diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml index 6813d6dd0..58faaa9f9 100644 --- a/.github/workflows/build-binaries.yml +++ b/.github/workflows/build-binaries.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - arch: [arm, arm64, mips, x86] + arch: [arm, arm64, x86] include: - arch: arm target: arm-linux-gnueabihf @@ -33,10 +33,6 @@ jobs: target: aarch64-linux-gnu cc: aarch64-linux-gnu-gcc strip: aarch64-linux-gnu-strip - - arch: mips - target: mips-linux-gnu - cc: mips-linux-gnu-gcc - strip: mips-linux-gnu-strip - arch: x86 target: i686-linux-gnu cc: i686-linux-gnu-gcc @@ -52,9 +48,66 @@ jobs: sudo apt-get install -y \ build-essential \ wget \ - gcc-${{ matrix.target }} \ + unzip \ file + - name: Set up Android NDK + run: | + NDK_VERSION="r26d" + echo "Downloading Android NDK ${NDK_VERSION}..." + + # Download with retries and better error handling + for i in {1..3}; do + if wget -q "https://dl.google.com/android/repository/android-ndk-${NDK_VERSION}-linux.zip"; then + echo "✓ Downloaded android-ndk-${NDK_VERSION}-linux.zip (attempt $i)" + break + fi + echo "Download attempt $i failed, retrying..." + sleep 5 + done + + # Verify download + if [ ! -f "android-ndk-${NDK_VERSION}-linux.zip" ]; then + echo "❌ Failed to download NDK after 3 attempts" + exit 1 + fi + + echo "Extracting NDK..." + unzip -q android-ndk-${NDK_VERSION}-linux.zip + + # Verify extraction + if [ ! -d "android-ndk-${NDK_VERSION}" ]; then + echo "❌ NDK extraction failed - directory not found" + ls -la + exit 1 + fi + + export ANDROID_NDK_ROOT="$(pwd)/android-ndk-${NDK_VERSION}" + echo "✓ NDK setup complete: ${ANDROID_NDK_ROOT}" + echo "ANDROID_NDK_ROOT=${ANDROID_NDK_ROOT}" >> $GITHUB_ENV + + # Set up NDK toolchain paths (including NDK_AR for llvm-ar) + case "${{ matrix.arch }}" in + arm64) + echo "NDK_CC=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android28-clang" >> $GITHUB_ENV + echo "NDK_STRIP=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/llvm-strip" >> $GITHUB_ENV + echo "NDK_AR=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/llvm-ar" >> $GITHUB_ENV + echo "NDK_TARGET=aarch64-linux-android" >> $GITHUB_ENV + ;; + arm) + echo "NDK_CC=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/armv7a-linux-androideabi28-clang" >> $GITHUB_ENV + echo "NDK_STRIP=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/llvm-strip" >> $GITHUB_ENV + echo "NDK_AR=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/llvm-ar" >> $GITHUB_ENV + echo "NDK_TARGET=armv7a-linux-androideabi" >> $GITHUB_ENV + ;; + x86) + echo "NDK_CC=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/i686-linux-android28-clang" >> $GITHUB_ENV + echo "NDK_STRIP=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/llvm-strip" >> $GITHUB_ENV + echo "NDK_AR=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/llvm-ar" >> $GITHUB_ENV + echo "NDK_TARGET=i686-linux-android" >> $GITHUB_ENV + ;; + esac + - name: Download Busybox source run: | BUSYBOX_VERSION="${{ github.event.inputs.busybox_version || '1.36.1' }}" @@ -77,66 +130,200 @@ jobs: run: | cd "$BUSYBOX_DIR" - # Start with minimal config to avoid cross-compilation issues - make ARCH=${{ matrix.arch }} CROSS_COMPILE=${{ matrix.target }}- allnoconfig - - # Enable only essential features for AFWall+ - cat >> .config << EOF - CONFIG_STATIC=y - CONFIG_INSTALL_NO_USR=y - CONFIG_BUSYBOX=y - CONFIG_BUSYBOX_EXEC_PATH="/system/xbin/busybox" - CONFIG_ASH=y - CONFIG_SH_IS_ASH=y - CONFIG_BASH_IS_NONE=y - CONFIG_CAT=y - CONFIG_CHMOD=y - CONFIG_CP=y - CONFIG_ECHO=y - CONFIG_GREP=y - CONFIG_KILL=y - CONFIG_KILLALL=y - CONFIG_LS=y - CONFIG_MKDIR=y - CONFIG_MV=y - CONFIG_PS=y - CONFIG_RM=y - CONFIG_TEST=y - CONFIG_WHICH=y - CONFIG_IPTABLES=y - CONFIG_IP6TABLES=y - CONFIG_FEATURE_PREFER_APPLETS=n - CONFIG_FEATURE_SH_STANDALONE=y - EOF + # Use the basic Android default config (more stable than android_ndk_defconfig) + cp configs/android_defconfig .config + + # Fix the cross-compiler prefix for NDK + sed -i 's/CONFIG_CROSS_COMPILER_PREFIX=.*/CONFIG_CROSS_COMPILER_PREFIX=""/' .config + + # Process the initial config + yes '' | make ARCH=${{ matrix.arch }} oldconfig + + # Disable problematic applets for Android bionic libc compatibility + echo "Disabling problematic applets for Android..." + sed -i 's/CONFIG_SWAPON=y/# CONFIG_SWAPON is not set/g' .config + sed -i 's/CONFIG_SWAPOFF=y/# CONFIG_SWAPOFF is not set/g' .config + sed -i 's/CONFIG_FEATURE_SWAPON_DISCARD=y/# CONFIG_FEATURE_SWAPON_DISCARD is not set/g' .config + sed -i 's/CONFIG_FEATURE_SWAPON_PRI=y/# CONFIG_FEATURE_SWAPON_PRI is not set/g' .config - # Apply minimal config (use yes to answer all prompts with default) - yes '' | make ARCH=${{ matrix.arch }} CROSS_COMPILE=${{ matrix.target }}- oldconfig + # Disable problematic archival features + sed -i 's/CONFIG_TAR=y/# CONFIG_TAR is not set/g' .config + sed -i 's/CONFIG_FEATURE_TAR_TO_COMMAND=y/# CONFIG_FEATURE_TAR_TO_COMMAND is not set/g' .config + sed -i 's/CONFIG_FEATURE_TAR_FROM=y/# CONFIG_FEATURE_TAR_FROM is not set/g' .config + sed -i 's/CONFIG_AR=y/# CONFIG_AR is not set/g' .config + sed -i 's/CONFIG_DPKG=y/# CONFIG_DPKG is not set/g' .config + sed -i 's/CONFIG_DPKG_DEB=y/# CONFIG_DPKG_DEB is not set/g' .config + sed -i 's/CONFIG_RPM=y/# CONFIG_RPM is not set/g' .config + sed -i 's/CONFIG_RPM2CPIO=y/# CONFIG_RPM2CPIO is not set/g' .config - # Fix cross-compilation issues for all architectures - # Replace the problematic off_t size check that fails during cross-compilation + # Disable features that require crypt.h (not available in Android bionic) + sed -i 's/CONFIG_LOGIN=y/# CONFIG_LOGIN is not set/g' .config + sed -i 's/CONFIG_PASSWD=y/# CONFIG_PASSWD is not set/g' .config + sed -i 's/CONFIG_SU=y/# CONFIG_SU is not set/g' .config + sed -i 's/CONFIG_SULOGIN=y/# CONFIG_SULOGIN is not set/g' .config + sed -i 's/CONFIG_VLOCK=y/# CONFIG_VLOCK is not set/g' .config + sed -i 's/CONFIG_CRYPTPW=y/# CONFIG_CRYPTPW is not set/g' .config + sed -i 's/CONFIG_CHPASSWD=y/# CONFIG_CHPASSWD is not set/g' .config + sed -i 's/CONFIG_FEATURE_SHADOWPASSWDS=y/# CONFIG_FEATURE_SHADOWPASSWDS is not set/g' .config + + # Disable other bionic-incompatible features + sed -i 's/CONFIG_FEATURE_UTMP=y/# CONFIG_FEATURE_UTMP is not set/g' .config + sed -i 's/CONFIG_FEATURE_WTMP=y/# CONFIG_FEATURE_WTMP is not set/g' .config + sed -i 's/CONFIG_LAST=y/# CONFIG_LAST is not set/g' .config + sed -i 's/CONFIG_USERS=y/# CONFIG_USERS is not set/g' .config + sed -i 's/CONFIG_WHO=y/# CONFIG_WHO is not set/g' .config + sed -i 's/CONFIG_W=y/# CONFIG_W is not set/g' .config + + # Disable networking features that require crypt.h + sed -i 's/CONFIG_FTPD=y/# CONFIG_FTPD is not set/g' .config + sed -i 's/CONFIG_FEATURE_FTP_AUTHENTICATION=y/# CONFIG_FEATURE_FTP_AUTHENTICATION is not set/g' .config + sed -i 's/CONFIG_FEATURE_HTTPD_AUTH_MD5=y/# CONFIG_FEATURE_HTTPD_AUTH_MD5 is not set/g' .config + sed -i 's/CONFIG_FEATURE_HTTPD_BASIC_AUTH=y/# CONFIG_FEATURE_HTTPD_BASIC_AUTH is not set/g' .config + sed -i 's/CONFIG_MKPASSWD=y/# CONFIG_MKPASSWD is not set/g' .config + + # Reprocess config + yes '' | make ARCH=${{ matrix.arch }} oldconfig + + # Fix x86 register pressure issue in TLS code + if [ "${{ matrix.arch }}" = "x86" ]; then + echo "Disabling ALL TLS and crypto features for x86 due to register pressure" + + # Disable all TLS/SSL-related features comprehensively + sed -i 's/CONFIG_TLS=y/# CONFIG_TLS is not set/g' .config + sed -i 's/CONFIG_FEATURE_TLS_SHA1=y/# CONFIG_FEATURE_TLS_SHA1 is not set/g' .config + sed -i 's/CONFIG_FEATURE_WGET_HTTPS=y/# CONFIG_FEATURE_WGET_HTTPS is not set/g' .config + sed -i 's/CONFIG_FTPS=y/# CONFIG_FTPS is not set/g' .config + sed -i 's/CONFIG_SHA1SUM=y/# CONFIG_SHA1SUM is not set/g' .config + sed -i 's/CONFIG_SHA256SUM=y/# CONFIG_SHA256SUM is not set/g' .config + sed -i 's/CONFIG_SHA512SUM=y/# CONFIG_SHA512SUM is not set/g' .config + sed -i 's/CONFIG_MD5SUM=y/# CONFIG_MD5SUM is not set/g' .config + + # Disable SSL client utilities that depend on TLS + sed -i 's/CONFIG_SSL_CLIENT=y/# CONFIG_SSL_CLIENT is not set/g' .config + sed -i 's/CONFIG_FEATURE_SSL_CLIENT=y/# CONFIG_FEATURE_SSL_CLIENT is not set/g' .config + + # Disable wget entirely if it depends on TLS (safer approach) + sed -i 's/CONFIG_WGET=y/# CONFIG_WGET is not set/g' .config + sed -i 's/CONFIG_FEATURE_WGET_STATUSBAR=y/# CONFIG_FEATURE_WGET_STATUSBAR is not set/g' .config + sed -i 's/CONFIG_FEATURE_WGET_AUTHENTICATION=y/# CONFIG_FEATURE_WGET_AUTHENTICATION is not set/g' .config + sed -i 's/CONFIG_FEATURE_WGET_LONG_OPTIONS=y/# CONFIG_FEATURE_WGET_LONG_OPTIONS is not set/g' .config + sed -i 's/CONFIG_FEATURE_WGET_TIMEOUT=y/# CONFIG_FEATURE_WGET_TIMEOUT is not set/g' .config + + # Disable any crypto/hash utilities that might link to TLS code + sed -i 's/CONFIG_BASE64=y/# CONFIG_BASE64 is not set/g' .config + sed -i 's/CONFIG_UUENCODE=y/# CONFIG_UUENCODE is not set/g' .config + sed -i 's/CONFIG_UUDECODE=y/# CONFIG_UUDECODE is not set/g' .config + + # Multiple reprocessing to ensure all dependencies are resolved + yes '' | make ARCH=${{ matrix.arch }} oldconfig + yes '' | make ARCH=${{ matrix.arch }} oldconfig + + # Remove ALL TLS/SSL-related source files to prevent any compilation + echo "Removing all TLS/SSL source files for x86..." + for pattern in "tls*.c" "ssl_client.c"; do + find networking -name "$pattern" -type f | while read tls_file; do + if [ -f "$tls_file" ]; then + echo "Removing $tls_file" + rm "$tls_file" + touch "$tls_file" + fi + done + done + fi + + # Show what's enabled for debugging + echo "=== Essential applets for AFWall+ ===" + grep -E "CONFIG_(PING|IFCONFIG|LS|ECHO|CAT|GREP|FEATURE_INSTALLER)=" .config || true + + echo "=== Problematic features (should be disabled) ===" + grep -E "CONFIG_(SWAPON|TAR_TO_COMMAND|DPKG|RPM|TLS).