnabled = true;
+ break;
+ }
+ try {
+ if(G.enableTether()) {
+ getTetherStatus(context, ret);
+ }
+ } catch (Exception e) {
+ Log.i(Api.TAG, "Exception in getInterfaceDetails.checkTether" + e.getLocalizedMessage());
+ }
+ NewInterfaceScanner.populateLanMasks(ret);
+ getDnsServers(context, ret);
+ return ret;
+ }
+
+ private static void getDnsServers(Context context, InterfaceDetails d) {
+ d.dnsServersV4.clear();
+ d.dnsServersV6.clear();
+
+ try {
+ ConnectivityManager cm = (ConnectivityManager) context.getSystemService(Context.CONNECTIVITY_SERVICE);
+ if (cm == null) return;
+
+ // Get active network
+ android.net.Network activeNetwork = null;
+ if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.M) {
+ activeNetwork = cm.getActiveNetwork();
+ }
+
+ if (activeNetwork != null && android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.M) {
+ // Modern approach using LinkProperties (API 23+)
+ android.net.LinkProperties linkProperties = cm.getLinkProperties(activeNetwork);
+ if (linkProperties != null) {
+ for (java.net.InetAddress dns : linkProperties.getDnsServers()) {
+ if (dns instanceof java.net.Inet4Address) {
+ d.dnsServersV4.add(dns.getHostAddress());
+ } else if (dns instanceof java.net.Inet6Address) {
+ d.dnsServersV6.add(dns.getHostAddress());
+ }
+ }
+ }
+ }
+
+ // Fallback: Try system properties (older Android versions or backup method)
+ if (d.dnsServersV4.isEmpty() && d.dnsServersV6.isEmpty()) {
+ getDnsFromSystemProperties(d);
+ }
+
+ Log.d(TAG, "DNS servers IPv4: " + d.dnsServersV4);
+ Log.d(TAG, "DNS servers IPv6: " + d.dnsServersV6);
+
+ } catch (Exception e) {
+ Log.e(Api.TAG, "Exception getting DNS servers: " + android.util.Log.getStackTraceString(e));
+ }
+ }
+
+ private static void getDnsFromSystemProperties(InterfaceDetails d) {
+ try {
+ // Try common system properties for DNS servers
+ String[] dnsProps = {"net.dns1", "net.dns2", "net.dns3", "net.dns4"};
+
+ for (String prop : dnsProps) {
+ String dnsServer = System.getProperty(prop);
+ if (dnsServer != null && !dnsServer.isEmpty() && !dnsServer.equals("0.0.0.0")) {
+ try {
+ java.net.InetAddress addr = java.net.InetAddress.getByName(dnsServer);
+ if (addr instanceof java.net.Inet4Address) {
+ if (!d.dnsServersV4.contains(dnsServer)) {
+ d.dnsServersV4.add(dnsServer);
+ }
+ } else if (addr instanceof java.net.Inet6Address) {
+ if (!d.dnsServersV6.contains(dnsServer)) {
+ d.dnsServersV6.add(dnsServer);
+ }
+ }
+ } catch (Exception e) {
+ Log.w(TAG, "Invalid DNS server address: " + dnsServer);
+ }
+ }
+ }
+ } catch (Exception e) {
+ Log.e(Api.TAG, "Exception getting DNS from system properties: " + android.util.Log.getStackTraceString(e));
+ }
+ }
+
+ public static boolean checkForNewCfg(Context context) {
+ InterfaceDetails newCfg = getInterfaceDetails(context);
+
+ //always check for new config
+ if (currentCfg != null && currentCfg.equals(newCfg)) {
+ return false;
+ }
+ Log.i(TAG, "Getting interface details...");
+
+ currentCfg = newCfg;
+
+ if (!newCfg.netEnabled) {
+ Log.i(TAG, "Now assuming NO connection (all interfaces down)");
+ } else {
+ if (newCfg.netType == ConnectivityManager.TYPE_WIFI) {
+ Log.i(TAG, "Now assuming wifi connection (" +
+ "bluetooth-tethered: " + (newCfg.isBluetoothTethered ? "yes" : "no") + ", " +
+ "usb-tethered: " + (newCfg.isUsbTethered ? "yes" : "no") + ")");
+ } else if (newCfg.netType == ConnectivityManager.TYPE_MOBILE) {
+ Log.i(TAG, "Now assuming 3G connection (" +
+ "roaming: " + (newCfg.isRoaming ? "yes" : "no") +
+ "wifi-tethered: " + (newCfg.isWifiTethered ? "yes" : "no") + ", " +
+ "bluetooth-tethered: " + (newCfg.isBluetoothTethered ? "yes" : "no") + ", " +
+ "usb-tethered: " + (newCfg.isUsbTethered ? "yes" : "no") + ")");
+ } else if (newCfg.netType == ConnectivityManager.TYPE_BLUETOOTH) {
+ Log.i(TAG, "Now assuming bluetooth connection (" +
+ "wifi-tethered: " + (newCfg.isWifiTethered ? "yes" : "no") + ", " +
+ "usb-tethered: " + (newCfg.isUsbTethered ? "yes" : "no") + ")");
+ }
+
+ if (!newCfg.lanMaskV4.equals("")) {
+ Log.i(TAG, "IPv4 LAN netmask on " + newCfg.wifiName + ": " + newCfg.lanMaskV4);
+ }
+ if (!newCfg.lanMaskV6.equals("")) {
+ Log.i(TAG, "IPv6 LAN netmask on " + newCfg.wifiName + ": " + newCfg.lanMaskV6);
+ }
+ if (newCfg.lanMaskV6.equals("") && newCfg.lanMaskV4.equals("")) {
+ Log.i(TAG, "No ipaddress found");
+ }
+ }
+ return true;
+ }
+
+ public static InterfaceDetails getCurrentCfg(Context context, boolean force) {
+ Log.i(TAG, "Forcing configuration: " + force);
+ if (currentCfg == null || force) {
+ currentCfg = getInterfaceDetails(context);
+ }
+ return currentCfg;
+ }
+
+ public static void applyRulesOnChange(Context context, final String reason) {
+ final Context ctx = context.getApplicationContext();
+ if (!checkForNewCfg(ctx)) {
+ Log.d(TAG, reason + ": interface state has not changed, ignoring");
+ return;
+ } else if (!Api.isEnabled(ctx)) {
+ Log.d(TAG, reason + ": firewall is disabled, ignoring");
+ return;
+ }
+ Log.d(TAG, reason + " applying rules");
+ // update Api.PREFS_NAME so we pick up the right profile
+ // REVISIT: this can be removed once we're confident that G is in sync with profile changes
+ G.reloadPrefs();
+
+ if (reason.equals(InterfaceTracker.BOOT_COMPLETED) || reason.startsWith(InterfaceTracker.BOOT_COMPLETED)) {
+ Log.i(TAG, "Applying boot-specific rules for reason: " + reason);
+ applyBootRules(reason);
+ } else {
+ Log.i(TAG, "Applying regular rules for reason: " + reason);
+ applyRules(reason);
+ }
+ }
+
+ public static void applyRules(final String reason) {
+ Api.fastApply(ctx, new RootCommand()
+ .setFailureToast(R.string.error_apply)
+ .setCallback(new RootCommand.Callback() {
+ @Override
+ public void cbFunc(RootCommand state) {
+ if (state.exitCode == 0) {
+ Log.i(TAG, reason + ": applied rules at " + System.currentTimeMillis());
+ Api.applyDefaultChains(ctx, new RootCommand()
+ .setCallback(new RootCommand.Callback() {
+ @Override
+ public void cbFunc(RootCommand state) {
+ if (state.exitCode != 0) {
+ Api.errorNotification(ctx);
+ }
+ }
+ }));
+ } else {
+ //lets try applying all rules
+ Api.setRulesUpToDate(false);
+ Api.fastApply(ctx, new RootCommand()
+ .setCallback(new RootCommand.Callback() {
+ @Override
+ public void cbFunc(RootCommand state) {
+ if (state.exitCode == 0) {
+ Log.i(TAG, reason + ": applied rules at " + System.currentTimeMillis());
+ } else {
+ Log.e(TAG, reason + ": applySavedIptablesRules() returned an error");
+ Api.errorNotification(ctx);
+ }
+ Api.applyDefaultChains(ctx, new RootCommand()
+ .setFailureToast(R.string.error_apply)
+ .setCallback(new RootCommand.Callback() {
+ @Override
+ public void cbFunc(RootCommand state) {
+ if (state.exitCode != 0) {
+ Api.errorNotification(ctx);
+ }
+ }
+ }));
+ }
+ }));
+ }
+ }
+ }));
+ }
+
+ public static void applyBootRules(final String reason) {
+ Api.applySavedIptablesRules(ctx, true, new RootCommand()
+ .setFailureToast(R.string.error_apply)
+ .setCallback(new RootCommand.Callback() {
+ @Override
+ public void cbFunc(RootCommand state) {
+ if (state.exitCode == 0) {
+ Log.i(TAG, reason + ": applied rules at " + System.currentTimeMillis());
+ Api.applyDefaultChains(ctx, new RootCommand()
+ .setCallback(new RootCommand.Callback() {
+ @Override
+ public void cbFunc(RootCommand state) {
+ if (state.exitCode != 0) {
+ Api.errorNotification(ctx);
+ }
+ }
+ }));
+ } else {
+ //lets try applying all rules
+ Api.setRulesUpToDate(false);
+ Api.applySavedIptablesRules(ctx, true, new RootCommand()
+ .setCallback(new RootCommand.Callback() {
+ @Override
+ public void cbFunc(RootCommand state) {
+ if (state.exitCode == 0) {
+ Log.i(TAG, reason + ": applied rules at " + System.currentTimeMillis());
+ } else {
+ Log.e(TAG, reason + ": applySavedIptablesRules() returned an error");
+ Api.errorNotification(ctx);
+ }
+ Api.applyDefaultChains(ctx, new RootCommand()
+ .setFailureToast(R.string.error_apply)
+ .setCallback(new RootCommand.Callback() {
+ @Override
+ public void cbFunc(RootCommand state) {
+ if (state.exitCode != 0) {
+ Api.errorNotification(ctx);
+ }
+ }
+ }));
+ }
+ }));
+ }
+ }
+ }));
+ }
+
+ private static class NewInterfaceScanner {
+
+ public static void populateLanMasks(InterfaceDetails ret) {
+ try {
+ Enumeration en = NetworkInterface.getNetworkInterfaces();
+
+ while (en.hasMoreElements()) {
+ NetworkInterface intf = en.nextElement();
+ boolean match = false;
+
+ if (!intf.isUp() || intf.isLoopback()) {
+ continue;
+ }
+
+ for (String pattern : ITFS_WIFI) {
+ if (intf.getName().startsWith(truncAfter(pattern, "\\+"))) {
+ match = true;
+ break;
+ }
+ }
+ if (!match)
+ continue;
+ ret.wifiName = intf.getName();
+
+ Iterator addrList = intf.getInterfaceAddresses().iterator();
+ while (addrList.hasNext()) {
+ InterfaceAddress addr = addrList.next();
+ InetAddress ip = addr.getAddress();
+ String mask = truncAfter(ip.getHostAddress(), "%") + "/" +
+ addr.getNetworkPrefixLength();
+
+ if(ret.lanMaskV4.isEmpty() || ret.lanMaskV6.isEmpty()) {
+ if (ip instanceof Inet4Address) {
+ ret.lanMaskV4 = mask;
+ } else if (ip instanceof Inet6Address) {
+ ret.lanMaskV6 = mask;
+ }
+ }
+ }
+ if (ret.lanMaskV4.equals("") && ret.lanMaskV6.equals("")) {
+ ret.noIP = true;
+ }
+ }
+ } catch (Exception e) {
+ Log.i(TAG, "Error fetching network interface list: " + android.util.Log.getStackTraceString(e));
+ }
+ }
+ }
+}
diff --git a/app/src/main/java/dev/ukanth/ufirewall/MainActivity.java b/app/src/main/java/dev/ukanth/ufirewall/MainActivity.java
new file mode 100644
index 0000000..166fff0
--- /dev/null
+++ b/app/src/main/java/dev/ukanth/ufirewall/MainActivity.java
@@ -0,0 +1,2723 @@
+/**
+ * Main application activity.
+ * This is the screen displayed when you open the application
+ *
+ * Copyright (C) 2009-2011 Rodrigo Zechin Rosauro
+ * Copyright (C) 2011-2012 Umakanthan Chandran
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ *
+ * @author Rodrigo Zechin Rosauro, Umakanthan Chandran
+ * @version 1.1
+ */
+
+package dev.ukanth.ufirewall;
+
+import static dev.ukanth.ufirewall.util.G.TAG;
+import static dev.ukanth.ufirewall.util.G.ctx;
+import static dev.ukanth.ufirewall.util.G.isDonate;
+import static dev.ukanth.ufirewall.util.SecurityUtil.LOCK_VERIFICATION;
+import static dev.ukanth.ufirewall.util.SecurityUtil.REQ_ENTER_PATTERN;
+
+import android.Manifest;
+import android.annotation.SuppressLint;
+import android.app.KeyguardManager;
+import android.app.NotificationManager;
+import android.content.ActivityNotFoundException;
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.DialogInterface;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.content.SharedPreferences.Editor;
+import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
+import android.content.res.Resources;
+import android.os.AsyncTask;
+import android.os.Build;
+import android.os.Bundle;
+import android.os.Environment;
+import android.text.Editable;
+import android.text.TextUtils;
+import android.text.TextUtils.TruncateAt;
+import android.text.TextWatcher;
+import android.view.KeyEvent;
+import android.view.LayoutInflater;
+import android.view.Menu;
+import android.view.MenuItem;
+import android.view.View;
+import android.view.View.OnClickListener;
+import android.view.WindowManager;
+import android.view.inputmethod.InputMethodManager;
+import android.widget.AdapterView;
+import android.widget.ArrayAdapter;
+import android.widget.BaseAdapter;
+import android.widget.EditText;
+import android.widget.ImageView;
+import android.widget.ListAdapter;
+import android.widget.ListView;
+import android.widget.RadioGroup;
+import android.widget.Spinner;
+import android.widget.TextView;
+import android.widget.Toast;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.RequiresApi;
+import androidx.appcompat.app.AlertDialog;
+import androidx.appcompat.app.AppCompatActivity;
+import androidx.appcompat.widget.Toolbar;
+import androidx.core.app.ActivityCompat;
+import androidx.core.view.ViewCompat;
+import androidx.localbroadcastmanager.content.LocalBroadcastManager;
+import androidx.swiperefreshlayout.widget.SwipeRefreshLayout;
+
+import com.afollestad.materialdialogs.DialogAction;
+import com.afollestad.materialdialogs.MaterialDialog;
+import com.topjohnwu.superuser.Shell;
+
+import java.io.File;
+import java.lang.ref.WeakReference;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Set;
+
+import dev.ukanth.ufirewall.Api.PackageInfoData;
+import dev.ukanth.ufirewall.activity.CustomScriptActivity;
+import dev.ukanth.ufirewall.activity.HelpActivity;
+import dev.ukanth.ufirewall.activity.LogActivity;
+import dev.ukanth.ufirewall.activity.OldLogActivity;
+import dev.ukanth.ufirewall.activity.RulesActivity;
+import dev.ukanth.ufirewall.log.Log;
+import dev.ukanth.ufirewall.preferences.PreferencesActivity;
+import dev.ukanth.ufirewall.profiles.ProfileData;
+import dev.ukanth.ufirewall.profiles.ProfileHelper;
+import dev.ukanth.ufirewall.service.FirewallService;
+import dev.ukanth.ufirewall.service.LogService;
+import dev.ukanth.ufirewall.service.RootCommand;
+import dev.ukanth.ufirewall.util.AppListArrayAdapter;
+import dev.ukanth.ufirewall.util.FileDialog;
+import dev.ukanth.ufirewall.util.G;
+import dev.ukanth.ufirewall.util.PackageComparator;
+import dev.ukanth.ufirewall.util.SecurityUtil;
+import haibison.android.lockpattern.utils.AlpSettings;
+import kotlin.Suppress;
+
+
+public class MainActivity extends AppCompatActivity implements AdapterView.OnItemSelectedListener, OnClickListener, SwipeRefreshLayout.OnRefreshListener,
+ RadioGroup.OnCheckedChangeListener {
+
+ private static final int SHOW_ABOUT_RESULT = 1200;
+ private static final int PREFERENCE_RESULT = 1205;
+ private static final int SHOW_CUSTOM_SCRIPT = 1201;
+ private static final int SHOW_RULES_ACTIVITY = 1202;
+ private static final int SHOW_LOGS_ACTIVITY = 1203;
+ private static final int VERIFY_CHECK = 10000;
+ private static final int MY_PERMISSIONS_REQUEST_WRITE_STORAGE = 1;
+ private static final int MY_PERMISSIONS_REQUEST_READ_STORAGE = 2;
+ private static final int MY_PERMISSIONS_REQUEST_WRITE_STORAGE_ASSET = 3;
+ private static final int PERMISSION_BLUETOOTH = 4;
+
+ private static final int PERMISSION_NOTIFICATION = 5;
+
+ public static boolean dirty = false;
+
+
+ private Menu mainMenu;
+ private ListView listview = null;
+ private MaterialDialog plsWait;
+ private ArrayAdapter spinnerAdapter = null;
+ private SwipeRefreshLayout mSwipeLayout;
+ private int index;
+ private int top;
+ private List mlocalList = new ArrayList<>(new LinkedHashSet());
+ private int initDone = 0;
+ private Spinner mSpinner;
+ private TextWatcher filterTextWatcher;
+ private MaterialDialog runProgress;
+
+ private BroadcastReceiver uiProgressReceiver4, uiProgressReceiver6, toastReceiver, themeRefreshReceiver, uiRefreshReceiver;
+ private IntentFilter uiFilter4, uiFilter6;
+
+ //all async reference with context
+ private GetAppList getAppList;
+ private RunApply runApply;
+ private PurgeTask purgeTask;
+ private int currentUI = 0;
+ private static final int DEFAULT_COLUMN = 2;
+ private int selectedColumns = DEFAULT_COLUMN;
+ private static final int DEFAULT_VIEW_LIMIT = 4;
+ private View view;
+
+ public boolean isDirty() {
+ return dirty;
+ }
+
+ public void setDirty(boolean dirty) {
+ MainActivity.dirty = dirty;
+ }
+
+ /**
+ * Called when the activity is first created
+ * .
+ */
+ @Override
+ public void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+
+ initTheme();
+ G.registerPrivateLink();
+ checkPermissions();
+
+ try {
+ final int FLAG_HARDWARE_ACCELERATED = WindowManager.LayoutParams.class
+ .getDeclaredField("FLAG_HARDWARE_ACCELERATED").getInt(null);
+ getWindow().setFlags(FLAG_HARDWARE_ACCELERATED,
+ FLAG_HARDWARE_ACCELERATED);
+ } catch (Exception e) {
+ }
+
+ updateSelectedColumns();
+
+ if (selectedColumns <= DEFAULT_VIEW_LIMIT) {
+ currentUI = 0;
+ setContentView(R.layout.main_old);
+ } else {
+ currentUI = 1;
+ setContentView(R.layout.main);
+ }
+
+ Toolbar toolbar = findViewById(R.id.main_toolbar);
+
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
+ getWindow().setFlags(WindowManager.LayoutParams.FLAG_TRANSLUCENT_STATUS,
+ WindowManager.LayoutParams.FLAG_TRANSLUCENT_STATUS);
+ }
+ setSupportActionBar(toolbar);
+
+
+ this.findViewById(R.id.img_wifi).setOnClickListener(this);
+ /*
+ this.findViewById(R.id.img_reset).setOnClickListener(this);
+ this.findViewById(R.id.img_invert).setOnClickListener(this);
+ this.findViewById(R.id.img_clone).setOnClickListener(this);
+ */
+ this.findViewById(R.id.img_action).setOnClickListener(this);
+
+ AlpSettings.Display.setStealthMode(getApplicationContext(), G.enableStealthPattern());
+ AlpSettings.Display.setMaxRetries(getApplicationContext(), G.getMaxPatternTry());
+
+ Api.assertBinaries(this, true);
+
+ initDone = 0;
+ mSwipeLayout = findViewById(R.id.swipe_container);
+ mSwipeLayout.setOnRefreshListener(this);
+
+
+ if (!G.hasRoot()) {
+ (new RootCheck()).setContext(this).executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
+ } else {
+ //might not have rootshell
+ startRootShell();
+ new SecurityUtil(MainActivity.this).passCheck();
+ registerNetworkObserver();
+ // Ensure FirewallService is started if firewall is enabled
+ if (Api.isEnabled(this)) {
+ Api.setEnabled(this, true, false);
+ }
+ }
+ registerUIbroadcast4();
+ registerUIbroadcast6();
+ registerToastbroadcast();
+ initTextWatcher();
+ registerThemeIntent();
+ registerUIRefresh();
+ }
+
+ private void checkPermissions() {
+ if (G.enableTether()) {
+ if (ActivityCompat.checkSelfPermission(this, Manifest.permission.BLUETOOTH_CONNECT)
+ != PackageManager.PERMISSION_GRANTED) {
+ // permissions have not been granted.
+ ActivityCompat.requestPermissions(MainActivity.this,
+ new String[]{Manifest.permission.BLUETOOTH_CONNECT},
+ PERMISSION_BLUETOOTH);
+ }
+ }
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
+ if (ActivityCompat.checkSelfPermission(this, Manifest.permission.POST_NOTIFICATIONS)
+ != PackageManager.PERMISSION_GRANTED) {
+ // permissions have not been granted.
+ ActivityCompat.requestPermissions(MainActivity.this,
+ new String[]{Manifest.permission.POST_NOTIFICATIONS},
+ PERMISSION_NOTIFICATION);
+ }
+ }
+ }
+
+ private void updateSelectedColumns() {
+ selectedColumns = DEFAULT_COLUMN;
+ selectedColumns = G.enableLAN() ? selectedColumns + 1 : selectedColumns;
+ selectedColumns = G.enableRoam() ? selectedColumns + 1 : selectedColumns;
+ selectedColumns = G.enableVPN() ? selectedColumns + 1 : selectedColumns;
+ selectedColumns = G.enableTether() ? selectedColumns + 1 : selectedColumns;
+ selectedColumns = G.enableTor() ? selectedColumns + 1 : selectedColumns;
+ }
+
+ private void registerLogService() {
+ if (G.enableLogService()) {
+ Log.i(G.TAG, "Starting Log Service");
+ final Intent logIntent = new Intent(getBaseContext(), LogService.class);
+ startService(logIntent);
+ }
+ }
+
+ @SuppressLint("UnspecifiedRegisterReceiverFlag")
+ private void registerUIRefresh() {
+ IntentFilter filter = new IntentFilter("dev.ukanth.ufirewall.ui.CHECKREFRESH");
+ uiRefreshReceiver = new BroadcastReceiver() {
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ updateSelectedColumns();
+ if (selectedColumns <= DEFAULT_VIEW_LIMIT && currentUI == 1) {
+ recreate();
+ } else if (selectedColumns > DEFAULT_VIEW_LIMIT && currentUI == 0) {
+ recreate();
+ } else {
+ recreate();
+ }
+ }
+ };
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
+ registerReceiver(uiRefreshReceiver, filter, RECEIVER_EXPORTED);
+ } else {
+ registerReceiver(uiRefreshReceiver, filter);
+ }
+ }
+
+ @SuppressLint("UnspecifiedRegisterReceiverFlag")
+ private void registerThemeIntent() {
+
+ IntentFilter filter = new IntentFilter("dev.ukanth.ufirewall.theme.REFRESH");
+ themeRefreshReceiver = new BroadcastReceiver() {
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ initTheme();
+ recreate();
+ }
+ };
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
+ registerReceiver(themeRefreshReceiver, filter, RECEIVER_EXPORTED);
+ } else {
+ registerReceiver(themeRefreshReceiver, filter);
+ }
+ }
+
+ private void probeLogTarget() {
+ List availableLogTargets = new ArrayList<>();
+ if (G.logTargets() == null) {
+ try {
+ new RootCommand()
+ .setReopenShell(true)
+ .setCallback(new RootCommand.Callback() {
+ public void cbFunc(RootCommand state) {
+ if (state.exitCode != 0) {
+ return;
+ }
+ for (String str : state.res.toString().split("\n")) {
+ if (str.equals("LOG") || str.equals("NFLOG")) {
+ availableLogTargets.add(str);
+ }
+ }
+ if (availableLogTargets.size() > 0) {
+ String joined = TextUtils.join(",", availableLogTargets);
+ G.logTargets(joined);
+ }
+ }
+ }).setLogging(true)
+ .run(ctx, "cat /proc/net/ip_tables_targets");
+ } catch (Exception e) {
+ Log.e(Api.TAG, "Exception in getting iptables log targets", e);
+ }
+ }
+ }
+
+ private void initTheme() {
+ switch (G.getSelectedTheme()) {
+ case "D":
+ setTheme(R.style.AppDarkTheme);
+ break;
+ case "L":
+ setTheme(R.style.AppLightTheme);
+ break;
+ case "B":
+ setTheme(R.style.AppBlackTheme);
+ break;
+ }
+ }
+
+ private void initTextWatcher() {
+ filterTextWatcher = new TextWatcher() {
+
+ public void afterTextChanged(Editable s) {
+ showApplications(s.toString());
+ }
+
+
+ public void beforeTextChanged(CharSequence s, int start, int count,
+ int after) {
+ }
+
+ public void onTextChanged(CharSequence s, int start, int before,
+ int count) {
+ showApplications(s.toString());
+ }
+ };
+ }
+
+
+ private void registerNetworkObserver() {
+ //start log service
+ if (G.enableLogService()) {
+ Intent logIntent = new Intent(getBaseContext(), LogService.class);
+ startService(logIntent);
+ }
+ }
+
+ @Override
+ protected void onNewIntent(Intent intent) {
+ super.onNewIntent(intent);
+ String action = intent.getAction();
+ if (action == null) {
+ return;
+ }
+ }
+
+ @Override
+ public void onBackPressed() {
+ super.onBackPressed();
+ }
+
+
+ /*private void migrateNotification() {
+ try {
+ if (!G.isNotificationMigrated()) {
+ List idList = G.getBlockedNotifyList();
+ for (Integer uid : idList) {
+ LogPreference preference = new LogPreference();
+ preference.setUid(uid);
+ preference.setTimestamp(System.currentTimeMillis());
+ preference.setDisable(true);
+ FlowManager.getDatabase(LogPreferenceDB.class).beginTransactionAsync(databaseWrapper -> preference.save(databaseWrapper)).build().execute();
+ }
+ G.isNotificationMigrated(true);
+ }
+ } catch (Exception e) {
+ Log.e(G.TAG, "Unable to migrate notification", e);
+ }
+ }*/
+
+
+ @SuppressLint("UnspecifiedRegisterReceiverFlag")
+ private void registerToastbroadcast() {
+ IntentFilter filter = new IntentFilter("TOAST");
+ toastReceiver = new BroadcastReceiver() {
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ Api.toast(getApplicationContext(), intent.getExtras().get("MSG") != null ? intent.getExtras().get("MSG").toString() : "", Toast.LENGTH_SHORT);
+ }
+ };
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
+ registerReceiver(toastReceiver, filter, RECEIVER_EXPORTED);
+ } else {
+ registerReceiver(toastReceiver, filter);
+ }
+ }
+
+ private void registerUIbroadcast4() {
+ uiFilter4 = new IntentFilter("UPDATEUI4");
+
+ uiProgressReceiver4 = new BroadcastReceiver() {
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ Bundle b = intent.getExtras();
+ if (runProgress != null) {
+ TextView view = (TextView) runProgress.findViewById(R.id.apply4);
+ view.setText(b.get("INDEX") + "/" + b.get("SIZE"));
+ view.invalidate();
+ }
+ }
+ };
+ }
+
+ private void registerUIbroadcast6() {
+ uiFilter6 = new IntentFilter("UPDATEUI6");
+
+ uiProgressReceiver6 = new BroadcastReceiver() {
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ Bundle b = intent.getExtras();
+ if (runProgress != null) {
+ TextView view = (TextView) runProgress.findViewById(R.id.apply6);
+ view.setText(b.get("INDEX") + "/" + b.get("SIZE"));
+ view.invalidate();
+ }
+ }
+ };
+ }
+
+ @Override
+ public void onRefresh() {
+ index = 0;
+ top = 0;
+ Api.applications = null;
+ showOrLoadApplications();
+ mSwipeLayout.setRefreshing(false);
+ }
+
+ private void updateRadioFilter() {
+ RadioGroup radioGroup = findViewById(R.id.appFilterGroup);
+ if (G.showFilter()) {
+ switch (G.selectedFilter()) {
+ case 0:
+ radioGroup.check(R.id.rpkg_core);
+ break;
+ case 1:
+ radioGroup.check(R.id.rpkg_sys);
+ break;
+ case 2:
+ radioGroup.check(R.id.rpkg_user);
+ break;
+ default:
+ radioGroup.check(R.id.rpkg_all);
+ break;
+ }
+ } else {
+ radioGroup.check(R.id.rpkg_all);
+ }
+ radioGroup.setOnCheckedChangeListener(this);
+ }
+
+ private void selectFilterGroup() {
+ if (G.showFilter()) {
+ RadioGroup radioGroup = findViewById(R.id.appFilterGroup);
+ int selectedId = radioGroup.getCheckedRadioButtonId();
+ if (selectedId == R.id.rpkg_core) {
+ filterApps(2);
+ } else if (selectedId == R.id.rpkg_sys) {
+ filterApps(0);
+ } else if (selectedId == R.id.rpkg_user) {
+ filterApps(1);
+ } else {
+ filterApps(-1);
+ }
+ } else {
+ filterApps(-1);
+ }
+
+ }
+
+ /**
+ * Filter application based on app tpe
+ *
+ * @param i
+ */
+ private void filterApps(int i) {
+ Set returnList = new HashSet<>();
+ List inputList;
+ List allApps = Api.getApps(getApplicationContext(), null);
+ if (i >= 0) {
+ for (PackageInfoData infoData : allApps) {
+ if (infoData != null) {
+ if (infoData.appType == i) {
+ returnList.add(infoData);
+ }
+ }
+ }
+ inputList = new ArrayList<>(returnList);
+ } else {
+ if (allApps != null && allApps.size() > 0) {
+ inputList = allApps;
+ } else {
+ inputList = new ArrayList<>(returnList);
+ }
+ }
+ if (inputList != null && inputList.size() > 0) {
+ try {
+ Collections.sort(inputList, new PackageComparator());
+ } catch (Exception e) {
+ }
+ ArrayAdapter appAdapter;
+ if (selectedColumns <= DEFAULT_VIEW_LIMIT) {
+ appAdapter = new AppListArrayAdapter(this, getApplicationContext(), inputList, true);
+ } else {
+ appAdapter = new AppListArrayAdapter(this, getApplicationContext(), inputList);
+ }
+ this.listview.setAdapter(appAdapter);
+ appAdapter.notifyDataSetChanged();
+ // restore
+ this.listview.setSelectionFromTop(index, top);
+ } else {
+ }
+ }
+
+ @Override
+ protected void onStop() {
+ super.onStop();
+ }
+
+ @Override
+ protected void onRestart() {
+ super.onRestart();
+ }
+
+
+ private void updateIconStatus() {
+ if (Api.isEnabled(getApplicationContext())) {
+ getSupportActionBar().setIcon(R.drawable.notification);
+ } else {
+ getSupportActionBar().setIcon(R.drawable.notification_error);
+ }
+ }
+
+ private void startRootShell() {
+ List cmds = new ArrayList();
+ cmds.add("true");
+ new RootCommand().setFailureToast(R.string.error_su)
+ .setReopenShell(true)
+ .setCallback(new RootCommand.Callback() {
+ public void cbFunc(RootCommand state) {
+ //failed to acquire root
+ if (state.exitCode != 0) {
+ runOnUiThread(() -> {
+ disableFirewall();
+ showRootNotFoundMessage();
+ });
+ }
+ }
+ }).run(getApplicationContext(), cmds);
+ //check if log targets support
+ probeLogTarget();
+ }
+
+ private void showRootNotFoundMessage() {
+ if (G.isActivityVisible()) {
+ try {
+ new MaterialDialog.Builder(this).cancelable(false)
+ .title(R.string.error_common)
+ .content(R.string.error_su)
+ .onPositive((dialog, which) -> dialog.dismiss())
+ .onNegative((dialog, which) -> {
+ MainActivity.this.finish();
+ android.os.Process.killProcess(android.os.Process.myPid());
+ dialog.dismiss();
+ })
+ .positiveText(R.string.Continue)
+ .negativeText(R.string.exit)
+ .show();
+ } catch (Exception e) {
+ Api.toast(this, getString(R.string.error_su_toast), Toast.LENGTH_SHORT);
+ }
+ }
+ }
+
+ @Override
+ public void onResume() {
+ super.onResume();
+ /*if (showQuickButton()) {
+ fab.setVisibility(View.VISIBLE);
+ } else {
+ fab.setVisibility(View.GONE);
+ }*/
+ LocalBroadcastManager.getInstance(getApplicationContext()).registerReceiver(uiProgressReceiver4, uiFilter4);
+ LocalBroadcastManager.getInstance(getApplicationContext()).registerReceiver(uiProgressReceiver6, uiFilter6);
+
+ G.activityResumed();
+
+ //getSupportActionBar().setBackgroundDrawable(new ColorDrawable(G.primaryColor()));
+ /* Window window = getWindow();
+ window.clearFlags(WindowManager.LayoutParams.FLAG_TRANSLUCENT_STATUS);
+ window.addFlags(WindowManager.LayoutParams.FLAG_DRAWS_SYSTEM_BAR_BACKGROUNDS);
+ window.setStatusBarColor(G.primaryDarkColor());*/
+
+ }
+
+ private void reloadPreferences() {
+
+ updateSelectedColumns();
+
+ getSupportActionBar().setDisplayShowHomeEnabled(true);
+ G.reloadPrefs();
+ checkPreferences();
+ //language
+ Api.updateLanguage(getApplicationContext(), G.locale());
+
+ if (this.listview == null) {
+ this.listview = this.findViewById(R.id.listview);
+ }
+
+ //verifyMultiProfile();
+ refreshHeader();
+ updateIconStatus();
+
+ clearNotification();
+
+ if (G.disableIcons()) {
+ this.findViewById(R.id.imageHolder).setVisibility(View.GONE);
+ } else {
+ this.findViewById(R.id.imageHolder).setVisibility(View.VISIBLE);
+ }
+
+ if (G.showFilter()) {
+ this.findViewById(R.id.filerOption).setVisibility(View.VISIBLE);
+ } else {
+ this.findViewById(R.id.filerOption).setVisibility(View.GONE);
+ }
+
+ if (G.enableMultiProfile()) {
+ this.findViewById(R.id.profileOption).setVisibility(View.VISIBLE);
+ } else {
+ this.findViewById(R.id.profileOption).setVisibility(View.GONE);
+ }
+ if (G.enableRoam()) {
+ addColumns(R.id.img_roam);
+ } else {
+ hideColumns(R.id.img_roam);
+ }
+ if (G.enableVPN()) {
+ addColumns(R.id.img_vpn);
+ } else {
+ hideColumns(R.id.img_vpn);
+ }
+ if (G.enableTether()) {
+ addColumns(R.id.img_tether);
+ } else {
+ hideColumns(R.id.img_tether);
+ }
+
+ if (!Api.isMobileNetworkSupported(getApplicationContext())) {
+ ImageView view = this.findViewById(R.id.img_3g);
+ view.setVisibility(View.GONE);
+
+ } else {
+ this.findViewById(R.id.img_3g).setOnClickListener(this);
+ }
+
+ if (G.enableLAN()) {
+ addColumns(R.id.img_lan);
+ } else {
+ hideColumns(R.id.img_lan);
+ }
+ if (G.enableTor()) {
+ addColumns(R.id.img_tor);
+ } else {
+ hideColumns(R.id.img_tor);
+ }
+
+
+ updateRadioFilter();
+
+ if (G.enableMultiProfile()) {
+ setupMultiProfile();
+ }
+
+ selectFilterGroup();
+ }
+
+ private void clearNotification() {
+ //make sure we cancel notification posted by app notification.