*=" .config || true + + # Fix cross-compilation and duplicate symbol issues + echo "Applying Android compatibility fixes..." + + # Fix off_t size check if grep -q "struct BUG_off_t_size_is_misdetected" include/libbb.h; then sed -i '/struct BUG_off_t_size_is_misdetected/,/};/c\ - /* Cross-compilation fix: off_t size check disabled for all architectures */' include/libbb.h - echo "Applied cross-compilation fix for ${{ matrix.arch }}" + /* Cross-compilation fix: off_t size check disabled */' include/libbb.h + fi + + # Fix FAST_FUNC calling convention + sed -i 's/__attribute__((regparm(3),stdcall))/__attribute__((regparm(3)))/g' include/platform.h + + # Remove strchrnul conflicts + sed -i '/extern char \*strchrnul.*FAST_FUNC;/d' include/platform.h + sed -i '/char\* FAST_FUNC strchrnul/,/^}/d' libbb/platform.c + + # Create stub for data_extract_to_command to fix linking + if [ ! -f "archival/libarchive/data_extract_to_command.c.bak" ]; then + cp archival/libarchive/data_extract_to_command.c archival/libarchive/data_extract_to_command.c.bak + cat > archival/libarchive/data_extract_to_command.c << 'EOF' + /* Stub for data_extract_to_command when FEATURE_TAR_TO_COMMAND is disabled */ + #include "libbb.h" + #include "bb_archive.h" + + void FAST_FUNC data_extract_to_command(archive_handle_t *archive_handle) + { + bb_simple_error_msg_and_die("--to-command feature not compiled"); + } + EOF + # Force compile the stub by enabling it in Kbuild temporarily + sed -i 's/lib-\$(CONFIG_FEATURE_TAR_TO_COMMAND)/lib-y/' archival/libarchive/Kbuild + fi + + # Create stub for pw_encrypt to fix linking issues when password features are disabled + if [ ! -f "libbb/pw_encrypt.c.bak" ]; then + cp libbb/pw_encrypt.c libbb/pw_encrypt.c.bak + cat > libbb/pw_encrypt.c << 'EOF' + /* Stub for pw_encrypt when crypt.h features are disabled */ + #include "libbb.h" + + char* FAST_FUNC pw_encrypt(const char *clear, const char *salt, int cleanup) + { + bb_simple_error_msg_and_die("password encryption not supported"); + return NULL; + } + EOF + fi + + # Fix duplicate syscall symbols + if [ -f "libbb/missing_syscalls.c" ]; then + echo "Fixing duplicate syscall symbols..." + sed -i '/pid_t.*getsid/,/^}/d' libbb/missing_syscalls.c + sed -i '/int.*adjtimex/,/^}/d' libbb/missing_syscalls.c + sed -i '/int.*sethostname/,/^}/d' libbb/missing_syscalls.c + sed -i '/getsid.*(/d' libbb/missing_syscalls.c + sed -i '/adjtimex.*(/d' libbb/missing_syscalls.c + sed -i '/sethostname.*(/d' libbb/missing_syscalls.c + fi + + if [ -f "include/libbb.h" ]; then + sed -i '/extern.*getsid.*(/d' include/libbb.h + sed -i '/extern.*adjtimex.*(/d' include/libbb.h + sed -i '/extern.*sethostname.*(/d' include/libbb.h fi - name: Build Busybox run: | cd "$BUSYBOX_DIR" - # Build with explicit compiler settings + # Build with Android NDK make ARCH=${{ matrix.arch }} \ - CROSS_COMPILE=${{ matrix.target }}- \ - CC=${{ matrix.cc }} \ + CC="${NDK_CC}" \ + AR="${NDK_AR}" \ HOSTCC=gcc \ HOSTCXX=g++ \ + STRIP="${NDK_STRIP}" \ + CFLAGS="-static -DHAVE_STRCHRNUL" \ + EXTRA_CFLAGS="-DHAVE_STRCHRNUL" \ + LDFLAGS="-static" \ -j$(nproc) # Verify binary file busybox # Strip and copy - ${{ matrix.strip }} busybox + ${NDK_STRIP} busybox cp busybox ../busybox_${{ matrix.arch }} - name: Upload Busybox artifact @@ -150,7 +337,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - arch: [arm, arm64, mips, x86] + arch: [arm, arm64, x86] include: - arch: arm target: arm-linux-gnueabihf @@ -162,11 +349,6 @@ jobs: cc: aarch64-linux-gnu-gcc strip: aarch64-linux-gnu-strip configure_host: aarch64-linux-gnu - - arch: mips - target: mips-linux-gnu - cc: mips-linux-gnu-gcc - strip: mips-linux-gnu-strip - configure_host: mips-linux-gnu - arch: x86 target: i686-linux-gnu cc: i686-linux-gnu-gcc @@ -183,13 +365,67 @@ jobs: sudo apt-get install -y \ build-essential \ wget \ - gcc-${{ matrix.target }} \ + unzip \ pkg-config \ autoconf \ automake \ libtool \ file + - name: Set up Android NDK + run: | + NDK_VERSION="r26d" + echo "Downloading Android NDK ${NDK_VERSION}..." + + # Download with retries and better error handling + for i in {1..3}; do + if wget -q "https://dl.google.com/android/repository/android-ndk-${NDK_VERSION}-linux.zip"; then + echo "✓ Downloaded android-ndk-${NDK_VERSION}-linux.zip (attempt $i)" + break + fi + echo "Download attempt $i failed, retrying..." + sleep 5 + done + + # Verify download + if [ ! -f "android-ndk-${NDK_VERSION}-linux.zip" ]; then + echo "❌ Failed to download NDK after 3 attempts" + exit 1 + fi + + echo "Extracting NDK..." + unzip -q android-ndk-${NDK_VERSION}-linux.zip + + # Verify extraction + if [ ! -d "android-ndk-${NDK_VERSION}" ]; then + echo "❌ NDK extraction failed - directory not found" + ls -la + exit 1 + fi + + export ANDROID_NDK_ROOT="$(pwd)/android-ndk-${NDK_VERSION}" + echo "✓ NDK setup complete: ${ANDROID_NDK_ROOT}" + echo "ANDROID_NDK_ROOT=${ANDROID_NDK_ROOT}" >> $GITHUB_ENV + + # Set up NDK toolchain paths + case "${{ matrix.arch }}" in + arm64) + echo "NDK_CC=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android28-clang" >> $GITHUB_ENV + echo "NDK_STRIP=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/llvm-strip" >> $GITHUB_ENV + echo "NDK_TARGET=aarch64-linux-android" >> $GITHUB_ENV + ;; + arm) + echo "NDK_CC=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/armv7a-linux-androideabi28-clang" >> $GITHUB_ENV + echo "NDK_STRIP=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/llvm-strip" >> $GITHUB_ENV + echo "NDK_TARGET=armv7a-linux-androideabi" >> $GITHUB_ENV + ;; + x86) + echo "NDK_CC=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/i686-linux-android28-clang" >> $GITHUB_ENV + echo "NDK_STRIP=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin/llvm-strip" >> $GITHUB_ENV + echo "NDK_TARGET=i686-linux-android" >> $GITHUB_ENV + ;; + esac + - name: Download iptables source run: | IPTABLES_VERSION="${{ github.event.inputs.iptables_version || '1.8.10' }}" @@ -212,33 +448,67 @@ jobs: run: | cd "$IPTABLES_DIR" - # Set cross-compilation environment - export CC=${{ matrix.cc }} - export STRIP=${{ matrix.strip }} - export CFLAGS="-static -Os -DANDROID" + # Set Android NDK cross-compilation environment + export CC="${NDK_CC}" + export STRIP="${NDK_STRIP}" + + # Set architecture-specific TLS flags and fix lock path + case "${{ matrix.arch }}" in + arm64) + export CFLAGS="-static -Os -DANDROID -D_GNU_SOURCE -Wno-logical-op -Wno-unknown-warning-option -fno-emulated-tls -DXTABLES_LOCK_DIR='\"/data/local/tmp\"'" + ;; + *) + export CFLAGS="-static -Os -DANDROID -D_GNU_SOURCE -Wno-logical-op -Wno-unknown-warning-option -DXTABLES_LOCK_DIR='\"/data/local/tmp\"'" + ;; + esac + export LDFLAGS="-static" export PKG_CONFIG_PATH="" - # Configure for cross-compilation + # Configure for Android cross-compilation ./configure \ - --host=${{ matrix.configure_host }} \ + --host=${NDK_TARGET} \ --enable-static \ --disable-shared \ --disable-nftables \ --disable-bpf-compiler \ --disable-connlabel \ --disable-devel \ - --with-kernel=/usr/include + --with-kernel=/usr/include \ + --disable-libipq \ + --with-xtlockdir=/data/local/tmp - name: Build iptables run: | cd "$IPTABLES_DIR" - export CC=${{ matrix.cc }} - export STRIP=${{ matrix.strip }} - export CFLAGS="-static -Os -DANDROID" + export CC="${NDK_CC}" + export STRIP="${NDK_STRIP}" + + # Set architecture-specific TLS flags and fix lock path + case "${{ matrix.arch }}" in + arm64) + export CFLAGS="-static -Os -DANDROID -D_GNU_SOURCE -Wno-logical-op -Wno-unknown-warning-option -fno-emulated-tls -DXTABLES_LOCK_DIR='\"/data/local/tmp\"'" + ;; + *) + export CFLAGS="-static -Os -DANDROID -D_GNU_SOURCE -Wno-logical-op -Wno-unknown-warning-option -DXTABLES_LOCK_DIR='\"/data/local/tmp\"'" + ;; + esac + export LDFLAGS="-static" + # Remove only the cgroup extension (has O_PATH macro conflict) + rm -f extensions/libxt_cgroup.c + + # Fix prioritynames issue in LOG extension for Android compatibility + sed -i 's/prioritynames\[i\]\.c_name/0/g; s/prioritynames\[i\]\.c_val/0/g' extensions/libxt_LOG.c + + # Fix hardcoded lock path for Android - replace /run/xtables.lock with /data/local/tmp/xtables.lock + find . -name "*.c" -o -name "*.h" | xargs grep -l "/run/xtables.lock" | while read file; do + sed -i 's|/run/xtables\.lock|/data/local/tmp/xtables.lock|g' "$file" + echo "Fixed lock path in $file" + done + # Build make -j$(nproc) V=1 @@ -257,8 +527,8 @@ jobs: file "../iptables_${{ matrix.arch }}" file "../ip6tables_${{ matrix.arch }}" - ${{ matrix.strip }} "../iptables_${{ matrix.arch }}" - ${{ matrix.strip }} "../ip6tables_${{ matrix.arch }}" + ${NDK_STRIP} "../iptables_${{ matrix.arch }}" + ${NDK_STRIP} "../ip6tables_${{ matrix.arch }}" - name: Upload iptables artifacts uses: actions/upload-artifact@v4 @@ -273,7 +543,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - arch: [arm, arm64, mips, x86] + arch: [arm, arm64, x86] include: - arch: arm target: arm-linux-gnueabihf @@ -283,10 +553,6 @@ jobs: target: aarch64-linux-gnu cc: aarch64-linux-gnu-gcc strip: aarch64-linux-gnu-strip - - arch: mips - target: mips-linux-gnu - cc: mips-linux-gnu-gcc - strip: mips-linux-gnu-strip - arch: x86 target: i686-linux-gnu cc: i686-linux-gnu-gcc @@ -302,22 +568,25 @@ jobs: sudo apt-get install -y \ build-essential \ wget \ - gcc-${{ matrix.target }} \ + unzip \ pkg-config \ file \ - libnetfilter-log-dev + gcc-arm-linux-gnueabihf \ + gcc-aarch64-linux-gnu \ + gcc-i686-linux-gnu - name: Build nflog from AFWall+ source run: | cd external/nflog - # Compile nflog using AFWall+ source code + # Use GCC cross-compilers (revert from NDK to fix TLS issues) - no header fixes needed ${{ matrix.cc }} -static \ -I. -Ilibmnl \ + -D_GNU_SOURCE \ -o nflog_${{ matrix.arch }} \ nflog.c attr.c callback.c nlmsg.c socket.c - # Verify and strip + # Verify the binary file nflog_${{ matrix.arch }} ${{ matrix.strip }} nflog_${{ matrix.arch }} ls -la nflog_${{ matrix.arch }} @@ -328,63 +597,11 @@ jobs: name: nflog-${{ matrix.arch }} path: external/nflog/nflog_${{ matrix.arch }} - build-run-pie: - name: Build run_pie (${{ matrix.arch }}) - runs-on: ubuntu-latest - strategy: - matrix: - include: - - arch: arm - target: arm-linux-gnueabihf - cc: arm-linux-gnueabihf-gcc - strip: arm-linux-gnueabihf-strip - - arch: arm64 - target: aarch64-linux-gnu - cc: aarch64-linux-gnu-gcc - strip: aarch64-linux-gnu-strip - - arch: mips - target: mips-linux-gnu - cc: mips-linux-gnu-gcc - strip: mips-linux-gnu-strip - - arch: x86 - target: i686-linux-gnu - cc: i686-linux-gnu-gcc - strip: i686-linux-gnu-strip - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Set up build environment - run: | - sudo apt-get update - sudo apt-get install -y \ - build-essential \ - gcc-${{ matrix.target }} \ - file - - - name: Build run_pie from AFWall+ source - run: | - cd external/run_pie - - # Compile run_pie using AFWall+ source code - ${{ matrix.cc }} -static -ldl -o run_pie_${{ matrix.arch }} run_pie.c - - # Verify the binary - file run_pie_${{ matrix.arch }} - ${{ matrix.strip }} run_pie_${{ matrix.arch }} - ls -la run_pie_${{ matrix.arch }} - - - name: Upload run_pie artifact - uses: actions/upload-artifact@v4 - with: - name: run-pie-${{ matrix.arch }} - path: external/run_pie/run_pie_${{ matrix.arch }} collect-binaries: name: Collect and Update Binaries runs-on: ubuntu-latest - needs: [build-busybox, build-iptables, build-nflog, build-run-pie] + needs: [build-busybox, build-iptables, build-nflog] steps: - name: Checkout repository @@ -400,7 +617,7 @@ jobs: # Create binaries directory for testing (separate from res/raw) mkdir -p binaries - for arch in arm arm64 mips x86; do + for arch in arm arm64 x86; do # Busybox if [ -f "artifacts/busybox-${arch}/busybox_${arch}" ]; then cp "artifacts/busybox-${arch}/busybox_${arch}" "binaries/" @@ -425,11 +642,6 @@ jobs: echo "✓ nflog_${arch} -> binaries/" fi - # run_pie - if [ -f "artifacts/run-pie-${arch}/run_pie_${arch}" ]; then - cp "artifacts/run-pie-${arch}/run_pie_${arch}" "binaries/" - echo "✓ run_pie_${arch} -> binaries/" - fi done echo "Binary inventory:" @@ -453,7 +665,7 @@ jobs: echo "No new binaries to commit" else # Create commit message - git commit -m "Update cross-compiled binaries - busybox v${{ github.event.inputs.busybox_version || '1.36.1' }}, iptables v${{ github.event.inputs.iptables_version || '1.8.10' }} for arm/arm64/mips/x86. Ready for testing in /binaries directory." + git commit -m "Update cross-compiled binaries - busybox v${{ github.event.inputs.busybox_version || '1.36.1' }}, iptables v${{ github.event.inputs.iptables_version || '1.8.10' }} for arm/arm64/x86. Ready for testing in /binaries directory." # Push changes back to repository git push @@ -480,11 +692,10 @@ jobs: name: AFWall+ Cross-compiled Binaries ${{ github.event.inputs.release_tag }} body: | Cross-compiled binaries for AFWall+: - - busybox (arm, arm64, mips, x86) - - iptables (arm, arm64, mips, x86) - - ip6tables (arm, arm64, mips, x86) - - nflog (arm, arm64, mips, x86) - - run_pie (arm, arm64, mips, x86) + - busybox (arm, arm64, x86) + - iptables (arm, arm64, x86) + - ip6tables (arm, arm64, x86) + - nflog (arm, arm64, x86) Built from commit: ${{ github.sha }} files: binaries/* diff --git a/Changelog.md b/Changelog.md index fa1d929a9..e054d8bbe 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,6 +1,101 @@ AFWall+ Changelog ================== +AFWall+ v4.0.1 + + Fixed boot rules not being applied (#1438) + Fixed app search not working (#1445) + Fixed pull to refresh when list is empty (#1439) + Updated Magisk binary location (#1437) + Relaxed sanitize rule to allow existing custom rules + Added back button to PreferencesActivity + Optimized pattern handling and memory management + Added build scripts for F-Droid (#1441) + +AFWall+ v4.0.0 + +🚀 Major Features & Enhancements + +🎯 Rule Management & Stability + +- Fixed critical rule application issues - Resolved iptables command failures and cascade errors +- Improved error handling - Smart selective error handling prevents unnecessary fallbacks +- Enhanced chain management - Better synchronization prevents race conditions +- Owner module compatibility - Automatic detection and fallback for devices without owner + iptables module + +🎨 Material Design Overhaul + +- Modernized UI - Material Design enhancements for rules, help, and custom scripts views +- Revamped help section - Complete redesign with better organization and moved legends +- Visual widget indicators - Added pulse animations and visual feedback for toggle widgets +- Improved layouts - Fixed layout issues for devices with merged status bars + +📊 Enhanced Logging System + +- Better log details view - Enhanced display with allow/deny address information +- Improved UID detection - Better handling of special UIDs (including uid -100) and bug fixes +- Seamless log target switching - Dynamic switching between LOG and NFLOG in preferences +- NFLOG improvements - Better NFLOG and LOG handling with updated binaries + +🔒 Security Enhancements + +- Upgraded encryption - Migrated from DES to AES for better security +- Enhanced security utilities - New SecureCrypto and SecurityUtil classes +- Input validation improvements - Better validation and security checks + +🛠 Platform & Compatibility + +📱 Android Support + +- Android 16 preparation - Updated build configuration for future Android support +- Binary updates - Cross-compiled binaries: busybox v1.36.1, iptables v1.8.10 +- Architecture support - Added ARM64 binaries and improved architecture detection +- GitHub Actions CI - Automated binary builds and improved CI/CD pipeline + +🔧 Bug Fixes & Stability + +- Export/Import fixes - Resolved bugs when handling large numbers of files (#1399, #1401) +- Build error fixes - Fixed app:tint and other build-related issues +- Service leak fixes - Improved thread safety and fixed service connection leaks +- USB tethering support - Added auto-detection and support for USB tethering +- DNS forwarding - Improved DNS handling for tethering scenarios + +🔧 Technical Improvements + +⚡ Performance & Threading + +- Thread safety - Improved synchronization and thread-safe operations +- Better exception handling - More robust error handling and recovery +- Optimized rule processing - Faster and more reliable rule application + +🛠 Developer Experience + +- Code cleanup - Extensive refactoring and code organization improvements +- CI/CD enhancements - Updated GitHub Actions and automated workflows +- Binary management - Automated cross-compilation and binary distribution + +📋 Specific Issue Fixes + +- #1386 - Default chain rules only applied when necessary (with smart revert) +- #1410 - Fallback on default commands when needed +- #1423, #1382 - Various stability and functionality fixes +- #1400 - Layout fixes for merged status bar screens +- #1399 - Export only enabled rule types +- #1169 - Export/import rule improvements + +⚠️ Breaking Changes + +- Security upgrade - DES encryption deprecated in favor of AES +- Removed legacy views - Old unsupported view components removed +- Binary updates - Requires newer binaries for optimal performance + +🙏 Contributors + +- @getgo-nobugs - Syntax fixes and improvements +- @NeroProtagonist - CI/CD updates (upload-artifact@v4) +- @Fry-kun - Multiple fixes: typos, layout improvements, export fixes, ARM64 NFLOG binary (initial version) + Version 3.6.0 * Updated libraries and SDK (33) diff --git a/README.md b/README.md index 29f35494e..d3333d19d 100644 --- a/README.md +++ b/README.md @@ -4,33 +4,70 @@ > **Your Privacy, Your Control** - AFWall+ gives you complete control over which apps can access the internet on your Android device. +--- + + +## Support AFWall+ Development + +AFWall+ is developed and maintained by volunteers. If you find it useful, please consider supporting the project: + +### How to Donate + +**Why donate?** AFWall+ is free and open-source. Your support helps: +- Continue development and add new features +- Fix bugs and keep the app stable +- Support more Android versions and devices +- Maintain documentation and help the community + +**Donation options:** +- **PayPal**: [![Donate](https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6E4VZTULRB8GU) +- **Google Play**: Purchase the [unlocker key](https://play.google.com/store/apps/details?id=dev.ukanth.ufirewall.donate) for extra features +- **Amazon Gift Cards**: `cumakt+amazon at gmail.com` (not preferred) +- **Bitcoin**: `bc1q54nf3y9zmdcpasxx9sywkprd6309rfhav3mape` +- **Ethereum**: `0x5e65649C2B26eD816fCeD25a8E507C90D4b1D697` + +After donating, please send your receipt to contact@portgenix.com to receive an unlocker. Please allow 1-2 days for a response. + +### Other Ways to Help +- Star this repository +- Report bugs and test new features +- Contribute translations on [Crowdin](http://crowdin.net/project/afwall) +- Improve documentation +- Help other users in forums + +--- +

AFWall+ Screenshot

-## 🔥 What is AFWall+? + +## What is AFWall+? **AFWall+ (Android Firewall+)** is a powerful, open-source firewall application for rooted Android devices. Built on Linux's robust `iptables` framework, AFWall+ provides **granular network control** at the system level - something impossible with standard Android permissions. -### 🎯 **Core Purpose** -- **Block unwanted network access** by apps, even when they have internet permission -- **Prevent data leaks** and unauthorized background connections -- **Monitor network activity** with comprehensive logging -- **Save battery and data** by controlling which apps can connect when -- **Enhance privacy** by blocking tracking and analytics -### 🛡️ **How It Works** -AFWall+ operates at the **Linux kernel level** using `iptables` rules to: -1. **Intercept all network requests** before they leave your device -2. **Apply custom firewall rules** based on your preferences -3. **Allow or block connections** per app, per network type (WiFi, mobile, VPN) -4. **Log blocked attempts** for monitoring and analysis +### Core Purpose +- Block unwanted network access by apps, even if they have internet permission +- Prevent data leaks and unauthorized background connections +- Monitor network activity with comprehensive logging +- Save battery and data by controlling which apps can connect +- Enhance privacy by blocking tracking and analytics -This approach is **far more powerful** than app-level solutions because it works regardless of how apps try to connect to the internet. + +### How It Works +AFWall+ operates at the Linux kernel level using `iptables` rules to: +1. Intercept all network requests before they leave your device +2. Apply custom firewall rules based on your preferences +3. Allow or block connections per app, per network type (WiFi, mobile, VPN) +4. Log blocked attempts for monitoring and analysis + +This approach is much more powerful than app-level solutions because it works regardless of how apps try to connect to the internet. --- -## 📥 Download + +## Download

@@ -44,102 +81,117 @@ This approach is **far more powerful** than app-level solutions because it works

-📋 **Release Notes**: Check the [changelog](https://github.com/ukanth/afwall/blob/beta/Changelog.md) for what's new in each version. + +**Release Notes**: Check the [changelog](https://github.com/ukanth/afwall/blob/beta/Changelog.md) for what's new in each version. --- -## 🌟 Key Features - -### 🔐 **Granular Control** -- **Per-app network rules** - Allow/block individual apps -- **Network type filtering** - Different rules for WiFi, mobile data, VPN, tethering -- **IPv4 & IPv6 support** - Complete protocol coverage -- **Custom rule scripting** - Advanced users can write custom iptables rules - -### 🎛️ **User Experience** -- **Clean, intuitive interface** - Easy to understand app list with clear allow/block controls -- **Quick search & filtering** - Find apps instantly, sort by name, install date, or permissions -- **Bulk operations** - Enable/disable rules for multiple apps at once -- **Profile management** - Switch between different rule sets (home, work, travel) - -### 📊 **Monitoring & Logging** -- **Real-time network monitoring** - See which apps are trying to connect -- **Detailed connection logs** - Track blocked attempts with timestamps and destinations -- **Notification system** - Get alerts for blocked connection attempts -- **Export/import rules** - Backup your configuration or share with others - -### 🔧 **Advanced Features** -- **Boot protection** - Apply rules before apps start (prevents data leaks during startup) -- **Startup delay management** - Robust boot rule application with network change handling -- **Multi-user support** - Different profiles for different Android users -- **Tasker/Locale integration** - Automate firewall based on conditions -- **Password protection** - Secure your firewall settings -- **Tor and VPN detection** - Special handling for privacy networks - -### 🌐 **Network Types Supported** -- 📶 **Mobile Data** (3G/4G/5G) - including roaming detection -- 📡 **WiFi** - home, work, public hotspots -- 🔗 **VPN** - all VPN types and providers -- 🔄 **Tethering** - WiFi hotspot, USB, Bluetooth -- 🧅 **Tor** - onion routing support -- 🏠 **LAN** - local network access + +## Key Features + + +### Granular Control +- Per-app network rules: Allow or block individual apps +- Network type filtering: Different rules for WiFi, mobile data, VPN, tethering +- IPv4 & IPv6 support +- Custom rule scripting for advanced users + + +### User Experience +- Clean, intuitive interface +- Quick search and filtering +- Bulk operations for multiple apps +- Profile management for different rule sets + + +### Monitoring & Logging +- Real-time network monitoring +- Detailed connection logs +- Notification system for blocked attempts +- Export/import rules for backup or sharing + + +### Advanced Features +- Boot protection: Apply rules before apps start +- Startup delay management +- Multi-user support +- Tasker/Locale integration for automation +- Password protection +- Tor and VPN detection + + +### Network Types Supported +- Mobile Data (3G/4G/5G), including roaming detection +- WiFi (home, work, public hotspots) +- VPN (all types and providers) +- Tethering (WiFi hotspot, USB, Bluetooth) +- Tor (onion routing support) +- LAN (local network access) --- -## 📋 System Requirements -### ✅ **Compatibility** -- **Android versions**: 5.0 (API 21) to 14+ (actively maintained) +## System Requirements + + +### Compatibility +- Android versions: 5.0 (API 21) to 14+ (actively maintained) - Legacy support: Android 4.x (version 2.9.9), Android 2.x (version 1.3.4.1) -- **Root access**: Required (Magisk, SuperSU, LineageOS su) -- **Architectures**: ARM, ARM64, x86, x86_64, MIPS -- **Storage**: ~15MB app + ~5MB for binaries - -### 🔧 **Root Methods Supported** -- ✅ **Magisk** (recommended) -- ✅ **LineageOS built-in su** -- ✅ **SuperSU** (legacy) -- ✅ **KingRoot** (not recommended) - -### 🚫 **Limitations** -- **Requires root access** - No root = no functionality -- **Not an antivirus** - Doesn't scan files for malware -- **Not an ad-blocker** - Blocks network access, not ads within allowed connections -- **VPN conflicts** - Some VPN apps may interfere with firewall rules -- **System-level apps** - Some system processes may bypass rules if they have root access +- Root access: Required (Magisk, SuperSU, LineageOS su) +- Architectures: ARM, ARM64, x86, x86_64 +- Storage: ~15MB app + ~5MB for binaries + + +### Root Methods Supported +- Magisk (recommended) +- LineageOS built-in su +- SuperSU (legacy) +- KingRoot (not recommended) + + +### Limitations +- Requires root access (no root = no functionality) +- Not an antivirus (doesn't scan files for malware) +- Not an ad-blocker (blocks network access, not ads within allowed connections) +- VPN conflicts: Some VPN apps may interfere with firewall rules +- System-level apps: Some system processes may bypass rules if they have root access --- -## 🚀 Quick Start Guide -### 1. **Pre-Installation** +## Quick Start Guide + + +### 1. Pre-Installation ```bash # Verify root access su -c "id" # Should return: uid=0(root) gid=0(root) ``` -### 2. **Installation** +### 2. Installation - Install AFWall+ from your preferred source - Grant root permission when prompted -- Enable firewall in main screen +- Enable the firewall on the main screen -### 3. **Basic Configuration** -1. **Enable the firewall** - Toggle the main switch -2. **Configure apps** - Tap apps to allow WiFi (green) or mobile data (orange) -3. **Apply rules** - Tap the apply button (firewall icon) -4. **Test connectivity** - Verify apps work as expected +### 3. Basic Configuration +1. Enable the firewall (toggle the main switch) +2. Configure apps (tap apps to allow