+ NotificationManager mNotificationManager = (NotificationManager) this.getSystemService(Context.NOTIFICATION_SERVICE);
+ mNotificationManager.cancel(100);
+ }
+
+ /**
+ * This will be used to migrate the profiles to a better one ( get ridoff of default profile )
+ */
+
+
+ @Override
+ public void onCheckedChanged(RadioGroup group, int checkedId) {
+ if (checkedId == R.id.rpkg_all) {
+ filterApps(-1);
+ G.saveSelectedFilter(99);
+ } else if (checkedId == R.id.rpkg_core) {
+ filterApps(2);
+ G.saveSelectedFilter(0);
+ } else if (checkedId == R.id.rpkg_sys) {
+ filterApps(0);
+ G.saveSelectedFilter(1);
+ } else if (checkedId == R.id.rpkg_user) {
+ filterApps(1);
+ G.saveSelectedFilter(2);
+ }
+ }
+
+ @Override
+ public void onStart() {
+ super.onStart();
+ initDone = 0;
+ reloadPreferences();
+ }
+
+ private void addColumns(int id) {
+ ImageView view = this.findViewById(id);
+ view.setVisibility(View.VISIBLE);
+ view.setOnClickListener(this);
+ }
+
+ private void hideColumns(int id) {
+ ImageView view = this.findViewById(id);
+ view.setVisibility(View.GONE);
+ view.setOnClickListener(this);
+ }
+
+ private void setupMultiProfile() {
+ reloadProfileList(true);
+ mSpinner = findViewById(R.id.profileGroup);
+ spinnerAdapter = new ArrayAdapter(this, android.R.layout.simple_spinner_item,
+ mlocalList);
+ spinnerAdapter.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item);
+ mSpinner.setAdapter(spinnerAdapter);
+ mSpinner.setOnItemSelectedListener(this);
+ String currentProfile = G.storedProfile();
+ if (currentProfile != null) {
+ if (!G.isProfileMigrated()) {
+ switch (currentProfile) {
+ case Api.DEFAULT_PREFS_NAME:
+ mSpinner.setSelection(0);
+ break;
+ case "AFWallProfile1":
+ mSpinner.setSelection(1);
+ break;
+ case "AFWallProfile2":
+ mSpinner.setSelection(2);
+ break;
+ case "AFWallProfile3":
+ mSpinner.setSelection(3);
+ break;
+ default:
+ mSpinner.setSelection(spinnerAdapter.getPosition(currentProfile), false);
+ }
+ } else {
+ if (!currentProfile.equals(Api.DEFAULT_PREFS_NAME)) {
+ ProfileData data = ProfileHelper.getProfileByIdentifier(currentProfile);
+ if (data != null) {
+ mSpinner.setSelection(spinnerAdapter.getPosition(data.getName()), false);
+ }
+ } else {
+ mSpinner.setSelection(spinnerAdapter.getPosition(currentProfile), false);
+ }
+ }
+ }
+ }
+
+ private void reloadProfileList(boolean reset) {
+ if (reset) {
+ mlocalList = new ArrayList<>(new LinkedHashSet());
+ }
+
+ mlocalList.add(G.gPrefs.getString("default", getString(R.string.defaultProfile)));
+
+ if (!G.isProfileMigrated()) {
+ mlocalList.add(G.gPrefs.getString("profile1", getString(R.string.profile1)));
+ mlocalList.add(G.gPrefs.getString("profile2", getString(R.string.profile2)));
+ mlocalList.add(G.gPrefs.getString("profile3", getString(R.string.profile3)));
+ List profilesList = G.getAdditionalProfiles();
+ for (String profiles : profilesList) {
+ if (profiles != null && profiles.length() > 0) {
+ mlocalList.add(profiles);
+ }
+ }
+ } else {
+ List profilesList = ProfileHelper.getProfiles();
+ for (ProfileData data : profilesList) {
+ mlocalList.add(data.getName());
+ }
+ }
+ }
+
+ public void deviceCheck() {
+ if (Build.VERSION.SDK_INT >= 21) {
+ if ((G.isDoKey(getApplicationContext()) || isDonate())) {
+ KeyguardManager keyguardManager = (KeyguardManager) getSystemService(Context.KEYGUARD_SERVICE);
+ if (keyguardManager.isKeyguardSecure()) {
+ Intent createConfirmDeviceCredentialIntent = keyguardManager.createConfirmDeviceCredentialIntent(null, null);
+ if (createConfirmDeviceCredentialIntent != null) {
+ try {
+ startActivityForResult(createConfirmDeviceCredentialIntent, LOCK_VERIFICATION);
+ } catch (ActivityNotFoundException e) {
+ }
+ }
+ } else {
+ Toast.makeText(this, getText(R.string.android_version), Toast.LENGTH_SHORT).show();
+ }
+ } else {
+ Api.donateDialog(MainActivity.this, true);
+ }
+ }
+ }
+
+ @Override
+ protected void onPause() {
+ super.onPause();
+ try {
+ if ((plsWait != null) && plsWait.isShowing()) {
+ plsWait.dismiss();
+ }
+
+ } catch (final IllegalArgumentException e) {
+ // Handle or log or ignore
+ } catch (final Exception e) {
+ // Handle or log or ignore
+ } finally {
+ plsWait = null;
+ }
+ //this.listview.setAdapter(null);
+ //mLastPause = Syst em.currentTimeMillis();
+ //isOnPause = true;
+ //checkForProfile = true;
+ index = this.listview.getFirstVisiblePosition();
+ View v = this.listview.getChildAt(0);
+ top = (v == null) ? 0 : v.getTop();
+ G.activityPaused();
+ LocalBroadcastManager.getInstance(getApplicationContext()).unregisterReceiver(uiProgressReceiver4);
+ LocalBroadcastManager.getInstance(getApplicationContext()).unregisterReceiver(uiProgressReceiver6);
+ }
+
+ /**
+ * Check if the stored preferences are OK
+ */
+ private void checkPreferences() {
+ final Editor editor = G.pPrefs.edit();
+ boolean changed = false;
+ if (G.pPrefs.getString(Api.PREF_MODE, "").length() == 0) {
+ editor.putString(Api.PREF_MODE, Api.MODE_WHITELIST);
+ changed = true;
+ }
+ if (changed)
+ editor.commit();
+ }
+
+ /**
+ * Refresh informative header
+ */
+ private void refreshHeader() {
+ final String mode = G.pPrefs.getString(Api.PREF_MODE, Api.MODE_WHITELIST);
+ //final TextView labelmode = (TextView) this.findViewById(R.id.label_mode);
+ final Resources res = getResources();
+
+ if (mode.equals(Api.MODE_WHITELIST)) {
+ if (mainMenu != null) {
+ mainMenu.findItem(R.id.allowmode).setChecked(true);
+ mainMenu.findItem(R.id.menu_mode).setIcon(R.drawable.ic_allow);
+ }
+ } else {
+ if (mainMenu != null) {
+ mainMenu.findItem(R.id.blockmode).setChecked(true);
+ mainMenu.findItem(R.id.menu_mode).setIcon(R.drawable.ic_deny);
+ }
+ }
+ //int resid = (mode.equals(Api.MODE_WHITELIST) ? R.string.mode_whitelist: R.string.mode_blacklist);
+ //labelmode.setText(res.getString(R.string.mode_header, res.getString(resid)));
+ }
+
+ /**
+ * If the applications are cached, just show them, otherwise load and show
+ */
+ private void showOrLoadApplications() {
+ //nocache!!
+ getAppList = new GetAppList(MainActivity.this);
+ if (plsWait == null && (getAppList.getStatus() == AsyncTask.Status.PENDING || getAppList.getStatus() == AsyncTask.Status.FINISHED)) {
+ getAppList.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
+ }
+ }
+
+ @Override
+ public void onItemSelected(AdapterView parent, View view, int position, long id) {
+ initDone = initDone + 1;
+ if (initDone > 1) {
+ Spinner spinner = findViewById(R.id.profileGroup);
+ String profileName = spinner.getSelectedItem().toString();
+ if (!G.isProfileMigrated()) {
+ switch (position) {
+ case 0:
+ G.setProfile(true, "AFWallPrefs");
+ break;
+ case 1:
+ G.setProfile(true, "AFWallProfile1");
+ break;
+ case 2:
+ G.setProfile(true, "AFWallProfile2");
+ break;
+ case 3:
+ G.setProfile(true, "AFWallProfile3");
+ break;
+ default:
+ if (profileName != null) {
+ G.setProfile(true, profileName);
+ }
+
+ }
+ setDirty(true);
+ } else {
+ switch (position) {
+ case 0:
+ G.setProfile(true, "AFWallPrefs");
+ break;
+ default:
+ if (profileName != null) {
+ ProfileData data = ProfileHelper.getProfileByName(profileName);
+ G.setProfile(true, data.getIdentifier());
+ }
+ }
+ setDirty(true);
+ }
+ G.reloadProfile();
+ refreshHeader();
+ showOrLoadApplications();
+ if (G.applyOnSwitchProfiles()) {
+ applyOrSaveRules();
+ }
+ }
+ }
+
+ @Override
+ public void onNothingSelected(AdapterView parent) {
+
+ }
+
+ /**
+ * Show the list of applications
+ */
+ private void showApplications(final String searchStr) {
+
+ setDirty(false);
+
+ List searchApp = new ArrayList<>();
+ HashSet unique = new HashSet<>();
+ final List apps = Api.getApps(this, null);
+ boolean isResultsFound = false;
+
+ if (searchStr != null && searchStr.length() > 1) {
+ for (PackageInfoData app : apps) {
+ for (String str : app.names) {
+ if (str != null && searchStr != null) {
+ if (str.contains(searchStr.toLowerCase()) || str.toLowerCase().contains(searchStr.toLowerCase())
+ && !searchApp.contains(app) || (G.showUid() && (str + " " + app.uid).contains(searchStr) && !unique.contains(app.uid))) {
+ searchApp.add(app);
+ unique.add(app.uid);
+ isResultsFound = true;
+ }
+ }
+ }
+ }
+ }
+
+ List apps2 = null;
+ if (searchStr != null && searchStr.equals("")) {
+ apps2 = apps;
+ } else if (isResultsFound || searchApp.size() > 0) {
+ apps2 = searchApp;
+ }
+ // Sort applications - selected first, then alphabetically
+ try {
+ if (apps2 != null) {
+ Collections.sort(apps2, new PackageComparator());
+ ArrayAdapter appAdapter;
+ if (selectedColumns <= DEFAULT_VIEW_LIMIT) {
+ appAdapter = new AppListArrayAdapter(this, getApplicationContext(), apps2, true);
+ } else {
+ appAdapter = new AppListArrayAdapter(this, getApplicationContext(), apps2);
+ }
+ this.listview.setAdapter(appAdapter);
+ // restore
+ this.listview.setSelectionFromTop(index, top);
+ }
+ } catch (Exception e) {
+ }
+ }
+
+ @Override
+ public boolean onSearchRequested() {
+ if (mainMenu != null) {
+ MenuItem menuItem = mainMenu.findItem(R.id.menu_search); // R.string.search is the id of the searchview
+ if (menuItem != null) {
+ if (menuItem.isActionViewExpanded()) {
+ menuItem.collapseActionView();
+ } else {
+ menuItem.expandActionView();
+ search(menuItem);
+ }
+ }
+ }
+ return super.onSearchRequested();
+ }
+
+
+ @Override
+ public boolean onCreateOptionsMenu(Menu menu) {
+ //language
+ Api.updateLanguage(getApplicationContext(), G.locale());
+ super.onCreateOptionsMenu(menu);
+ getMenuInflater().inflate(R.menu.menu_bar, menu);
+
+ // Get widget's instance
+ mainMenu = menu;
+ //make sure we update sort entry
+ runOnUiThread(new Runnable() {
+ @Override
+ public void run() {
+ switch (G.sortBy()) {
+ case "s0":
+ mainMenu.findItem(R.id.sort_default).setChecked(true);
+ break;
+ case "s1":
+ mainMenu.findItem(R.id.sort_lastupdate).setChecked(true);
+ break;
+ case "s2":
+ mainMenu.findItem(R.id.sort_uid).setChecked(true);
+ break;
+ }
+
+ refreshHeader();
+ }
+ });
+ return true;
+ }
+
+ public void menuSetApplyOrSave(final Menu menu, final boolean isEnabled) {
+ runOnUiThread(() -> {
+ if (menu != null) {
+ if (isEnabled) {
+ menu.findItem(R.id.menu_toggle).setTitle(R.string.fw_disabled).setIcon(R.drawable.notification_error);
+ menu.findItem(R.id.menu_apply).setTitle(R.string.applyrules);
+ getSupportActionBar().setIcon(R.drawable.notification);
+ } else {
+ menu.findItem(R.id.menu_toggle).setTitle(R.string.fw_enabled).setIcon(R.drawable.notification);
+ menu.findItem(R.id.menu_apply).setTitle(R.string.saverules);
+ getSupportActionBar().setIcon(R.drawable.notification_error);
+ }
+ }
+ });
+ }
+
+ @Override
+ public boolean onPrepareOptionsMenu(final Menu menu) {
+ //language
+ Api.updateLanguage(getApplicationContext(), G.locale());
+ if (menu != null) {
+ menuSetApplyOrSave(mainMenu, Api.isEnabled(MainActivity.this));
+ }
+ return true;
+ }
+
+ private void disableFirewall() {
+ Api.setEnabled(this, false, true);
+ menuSetApplyOrSave(mainMenu, false);
+ }
+
+ private void disableOrEnable() {
+ final boolean enabled = !Api.isEnabled(this);
+ Api.setEnabled(this, enabled, true);
+ if (enabled) {
+ applyOrSaveRules();
+ } else {
+ if (G.enableConfirm()) {
+ confirmDisable();
+ } else {
+ purgeRules();
+ }
+ }
+ //refreshHeader();
+ }
+
+ @Override
+ public boolean onOptionsItemSelected(MenuItem item) {
+ super.onOptionsItemSelected(item);
+ int selectedItem = item.getItemId();
+ if (selectedItem == R.id.menu_toggle) {
+ disableOrEnable();
+ return true;
+ } else if (selectedItem == R.id.allowmode) {
+ item.setChecked(true);
+ Editor editor = getSharedPreferences(Api.PREFS_NAME, 0).edit();
+ editor.putString(Api.PREF_MODE, Api.MODE_WHITELIST);
+ editor.commit();
+ refreshHeader();
+ return true;
+ } else if (selectedItem == R.id.blockmode) {
+ item.setChecked(true);
+ Editor editor2 = getSharedPreferences(Api.PREFS_NAME, 0).edit();
+ editor2.putString(Api.PREF_MODE, Api.MODE_BLACKLIST);
+ editor2.commit();
+ refreshHeader();
+ return true;
+ } else if (selectedItem == R.id.sort_default) {
+ G.sortBy("s0");
+ item.setChecked(true);
+ Api.applications = null;
+ showOrLoadApplications();
+ return true;
+ } else if (selectedItem == R.id.sort_lastupdate) {
+ G.sortBy("s1");
+ item.setChecked(true);
+ Api.applications = null;
+ showOrLoadApplications();
+ return true;
+ } else if (selectedItem == R.id.sort_uid) {
+ G.sortBy("s2");
+ item.setChecked(true);
+ Api.applications = null;
+ showOrLoadApplications();
+ return true;
+ } else if (selectedItem == R.id.menu_apply) {
+ applyOrSaveRules();
+ return true;
+ } else if (selectedItem == R.id.menu_exit) {
+ finish();
+ return true;
+ } else if (selectedItem == R.id.menu_help) {
+ showAbout();
+ return true;
+ } else if (selectedItem == R.id.menu_log) {
+ showLog();
+ return true;
+ } else if (selectedItem == R.id.menu_rules) {
+ showRules();
+ return true;
+ } else if (selectedItem == R.id.menu_setcustom) {
+ setCustomScript();
+ return true;
+ } else if (selectedItem == R.id.menu_preference) {
+ showPreferences();
+ return true;
+ } else if (selectedItem == R.id.menu_search) {
+ search(item);
+ return true;
+ } else if (selectedItem == R.id.menu_export) {
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
+ // Do some stuff
+ showExportDialog();
+ } else {
+ if (ActivityCompat.checkSelfPermission(this, Manifest.permission.WRITE_EXTERNAL_STORAGE)
+ != PackageManager.PERMISSION_GRANTED) {
+ // permissions have not been granted.
+ ActivityCompat.requestPermissions(MainActivity.this,
+ new String[]{Manifest.permission.WRITE_EXTERNAL_STORAGE},
+ MY_PERMISSIONS_REQUEST_WRITE_STORAGE);
+ } else {
+ showExportDialog();
+ }
+ }
+ return true;
+ } else if (selectedItem == R.id.menu_import) {
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
+ // Copy old data and show import dialog when complete
+ copyOldExportedData();
+ } else {
+ if (ActivityCompat.checkSelfPermission(this, Manifest.permission.READ_EXTERNAL_STORAGE)
+ != PackageManager.PERMISSION_GRANTED) {
+ // permissions have not been granted.
+ ActivityCompat.requestPermissions(MainActivity.this,
+ new String[]{Manifest.permission.READ_EXTERNAL_STORAGE},
+ MY_PERMISSIONS_REQUEST_READ_STORAGE);
+
+ } else {
+ showImportDialog();
+ }
+ }
+ return true;
+ } else {
+ return super.onOptionsItemSelected(item);
+ }
+ }
+
+ private void copyOldExportedData() {
+ if (!G.hasCopyOld()) {
+ copyOldExportedDataAsync(() -> {
+ // On completion, show import dialog
+ runOnUiThread(() -> {
+ showImportDialog();
+ });
+ });
+ } else {
+ // Already copied, show dialog immediately
+ showImportDialog();
+ }
+ }
+
+ private void copyOldExportedDataAsync(Runnable onComplete) {
+ // Show progress dialog
+ MaterialDialog progressDialog = null;
+ try {
+ progressDialog = new MaterialDialog.Builder(this)
+ .title("Migrating Files")
+ .content("Copying backup files to new location...")