WiFi or mobile data) +3. Apply rules (tap the apply button) +4. Test connectivity (verify apps work as expected) -### 4. **Essential Settings** -- **Boot startup delay**: Prevents rule conflicts during boot -- **Notification settings**: Control alert behavior -- **Log settings**: Enable if you want connection monitoring +### 4. Essential Settings +- Boot startup delay: Prevents rule conflicts during boot +- Notification settings: Control alert behavior +- Log settings: Enable if you want connection monitoring --- -## 🔧 Advanced Configuration -### 📝 **Custom Rules** +## Advanced Configuration + + +### Custom Rules AFWall+ supports custom iptables rules for advanced users: ```bash @@ -150,20 +202,23 @@ AFWall+ supports custom iptables rules for advanced users: -A afwall -p tcp --dport 443 -j REJECT ``` -### 🔄 **Profiles** + +### Profiles Create different rule sets for different scenarios: -- **Home**: Relaxed rules for trusted network -- **Work**: Restrictive rules for corporate network -- **Public**: Maximum security for public WiFi -- **Travel**: Balanced rules for mobile use +- Home: Relaxed rules for trusted network +- Work: Restrictive rules for corporate network +- Public: Maximum security for public WiFi +- Travel: Balanced rules for mobile use + -### 📊 **Logging Configuration** -- **Packet logging**: Uses nflog for detailed connection tracking -- **Log rotation**: Automatic cleanup of old logs -- **Export options**: Save logs for external analysis +### Logging Configuration +- Packet logging: Uses nflog for detailed connection tracking +- Log rotation: Automatic cleanup of old logs +- Export options: Save logs for external analysis --- + ## 🌍 Language Support AFWall+ is available in **40+ languages** thanks to our community translators: @@ -174,24 +229,29 @@ AFWall+ is available in **40+ languages** thanks to our community translators: --- -## 🛠️ Development -### 🏗️ **Building from Source** +## Development + + +### Building from Source + -#### **Prerequisites** +#### Prerequisites - Android SDK (API level 21+) - Java 17+ - Git - Android NDK (for native binaries) -#### **Quick Build** + +#### Quick Build ```bash git clone https://github.com/ukanth/afwall.git cd afwall ./gradlew clean assembleDebug ``` -#### **Native Binaries** + +#### Native Binaries To compile iptables, busybox, and other native components: ```bash # Requires Android NDK @@ -199,7 +259,8 @@ export NDK=/opt/android-ndk-r25 make -C external NDK=$NDK ``` -### 📁 **Project Structure** + +### Project Structure ``` afwall/ ├── app/src/main/java/dev/ukanth/ufirewall/ @@ -215,7 +276,8 @@ afwall/ └── scripts/ # Build scripts ``` -### 🧪 **Testing** + +### Testing ```bash # Run lint checks ./gradlew lint @@ -229,47 +291,53 @@ afwall/ --- -## 🤝 Contributing + +## Contributing We welcome contributions! Here's how you can help: -### 🐛 **Bug Reports** + +### Bug Reports - Check [existing issues](https://github.com/ukanth/afwall/issues) first - Follow our [bug report guide](https://github.com/ukanth/afwall/wiki/HOWTO-Report-Bug) - Include device info, Android version, and logs -### 💡 **Feature Requests** + +### Feature Requests - Open an issue with the "enhancement" label - Describe the use case and expected behavior - Consider if it fits AFWall+'s scope and philosophy -### 👨‍💻 **Code Contributions** + +### Code Contributions ```bash # Standard GitHub workflow 1. Fork the repository 2. Create a feature branch: git checkout -b feature-name 3. Make your changes and test thoroughly -4. Submit a pull request with clear description +4. Submit a pull request with a clear description ``` -### 🌐 **Translations** + +### Translations - Join our [Crowdin project](http://crowdin.net/project/afwall) - No technical knowledge required - Help make AFWall+ accessible worldwide --- -## 📞 Community & Support -### 💬 **Discussion Forums** +## Community & Support + +### Discussion Forums - **XDA Thread**: [Official community discussion](http://forum.xda-developers.com/showthread.php?t=1957231) - **GitHub Issues**: Technical problems and feature requests - **Wiki**: [Comprehensive documentation](https://github.com/ukanth/afwall/wiki) -### ❓ **Frequently Asked Questions** +### Frequently Asked Questions Before reporting issues, check our [FAQ](https://github.com/ukanth/afwall/wiki/FAQ) for common solutions. -### 🆘 **Getting Help** +### Getting Help 1. Check the FAQ and wiki 2. Search existing GitHub issues 3. Ask on XDA forums @@ -277,40 +345,47 @@ Before reporting issues, check our [FAQ](https://github.com/ukanth/afwall/wiki/F --- -## 📖 Technical Details -### 🔧 **Architecture** -AFWall+ uses a **layered architecture**: +## Technical Details + + +### Architecture +AFWall+ uses a layered architecture: 1. **UI Layer**: Android activities and fragments for user interaction 2. **Service Layer**: Background services for rule application and monitoring 3. **Core Layer**: iptables rule generation and management 4. **System Layer**: Native binaries and root shell interface -### 🏗️ **Key Components** -- **BootRuleManager**: Robust boot-time rule application with race condition prevention -- **InterfaceTracker**: Network interface monitoring and change detection -- **Api.java**: Central iptables command generation and execution -- **FirewallService**: Background service for continuous monitoring -- **LogService**: Network packet logging and analysis -### 📱 **Android Integration** -- **Broadcast Receivers**: Monitor system events (boot, network changes, app installs) -- **Content Providers**: Share configuration data securely -- **Notification System**: User alerts for blocked connections -- **Quick Settings Tile**: Fast firewall toggle (Android 7+) +### Key Components +- BootRuleManager: Robust boot-time rule application with race condition prevention +- InterfaceTracker: Network interface monitoring and change detection +- Api.java: Central iptables command generation and execution +- FirewallService: Background service for continuous monitoring +- LogService: Network packet logging and analysis + + +### Android Integration +- Broadcast Receivers: Monitor system events (boot, network changes, app installs) +- Content Providers: Share configuration data securely +- Notification System: User alerts for blocked connections +- Quick Settings Tile: Fast firewall toggle (Android 7+) --- -## 🏆 Acknowledgements + +## Acknowledgements AFWall+ builds upon the work of many open-source projects and contributors: -### 🌟 **Origins** -- **Original concept**: Derived from [DroidWall](http://code.google.com/p/droidwall) by Rodrigo Rosauro -- **Current maintainer**: [Umakanthan Chandran](https://github.com/ukanth) -### 📚 **Libraries & Dependencies** +### Origins +- Original concept: Derived from [DroidWall](http://code.google.com/p/droidwall) by Rodrigo Rosauro +- Current maintainer: [Umakanthan Chandran](https://github.com/ukanth) + + +### Libraries & Dependencies | Component | License | Purpose | |-----------|---------|---------| | [iptables](http://netfilter.org/projects/iptables/) | GPL v2 | Linux firewall framework | @@ -321,12 +396,14 @@ AFWall+ builds upon the work of many open-source projects and contributors: | [DBFlow](https://github.com/Raizlabs/DBFlow) | MIT | Database ORM | | [PrettyTime](https://github.com/ocpsoft/prettytime) | Apache 2.0 | Human-readable timestamps | -### 👥 **Contributors** + +### Contributors Thanks to all contributors who have helped improve AFWall+ over the years! --- -## 📄 License + +## License AFWall+ is released under the **GNU General Public License v3.0**. @@ -345,28 +422,11 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. ``` -**Full license text**: [LICENSE](LICENSE) file or [gnu.org/licenses/gpl-3.0](https://www.gnu.org/licenses/gpl-3.0.html) - ---- - -## 💝 Support the Project - -AFWall+ is developed and maintained by volunteers in their free time. If you find it useful, consider supporting the project: - -### 💰 **Donations** -- **PayPal**: [![Donate](https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6E4VZTULRB8GU) -- **Google Play**: Purchase the [unlocker key](https://play.google.com/store/apps/details?id=dev.ukanth.ufirewall.donate) for additional features - -### 🌟 **Other Ways to Help** -- ⭐ Star this repository -- 🐛 Report bugs and test new features -- 🌐 Contribute translations -- 📝 Improve documentation -- 💬 Help other users in forums +**Full license text**: See the [LICENSE](LICENSE) file or [gnu.org/licenses/gpl-3.0](https://www.gnu.org/licenses/gpl-3.0.html) ---

Made with ❤️ for Android privacy and security
AFWall+ - Your Network, Your Rules -

\ No newline at end of file +