+ .progress(true, 0)
+ .cancelable(false)
+ .show();
+ } catch (Exception e) {
+ Log.w(TAG, "Could not show progress dialog due to MaterialDialog compatibility issue", e);
+ // Fallback: Show toast notification
+ Api.toast(this, "Migrating backup files to new location...");
+ }
+
+ final MaterialDialog finalProgressDialog = progressDialog;
+
+ // Run file copy operation in background thread
+ new Thread(() -> {
+ try {
+ //using root to copy existing data to current directory on A11+
+ String existingDir = Environment.getExternalStorageDirectory() + "//afwall//";
+ String targetDir = ctx.getExternalFilesDir(null) + "/";
+ String command = "cp -R " + existingDir + " " + targetDir;
+ Log.i(TAG, "Invoking migration script " + command);
+
+ com.topjohnwu.superuser.Shell.Result result = com.topjohnwu.superuser.Shell.cmd(command).exec();
+
+ if (result.getCode() == 0) {
+ Log.i(TAG, "Migration script completed successfully");
+ G.hasCopyOldExports(true);
+ } else {
+ Log.w(TAG, "Migration script failed with code: " + result.getCode());
+ Log.w(TAG, "Migration output: " + result.getOut());
+ }
+
+ } catch (java.util.concurrent.RejectedExecutionException e) {
+ Log.w(TAG, "File migration rejected: " + e.getMessage());
+ } catch (Exception e) {
+ // Check if the cause is an InterruptedIOException
+ if (e.getCause() instanceof java.io.InterruptedIOException) {
+ Log.w(TAG, "File migration interrupted: " + e.getCause().getMessage());
+ } else {
+ Log.e(TAG, "Error during file migration", e);
+ }
+ } finally {
+ // Dismiss progress dialog and run completion callback on UI thread
+ runOnUiThread(() -> {
+ if (finalProgressDialog != null && finalProgressDialog.isShowing()) {
+ finalProgressDialog.dismiss();
+ }
+ if (onComplete != null) {
+ onComplete.run();
+ }
+ });
+ }
+ }).start();
+ }
+
+ private void search(MenuItem item) {
+ item.setActionView(R.layout.searchbar);
+ final EditText filterText = item.getActionView().findViewById(
+ R.id.searchApps);
+ filterText.addTextChangedListener(filterTextWatcher);
+ filterText.setEllipsize(TruncateAt.END);
+ filterText.setSingleLine();
+
+ item.setOnActionExpandListener(new MenuItem.OnActionExpandListener() {
+ @Override
+ public boolean onMenuItemActionCollapse(MenuItem item) {
+ // Do something when collapsed
+ selectFilterGroup();
+ return true; // Return true to collapse action view
+ }
+
+ @Override
+ public boolean onMenuItemActionExpand(MenuItem item) {
+ filterText.post(() -> {
+ filterText.requestFocus();
+ InputMethodManager imm = (InputMethodManager) getSystemService(Context.INPUT_METHOD_SERVICE);
+ imm.showSoftInput(filterText, InputMethodManager.SHOW_IMPLICIT);
+ });
+ return true; // Return true to expand action view
+ }
+ });
+ }
+
+ private void showImportDialog() {
+ try {
+ new MaterialDialog.Builder(this)
+ .title(R.string.imports)
+ .cancelable(false)
+ .items(new String[]{
+ getString(R.string.import_rules),
+ getString(R.string.import_all) + (G.isDoKey(getApplicationContext()) || isDonate() ? "" : " (" + getString(R.string.donate_only_short) + ")")})
+ .itemsCallbackSingleChoice(-1, (dialog, view, which, text) -> {
+ switch (which) {
+ case 0:
+ //Intent intent = new Intent(MainActivity.this, FileChooserActivity.class);
+ //startActivityForResult(intent, FILE_CHOOSER_LOCAL);
+ File mPath = null;
+ if (Build.VERSION.SDK_INT < Build.VERSION_CODES.Q) {
+ mPath = new File(Environment.getExternalStorageDirectory() + "//afwall//");
+ } else {
+ mPath = new File(ctx.getExternalFilesDir(null) + "/");
+ }
+ FileDialog fileDialog = new FileDialog(MainActivity.this, mPath, true);
+
+ //fileDialog.setFlag(true);
+ //fileDialog.setFileEndsWith(new String[] {"backup", "afwall-backup"}, "all");
+ fileDialog.addFileListener(file -> {
+
+ String fileSelected = file.toString();
+ StringBuilder builder = new StringBuilder();
+ if (Api.loadSharedPreferencesFromFile(MainActivity.this, builder, fileSelected, false)) {
+ Api.applications = null;
+ showOrLoadApplications();
+ Api.toast(MainActivity.this, getString(R.string.import_rules_success) + fileSelected);
+ } else {
+ if (builder.toString().equals("")) {
+ Api.toast(MainActivity.this, getString(R.string.import_rules_fail));
+ } else {
+ Api.toast(MainActivity.this, builder.toString());
+ }
+ }
+ });
+ fileDialog.showDialog();
+ break;
+ case 1:
+
+ if (G.isDoKey(getApplicationContext()) || isDonate()) {
+
+ File mPath2 = null;
+ if (Build.VERSION.SDK_INT < Build.VERSION_CODES.Q) {
+ mPath2 = new File(Environment.getExternalStorageDirectory() + "//afwall//");
+ } else {
+ mPath2 = new File(ctx.getExternalFilesDir(null), "/");
+ }
+ FileDialog fileDialog2 = new FileDialog(MainActivity.this, mPath2, false);
+ fileDialog2.addFileListener(file -> {
+ String fileSelected = file.toString();
+ StringBuilder builder = new StringBuilder();
+ if (Api.loadSharedPreferencesFromFile(MainActivity.this, builder, fileSelected, true)) {
+ Api.applications = null;
+ showOrLoadApplications();
+ Api.toast(MainActivity.this, getString(R.string.import_rules_success) + fileSelected);
+ Intent intent = getIntent();
+ finish();
+ startActivity(intent);
+ } else {
+ if (builder.toString().equals("")) {
+ Api.toast(MainActivity.this, getString(R.string.import_rules_fail));
+ } else {
+ Api.toast(MainActivity.this, builder.toString());
+ }
+ }
+ });
+ fileDialog2.showDialog();
+ } else {
+ Api.donateDialog(MainActivity.this, false);
+ }
+ break;
+ }
+ return true;
+ })
+ .positiveText(R.string.imports)
+ .negativeText(R.string.Cancel)
+ .show();
+ } catch (Exception e) {
+ Log.e(TAG, "MaterialDialog failed, likely due to cursor tinting issue on newer Android versions", e);
+ // Fallback: Show a simple toast message and try alternative approach
+ Api.toast(this, "Import dialog unavailable due to Android compatibility issue. Please use file manager to manually copy backup files to AFWall directory.");
+ }
+ }
+
+ private void showExportDialog() {
+ try {
+ new MaterialDialog.Builder(this)
+ .title(R.string.exports)
+ .cancelable(false)
+ .items(new String[]{
+ getString(R.string.export_rules),
+ getString(R.string.export_all) + (G.isDoKey(getApplicationContext()) || isDonate() ? "" : " (" + getString(R.string.donate_only_short) + ")")})
+ .itemsCallbackSingleChoice(-1, (dialog, view, which, text) -> {
+ switch (which) {
+ case 0:
+ Api.exportRulesToFileWithPicker(MainActivity.this);
+ break;
+ case 1:
+ if (G.isDoKey(getApplicationContext()) || isDonate()) {
+ Api.exportAllPreferencesToFileWithPicker(MainActivity.this);
+ } else {
+ showExportAllWarningDialog();
+ }
+ break;
+ }
+ return true;
+ }).positiveText(R.string.exports)
+ .negativeText(R.string.Cancel)
+ .show();
+ } catch (Exception e) {
+ Log.e(TAG, "MaterialDialog failed, likely due to cursor tinting issue on newer Android versions", e);
+ Api.toast(this, "Export dialog unavailable due to Android compatibility issue. Please use Settings > Export to access export functionality.");
+ }
+ }
+
+ private void showExportAllWarningDialog() {
+ try {
+ new MaterialDialog.Builder(this)
+ .title(R.string.export_all)
+ .content(R.string.export_all_warning)
+ .positiveText(R.string.exports)
+ .negativeText(R.string.Cancel)
+ .onPositive((dialog, which) -> {
+ Api.exportAllPreferencesToFileWithPicker(MainActivity.this);
+ })
+ .show();
+ } catch (Exception e) {
+ Log.e(TAG, "MaterialDialog failed, likely due to cursor tinting issue on newer Android versions", e);
+ // Fallback: Just show the export directly with a toast warning
+ Api.toast(this, getString(R.string.export_all_warning));
+ Api.exportAllPreferencesToFileWithPicker(MainActivity.this);
+ }
+ }
+
+ private void showPreferences() {
+ Intent i = new Intent(this, PreferencesActivity.class);
+ //startActivity(i);
+ startActivityForResult(i, PREFERENCE_RESULT);
+ }
+
+ private void showAbout() {
+ Intent i = new Intent(this, HelpActivity.class);
+ startActivityForResult(i, SHOW_ABOUT_RESULT);
+ }
+
+ @Override
+ public void onRequestPermissionsResult(int requestCode,
+ String[] permissions, int[] grantResults) {
+ super.onRequestPermissionsResult(requestCode, permissions, grantResults);
+
+ switch (requestCode) {
+ case MY_PERMISSIONS_REQUEST_WRITE_STORAGE: {
+ if (grantResults.length > 0
+ && grantResults[0] == PackageManager.PERMISSION_GRANTED) {
+ showExportDialog();
+ } else {
+ Toast.makeText(this, R.string.permissiondenied_importexport, Toast.LENGTH_SHORT).show();
+ }
+ return;
+ }
+
+ case MY_PERMISSIONS_REQUEST_WRITE_STORAGE_ASSET: {
+ if (grantResults.length > 0
+ && grantResults[0] == PackageManager.PERMISSION_GRANTED) {
+ Api.assertBinaries(this, true);
+ } else {
+ Toast.makeText(this, R.string.permissiondenied_asset, Toast.LENGTH_SHORT).show();
+ }
+ return;
+ }
+
+ case MY_PERMISSIONS_REQUEST_READ_STORAGE: {
+ if (grantResults.length > 0
+ && grantResults[0] == PackageManager.PERMISSION_GRANTED) {
+ showImportDialog();
+ } else {
+ Toast.makeText(this, R.string.permissiondenied_importexport, Toast.LENGTH_SHORT).show();
+ }
+ return;
+ }
+ }
+ }
+
+ public void confirmDisable() {
+
+ new MaterialDialog.Builder(this)
+ .title(R.string.confirmMsg)
+ //.content(R.string.confirmMsg)
+ .cancelable(false)
+ .onPositive((dialog, which) -> {
+ purgeRules();
+ Api.updateNotification(Api.isEnabled(getApplicationContext()), getApplicationContext());
+ dialog.dismiss();
+ })
+ .onNegative((dialog, which) -> {
+ Api.setEnabled(getApplicationContext(), true, true);
+ dialog.dismiss();
+ })
+ .positiveText(R.string.Yes)
+ .negativeText(R.string.No)
+ .show();
+ }
+
+ /**
+ * Set a new init script
+ */
+ private void setCustomScript() {
+ Intent intent = new Intent();
+ intent.setClass(this, CustomScriptActivity.class);
+ startActivityForResult(intent, SHOW_CUSTOM_SCRIPT);
+ }
+
+ /*private void startCustomRules() {
+ if ((G.isDoKey(getApplicationContext()) || isDonate())) {
+ Intent intent = new Intent();
+ intent.setClass(this, CustomRulesActivity.class);
+ startActivity(intent);
+ } else {
+ Api.donateDialog(MainActivity.this, false);
+ }
+ }*/
+
+ @Override
+ protected void onActivityResult(int requestCode, int resultCode, Intent data) {
+ super.onActivityResult(requestCode, resultCode, data);
+ switch (requestCode) {
+ case LOCK_VERIFICATION:
+ case REQ_ENTER_PATTERN: {
+ switch (resultCode) {
+ case RESULT_OK:
+ showOrLoadApplications();
+ break;
+ default:
+ MainActivity.this.finish();
+ android.os.Process.killProcess(android.os.Process.myPid());
+ break;
+ }
+ }
+ break;
+
+ case VERIFY_CHECK: {
+ Log.i(Api.TAG, "In VERIFY_CHECK");
+ switch (resultCode) {
+ case RESULT_OK:
+ G.isDo(true);
+ break;
+ case RESULT_CANCELED:
+ G.isDo(false);
+ }
+ }
+ break;
+ //isPassVerify = true;
+ case PREFERENCE_RESULT: {
+ invalidateOptionsMenu();
+ //recreate();
+ }
+ break;
+ }
+ if (resultCode == RESULT_OK
+ && data != null && Api.CUSTOM_SCRIPT_MSG.equals(data.getAction())) {
+ final String script = data.getStringExtra(Api.SCRIPT_EXTRA);
+ final String script2 = data.getStringExtra(Api.SCRIPT2_EXTRA);
+ setCustomScript(script, script2);
+ }
+ }
+
+ /**
+ * Set a new init script
+ *
+ * @param script new script (empty to remove)
+ * @param script2 new "shutdown" script (empty to remove)
+ */
+ private void setCustomScript(String script, String script2) {
+ final Editor editor = getSharedPreferences(Api.PREFS_NAME, 0).edit();
+ // Remove unnecessary white-spaces, also replace '\r\n' if necessary
+ script = script.trim().replace("\r\n", "\n");
+ script2 = script2.trim().replace("\r\n", "\n");
+ editor.putString(Api.PREF_CUSTOMSCRIPT, script);
+ editor.putString(Api.PREF_CUSTOMSCRIPT2, script2);
+ int msgid;
+ if (editor.commit()) {
+ if (script.length() > 0 || script2.length() > 0) {
+ msgid = R.string.custom_script_defined;
+ } else {
+ msgid = R.string.custom_script_removed;
+ }
+ } else {
+ msgid = R.string.custom_script_error;
+ }
+ Api.toast(MainActivity.this, MainActivity.this.getString(msgid));
+ if (Api.isEnabled(this)) {
+ // If the firewall is enabled, re-apply the rules
+ applyOrSaveRules();
+ }
+ }
+
+ /**
+ * Show iptables rules on a dialog
+ */
+ private void showRules() {
+ Intent i = new Intent(this, RulesActivity.class);
+ startActivityForResult(i, SHOW_RULES_ACTIVITY);
+ }
+
+ /**
+ * Show logs on a dialog
+ */
+ private void showLog() {
+ if (G.oldLogView()) {
+ Intent i = new Intent(this, OldLogActivity.class);
+ startActivityForResult(i, SHOW_LOGS_ACTIVITY);
+ } else {
+ Intent i = new Intent(this, LogActivity.class);
+ startActivityForResult(i, SHOW_LOGS_ACTIVITY);
+ }
+ }
+
+ /**
+ * Apply or save iptables rules, showing a visual indication
+ */
+ private void applyOrSaveRules() {
+ final boolean enabled = Api.isEnabled(this);
+ final Context ctx = getApplicationContext();
+
+ Api.generateRules(ctx, Api.getApps(ctx, null), true);
+
+ if (!enabled) {
+ Api.setEnabled(ctx, false, true);
+ Api.toast(ctx, ctx.getString(R.string.rules_saved));
+ setDirty(false);
+ return;
+ }
+ //Api.showNotification(Api.isEnabled(getApplicationContext()), getApplicationContext());
+ Api.updateNotification(Api.isEnabled(getApplicationContext()), getApplicationContext());
+ runApply = new RunApply(MainActivity.this);
+ runApply.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
+ }
+
+ /**
+ * Purge iptables rules, showing a visual indication
+ */
+ private void purgeRules() {
+ purgeTask = new PurgeTask(MainActivity.this);
+ purgeTask.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
+ }
+
+ @Override
+ public void onClick(View v) {
+ int id = v.getId();
+ if (id == R.id.img_wifi || id == R.id.img_3g
+ || id == R.id.img_roam
+ || id == R.id.img_vpn
+ || id == R.id.img_tether
+ || id == R.id.img_lan
+ || id == R.id.img_tor) {
+ selectActionConfirmation(v.getId());
+ } else if (id == R.id.img_action) {
+ selectAction();
+ }
+ }
+
+ private void selectAction() {
+ new MaterialDialog.Builder(this)
+ .title(R.string.confirmation)
+ .cancelable(true)
+ .negativeText(R.string.Cancel)
+ .items(new String[]{
+ getString(R.string.invert_all),
+ getString(R.string.clone),
+ getString(R.string.clear_all)})
+ .itemsCallback((dialog, view, which, text) -> {
+ switch (which) {
+ case 0:
+ selectActionConfirmation(getString(R.string.reverse_all), 0);
+ break;
+ case 1:
+ cloneColumn(getString(R.string.legend_clone));
+ break;
+ case 2:
+ selectActionConfirmation(getString(R.string.unselect_all), 1);
+ break;
+ }
+ })
+ .onNegative((dialog, which) -> dialog.dismiss())
+ .show();
+
+ }
+
+ private void selectAllLAN(boolean flag) {
+ if (this.listview == null) {
+ this.listview = this.findViewById(R.id.listview);
+ }
+ ListAdapter adapter = listview.getAdapter();
+ if (adapter != null) {
+ int count = adapter.getCount(), item;
+ for (item = 0; item < count; item++) {
+ PackageInfoData data = (PackageInfoData) adapter.getItem(item);
+ if (data.uid != Api.SPECIAL_UID_ANY) {
+ data.selected_lan = flag;
+ //addToQueue(data);
+ }
+ setDirty(true);
+ }
+ ((BaseAdapter) adapter).notifyDataSetChanged();
+ }
+ }
+
+ private void selectAllTor(boolean flag) {
+ if (this.listview == null) {
+ this.listview = this.findViewById(R.id.listview);
+ }
+ ListAdapter adapter = listview.getAdapter();
+ if (adapter != null) {
+ int count = adapter.getCount(), item;
+ for (item = 0; item < count; item++) {
+ PackageInfoData data = (PackageInfoData) adapter.getItem(item);
+ if (data.uid != Api.SPECIAL_UID_ANY) {
+ data.selected_tor = flag;
+ //addToQueue(data);
+ }
+ setDirty(true);
+ }
+ ((BaseAdapter) adapter).notifyDataSetChanged();
+ }
+ }
+
+ /**
+ * Cache any batch event by user
+ *
+ * @param
+ */
+ /*public static void addToQueue(@NonNull PackageInfoData data) {
+ *//*if (queue == null) {
+ queue = new HashSet<>();
+ }
+ //add or update based on new data
+ queue.add(data);
+ getFab().setBackgroundTintList(ColorStateList.valueOf(Color.RED));*//*
+ }*/
+ private void selectAllVPN(boolean flag) {
+ if (this.listview == null) {
+ this.listview = this.findViewById(R.id.listview);
+ }
+ ListAdapter adapter = listview.getAdapter();
+ if (adapter != null) {
+ int count = adapter.getCount(), item;
+ for (item = 0; item < count; item++) {
+ PackageInfoData data = (PackageInfoData) adapter.getItem(item);
+ if (data.uid != Api.SPECIAL_UID_ANY) {
+ data.selected_vpn = flag;
+ //addToQueue(data);
+ }
+ setDirty(true);
+ }
+ ((BaseAdapter) adapter).notifyDataSetChanged();
+ }
+ }
+
+ private void selectAlltether(boolean flag) {
+ if (this.listview == null) {
+ this.listview = this.findViewById(R.id.listview);
+ }
+ ListAdapter adapter = listview.getAdapter();
+ if (adapter != null) {
+ int count = adapter.getCount(), item;
+ for (item = 0; item < count; item++) {
+ PackageInfoData data = (PackageInfoData) adapter.getItem(item);
+ if (data.uid != Api.SPECIAL_UID_ANY) {
+ data.selected_tether = flag;
+ //addToQueue(data);
+ }
+ setDirty(true);
+ }
+ ((BaseAdapter) adapter).notifyDataSetChanged();
+ }
+ }
+
+ private void selectRevert(int flag) {
+ if (this.listview == null) {
+ this.listview = this.findViewById(R.id.listview);
+ }
+ ListAdapter adapter = listview.getAdapter();
+ if (adapter != null) {
+ int count = adapter.getCount(), item;
+ for (item = 0; item < count; item++) {
+ PackageInfoData data = (PackageInfoData) adapter.getItem(item);
+ if (data.uid != Api.SPECIAL_UID_ANY) {
+ if (flag == R.id.img_wifi) {
+ data.selected_wifi = !data.selected_wifi;
+ } else if (flag == R.id.img_3g) {
+ data.selected_3g = !data.selected_3g;
+ } else if (flag == R.id.img_roam) {
+ data.selected_roam = !data.selected_roam;
+ } else if (flag == R.id.img_vpn) {
+ data.selected_vpn = !data.selected_vpn;
+ } else if (flag == R.id.img_tether) {
+ data.selected_tether = !data.selected_tether;
+ } else if (flag == R.id.img_lan) {
+ data.selected_lan = !data.selected_lan;
+ } else if (flag == R.id.img_tor) {
+ data.selected_tor = !data.selected_tor;
+ }
+ //addToQueue(data);
+ }
+ setDirty(true);
+ }
+ ((BaseAdapter) adapter).notifyDataSetChanged();
+ }
+ }
+
+ private void selectRevert() {
+ if (this.listview == null) {
+ this.listview = this.findViewById(R.id.listview);
+ }
+ ListAdapter adapter = listview.getAdapter();
+ if (adapter != null) {
+ int count = adapter.getCount(), item;
+ for (item = 0; item < count; item++) {
+ PackageInfoData data = (PackageInfoData) adapter.getItem(item);
+ if (data.uid != Api.SPECIAL_UID_ANY) {
+ data.selected_wifi = !data.selected_wifi;
+ data.selected_3g = !data.selected_3g;
+ data.selected_roam = !data.selected_roam;
+ data.selected_vpn = !data.selected_vpn;
+ data.selected_tether = !data.selected_tether;
+ data.selected_lan = !data.selected_lan;
+ data.selected_tor = !data.selected_tor;
+ //addToQueue(data);
+ }
+ setDirty(true);
+ }
+ ((BaseAdapter) adapter).notifyDataSetChanged();
+ }
+ }
+
+ private void selectAllRoam(boolean flag) {
+ if (this.listview == null) {
+ this.listview = this.findViewById(R.id.listview);
+ }
+ ListAdapter adapter = listview.getAdapter();
+ if (adapter != null) {
+ int count = adapter.getCount(), item;
+ for (item = 0; item < count; item++) {
+ PackageInfoData data = (PackageInfoData) adapter.getItem(item);
+ if (data.uid != Api.SPECIAL_UID_ANY) {
+ data.selected_roam = flag;
+ //addToQueue(data);
+ }
+ setDirty(true);
+ }
+ ((BaseAdapter) adapter).notifyDataSetChanged();
+ }
+ }
+
+ private void clearAll() {
+ if (this.listview == null) {
+ this.listview = this.findViewById(R.id.listview);
+ }
+ ListAdapter adapter = listview.getAdapter();
+ if (adapter != null) {
+ int count = adapter.getCount(), item;
+ for (item = 0; item < count; item++) {
+ PackageInfoData data = (PackageInfoData) adapter.getItem(item);
+ data.selected_wifi = false;
+ data.selected_3g = false;
+ data.selected_roam = false;
+ data.selected_vpn = false;
+ data.selected_tether = false;
+ data.selected_lan = false;
+ data.selected_tor = false;
+ //addToQueue(data);
+ setDirty(true);
+ }
+ ((BaseAdapter) adapter).notifyDataSetChanged();
+ }
+ }
+
+ private void selectAll3G(boolean flag) {
+ if (this.listview == null) {
+ this.listview = this.findViewById(R.id.listview);
+ }
+ ListAdapter adapter = listview.getAdapter();
+ if (adapter != null) {
+ int count = adapter.getCount(), item;
+ for (item = 0; item < count; item++) {
+ PackageInfoData data = (PackageInfoData) adapter.getItem(item);
+ if (data.uid != Api.SPECIAL_UID_ANY) {
+ data.selected_3g = flag;
+ //addToQueue(data);
+ }
+ // addToQueue(data);
+ setDirty(true);
+ }
+ ((BaseAdapter) adapter).notifyDataSetChanged();
+ }
+
+ }
+
+ private void selectAllWifi(boolean flag) {
+ if (this.listview == null) {
+ this.listview = this.findViewById(R.id.listview);
+ }
+ ListAdapter adapter = listview.getAdapter();
+ int count = adapter.getCount(), item;
+ if (adapter != null) {
+ for (item = 0; item < count; item++) {
+ PackageInfoData data = (PackageInfoData) adapter.getItem(item);
+ if (data.uid != Api.SPECIAL_UID_ANY) {
+ data.selected_wifi = flag;
+ // addToQueue(data);
+ }
+ setDirty(true);
+ }
+ ((BaseAdapter) adapter).notifyDataSetChanged();
+ }
+ }
+
+ @Override
+ public boolean onKeyUp(final int keyCode, final KeyEvent event) {
+
+ if (event.getAction() == KeyEvent.ACTION_UP) {
+ switch (keyCode) {
+ case KeyEvent.KEYCODE_MENU:
+ if (mainMenu != null) {
+ mainMenu.performIdentifierAction(R.id.menu_list_item, 0);
+ return true;
+ }
+ break;
+ case KeyEvent.KEYCODE_BACK:
+ if (isDirty()) {
+ new MaterialDialog.Builder(this)
+ .title(R.string.confirmation)
+ .cancelable(false)
+ .content(R.string.unsaved_changes_message)
+ .positiveText(R.string.apply)
+ .negativeText(R.string.discard)
+ .onPositive((dialog, which) -> {
+ applyOrSaveRules();
+ dialog.dismiss();
+ })
+ .onNegative((dialog, which) -> {
+ setDirty(false);
+ Api.applications = null;
+ finish();
+ //System.exit(0);
+ //force reload rules.
+ MainActivity.super.onKeyDown(keyCode, event);
+ dialog.dismiss();
+ })
+ .show();
+ return true;
+
+ } else {
+ setDirty(false);
+ //finish();
+ //System.exit(0);
+ }
+
+
+ }
+ }
+ return super.onKeyUp(keyCode, event);
+ }
+
+ /**
+ * @param i
+ */
+
+ private void selectActionConfirmation(String displayMessage, final int i) {
+
+ new MaterialDialog.Builder(this)
+ .title(R.string.confirmation).content(displayMessage)
+ .cancelable(true)
+ .positiveText(R.string.OK)
+ .negativeText(R.string.Cancel)
+ .onPositive((dialog, which) -> {
+ switch (i) {
+ case 0:
+ selectRevert();
+ break;
+ case 1:
+ clearAll();
+ }
+ dialog.dismiss();
+ })
+
+ .onNegative((dialog, which) -> dialog.dismiss())
+ .show();
+ }
+
+ private void cloneColumn(String displayMessage) {
+ String[] items = new String[]{
+ getString(R.string.lan),
+ getString(R.string.wifi),
+ getString(R.string.data),
+ getString(R.string.vpn),
+ getString(R.string.roam),
+ getString(R.string.tether),
+ getString(R.string.tor)};
+
+ new MaterialDialog.Builder(this)
+ .title(R.string.confirmation).content(displayMessage)
+ .cancelable(true)
+ .positiveText(R.string.OK)
+ .negativeText(R.string.Cancel)
+ .items(items)
+ .itemsCallbackSingleChoice(-1, (dialog, view, which, text) -> {
+ switch (which) {
+ default:
+ new MaterialDialog.Builder(this)
+ .title(R.string.confirmation).content(displayMessage)
+ .cancelable(true)
+ .positiveText(R.string.OK)
+ .negativeText(R.string.Cancel)
+ .items(items)
+ .itemsCallbackSingleChoice(-1, (dialog2, view2, which2, text2) -> {
+ switch (which) {
+ default:
+ copyColumns(which, which2);
+
+ }
+ return true;
+ })
+ .positiveText(R.string.clone)
+
+ .onNegative((dialog2, which2) -> dialog.dismiss())
+ .show();
+ }
+ return true;
+ })
+ .positiveText(R.string.from)
+ .onNegative((dialog, which) -> dialog.dismiss())
+ .show();
+ }
+
+ private void copyColumns(int which, int which2) {
+ if (this.listview == null) {
+ this.listview = this.findViewById(R.id.listview);
+ }
+ ListAdapter adapter = listview.getAdapter();
+ if (adapter != null) {
+ int count = adapter.getCount(), item;
+ for (item = 0; item < count; item++) {
+ PackageInfoData data = (PackageInfoData) adapter.getItem(item);
+ if (data.uid != Api.SPECIAL_UID_ANY) {
+ switch (which) {
+ case 0:
+ switch (which2) {
+ case 0:
+ break;
+ case 1:
+ data.selected_wifi = data.selected_lan;
+ break;
+ case 2:
+ data.selected_3g = data.selected_lan;
+ break;
+ case 3:
+ data.selected_vpn = data.selected_lan;
+ break;
+ case 4:
+ data.selected_roam = data.selected_lan;
+ break;
+ case 5:
+ data.selected_tether = data.selected_lan;
+ break;
+ case 6:
+ data.selected_tor = data.selected_lan;
+ break;
+ }
+ break;
+ case 1:
+ switch (which2) {
+ case 0:
+ data.selected_lan = data.selected_wifi;
+ break;
+ case 1:
+ break;
+ case 2:
+ data.selected_3g = data.selected_wifi;
+ break;
+ case 3:
+ data.selected_vpn = data.selected_wifi;
+ break;
+ case 4:
+ data.selected_roam = data.selected_wifi;
+ break;
+ case 5:
+ data.selected_tether = data.selected_wifi;
+ break;
+ case 6:
+ data.selected_tor = data.selected_wifi;
+ break;
+ }
+ break;
+ case 2:
+ switch (which2) {
+ case 0:
+ data.selected_lan = data.selected_3g;
+ break;
+ case 1:
+ data.selected_wifi = data.selected_3g;
+ break;
+ case 2:
+ break;
+ case 3:
+ data.selected_vpn = data.selected_3g;
+ break;
+ case 4:
+ data.selected_roam = data.selected_3g;
+ break;
+ case 5:
+ data.selected_tether = data.selected_3g;
+ break;
+ case 6:
+ data.selected_tor = data.selected_3g;
+ break;
+ }
+ break;
+ case 3:
+ switch (which2) {
+ case 0:
+ data.selected_lan = data.selected_vpn;
+ break;
+ case 1:
+ data.selected_wifi = data.selected_vpn;
+ break;
+ case 2:
+ data.selected_3g = data.selected_vpn;
+ break;
+ case 3:
+ break;
+ case 4:
+ data.selected_roam = data.selected_vpn;
+ break;
+ case 5:
+ data.selected_tether = data.selected_vpn;
+ break;
+ case 6:
+ data.selected_tor = data.selected_vpn;
+ break;
+ }
+ break;
+ case 4:
+ switch (which2) {
+ case 0:
+ data.selected_lan = data.selected_roam;
+ break;
+ case 1:
+ data.selected_wifi = data.selected_roam;
+ break;
+ case 2:
+ data.selected_3g = data.selected_roam;
+ break;
+ case 3:
+ data.selected_vpn = data.selected_roam;
+ break;
+ case 4:
+ break;
+ case 5:
+ data.selected_tether = data.selected_roam;
+ break;
+ case 6:
+ data.selected_tor = data.selected_roam;
+ break;
+ }
+ break;
+ case 5:
+ switch (which2) {
+ case 0:
+ data.selected_lan = data.selected_tether;
+ break;
+ case 1:
+ data.selected_wifi = data.selected_tether;
+ break;
+ case 2:
+ data.selected_3g = data.selected_tether;
+ break;
+ case 3:
+ data.selected_vpn = data.selected_tether;
+ break;
+ case 4:
+ data.selected_roam = data.selected_tether;
+ break;
+ case 5:
+ break;
+ case 6:
+ data.selected_tor = data.selected_tether;
+ break;
+ }
+ break;
+ case 6:
+ switch (which2) {
+ case 0:
+ data.selected_lan = data.selected_tor;
+ break;
+ case 1:
+ data.selected_wifi = data.selected_tor;
+ break;
+ case 2:
+ data.selected_3g = data.selected_tor;
+ break;
+ case 3:
+ data.selected_vpn = data.selected_tor;
+ break;
+ case 4:
+ data.selected_roam = data.selected_tor;
+ break;
+ case 5:
+ data.selected_tether = data.selected_tor;
+ break;
+ case 6:
+ break;
+ }
+ break;
+ }
+ }
+ setDirty(true);
+ }
+ ((BaseAdapter) adapter).notifyDataSetChanged();
+ }
+ }
+
+ private void selectActionConfirmation(final int i) {
+
+ new MaterialDialog.Builder(this)
+ .title(R.string.select_action)
+ .cancelable(true)
+ .items(new String[]{
+ getString(R.string.check_all),
+ getString(R.string.invert_all),
+ getString(R.string.uncheck_all)})
+ .itemsCallback((dialog, view, which, text) -> {
+ if (which == 0) {
+ if (i == R.id.img_wifi) {
+ dialog.setTitle(text + getString(R.string.wifi));
+ selectAllWifi(true);
+ } else if (i == R.id.img_3g) {
+ dialog.setTitle(text + getString(R.string.data));
+ selectAll3G(true);
+ } else if (i == R.id.img_roam) {
+ dialog.setTitle(text + getString(R.string.roam));
+ selectAllRoam(true);
+ } else if (i == R.id.img_vpn) {
+ dialog.setTitle(text + getString(R.string.vpn));
+ selectAllVPN(true);
+ } else if (i == R.id.img_tether) {
+ dialog.setTitle(text + getString(R.string.tether));
+ selectAlltether(true);
+ } else if (i == R.id.img_lan) {
+ dialog.setTitle(text + getString(R.string.lan));
+ selectAllLAN(true);
+ } else if (i == R.id.img_tor) {
+ dialog.setTitle(text + getString(R.string.tor));
+ selectAllTor(true);
+ }
+ } else if (which == 1) {
+ if (i == R.id.img_wifi) {
+ dialog.setTitle(text + getString(R.string.wifi));
+ } else if (i == R.id.img_3g) {
+ dialog.setTitle(text + getString(R.string.data));
+ } else if (i == R.id.img_roam) {
+ dialog.setTitle(text + getString(R.string.roam));
+ } else if (i == R.id.img_vpn) {
+ dialog.setTitle(text + getString(R.string.vpn));
+ } else if (i == R.id.img_tether) {
+ dialog.setTitle(text + getString(R.string.tether));
+ } else if (i == R.id.img_lan) {
+ dialog.setTitle(text + getString(R.string.lan));
+ } else if (i == R.id.img_tor) {
+ dialog.setTitle(text + getString(R.string.tor));
+ }
+ selectRevert(i);
+ dirty = true;
+ } else if (which == 2) {
+
+ if (i == R.id.img_wifi) {
+ dialog.setTitle(text + getString(R.string.wifi));
+ selectAllWifi(false);
+ } else if (i == R.id.img_3g) {
+ dialog.setTitle(text + getString(R.string.data));
+ selectAll3G(false);
+ } else if (i == R.id.img_roam) {
+ dialog.setTitle(text + getString(R.string.roam));
+ selectAllRoam(false);
+ } else if (i == R.id.img_vpn) {
+ dialog.setTitle(text + getString(R.string.vpn));
+ selectAllVPN(false);
+ } else if (i == R.id.img_tether) {
+ dialog.setTitle(text + getString(R.string.tether));
+ selectAlltether(false);
+ } else if (i == R.id.img_lan) {
+ dialog.setTitle(text + getString(R.string.lan));
+ selectAllLAN(false);
+ } else if (i == R.id.img_tor) {
+ dialog.setTitle(text + getString(R.string.tor));
+ selectAllTor(false);
+ }
+ }
+ }).show();
+ }
+
+ protected boolean isSuPackage(PackageManager pm, String suPackage) {
+ try {
+ PackageInfo info = pm.getPackageInfo(suPackage, 0);
+ return info.applicationInfo != null;
+ } catch (PackageManager.NameNotFoundException e) {
+ return false;
+ }
+ }
+
+ @Override
+ public void onDestroy() {
+ super.onDestroy();
+ if (getAppList != null) {
+ getAppList.cancel(true);
+ }
+ if (runApply != null) {
+ runApply.cancel(true);
+ }
+
+ if (purgeTask != null) {
+ purgeTask.cancel(true);
+ }
+
+ if (toastReceiver != null) {
+ unregisterReceiver(toastReceiver);
+ }
+ if (themeRefreshReceiver != null) {
+ unregisterReceiver(themeRefreshReceiver);
+ }
+ if (uiRefreshReceiver != null) {
+ unregisterReceiver(uiRefreshReceiver);
+ }
+
+ // Clean up shell instances to prevent interruption crashes
+ try {
+ // Force close any existing shell instances
+ com.topjohnwu.superuser.Shell shell = com.topjohnwu.superuser.Shell.getCachedShell();
+ if (shell != null && !shell.isAlive()) {
+ shell.close();
+ }
+ } catch (Exception e) {
+ }
+ }
+
+ @Override
+ protected void attachBaseContext(Context base) {
+ super.attachBaseContext(Api.updateBaseContextLocale(base));
+ }
+
+ private class PurgeTask extends AsyncTask {
+
+ private MaterialDialog progress;
+ private final WeakReference activityReference;
+
+ PurgeTask(MainActivity context) {
+ activityReference = new WeakReference<>(context);
+ }
+
+ @Override
+ protected void onPreExecute() {
+ progress = new MaterialDialog.Builder(activityReference.get())
+ .title(R.string.working)
+ .cancelable(true)
+ .content(R.string.purging_rules)
+ .progress(true, 0)
+ .show();
+ }
+
+ @Override
+ protected Boolean doInBackground(Void... voids) {
+ if (G.hasRoot()) {
+ //store the root value
+ G.hasRoot(true);
+ Api.purgeIptables(ctx, true, new RootCommand()
+ .setSuccessToast(R.string.rules_deleted)
+ .setFailureToast(R.string.error_purge)
+ .setReopenShell(true)
+ .setCallback(new RootCommand.Callback() {
+ public void cbFunc(RootCommand state) {
+ // error exit -> assume the rules are still enabled
+ // we shouldn't wind up in this situation, but if we do, the user's
+ // best bet is to click Apply then toggle Enabled again
+ try {
+ progress.dismiss();
+ } catch (Exception ex) {
+ }
+ boolean nowEnabled = state.exitCode != 0;
+ runOnUiThread(() -> {
+ Api.setEnabled(ctx, nowEnabled, true);
+ menuSetApplyOrSave(mainMenu, nowEnabled);
+ refreshHeader();
+ });
+
+ }
+ }));
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ @Override
+ protected void onPostExecute(Boolean aVoid) {
+ super.onPostExecute(aVoid);
+ if (!aVoid) {
+ Toast.makeText(ctx, ctx.getString(R.string.error_su_toast), Toast.LENGTH_SHORT).show();
+ try {
+ progress.dismiss();
+ progress = null;
+ } catch (Exception ex) {
+ } finally {
+ assert progress != null;
+ progress.dismiss();
+ progress = null;
+ }
+ }
+ }
+ }
+
+ public class GetAppList extends AsyncTask {
+
+ private final WeakReference activityReference;
+
+ GetAppList(MainActivity context) {
+ activityReference = new WeakReference<>(context);
+ }
+
+ @Override
+ protected void onPreExecute() {
+ plsWait = new MaterialDialog.Builder(activityReference.get()).cancelable(false).