diff --git a/app/build.gradle b/app/build.gradle index 4821e41c4..d70b8d9ed 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -3,14 +3,18 @@ apply plugin: 'com.android.application' android { defaultConfig { - compileSdk 35 - targetSdk 35 + compileSdk 36 + targetSdk 36 applicationId "dev.ukanth.ufirewall" //applicationId "dev.ukanth.ufirewall.donate" minSdkVersion 21 - versionCode 20241025 - versionName "3.6.1" + versionCode 20260130 + versionName "4.0.2" buildConfigField 'boolean', 'DONATE', 'false' + vectorDrawables.useSupportLibrary = true + ndk { + abiFilters 'armeabi-v7a', 'arm64-v8a', 'x86', 'x86_64' + } } buildFeatures { @@ -39,8 +43,14 @@ android { sourceCompatibility JavaVersion.VERSION_17 targetCompatibility JavaVersion.VERSION_17 } - compileSdk 35 + compileSdk 36 buildToolsVersion '34.0.0' + + packagingOptions { + jniLibs { + useLegacyPackaging = true + } + } } @@ -60,9 +70,10 @@ dependencies { implementation "androidx.cardview:cardview:1.0.0" implementation "androidx.recyclerview:recyclerview:1.3.2" implementation "androidx.annotation:annotation:1.9.0" - implementation "androidx.core:core:1.13.1" + implementation "androidx.core:core:1.15.0" implementation "androidx.preference:preference:1.2.1" implementation "androidx.legacy:legacy-support-v13:1.0.0" + implementation "androidx.activity:activity:1.9.3" annotationProcessor "com.github.Raizlabs.DBFlow:dbflow-processor:${dbFlowVersion}" implementation "com.github.Raizlabs.DBFlow:dbflow-core:${dbFlowVersion}" implementation "com.github.Raizlabs.DBFlow:dbflow:${dbFlowVersion}" diff --git a/app/proguard-rules.pro b/app/proguard-rules.pro index bc15fdec2..58ba74c47 100644 --- a/app/proguard-rules.pro +++ b/app/proguard-rules.pro @@ -6,3 +6,16 @@ -dontobfuscate -keep class dev.ukanth.ufirewall.** { *; } -optimizations !code/allocation/variable + +# Android 16 specific proguard rules +-keep class android.window.** { *; } +-keep class androidx.activity.** { *; } +-dontwarn android.window.** +-dontwarn androidx.window.** + +# Edge-to-edge and window insets support +-keep class androidx.core.view.WindowInsetsCompat** { *; } +-keep class androidx.core.view.ViewCompat** { *; } + +# Notification channel compatibility +-keep class androidx.core.app.NotificationChannelCompat** { *; } diff --git a/app/src/main/java/dev/ukanth/ufirewall/Api.java b/app/src/main/java/dev/ukanth/ufirewall/Api.java index d274ee4da..dc975bad0 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/Api.java +++ b/app/src/main/java/dev/ukanth/ufirewall/Api.java @@ -68,6 +68,7 @@ import android.util.Base64; import android.util.SparseArray; import android.widget.Toast; +import android.app.Activity; import androidx.annotation.NonNull; import androidx.core.app.NotificationCompat; @@ -135,6 +136,7 @@ import dev.ukanth.ufirewall.service.RootCommand; import dev.ukanth.ufirewall.util.G; import dev.ukanth.ufirewall.util.JsonHelper; +import dev.ukanth.ufirewall.util.UidResolver; import dev.ukanth.ufirewall.widget.StatusWidget; /** @@ -208,10 +210,18 @@ public final class Api { private static final int IPTABLES_TRY_AGAIN = 4; private static final String[] dynChains = {"-3g-postcustom", "-3g-fork", "-wifi-postcustom", "-wifi-fork"}; private static final String[] natChains = {"", "-tor-check", "-tor-filter"}; - private static final String[] staticChains = {"", "-input", "-3g", "-wifi", "-reject", "-vpn", "-3g-tether", "-3g-home", "-3g-roam", "-wifi-tether", "-wifi-wan", "-wifi-lan", "-usb-tether", "-tor", "-tor-reject", "-tether"}; + private static final String[] staticChains = {"", "-input", "-localhost", "-3g", "-wifi", "-reject", "-vpn", "-3g-tether", "-3g-home", "-3g-roam", "-wifi-tether", "-wifi-wan", "-wifi-lan", "-usb-tether", "-tor", "-tor-reject", "-tether", "-3g-home-reject", "-3g-roam-reject", "-wifi-wan-reject", "-wifi-lan-reject", "-vpn-reject", "-tether-reject"}; private static volatile boolean globalStatus = false; private static final Object GLOBAL_STATUS_LOCK = new Object(); + + /** + * Check if rules are currently being applied + * @return true if rules application is in progress + */ + public static boolean isRulesBeingApplied() { + return globalStatus; + } public static List getListOfUids() { return listOfUids; @@ -329,32 +339,110 @@ public static void toast(final Context ctx, final CharSequence msgText, final in } public static String getBinaryPath(Context ctx, boolean setv6) { - boolean builtin; String ip_path = G.ip_path(); - - if (ip_path.equals("system")) { - builtin = false; - } else if(ip_path.equals("builtin")) { - builtin = true; - } else{ - builtin = false; + String binaryName = setv6 ? "ip6tables" : "iptables"; + + // If built-in binaries have previously failed with exit 126, prefer system binaries + if (G.isBuiltinIptablesFailed() && !ip_path.equals("builtin")) { + Log.i(TAG, "Built-in iptables previously failed, preferring system binary for " + binaryName); + String systemBinaryPath = findSystemBinary(binaryName); + if (systemBinaryPath != null) { + if (Api.bbPath == null) { + Api.bbPath = getBusyBoxPath(ctx, true); + } + return systemBinaryPath; + } + Log.w(TAG, "System binary " + binaryName + " not found despite previous built-in failure"); } - - String dir = ""; - if (builtin) { - dir = ctx.getDir("bin", 0).getAbsolutePath() + "/"; + + // First priority: check system binary if preference is "system" or "auto" + if (ip_path.equals("system") || ip_path.equals("auto")) { + String systemBinaryPath = findSystemBinary(binaryName); + if (systemBinaryPath != null) { + if (Api.bbPath == null) { + Api.bbPath = getBusyBoxPath(ctx, true); + } + return systemBinaryPath; + } + + // If system binary not found and preference is "system", log warning + if (ip_path.equals("system")) { + Log.w(TAG, "System binary " + binaryName + " not found, falling back to built-in"); + } } - - String ipPath = dir + (setv6 ? "ip6tables" : "iptables" ); - - /*if (Build.VERSION.SDK_INT < Build.VERSION_CODES.JELLY_BEAN) { - dir = ctx.getDir("bin", 0).getAbsolutePath() + "/"; - ipPath = dir + "run_pie " + dir + (setv6 ? "ip6tables" : "iptables"); - }*/ + + // Second priority: use built-in binary + // Check if built-in binary exists for current architecture + String builtinDir = ctx.getDir("bin", 0).getAbsolutePath() + "/"; + String builtinPath = builtinDir + binaryName; + + File builtinFile = new File(builtinPath); + if (builtinFile.exists() && builtinFile.canExecute()) { + if (Api.bbPath == null) { + Api.bbPath = getBusyBoxPath(ctx, true); + } + return builtinPath; + } + + // Fallback: try to install built-in binaries if they don't exist + Log.w(TAG, "Built-in binary " + binaryName + " not found, attempting to install binaries"); + if (assertBinaries(ctx, false)) { + if (Api.bbPath == null) { + Api.bbPath = getBusyBoxPath(ctx, true); + } + return builtinPath; + } + + // Last resort: return the path even if binary doesn't exist (will likely fail at runtime) + Log.e(TAG, "No working " + binaryName + " binary found, returning built-in path anyway"); if (Api.bbPath == null) { Api.bbPath = getBusyBoxPath(ctx, true); } - return ipPath; + return builtinPath; + } + + /** + * Find system binary by checking common system paths + * + * @param binaryName the name of the binary to find + * @return full path to the binary if found, null otherwise + */ + public static String findSystemBinary(String binaryName) { + // Common paths where system iptables/ip6tables binaries are located + String[] systemPaths = { + "/system/bin/" + binaryName, + "/system/xbin/" + binaryName, + "/vendor/bin/" + binaryName, + "/sbin/" + binaryName, + "/usr/bin/" + binaryName, + "/bin/" + binaryName + }; + + for (String path : systemPaths) { + File binaryFile = new File(path); + if (binaryFile.exists() && binaryFile.canExecute()) { + Log.i(TAG, "Found system binary: " + path); + return path; + } + } + + // Also try using 'which' command if available + try { + Shell.Result result = Shell.cmd("which " + binaryName).exec(); + if (result.isSuccess() && !result.getOut().isEmpty()) { + String whichPath = result.getOut().get(0).trim(); + File whichFile = new File(whichPath); + if (whichFile.exists() && whichFile.canExecute()) { + Log.i(TAG, "Found system binary via 'which': " + whichPath); + return whichPath; + } + } + } catch (Exception e) { + Log.d(TAG, "Unable to use 'which' command to find " + binaryName + ": " + e.getMessage()); + } + + Log.d(TAG, "System binary " + binaryName + " not found in any standard location"); + return null; } /** @@ -365,45 +453,94 @@ public static String getBinaryPath(Context ctx, boolean setv6) { * @return */ public static String getBusyBoxPath(Context ctx, boolean considerSystem) { - - if (G.bb_path().equals("system") && considerSystem) { - return "busybox "; + String bb_path = G.bb_path(); + + // First priority: check system busybox if preference is "system" or "auto" and considerSystem is true + if (considerSystem && (bb_path.equals("system") || bb_path.equals("auto"))) { + String systemBusybox = findSystemBinary("busybox"); + if (systemBusybox != null) { + return systemBusybox + " "; + } + + // If system busybox not found and preference is "system", log warning and fall back + if (bb_path.equals("system")) { + Log.w(TAG, "System busybox not found, falling back to built-in"); + } + } + + // Second priority: use built-in busybox + String dir = ctx.getDir("bin", 0).getAbsolutePath(); + String builtinPath = dir + "/busybox"; + + File builtinFile = new File(builtinPath); + if (builtinFile.exists() && builtinFile.canExecute()) { + return builtinPath + " "; + } + + // Fallback: return built-in path even if it doesn't exist yet (may be installed