+ title(getString(R.string.reading_apps)).progress(false, getPackageManager().getInstalledApplications(0)
+ .size(), true).show();
+ doProgress(0);
+ }
+
+ public void doProgress(int value) {
+ publishProgress(value);
+ }
+
+ @Override
+ protected Void doInBackground(Void... params) {
+ Api.getApps(activityReference.get(), this);
+ if (isCancelled())
+ return null;
+ //publishProgress(-1);
+ return null;
+ }
+
+ @Override
+ protected void onPostExecute(Void result) {
+ selectFilterGroup();
+ doProgress(-1);
+ try {
+ try {
+ if (plsWait != null && plsWait.isShowing()) {
+ plsWait.dismiss();
+ }
+ } catch (final IllegalArgumentException e) {
+ // Handle or log or ignore
+ } catch (final Exception e) {
+ // Handle or log or ignore
+ } finally {
+ plsWait.dismiss();
+ plsWait = null;
+ }
+ mSwipeLayout.setRefreshing(false);
+ } catch (Exception e) {
+ // nothing
+ if (plsWait != null) {
+ plsWait.dismiss();
+ plsWait = null;
+ }
+ }
+ }
+
+ @Override
+ protected void onProgressUpdate(Integer... progress) {
+
+ if (progress[0] == 0 || progress[0] == -1) {
+ //do nothing
+ } else {
+ if (plsWait != null) {
+ plsWait.incrementProgress(progress[0]);
+ }
+ }
+ }
+ }
+
+ private class RunApply extends AsyncTask {
+ boolean enabled = Api.isEnabled(getApplicationContext());
+
+ private final WeakReference activityReference;
+
+ RunApply(MainActivity context) {
+ activityReference = new WeakReference<>(context);
+ }
+
+ @Override
+ protected void onPreExecute() {
+ runProgress = new MaterialDialog.Builder(activityReference.get())
+ .title(R.string.su_check_title)
+ .cancelable(true)
+ .customView(R.layout.apply_view, false)
+ //.content(enabled ? R.string.applying_rules
+ // : R.string.saving_rules)
+ .negativeText("Dismiss")
+ .show();
+ if (G.enableIPv6()) {
+ runProgress.findViewById(R.id.apply6layout).setVisibility(View.VISIBLE);
+ }
+ }
+
+ @Override
+ protected Boolean doInBackground(Void... params) {
+ //set the progress
+ if (G.hasRoot()) {
+ Api.setRulesUpToDate(false);
+ RootCommand rootCommand = new RootCommand()
+ .setSuccessToast(R.string.rules_applied)
+ .setFailureToast(R.string.error_apply)
+ .setCallback(new RootCommand.Callback() {
+ public void cbFunc(RootCommand state) {
+ try {
+ if (runProgress != null) {
+ runProgress.dismiss();
+ }
+ } catch (Exception ex) {
+ }
+ if (state.exitCode == 0) {
+ setDirty(false);
+ }
+ //queue.clear();
+ runOnUiThread(() -> {
+ setDirty(false);
+ if (state.exitCode != 0) {
+ Api.errorNotification(activityReference.get());
+ menuSetApplyOrSave(activityReference.get().mainMenu, false);
+ Api.setEnabled(activityReference.get(), false, true);
+ } else {
+ menuSetApplyOrSave(activityReference.get().mainMenu, enabled);
+ Api.setEnabled(activityReference.get(), enabled, true);
+ }
+ refreshHeader();
+ });
+ }
+ });
+ Api.applySavedIptablesRules(activityReference.get(), true, rootCommand);
+ return true;
+ } else {
+ runOnUiThread(() -> {
+ setDirty(false);
+ try {
+ runProgress.dismiss();
+ } catch (Exception ex) {
+ }
+ });
+ return false;
+ }
+
+ }
+
+ @Override
+ protected void onPostExecute(Boolean aVoid) {
+ super.onPostExecute(aVoid);
+ if (!aVoid) {
+ Toast.makeText(activityReference.get(), getString(R.string.error_su_toast), Toast.LENGTH_SHORT).show();
+ disableFirewall();
+ refreshHeader();
+ try {
+ runProgress.dismiss();
+ } catch (Exception ex) {
+ }
+ }
+ }
+ }
+
+ private class RootCheck extends AsyncTask {
+ MaterialDialog suDialog = null;
+ boolean unsupportedSU = false;
+ boolean[] suGranted = {false};
+ private Context context = null;
+ //private boolean suAvailable = false;
+
+ public RootCheck setContext(Context context) {
+ this.context = context;
+ return this;
+ }
+
+ @Override
+ protected void onPreExecute() {
+ suDialog = new MaterialDialog.Builder(context).
+ cancelable(false).title(getString(R.string.su_check_title)).progress(true, 0).content(context.getString(R.string.su_check_message))
+ .show();
+ }
+
+ @Override
+ protected Void doInBackground(Void... params) {
+ //open shell if required
+ Shell.getShell().isRoot();
+ suGranted[0] = Shell.isAppGrantedRoot();
+ unsupportedSU = isSuPackage(getPackageManager(), "com.kingroot.kinguser");
+ return null;
+ }
+
+ @Override
+ protected void onPostExecute(Void aVoid) {
+ super.onPostExecute(aVoid);
+ try {
+ if (suDialog != null) {
+ suDialog.dismiss();
+ }
+ } catch (final Exception e) {
+ } finally {
+ suDialog = null;
+ }
+ if (!Api.isNetfilterSupported() && !isFinishing()) {
+ new MaterialDialog.Builder(MainActivity.this).cancelable(false)
+ .title(R.string.error_common)
+ .content(R.string.error_netfilter)
+ .onPositive(new MaterialDialog.SingleButtonCallback() {
+ @Override
+ public void onClick(@NonNull MaterialDialog dialog, @NonNull DialogAction which) {
+ dialog.dismiss();
+ }
+ })
+ .onNegative((dialog, which) -> {
+ MainActivity.this.finish();
+ android.os.Process.killProcess(android.os.Process.myPid());
+ dialog.dismiss();
+ })
+ .positiveText(R.string.Continue)
+ .negativeText(R.string.exit)
+ .show();
+ }
+ /*// more details on https://github.com/ukanth/afwall/issues/501
+ if (isSuPackage(getPackageManager(), "com.kingroot.kinguser")) {
+ G.kingDetected(true);
+ }*/
+ if (!suGranted[0] && !unsupportedSU && !isFinishing()) {
+ disableFirewall();
+ showRootNotFoundMessage();
+ } else {
+ G.hasRoot(true);
+ startRootShell();
+ new SecurityUtil(MainActivity.this).passCheck();
+ registerNetworkObserver();
+ // Ensure FirewallService is started if firewall is enabled
+ if (Api.isEnabled(MainActivity.this)) {
+ Api.setEnabled(MainActivity.this, true, false);
+ }
+ }
+ }
+ }
+
+ @RequiresApi(28)
+ private static class OnUnhandledKeyEventListenerWrapper implements View.OnUnhandledKeyEventListener {
+ private final ViewCompat.OnUnhandledKeyEventListenerCompat mCompatListener;
+
+ OnUnhandledKeyEventListenerWrapper(ViewCompat.OnUnhandledKeyEventListenerCompat listener) {
+ this.mCompatListener = listener;
+ }
+
+ public boolean onUnhandledKeyEvent(View v, KeyEvent event) {
+ return this.mCompatListener.onUnhandledKeyEvent(v, event);
+ }
+ }
+
+}
+
diff --git a/app/src/main/java/dev/ukanth/ufirewall/activity/AppDetailActivity.java b/app/src/main/java/dev/ukanth/ufirewall/activity/AppDetailActivity.java
new file mode 100644
index 0000000..40877bc
--- /dev/null
+++ b/app/src/main/java/dev/ukanth/ufirewall/activity/AppDetailActivity.java
@@ -0,0 +1,232 @@
+package dev.ukanth.ufirewall.activity;
+
+import android.content.Context;
+import android.content.pm.ApplicationInfo;
+import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
+import android.content.pm.PackageManager.NameNotFoundException;
+import android.os.Bundle;
+import android.view.MenuItem;
+import android.widget.Button;
+import android.widget.CheckBox;
+import android.widget.ImageView;
+import android.widget.TextView;
+
+import androidx.appcompat.app.AppCompatActivity;
+import androidx.appcompat.widget.Toolbar;
+
+import com.raizlabs.android.dbflow.sql.language.SQLite;
+import com.stericson.rootshell.execution.Command;
+import com.stericson.rootshell.execution.Shell;
+import com.stericson.roottools.RootTools;
+
+import java.io.File;
+import java.util.Arrays;
+import java.util.HashMap;
+
+import dev.ukanth.ufirewall.Api;
+import dev.ukanth.ufirewall.R;
+import dev.ukanth.ufirewall.log.Log;
+import dev.ukanth.ufirewall.log.LogPreference;
+import dev.ukanth.ufirewall.log.LogPreference_Table;
+import dev.ukanth.ufirewall.util.G;
+
+public class AppDetailActivity extends AppCompatActivity {
+ public static final String TAG = "AFWall";
+
+
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ initTheme();
+ setTitle(getString(R.string.traffic_detail_title));
+ setContentView(R.layout.app_detail);
+
+ int appid = getIntent().getIntExtra("appid", -1);
+ String packageName = getIntent().getStringExtra("package");
+ try {
+ CheckBox logOption = findViewById(R.id.notification_p);
+ LogPreference logPreference = SQLite.select()
+ .from(LogPreference.class)
+ .where(LogPreference_Table.uid.eq(appid)).querySingle();
+
+ if (logPreference != null) {
+ logOption.setChecked(logPreference.isDisable());
+ }
+
+ logOption.setOnCheckedChangeListener((buttonView, isChecked) -> {
+ //only use when triggered by user
+ if (buttonView.isPressed()) {
+ // write the logic here
+ G.updateLogNotification(appid, isChecked);
+ }
+ });
+ } catch (Exception ignored) {
+ }
+
+ Toolbar toolbar = findViewById(R.id.app_toolbar);
+ setSupportActionBar(toolbar);
+
+ if (getSupportActionBar() != null) {
+ getSupportActionBar().setHomeButtonEnabled(true);
+ getSupportActionBar().setDisplayHomeAsUpEnabled(true);
+ }
+
+ final Context ctx = getApplicationContext();
+
+ ImageView image = findViewById(R.id.app_icon);
+ TextView textView = findViewById(R.id.app_title);
+ TextView textView2 = findViewById(R.id.app_package);
+ TextView up = findViewById(R.id.up);
+ TextView down = findViewById(R.id.down);
+
+ /**/
+
+ final PackageManager packageManager = getApplicationContext().getPackageManager();
+
+ HashMap listMaps = Api.getPackagesForUser(Api.getListOfUids());
+ String packageNameList = "";
+ PackageInfo packageInfo = Api.getPackageDetails(ctx, listMaps, appid);
+ if(packageInfo != null && packageInfo.applicationInfo != null) {
+ packageNameList = packageInfo.applicationInfo.name;
+ }
+
+ //final String[] packageNameList = ctx.getPackageManager().getPackagesForUid(appid);
+
+ final String pName = packageName;
+ Button button = findViewById(R.id.app_settings);
+ button.setOnClickListener(v -> Api.showInstalledAppDetails(getApplicationContext(), pName));
+ ApplicationInfo applicationInfo;
+
+ try {
+ assert packageName != null;
+ if (!packageName.startsWith("dev.afwall.special.")) {
+ applicationInfo = packageManager.getApplicationInfo(packageName, PackageManager.GET_META_DATA);
+ try {
+ image.setImageDrawable(applicationInfo.loadIcon(packageManager));
+ } catch (Exception e){
+ image.setImageDrawable(applicationInfo.loadIcon(packageManager));
+ }
+ String name = packageManager.getApplicationLabel(applicationInfo).toString();
+ textView.setText(name);
+ setTotalBytesManual(down, up, applicationInfo.uid);
+ } else {
+ image.setImageDrawable(getApplicationContext().getDrawable(R.drawable.ic_unknown));
+ if(appid >= 0) {
+ textView.setText(Api.getSpecialDescription(getApplicationContext(), packageName.replace("dev.afwall.special.", "")));
+ } else {
+ textView.setText(Api.getSpecialDescriptionSystem(getApplicationContext(), packageName.replace("dev.afwall.special.", "")));
+ }
+ down.setText(" : " + humanReadableByteCount(0, false));
+ up.setText(" : " + humanReadableByteCount(0, false));
+ button.setEnabled(false);
+ }
+
+ if (packageNameList != null) {
+ textView2.setText(packageNameList);
+ button.setEnabled(false);
+ } else {
+ textView2.setText(packageName);
+ }
+
+ } catch (final NameNotFoundException e) {
+ down.setText(" : " + humanReadableByteCount(0, false));
+ up.setText(" : " + humanReadableByteCount(0, false));
+ button.setEnabled(false);
+ }
+ }
+
+ private void initTheme() {
+ switch(G.getSelectedTheme()) {
+ case "D":
+ setTheme(R.style.AppDarkTheme);
+ break;
+ case "L":
+ setTheme(R.style.AppLightTheme);
+ //set other colors
+ break;
+ case "B":
+ setTheme(R.style.AppBlackTheme);
+ break;
+ }
+ }
+
+ private void setTotalBytesManual(TextView down, TextView up, int localUid) {
+ File dir = new File("/proc/uid_stat/");
+ down.setText(" : " + humanReadableByteCount(Long.parseLong("0"), false));
+ up.setText(" : " + humanReadableByteCount(Long.parseLong("0"), false));
+ if (dir.exists()) {
+ String[] children = dir.list();
+ if (children != null) {
+ if (!Arrays.asList(children).contains(String.valueOf(localUid))) {
+ down.setText(" : " + humanReadableByteCount(Long.parseLong("0"), false));
+ up.setText(" : " + humanReadableByteCount(Long.parseLong("0"), false));
+ return;
+ }
+ } else {
+ down.setText(" : " + humanReadableByteCount(Long.parseLong("0"), false));
+ up.setText(" : " + humanReadableByteCount(Long.parseLong("0"), false));
+ return;
+ }
+
+ File uidFileDir = new File("/proc/uid_stat/" + localUid);
+ if (uidFileDir.exists()) {
+ File uidActualFileReceived = new File(uidFileDir, "tcp_rcv");
+ File uidActualFileSent = new File(uidFileDir, "tcp_snd");
+ String textReceived = "0";
+ String textSent = "0";
+ try {
+ if (uidActualFileReceived.exists() && uidActualFileSent.exists()) {
+ Command command = new Command(0, "cat " + uidActualFileReceived.getAbsolutePath())
+ {
+ @Override
+ public void commandOutput(int id, String line) {
+ down.setText(" : " + humanReadableByteCount(Long.parseLong(line), false));
+ super.commandOutput(id, line);
+ }
+ };
+ Command command1 = new Command(1, "cat " + uidActualFileSent.getAbsolutePath())
+ {
+ @Override
+ public void commandOutput(int id, String line) {
+ up.setText(" : " + humanReadableByteCount(Long.parseLong(line), false));
+ super.commandOutput(id, line);
+ }
+ };
+ Shell shell = RootTools.getShell(true);
+ shell.add(command);
+ shell.add(command1);
+ }
+ } catch (Exception e) {
+ Log.e(TAG, "Exception while reading tx bytes: " + e.getLocalizedMessage());
+ }
+ }
+ }
+ // return Long.valueOf(textReceived).longValue() + Long.valueOf(textReceived).longValue();
+ }
+
+ public static String humanReadableByteCount(long bytes, boolean si) {
+ int unit = si ? 1000 : 1024;
+ if (bytes < 0) return "0 B";
+ if (bytes < unit) return bytes + " B";
+ int exp = (int) (Math.log(bytes) / Math.log(unit));
+ String pre = (si ? "kMGTPE" : "KMGTPE").charAt(exp - 1) + (si ? "" : "i");
+ return String.format("%.1f %sB", bytes / Math.pow(unit, exp), pre);
+ }
+
+ @Override
+ public boolean onOptionsItemSelected(MenuItem item) {
+ switch (item.getItemId()) {
+ case android.R.id.home:
+ onBackPressed();
+ return true;
+ }
+ return super.onOptionsItemSelected(item);
+ }
+
+ @Override
+ public void onDestroy() {
+ super.onDestroy();
+ }
+}
diff --git a/app/src/main/java/dev/ukanth/ufirewall/activity/BaseActivity.java b/app/src/main/java/dev/ukanth/ufirewall/activity/BaseActivity.java
new file mode 100644
index 0000000..60aa1e4
--- /dev/null
+++ b/app/src/main/java/dev/ukanth/ufirewall/activity/BaseActivity.java
@@ -0,0 +1,21 @@
+package dev.ukanth.ufirewall.activity;
+
+import android.content.Context;
+import android.content.ContextWrapper;
+import android.content.res.Configuration;
+import android.content.res.Resources;
+import android.os.Build;
+import android.os.LocaleList;
+
+import androidx.appcompat.app.AppCompatActivity;
+
+import java.util.Locale;
+
+public class BaseActivity extends AppCompatActivity {
+
+ @Override
+ protected void attachBaseContext(Context newBase) {
+ super.attachBaseContext(newBase);
+ }
+
+}
diff --git a/app/src/main/java/dev/ukanth/ufirewall/activity/CustomRulesActivity.java b/app/src/main/java/dev/ukanth/ufirewall/activity/CustomRulesActivity.java
new file mode 100644
index 0000000..683b5ff
--- /dev/null
+++ b/app/src/main/java/dev/ukanth/ufirewall/activity/CustomRulesActivity.java
@@ -0,0 +1,101 @@