later) + if (!builtinFile.exists()) { + Log.w(TAG, "Built-in busybox not found at " + builtinPath + ", returning path anyway"); } else { - String dir = ctx.getDir("bin", 0).getAbsolutePath(); - return dir + "/busybox "; + Log.w(TAG, "Built-in busybox exists but not executable at " + builtinPath + ", permissions: " + + (builtinFile.canRead() ? "R" : "-") + + (builtinFile.canWrite() ? "W" : "-") + + (builtinFile.canExecute() ? "X" : "-")); } + return builtinPath + " "; } /** - * Get NFLog Path + * Get NFLog Path - Enhanced version with fallback support * - * @param ctx - * @returnC + * @param ctx Context + * @return path to best available nflog binary */ public static String getNflogPath(Context ctx) { String dir = ctx.getDir("bin", 0).getAbsolutePath(); - String nflogPath = dir + "/nflog"; + String originalPath = dir + "/nflog"; + File originalFile = new File(originalPath); - // Check if nflog binary exists and is executable - File nflogFile = new File(nflogPath); - if (!nflogFile.exists()) { - Log.w(TAG, "NFLOG binary not found at: " + nflogPath); + if (!originalFile.exists()) { + Log.w(TAG, "No NFLOG binary found at: " + originalPath); return null; } - if (!nflogFile.canExecute()) { - Log.w(TAG, "NFLOG binary not executable at: " + nflogPath); + if (!originalFile.canExecute()) { + Log.w(TAG, "NFLOG binary not executable at: " + originalPath); // Try to make it executable try { - nflogFile.setExecutable(true); + originalFile.setExecutable(true); + if (!originalFile.canExecute()) { + Log.e(TAG, "Failed to make nflog executable"); + return null; + } } catch (Exception e) { Log.e(TAG, "Failed to make nflog executable: " + e.getMessage()); return null; } } - return nflogPath + " "; + Log.i(TAG, "Using original NFLOG binary"); + return originalPath; + } + + /** + * Get enhanced NFLOG command with optimized parameters + * + * @param ctx Context + * @param queueNum NFLOG queue number + * @return complete command string with optimizations + */ + public static String getEnhancedNflogCommand(Context ctx, int queueNum) { + String nflogPath = getNflogPath(ctx); + if (nflogPath == null) { + return null; + } + + // Use standard nflog command with queue number + return nflogPath + " " + queueNum; } + /** * Copies a raw resource file, given its ID to the given location @@ -429,7 +566,45 @@ private static void copyRawFile(Context ctx, int resid, File file, String mode) is.close(); // Change the permissions - Runtime.getRuntime().exec("chmod " + mode + " " + abspath).waitFor(); + executeSecureCommand(new String[]{"chmod", mode, abspath}); + } + + /** + * Execute system commands securely using ProcessBuilder to prevent command injection + * + * @param command Array of command and arguments (prevents shell interpretation) + * @throws IOException if command execution fails + * @throws InterruptedException if command is interrupted + */ + private static void executeSecureCommand(String[] command) throws IOException, InterruptedException { + if (command == null || command.length == 0) { + throw new IllegalArgumentException("Command cannot be null or empty"); + } + + // Validate command and arguments don't contain dangerous characters + for (String arg : command) { + if (arg == null || arg.contains("\n") || arg.contains("\r") || + arg.contains(";") || arg.contains("&") || arg.contains("|") || + arg.contains("`") || arg.contains("$")) { + Log.w(TAG, "Rejecting command with potentially dangerous characters: " + java.util.Arrays.toString(command)); + throw new SecurityException("Command contains illegal characters"); + } + } + + ProcessBuilder pb = new ProcessBuilder(command); + pb.environment().clear(); // Clear environment to prevent injection via env vars + Process process = pb.start(); + int exitCode = process.waitFor(); + + if (exitCode != 0) { + // For chmod commands, permission denied is expected on Android - don't fail the installation + if (command.length > 0 && "chmod".equals(command[0])) { + Log.w(TAG, "chmod command failed (expected on Android without root): exit code " + exitCode + " for " + java.util.Arrays.toString(command)); + return; // Don't throw exception for chmod failures + } + Log.w(TAG, "Command failed with exit code " + exitCode + ": " + java.util.Arrays.toString(command)); + throw new IOException("Command execution failed with exit code: " + exitCode); + } } /** @@ -491,28 +666,44 @@ private static void addRulesForUidlist(List cmds, List uids, St } boolean kernel_checked = uids.contains(SPECIAL_UID_KERNEL); + if (whitelist) { if (kernel_checked) { // reject any other UIDs, but allow the kernel through - cmds.add("-A " + chain + " -m owner --uid-owner 0:999999999 -j " + chain + "-reject"); + // Use fallback rule if owner module is not available + if (G.hasOwnerModule()) { + Log.d(TAG, "Adding whitelist kernel rule with owner module for chain " + chain); + cmds.add("-A " + chain + " -m owner --uid-owner 0:999999999 -j " + chain + "-reject"); + } else { + Log.w(TAG, "Owner module not available, using fallback rule for chain " + chain); + cmds.add("-A " + chain + " -j " + chain + "-reject"); + } } else { // kernel is blocked so reject everything - cmds.add("-A " + chain + " -j " + chain + "-reject"); + String rejectRule = "-A " + chain + " -j " + chain + "-reject"; + cmds.add(rejectRule); } } else { if (kernel_checked) { // allow any other UIDs, but block the kernel - cmds.add("-A " + chain + " -m owner --uid-owner 0:999999999 -j RETURN"); - cmds.add("-A " + chain + " -j " + chain + "-reject"); + if (G.hasOwnerModule()) { + cmds.add("-A " + chain + " -m owner --uid-owner 0:999999999 -j RETURN"); + cmds.add("-A " + chain + " -j " + chain + "-reject"); + } else { + Log.w(TAG, "Owner module not available, using fallback rule for chain " + chain); + cmds.add("-A " + chain + " -j " + chain + "-reject"); + } } } //add 1052 for LAN - if(G.enableLAN()) { + if(G.enableLAN() && G.hasOwnerModule()) { cmds.add("-A " + "afwall-wifi-lan" + " -m owner --uid-owner 1052 -j RETURN"); } - cmds.add("-A " + "afwall-wifi-wan" + " -m owner --uid-owner 1052 -j RETURN"); + if (G.hasOwnerModule()) { + cmds.add("-A " + "afwall-wifi-wan" + " -m owner --uid-owner 1052 -j RETURN"); + } } } @@ -523,13 +714,35 @@ private static void addRejectRules(List cmds, String chainName) { if (G.enableLogService()) { if (G.logTarget().trim().equals("LOG")) { //cmds.add("-A " + chainName + " -m limit --limit 1000/min -j LOG --log-prefix \"{AFL-ALLOW}\" --log-level 4 --log-uid"); - cmds.add("-A " + chainName + "-reject" + " -m limit --limit 1000/min -j LOG --log-prefix \"{AFL}\" --log-level 4 --log-uid --log-tcp-options --log-ip-options"); + String logRule = "-A " + chainName + "-reject" + " -m limit --limit 1000/min -j LOG --log-prefix \"{AFL}\" --log-level 4 --log-uid --log-tcp-options --log-ip-options"; + Log.d(TAG, "Adding LOG rule to reject chain: " + logRule); + cmds.add(logRule); } else if (G.logTarget().trim().equals("NFLOG")) { //cmds.add("-A " + chainName + " -j NFLOG --nflog-prefix \"{AFL-ALLOW}\" --nflog-group 40"); - cmds.add("-A " + chainName + "-reject" + " -j NFLOG --nflog-prefix \"{AFL}\" --nflog-group 40"); + String nflogRule = "-A " + chainName + "-reject" + " -j NFLOG --nflog-prefix \"{AFL}\" --nflog-group 40"; + Log.d(TAG, "Adding NFLOG rule to reject chain: " + nflogRule); + cmds.add(nflogRule); + } + } + String rejectRule = "-A " + chainName + "-reject" + " -j REJECT"; + Log.d(TAG, "Adding final REJECT rule: " + rejectRule); + cmds.add(rejectRule); + + // Also populate individual reject chains that are used by whitelist mode + String[] rejectChainSuffixes = {"-3g-home-reject", "-3g-roam-reject", "-wifi-wan-reject", + "-wifi-lan-reject", "-vpn-reject", "-tether-reject"}; + for (String suffix : rejectChainSuffixes) { + String individualRejectChain = chainName + suffix; + Log.d(TAG, "Populating individual reject chain: " + individualRejectChain); + if (G.enableLogService() && G.logTarget().trim().equals("NFLOG")) { + String nflogRule = "-A " + individualRejectChain + " -j NFLOG --nflog-prefix \"{AFL}\" --nflog-group 40"; + Log.d(TAG, "Adding NFLOG to individual reject chain: " + nflogRule); + cmds.add(nflogRule); } + String individualRejectRule = "-A " + individualRejectChain + " -j REJECT"; + Log.d(TAG, "Adding REJECT to individual reject chain: " + individualRejectRule); + cmds.add(individualRejectRule); } - cmds.add("-A " + chainName + "-reject" + " -j REJECT"); } private static void addTorRules(List cmds, List uids, Boolean whitelist, Boolean ipv6, String chainName) { @@ -565,25 +778,60 @@ private static void addTorRules(List cmds, List uids, Boolean w } private static String sanitizeRule(String rule) { - // Remove potentially dangerous characters and commands - if (rule.contains("&&") || rule.contains("||") || rule.contains(";") || - rule.contains("|") || rule.contains("`") || rule.contains("$") || - rule.contains("rm ") || rule.contains("dd ") || rule.contains("chmod ") || - rule.contains("chown ") || rule.contains("su ") || rule.contains("sudo ")) { - Log.w(TAG, "Rejecting potentially dangerous custom rule: " + rule); + String trimmed = rule.trim(); + + // Check for