+package dev.ukanth.ufirewall.activity;
+
+import android.os.Bundle;
+import android.util.DisplayMetrics;
+import android.view.Gravity;
+import android.view.MenuItem;
+import android.view.View;
+import android.widget.LinearLayout;
+import android.widget.Toast;
+
+import androidx.appcompat.app.AppCompatActivity;
+import androidx.appcompat.widget.SwitchCompat;
+import androidx.appcompat.widget.Toolbar;
+import androidx.cardview.widget.CardView;
+
+import java.util.List;
+
+import dev.ukanth.ufirewall.R;
+import dev.ukanth.ufirewall.util.CustomRuleOld;
+import dev.ukanth.ufirewall.util.Rule;
+
+public class CustomRulesActivity extends AppCompatActivity {
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+
+ final View view = getLayoutInflater().inflate(R.layout.activity_custom_rules, null);
+ setTitle(R.string.custom_rules);
+
+ LinearLayout linearLayout = view.findViewById(R.id.activity_custom_rules);
+ try {
+
+ List rules = CustomRuleOld.getRules(getApplicationContext());
+ for (final Rule rule : rules) {
+ CardView cardView = new CardView(this);
+ cardView.setElevation(5);
+ cardView.setRadius(5);
+ cardView.setLayoutParams(new LinearLayout.LayoutParams(
+ LinearLayout.LayoutParams.WRAP_CONTENT, 100));
+ cardView.setMinimumHeight(60);
+
+
+ LinearLayout.LayoutParams params = new LinearLayout.LayoutParams(LinearLayout.LayoutParams.MATCH_PARENT, LinearLayout.LayoutParams.WRAP_CONTENT);
+ params.height = 200;
+ params.gravity = Gravity.TOP;
+ params.setMargins(0, 2, 0, 40);
+ cardView.setLayoutParams(params);
+
+
+ SwitchCompat switchButton = new SwitchCompat(this);
+ switchButton.setTag(rule.getName());
+ switchButton.setOnCheckedChangeListener((buttonView, isChecked) -> {
+ Toast.makeText(getApplicationContext(), buttonView.getTag().toString() + isChecked, Toast.LENGTH_SHORT).show();
+ });
+ switchButton.setChecked(false);
+ switchButton.setContentDescription(rule.getDesc());
+ String builder = rule.getName() +
+ "\n" +
+ rule.getDesc() +
+ "\n";
+ switchButton.setText(builder);
+ switchButton.setTextSize(18);
+
+ switchButton.setLayoutParams(params);
+
+ cardView.addView(switchButton);
+ linearLayout.addView(cardView);
+ }
+ } catch (Exception ignored) {
+
+ }
+
+ setContentView(view);
+
+ Toolbar toolbar = findViewById(R.id.custom_toolbar_rules);
+ setSupportActionBar(toolbar);
+
+ if (getSupportActionBar() != null) {
+ getSupportActionBar().setHomeButtonEnabled(true);
+ getSupportActionBar().setDisplayHomeAsUpEnabled(true);
+ }
+
+
+ }
+
+ @Override
+ public boolean onOptionsItemSelected(MenuItem item) {
+ switch (item.getItemId()) {
+ case android.R.id.home:
+ onBackPressed();
+ return true;
+ }
+ return super.onOptionsItemSelected(item);
+ }
+
+ public int dpToPixels(int dp) {
+ DisplayMetrics displayMetrics = getApplicationContext().getResources().getDisplayMetrics();
+ return Math.round(dp * (displayMetrics.xdpi / DisplayMetrics.DENSITY_DEFAULT));
+ }
+}
diff --git a/app/src/main/java/dev/ukanth/ufirewall/activity/CustomScriptActivity.java b/app/src/main/java/dev/ukanth/ufirewall/activity/CustomScriptActivity.java
new file mode 100644
index 0000000..93bea3e
--- /dev/null
+++ b/app/src/main/java/dev/ukanth/ufirewall/activity/CustomScriptActivity.java
@@ -0,0 +1,159 @@
+/**
+ * Custom scripts activity.
+ * This screen is displayed to change the custom scripts.
+ *
+ * Copyright (C) 2009-2011 Rodrigo Zechin Rosauro
+ * Copyright (C) 2011-2012 Umakanthan Chandran
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ *
+ * @author Rodrigo Zechin Rosauro, Umakanthan Chandran
+ * @version 1.1
+ */
+package dev.ukanth.ufirewall.activity;
+
+import android.content.Intent;
+import android.content.SharedPreferences;
+import android.os.Bundle;
+import android.text.method.LinkMovementMethod;
+import android.view.KeyEvent;
+import android.view.MenuItem;
+import android.view.View;
+import android.view.View.OnClickListener;
+import android.widget.TextView;
+
+import com.google.android.material.textfield.TextInputEditText;
+
+import androidx.annotation.NonNull;
+import androidx.appcompat.app.AppCompatActivity;
+import androidx.appcompat.widget.Toolbar;
+
+import com.afollestad.materialdialogs.DialogAction;
+import com.afollestad.materialdialogs.MaterialDialog;
+
+import dev.ukanth.ufirewall.Api;
+import dev.ukanth.ufirewall.R;
+import dev.ukanth.ufirewall.util.G;
+
+/**
+ * Custom scripts activity.
+ * This screen is displayed to change the custom scripts.
+ */
+public class CustomScriptActivity extends AppCompatActivity implements OnClickListener {
+ private TextInputEditText script;
+ private TextInputEditText script2;
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+
+ initTheme();
+ setContentView(R.layout.customscript);
+
+ findViewById(R.id.customscript_ok).setOnClickListener(this);
+ findViewById(R.id.customscript_cancel).setOnClickListener(this);
+ ((TextView) findViewById(R.id.customscript_link)).setMovementMethod(LinkMovementMethod.getInstance());
+
+ final SharedPreferences prefs = getSharedPreferences(Api.PREFS_NAME, 0);
+ this.script = findViewById(R.id.customscript);
+ this.script.setText(prefs.getString(Api.PREF_CUSTOMSCRIPT, ""));
+ this.script2 = findViewById(R.id.customscript2);
+ this.script2.setText(prefs.getString(Api.PREF_CUSTOMSCRIPT2, ""));
+
+ setTitle(R.string.set_custom_script);
+
+ Toolbar toolbar = findViewById(R.id.custom_toolbar);
+ setSupportActionBar(toolbar);
+
+ if (getSupportActionBar() != null) {
+ getSupportActionBar().setHomeButtonEnabled(true);
+ getSupportActionBar().setDisplayHomeAsUpEnabled(true);
+ }
+ }
+
+
+ private void initTheme() {
+ switch(G.getSelectedTheme()) {
+ case "D":
+ setTheme(R.style.AppDarkTheme);
+ break;
+ case "L":
+ setTheme(R.style.AppLightTheme);
+ break;
+ case "B":
+ setTheme(R.style.AppBlackTheme);
+ break;
+ }
+ }
+
+ @Override
+ public boolean onOptionsItemSelected(MenuItem item) {
+ switch (item.getItemId()) {
+ case android.R.id.home:
+ onBackPressed();
+ return true;
+ }
+ return super.onOptionsItemSelected(item);
+ }
+
+ /**
+ * Set the activity result to RESULT_OK and terminate this activity.
+ */
+ private void resultOk() {
+ final Intent response = new Intent(Api.CUSTOM_SCRIPT_MSG);
+ response.putExtra(Api.SCRIPT_EXTRA, script.getText().toString());
+ response.putExtra(Api.SCRIPT2_EXTRA, script2.getText().toString());
+ setResult(RESULT_OK, response);
+ finish();
+ }
+
+ @Override
+ public void onClick(View v) {
+ if (v.getId() == R.id.customscript_ok) {
+ resultOk();
+ } else {
+ setResult(RESULT_CANCELED);
+ finish();
+ }
+ }
+
+ @Override
+ public void onBackPressed() {
+ final SharedPreferences prefs = getSharedPreferences(Api.PREFS_NAME, 0);
+ if (script.getText().toString().equals(prefs.getString(Api.PREF_CUSTOMSCRIPT, ""))
+ && script2.getText().toString().equals(prefs.getString(Api.PREF_CUSTOMSCRIPT2, ""))) {
+ // Nothing has been changed, just return
+ super.onBackPressed();
+ return;
+ }
+ new MaterialDialog.Builder(this)
+ .title(R.string.unsaved_changes)
+ .content(R.string.unsaved_changes_message)
+ .positiveText(R.string.apply)
+ .negativeText(R.string.discard)
+ .onPositive(new MaterialDialog.SingleButtonCallback() {
+ @Override
+ public void onClick(@NonNull MaterialDialog dialog, @NonNull DialogAction which) {
+ resultOk();
+ }
+ })
+ .onNegative(new MaterialDialog.SingleButtonCallback() {
+ @Override
+ public void onClick(@NonNull MaterialDialog dialog, @NonNull DialogAction which) {
+ findViewById(R.id.customscript_cancel).performClick();
+ }
+ })
+ .show();
+ }
+}
diff --git a/app/src/main/java/dev/ukanth/ufirewall/activity/DataDumpActivity.java b/app/src/main/java/dev/ukanth/ufirewall/activity/DataDumpActivity.java
new file mode 100644
index 0000000..d122eac
--- /dev/null
+++ b/app/src/main/java/dev/ukanth/ufirewall/activity/DataDumpActivity.java
@@ -0,0 +1,480 @@
+/**
+ * Common framework for LogActivity and RulesActivity
+ *
+ * Copyright (C) 2011-2012 Umakanthan Chandran
+ * Copyright (C) 2011-2013 Kevin Cernekee
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ *
+ * @author Umakanthan Chandran
+ * @version 1.0
+ */
+
+package dev.ukanth.ufirewall.activity;
+
+import android.Manifest;
+import android.annotation.SuppressLint;
+import android.content.Context;
+import android.content.pm.PackageManager;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import android.os.Build;
+import android.os.Bundle;
+import android.os.Environment;
+import android.os.Handler;
+import android.os.Looper;
+import android.util.TypedValue;
+import android.view.Menu;
+import android.view.MenuItem;
+import android.view.SubMenu;
+import android.view.View;
+import android.widget.ScrollView;
+import android.widget.TextView;
+import android.widget.Toast;
+
+import androidx.appcompat.app.AppCompatActivity;
+import androidx.appcompat.widget.Toolbar;
+import androidx.core.app.ActivityCompat;
+import androidx.cardview.widget.CardView;
+import androidx.core.widget.NestedScrollView;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.lang.ref.WeakReference;
+
+import dev.ukanth.ufirewall.Api;
+import dev.ukanth.ufirewall.R;
+import dev.ukanth.ufirewall.log.Log;
+import dev.ukanth.ufirewall.util.G;
+
+
+public abstract class DataDumpActivity extends AppCompatActivity {
+
+ public static final String TAG = "AFWall";
+
+ protected static final int MENU_TOGGLE = -3;
+ protected static final int MENU_COPY = 16;
+ protected static final int MENU_EXPORT_LOG = 17;
+ protected static final int MENU_REFRESH = 13;
+
+ protected static final int MENU_ZOOM_IN = 22;
+ protected static final int MENU_ZOOM_OUT = 23;
+ TextView scaleGesture;
+ View mScrollView; // Can be either ScrollView or NestedScrollView
+
+ // Modern layout components
+ private TextView rulesTitle;
+ private TextView rulesStatus;
+ private TextView rulesContent;
+ private TextView interfacesContent;
+ private TextView systemContent;
+ private TextView preferencesContent;
+ private TextView logcatContent;
+ private CardView interfacesCard;
+ private CardView systemCard;
+ private CardView preferencesCard;
+ private CardView logcatCard;
+ private boolean useModernLayout = true;
+
+ protected Menu mainMenu;
+ protected static String dataText;
+
+ // to be filled in by subclasses
+ protected static String sdDumpFile = "iptables.log";
+
+ protected abstract void populateMenu(SubMenu sub);
+
+ protected abstract void populateData(final Context ctx);
+
+ private static final int MY_PERMISSIONS_REQUEST_WRITE_STORAGE = 1;
+
+ private void initModernViews() {
+ rulesTitle = findViewById(R.id.rules_title);
+ rulesStatus = findViewById(R.id.rules_status);
+ rulesContent = findViewById(R.id.rules_content);
+ interfacesContent = findViewById(R.id.interfaces_content);
+ systemContent = findViewById(R.id.system_content);
+ preferencesContent = findViewById(R.id.preferences_content);
+ logcatContent = findViewById(R.id.logcat_content);
+ interfacesCard = findViewById(R.id.interfaces_card);
+ systemCard = findViewById(R.id.system_card);
+ preferencesCard = findViewById(R.id.preferences_card);
+ logcatCard = findViewById(R.id.logcat_card);
+ }
+
+ protected void setData(final String data) {
+ dataText = data;
+ Handler refresh = new Handler(Looper.getMainLooper());
+ refresh.post(() -> {
+ if (useModernLayout) {
+ parseAndDisplayModernData(data);
+ } else {
+ scaleGesture = findViewById(R.id.rules);
+ scaleGesture.setText(data);
+ scaleGesture.setTextSize(TypedValue.COMPLEX_UNIT_PX, G.ruleTextSize());
+ }
+ });
+ }
+
+ @SuppressLint("SetTextI18n")
+ private void parseAndDisplayModernData(String data) {
+ // Initialize all sections as empty and hide cards
+ rulesContent.setText("");
+ interfacesContent.setText("");
+ systemContent.setText("");
+ preferencesContent.setText("");
+ logcatContent.setText("");
+
+ interfacesCard.setVisibility(View.GONE);
+ systemCard.setVisibility(View.GONE);
+ preferencesCard.setVisibility(View.GONE);
+ logcatCard.setVisibility(View.GONE);
+
+ // Parse sections more intelligently by looking for section headers
+ String[] lines = data.split("\n");
+ StringBuilder currentSection = new StringBuilder();
+ String currentSectionType = null;
+
+ for (String line : lines) {
+ // Check if this is a section header (starts with =, contains title, ends with =)
+ if (line.matches("^=+$")) {
+ // Skip separator lines
+ continue;
+ }
+
+ // Check if this line is a section title
+ String sectionType = detectSectionType(line.trim());
+
+ if (sectionType != null) {
+ // Process previous section if it exists
+ if (currentSectionType != null && currentSection.length() > 0) {
+ processSectionContent(currentSectionType, currentSection.toString());
+ }
+
+ // Start new section
+ currentSectionType = sectionType;
+ currentSection = new StringBuilder();
+ continue;
+ }
+
+ // Add line to current section
+ if (currentSectionType != null) {
+ currentSection.append(line).append("\n");
+ }
+ }
+
+ // Process the last section
+ if (currentSectionType != null && currentSection.length() > 0) {
+ processSectionContent(currentSectionType, currentSection.toString());
+ }
+
+ // Set font sizes for all content views
+ float textSize = G.ruleTextSize();
+ rulesContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, textSize);
+ interfacesContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, textSize);
+ systemContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, textSize);
+ preferencesContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, textSize);
+ logcatContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, textSize);
+
+ // Keep the hidden TextView updated for backward compatibility (export, copy functions)
+ TextView hiddenRules = findViewById(R.id.rules);
+ hiddenRules.setText(data);
+ }
+
+ private String detectSectionType(String line) {
+ String trimmed = line.trim();
+ if (trimmed.equals(getString(R.string.ipv4_rules_title))) {
+ return "ipv4_rules";
+ } else if (trimmed.equals(getString(R.string.ipv6_rules_title))) {
+ return "ipv6_rules";
+ } else if (trimmed.contains("Network interfaces")) {
+ return "interfaces";
+ } else if (trimmed.contains("ifconfig")) {
+ return "ifconfig";
+ } else if (trimmed.contains("System info")) {
+ return "system";
+ } else if (trimmed.contains("Preferences")) {
+ return "preferences";
+ } else if (trimmed.contains("Logcat")) {
+ return "logcat";
+ }
+ return null;
+ }
+
+ private void processSectionContent(String sectionType, String content) {
+ String trimmedContent = content.trim();
+ if (trimmedContent.isEmpty()) return;
+
+ switch (sectionType) {
+ case "ipv4_rules":
+ rulesTitle.setText(getString(R.string.ipv4_rules_title));
+ rulesStatus.setText(getString(R.string.ready));
+ rulesContent.setText(trimmedContent);
+ break;
+
+ case "ipv6_rules":
+ rulesTitle.setText(getString(R.string.ipv6_rules_title));
+ rulesStatus.setText(getString(R.string.ready));
+ rulesContent.setText(trimmedContent);
+ break;
+
+ case "interfaces":
+ case "ifconfig":
+ interfacesCard.setVisibility(View.VISIBLE);
+ String existingInterfaces = interfacesContent.getText().toString();
+ if (!existingInterfaces.isEmpty()) {
+ interfacesContent.setText(existingInterfaces + "\n\n" + trimmedContent);
+ } else {
+ interfacesContent.setText(trimmedContent);
+ }
+ break;
+
+ case "system":
+ systemCard.setVisibility(View.VISIBLE);
+ systemContent.setText(trimmedContent);
+ break;
+
+ case "preferences":
+ preferencesCard.setVisibility(View.VISIBLE);
+ String existingPrefs = preferencesContent.getText().toString();
+ if (!existingPrefs.isEmpty()) {
+ preferencesContent.setText(existingPrefs + "\n\n" + trimmedContent);
+ } else {
+ preferencesContent.setText(trimmedContent);
+ }
+ break;
+
+ case "logcat":
+ logcatCard.setVisibility(View.VISIBLE);
+ logcatContent.setText(trimmedContent);
+ break;
+ }
+ }
+
+ private void updateModernTextSize(float sizeDelta) {
+ float currentSize = G.ruleTextSize();
+ float newSize = currentSize + sizeDelta;
+
+ if (newSize < 8.0f) newSize = 8.0f; // Minimum size
+ if (newSize > 30.0f) newSize = 30.0f; // Maximum size
+
+ G.ruleTextSize((int) newSize);
+
+ if (rulesContent != null) rulesContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, newSize);
+ if (interfacesContent != null) interfacesContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, newSize);
+ if (systemContent != null) systemContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, newSize);
+ if (preferencesContent != null) preferencesContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, newSize);
+ if (logcatContent != null) logcatContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, newSize);
+ }
+
+ private void initTheme() {
+ switch (G.getSelectedTheme()) {
+ case "D" -> setTheme(R.style.AppDarkTheme);
+ case "L" -> setTheme(R.style.AppLightTheme);
+ case "B" -> setTheme(R.style.AppBlackTheme);
+ }
+ }
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ //requestWindowFeature(Window.FEATURE_ACTION_BAR_OVERLAY);
+ super.onCreate(savedInstanceState);
+
+ initTheme();
+ if (useModernLayout) {
+ setContentView(R.layout.rules_modern);
+ initModernViews();
+ } else {
+ setContentView(R.layout.rules);
+ }
+
+ Toolbar toolbar = findViewById(R.id.rule_toolbar);
+ //toolbar.setTitle(getString(R.string.showrules_title));
+ toolbar.setNavigationOnClickListener(new View.OnClickListener() {
+ @Override
+ public void onClick(View v) {
+ finish();
+ }
+ });
+
+ setSupportActionBar(toolbar);
+
+ mScrollView = findViewById(R.id.ruleScrollView);
+
+ // Load partially transparent black background
+ if (getSupportActionBar() != null) {
+ getSupportActionBar().setHomeButtonEnabled(true);
+ getSupportActionBar().setDisplayHomeAsUpEnabled(true);
+ }
+
+ setData("");
+ populateData(this);
+
+ Api.updateLanguage(getApplicationContext(), G.locale());
+ }
+
+ @Override
+ public boolean onCreateOptionsMenu(android.view.Menu menu) {
+ // Common options: Copy, Export to SD Card, Refresh
+ SubMenu sub = menu.addSubMenu(0, MENU_TOGGLE, 0, "").setIcon(R.drawable.ic_flow);
+ sub.add(0, MENU_ZOOM_IN, 0, getString(R.string.label_zoomin)).setIcon(R.drawable.zoomin).setShowAsAction(MenuItem.SHOW_AS_ACTION_ALWAYS);
+ sub.add(0, MENU_ZOOM_OUT, 0, getString(R.string.label_zoomout)).setIcon(R.drawable.zoomout).setShowAsAction(MenuItem.SHOW_AS_ACTION_ALWAYS);
+ sub.add(0, MENU_COPY, 0, R.string.copy).setIcon(R.drawable.ic_copy);
+ sub.add(0, MENU_EXPORT_LOG, 0, R.string.export_to_sd).setIcon(R.drawable.ic_export);
+ sub.add(0, MENU_REFRESH, 0, R.string.refresh).setIcon(R.drawable.ic_refresh);
+
+ populateMenu(sub);
+
+ sub.getItem().setShowAsAction(MenuItem.SHOW_AS_ACTION_ALWAYS | MenuItem.SHOW_AS_ACTION_WITH_TEXT);
+
+
+ super.onCreateOptionsMenu(menu);
+ mainMenu = menu;
+ return true;
+ }
+
+ @Override
+ public boolean onOptionsItemSelected(MenuItem item) {
+ float newSize;
+ switch (item.getItemId()) {
+ case MENU_COPY -> {
+ copy();
+ return true;
+ }
+ case MENU_EXPORT_LOG -> {
+ exportToSD();
+ return true;
+ }
+ case MENU_REFRESH -> {
+ populateData(this);
+ return true;
+ }
+ case MENU_ZOOM_IN -> {
+ if (useModernLayout) {
+ updateModernTextSize(2.0f);
+ } else {
+ newSize = scaleGesture.getTextSize() + 2.0f;
+ scaleGesture.setTextSize(TypedValue.COMPLEX_UNIT_PX, newSize);
+ G.ruleTextSize((int) newSize);
+ }
+ return false;
+ }
+ case MENU_ZOOM_OUT -> {
+ if (useModernLayout) {
+ updateModernTextSize(-2.0f);
+ } else {
+ newSize = scaleGesture.getTextSize() - 2.0f;
+ scaleGesture.setTextSize(TypedValue.COMPLEX_UNIT_PX, newSize);
+ G.ruleTextSize((int) newSize);
+ }
+ return false;
+ }
+ default -> {
+ return super.onOptionsItemSelected(item);
+ }
+ }
+ }
+
+ private static class Task implements Runnable {
+ public String filename = "";
+ private final Context ctx;
+ private final WeakReference activityReference;
+ private final Handler handler = new Handler(Looper.getMainLooper());
+
+ // only retain a weak reference to the activity
+ Task(DataDumpActivity context) {
+ this.ctx = context;
+ activityReference = new WeakReference<>(context);
+ }
+
+ @Override
+ public void run() {
+ FileOutputStream output = null;
+ boolean res = false;
+
+ try {
+ File file;
+ if(Build.VERSION.SDK_INT < Build.VERSION_CODES.Q ){
+ File dir = new File(Environment.getExternalStorageDirectory().getAbsolutePath() + "/" );
+ dir.mkdirs();
+ file = new File(dir, sdDumpFile);
+ } else{
+ file = new File(ctx.getExternalFilesDir(null) + "/" + sdDumpFile) ;
+ }
+ output = new FileOutputStream(file);
+ output.write(dataText.getBytes());
+ filename = file.getAbsolutePath();
+ res = true;
+ } catch (IOException e) {
+ Log.e(TAG,e.getMessage(),e);
+ } finally {
+ try {
+ if (output != null) {
+ output.flush();
+ output.close();
+ }
+ } catch (IOException ex) {
+ Log.e(TAG,ex.getMessage(),ex);
+ }
+ }
+
+ final boolean result = res;
+ handler.post(() -> {
+ DataDumpActivity activity = activityReference.get();
+ if (activity == null || activity.isFinishing()) return;
+
+ if (result) {
+ Api.toast(ctx, ctx.getString(R.string.export_rules_success) + filename, Toast.LENGTH_LONG);
+ } else {
+ Api.toast(ctx, ctx.getString(R.string.export_logs_fail), Toast.LENGTH_LONG);
+ }
+ });
+ }
+ }
+
+ private void exportToSD() {
+
+ if(Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q ){
+ // Do some stuff
+ ExecutorService executor = Executors.newSingleThreadExecutor();
+ executor.execute(new Task(this));
+ } else {
+ if (ActivityCompat.checkSelfPermission(this, Manifest.permission.WRITE_EXTERNAL_STORAGE)
+ != PackageManager.PERMISSION_GRANTED) {
+ // permissions have not been granted.
+ ActivityCompat.requestPermissions(DataDumpActivity.this,
+ new String[]{Manifest.permission.WRITE_EXTERNAL_STORAGE},
+ MY_PERMISSIONS_REQUEST_WRITE_STORAGE);
+ } else{
+ new Task(this).run();
+ }
+ }
+ }
+
+ private void copy() {
+ try {
+ TextView rulesText = findViewById(R.id.rules);
+ android.content.ClipboardManager clipboard = (android.content.ClipboardManager) getSystemService(CLIPBOARD_SERVICE);
+ android.content.ClipData clip = android.content.ClipData
+ .newPlainText("", rulesText.getText().toString());
+ clipboard.setPrimaryClip(clip);
+ Api.toast(this, this.getString(R.string.copied));
+ } catch (Exception e) {
+ Log.d("AFWall+", "Exception in Clipboard" + e);
+ }
+ Api.toast(this, this.getString(R.string.copied));
+ }
+}
diff --git a/app/src/main/java/dev/ukanth/ufirewall/activity/HelpActivity.java b/app/src/main/java/dev/ukanth/ufirewall/activity/HelpActivity.java
new file mode 100644
index 0000000..55b5173
--- /dev/null
+++ b/app/src/main/java/dev/ukanth/ufirewall/activity/HelpActivity.java
@@ -0,0 +1,72 @@
+package dev.ukanth.ufirewall.activity;
+
+import android.os.Bundle;
+import android.view.MenuItem;
+import android.widget.TextView;
+
+import androidx.appcompat.app.AppCompatActivity;
+import androidx.appcompat.widget.Toolbar;
+import dev.ukanth.ufirewall.BuildConfig;
+import dev.ukanth.ufirewall.R;
+import dev.ukanth.ufirewall.util.G;
+
+public class HelpActivity extends AppCompatActivity {
+
+ @Override
+ public void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+
+ initTheme();
+
+ setContentView(R.layout.help_about);
+
+ Toolbar toolbar = findViewById(R.id.help_toolbar);
+ setSupportActionBar(toolbar);
+
+ if (getSupportActionBar() != null) {
+ getSupportActionBar().setTitle(R.string.help);
+ getSupportActionBar().setHomeButtonEnabled(true);
+ getSupportActionBar().setDisplayHomeAsUpEnabled(true);
+ }
+
+ setupContent();
+ }
+
+ private void setupContent() {
+ // Setup app title with version
+ String version = BuildConfig.VERSION_NAME;
+ TextView titleText = findViewById(R.id.afwall_title);
+ String versionText = getString(R.string.app_name) + " (v" + version + ")";
+ if(G.isDoKey(this) || BuildConfig.APPLICATION_ID.equals("dev.ukanth.ufirewall.donate")) {
+ versionText = versionText + " (Donate) " + getString(R.string.donate_thanks) + " :)";
+ }
+ titleText.setText(versionText);
+ }
+
+
+
+ private void initTheme() {
+ switch(G.getSelectedTheme()) {
+ case "D":
+ setTheme(R.style.AppDarkTheme);
+ break;
+ case "L":
+ setTheme(R.style.AppLightTheme);
+ break;
+ case "B":
+ setTheme(R.style.AppBlackTheme);
+ break;
+ }
+ }
+
+ @Override
+ public boolean onOptionsItemSelected(MenuItem item) {
+ switch (item.getItemId()) {
+ case android.R.id.home:
+ finish();
+ return true;
+ default:
+ return super.onOptionsItemSelected(item);
+ }
+ }
+}
diff --git a/app/src/main/java/dev/ukanth/ufirewall/activity/LogActivity.java b/app/src/main/java/dev/ukanth/ufirewall/activity/LogActivity.java
new file mode 100644
index 0000000..bbd0770
--- /dev/null
+++ b/app/src/main/java/dev/ukanth/ufirewall/activity/LogActivity.java
@@ -0,0 +1,389 @@
+/**
+ * Display/purge logs and toggle logging
+ *
+ * Copyright (C) 2011-2013 Kevin Cernekee
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ *
+ * @author Kevin Cernekee
+ * @version 1.0
+ */
+
+package dev.ukanth.ufirewall.activity;
+
+import static dev.ukanth.ufirewall.util.G.isDonate;
+
+import android.content.Context;
+import android.content.Intent;
+import android.os.AsyncTask;
+import android.os.Bundle;
+import android.view.Menu;
+import android.view.MenuItem;
+import android.view.SubMenu;
+import android.view.View;
+import android.widget.TextView;
+import android.widget.Toast;
+
+import androidx.annotation.NonNull;
+import androidx.appcompat.app.AppCompatActivity;
+import androidx.appcompat.widget.Toolbar;
+import androidx.recyclerview.widget.LinearLayoutManager;
+import androidx.recyclerview.widget.RecyclerView;
+import androidx.swiperefreshlayout.widget.SwipeRefreshLayout;
+
+import com.afollestad.materialdialogs.DialogAction;
+import com.afollestad.materialdialogs.MaterialDialog;
+import com.raizlabs.android.dbflow.config.FlowManager;
+import com.raizlabs.android.dbflow.sql.language.SQLite;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import dev.ukanth.ufirewall.Api;
+import dev.ukanth.ufirewall.R;
+import dev.ukanth.ufirewall.log.Log;
+import dev.ukanth.ufirewall.log.LogData;
+import dev.ukanth.ufirewall.log.LogData_Table;
+import dev.ukanth.ufirewall.log.LogDatabase;
+import dev.ukanth.ufirewall.log.LogRecyclerViewAdapter;
+import dev.ukanth.ufirewall.util.DateComparator;
+import dev.ukanth.ufirewall.util.G;
+import dev.ukanth.ufirewall.util.SecurityUtil;
+import android.os.Handler;
+import android.os.Looper;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public class LogActivity extends AppCompatActivity implements SwipeRefreshLayout.OnRefreshListener {
+
+ private RecyclerView recyclerView;
+ private LogRecyclerViewAdapter recyclerViewAdapter;
+ private TextView emptyView;
+ private SwipeRefreshLayout mSwipeLayout;
+ protected Menu mainMenu;
+
+ protected static final int MENU_TOGGLE = -4;
+ protected static final int MENU_CLEAR = 40;
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ initTheme();
+ setContentView(R.layout.log_view);
+
+ Toolbar toolbar = findViewById(R.id.rule_toolbar);
+ setTitle(getString(R.string.showlog_title));
+ toolbar.setNavigationOnClickListener(v -> finish());
+
+ setSupportActionBar(toolbar);
+
+ // Load partially transparent black background
+ if (getSupportActionBar() != null) {
+ getSupportActionBar().setHomeButtonEnabled(true);
+ getSupportActionBar().setDisplayHomeAsUpEnabled(true);
+ }
+
+ Bundle bundle = getIntent().getExtras();
+ if(bundle != null) {
+ Object data = bundle.get("validate");
+ if(data != null){
+ String check = (String) data;
+ if(check.equals("yes")) {
+ new SecurityUtil(LogActivity.this).passCheck();
+ }
+ }
+ }
+
+ mSwipeLayout = findViewById(R.id.swipeContainer);
+ mSwipeLayout.setOnRefreshListener(this);
+
+ recyclerView = findViewById(R.id.recyclerview);
+ emptyView = findViewById(R.id.empty_view);
+
+ initializeRecyclerView(getApplicationContext());
+
+ if(G.enableLogService()) {
+ CollectLog collectLog = new CollectLog().setContext(this);
+ collectLog.execute();
+
+ } else {
+ recyclerView.setVisibility(View.GONE);
+ mSwipeLayout.setVisibility(View.GONE);
+ emptyView.setVisibility(View.VISIBLE);
+ }
+ }
+
+ private void initTheme() {
+ switch(G.getSelectedTheme()) {
+ case "D":
+ setTheme(R.style.AppDarkTheme);
+ break;
+ case "L":
+ setTheme(R.style.AppLightTheme);
+ break;
+ case "B":
+ setTheme(R.style.AppBlackTheme);
+ break;
+ }
+ }
+ private void initializeRecyclerView(final Context ctx) {
+ recyclerView.setHasFixedSize(true);
+ recyclerView.setLayoutManager(new LinearLayoutManager(getApplicationContext()));
+ recyclerViewAdapter = new LogRecyclerViewAdapter(getApplicationContext(), logData -> {
+ if(G.isDoKey(ctx) || isDonate()) {
+ Intent intent = new Intent(ctx, LogDetailActivity.class);
+ intent.putExtra("DATA",logData.getUid());
+ startActivity(intent);
+ } else {
+ Api.donateDialog(LogActivity.this,false);
+ }
+ });
+ recyclerView.setAdapter(recyclerViewAdapter);
+ }
+
+ private List getLogData() {
+ //load 3 day data
+ long loadInterval = System.currentTimeMillis() - 259200000;
+
+ List logData = SQLite.select()
+ .from(LogData.class)
+ .where(LogData_Table.timestamp.greaterThan(loadInterval))
+ .orderBy(LogData_Table.timestamp,true)
+ .queryList();
+ //auto purge old data - > week old data
+ Api.purgeOldLog();
+ return logData;
+ }
+
+ private int getCount() {
+ long l = SQLite.selectCountOf().from(LogData.class).count();
+ return (int) l;
+ }
+ private class CollectLog implements Runnable {
+ private Context context = null;
+ MaterialDialog loadDialog = null;
+
+ public CollectLog() {
+ }
+
+ public CollectLog setContext(Context context) {
+ this.context = context;
+ return this;
+ }
+
+ public void execute() {
+ Handler handler = new Handler(Looper.getMainLooper());
+ handler.post(() -> {
+ onPreExecute();
+ ExecutorService executor = Executors.newSingleThreadExecutor();
+ executor.execute(this);
+ });
+ }
+
+ protected void onPreExecute() {
+ loadDialog = new MaterialDialog.Builder(context).cancelable(false)
+ .title(getString(R.string.working))
+ .cancelable(false)
+ .content(getString(R.string.loading_data))
+ .progress(true, 0).show();
+ }
+
+ protected Boolean doInBackground() {
+ List
+
+ 
+ 
+