dangerous command chaining/substitution + if (trimmed.contains("&&") || trimmed.contains("||") || trimmed.contains(";") || + trimmed.contains("|") || trimmed.contains("`")) { + Log.w(TAG, "Rejecting potentially dangerous custom rule (command chaining): " + rule); return null; } - // Only allow basic iptables/ip6tables commands - if (!rule.startsWith("iptables ") && !rule.startsWith("ip6tables ") && - !rule.startsWith("-A ") && !rule.startsWith("-I ") && - !rule.startsWith("-D ") && !rule.startsWith("-F ") && - !rule.startsWith("-P ") && !rule.startsWith("-N ")) { + // Check for dangerous commands + if (trimmed.contains("rm ") || trimmed.contains("dd ") || + trimmed.contains("chmod ") || trimmed.contains("chown ") || + trimmed.contains("su ") || trimmed.contains("sudo ")) { + Log.w(TAG, "Rejecting potentially dangerous custom rule (system modification): " + rule); + return null; + } + + // Allow $ only for whitelisted variables + if (trimmed.contains("$")) { + // Check if it's using allowed variables + String tempRule = trimmed; + tempRule = tempRule.replace("$IPTABLES", ""); + tempRule = tempRule.replace("$IP6TABLES", ""); + tempRule = tempRule.replace("$BUSYBOX", ""); + tempRule = tempRule.replace("$IPV6", ""); + + if (tempRule.contains("$")) { + Log.w(TAG, "Rejecting custom rule with non-whitelisted variables: " + rule); + return null; + } + } + + // Allow file sourcing with validation + if (trimmed.startsWith(". ")) { + String filePath = trimmed.substring(2).trim(); + // Basic path validation - prevent directory traversal + if (filePath.contains("..") || filePath.contains(";") || filePath.contains("|")) { + Log.w(TAG, "Rejecting potentially dangerous file path: " + rule); + return null; + } + return trimmed; // Allow file sourcing + } + + // Allow basic iptables commands (keep existing check) + if (!trimmed.startsWith("iptables ") && !trimmed.startsWith("ip6tables ") && + !trimmed.startsWith("$IPTABLES ") && !trimmed.startsWith("$IP6TABLES ") && + !trimmed.startsWith("-A ") && !trimmed.startsWith("-I ") && + !trimmed.startsWith("-D ") && !trimmed.startsWith("-F ") && + !trimmed.startsWith("-P ") && !trimmed.startsWith("-N ")) { Log.w(TAG, "Rejecting non-iptables rule: " + rule); return null; } - return rule; + return trimmed; } private static void addCustomRules(String prefName, List cmds) { @@ -643,22 +891,39 @@ private static void addInterfaceRouting(Context ctx, List cmds, boolean } if (G.enableLAN() && !cfg.isWifiTethered) { + // Support multiple LAN subnets (Issue #1362) if (ipv6) { - if (!cfg.lanMaskV6.equals("")) { - cmds.add("-A " + chainName + "-wifi-fork -d " + cfg.lanMaskV6 + " -j " + chainName + "-wifi-lan"); - cmds.add("-A " + chainName + "-wifi-fork '!' -d " + cfg.lanMaskV6 + " -j " + chainName + "-wifi-wan"); + if (!cfg.lanMaskV6.isEmpty()) { + for (String subnet : cfg.lanMaskV6) { + cmds.add("-A " + chainName + "-wifi-fork -d " + subnet + " -j " + chainName + "-wifi-lan"); + } + // Add negation rule to route non-LAN traffic to WAN + // Build negation string for all v6 subnets + StringBuilder negation = new StringBuilder(); + for (String subnet : cfg.lanMaskV6) { + negation.append("'!' -d ").append(subnet).append(" "); + } + cmds.add("-A " + chainName + "-wifi-fork " + negation.toString().trim() + " -j " + chainName + "-wifi-wan"); } else { Log.i(TAG, "no ipv6 found: " + G.enableIPv6() + "," + cfg.lanMaskV6); } } else { - if (!cfg.lanMaskV4.equals("")) { - cmds.add("-A " + chainName + "-wifi-fork -d " + cfg.lanMaskV4 + " -j " + chainName + "-wifi-lan"); - cmds.add("-A " + chainName + "-wifi-fork '!' -d " + cfg.lanMaskV4 + " -j " + chainName + "-wifi-wan"); + if (!cfg.lanMaskV4.isEmpty()) { + for (String subnet : cfg.lanMaskV4) { + cmds.add("-A " + chainName + "-wifi-fork -d " + subnet + " -j " + chainName + "-wifi-lan"); + } + // Add negation rule to route non-LAN traffic to WAN + // Build negation string for all v4 subnets + StringBuilder negation = new StringBuilder(); + for (String subnet : cfg.lanMaskV4) { + negation.append("'!' -d ").append(subnet).append(" "); + } + cmds.add("-A " + chainName + "-wifi-fork " + negation.toString().trim() + " -j " + chainName + "-wifi-wan"); } else { Log.i(TAG, "no ipv4 found:" + G.enableIPv6() + "," + cfg.lanMaskV4); } } - if (cfg.lanMaskV4.equals("") && cfg.lanMaskV6.equals("")) { + if (cfg.lanMaskV4.isEmpty() && cfg.lanMaskV6.isEmpty()) { Log.i(TAG, "No ipaddress found for LAN"); // lets find one more time //atleast allow internet - don't block completely @@ -682,13 +947,16 @@ private static void addInterfaceRouting(Context ctx, List cmds, boolean } public static String getSpecialAppName(int uid) { + // First, try special apps (AFWall+ specific entries) List packageInfoData = getSpecialData(); for (PackageInfoData infoData : packageInfoData) { if (infoData.uid == uid) { return infoData.names.get(0); } } - return ctx.getString(R.string.unknown_item); + + // If not found in special apps, use comprehensive UID resolver + return UidResolver.resolveUid(ctx, uid); } @@ -753,13 +1021,14 @@ private static boolean applyIptablesRulesImpl(final Context ctx, RuleDataSet rul cmds.add("-P OUTPUT DROP"); // Create and flush all chains first to ensure they exist + // Use NOCHK to avoid errors if chain already exists, then flush to ensure clean state for (String s : staticChains) { cmds.add("#NOCHK# -N " + chainName + s); - cmds.add("-F " + chainName + s); + cmds.add("#NOCHK# -F " + chainName + s); } for (String s : dynChains) { cmds.add("#NOCHK# -N " + chainName + s); - cmds.add("-F " + chainName + s); + cmds.add("#NOCHK# -F " + chainName + s); } @@ -797,6 +1066,12 @@ private static boolean applyIptablesRulesImpl(final Context ctx, RuleDataSet rul addInterfaceRouting(ctx, cmds, ipv6, chainName); + // Route loopback traffic to localhost chain for per-app localhost blocking + // This is checked before other interface routing + if (G.enableLAN()) { + cmds.add("-A " + chainName + " -o lo -j " + chainName + "-localhost"); + } + // send wifi, 3G, VPN packets to the appropriate dynamic chain based on interface if (G.enableVPN()) { // if !enableVPN then we ignore those interfaces (pass all traffic) @@ -878,7 +1153,7 @@ private static boolean applyIptablesRulesImpl(final Context ctx, RuleDataSet rul // on the LAN - use specific DNS servers instead of opening to all LAN hosts if (whitelist) { // Add rules for specific DNS servers instead of all LAN hosts - addDnsServerRules(cmds, cfg, chainName + "-wifi-lan", false); + addDnsServerRules(cmds, cfg, chainName + "-wifi-lan", ipv6); // Fallback: if no specific DNS servers found, use the old broad rule if (cfg.dnsServersV4.isEmpty() && cfg.dnsServersV6.isEmpty()) { @@ -912,13 +1187,29 @@ private static boolean applyIptablesRulesImpl(final Context ctx, RuleDataSet rul if (G.enableTor()) { addTorRules(cmds, ruleDataSet.torList, whitelist, ipv6, chainName); } + + // Add localhost blocking rules - apps with LAN permission can access localhost, + // others are blocked. This prevents cross-app localhost tracking (Issue #1421) + if (G.enableLAN()) { + // Allow apps in lanList to access localhost + for (Integer uid : ruleDataSet.lanList) { + if (uid != null && uid >= 0) { + cmds.add("-A " + chainName + "-localhost -m owner --uid-owner " + uid + " -j RETURN"); + } + } + // Allow root for system services that need localhost + cmds.add("-A " + chainName + "-localhost -m owner --uid-owner 0 -j RETURN"); + // Allow shell for adb + cmds.add("-A " + chainName + "-localhost -m owner --uid-owner 2000 -j RETURN"); + // Block all other apps from accessing localhost + cmds.add("-A " + chainName + "-localhost -j REJECT"); + } cmds.add("-P OUTPUT ACCEPT"); } catch (Exception e) { Log.e(e.getClass().getName(), e.getMessage(), e); } iptablesCommands(cmds, out, ipv6); - Log.i(TAG, "Total # of rules for " + (ipv6 ? "v6": "v4") + " " + cmds.size()); return true; } @@ -943,8 +1234,9 @@ private static void iptablesCommands(List in, List out, boolean String ipPath = getBinaryPath(G.ctx, ipv6); String waitTime = ""; - if(G.ip_path().equals("system") && G.addDelay()) { - waitTime = " -w 1"; + if(G.ip_path().equals("system")) { + // Always use wait flag with system iptables to prevent lock contention + waitTime = " -w 5"; } boolean firstLit = true; for (String s : in) { @@ -1007,7 +1299,6 @@ public static void waitAndTerminate(ExecutorService executorService) { public static void applySavedIptablesRules(Context ctx, boolean showErrors, RootCommand callback) { synchronized (GLOBAL_STATUS_LOCK) { if(!globalStatus) { - Log.i(TAG, "Using applySavedIptablesRules"); globalStatus = true; try { @@ -1068,8 +1359,19 @@ private static RuleDataSet getDataSet() { final String savedPkg_lan_uid = G.pPrefs.getString(PREF_LAN_PKG_UIDS, ""); final String savedPkg_tor_uid = G.pPrefs.getString(PREF_TOR_PKG_UIDS, ""); - return new RuleDataSet(getListFromPref(savedPkg_wifi_uid), - getListFromPref(savedPkg_3g_uid), + + List wifiList = getListFromPref(savedPkg_wifi_uid); + List dataList = getListFromPref(savedPkg_3g_uid); + + + // Warn if no applications are configured - this means no blocking will occur + if (wifiList.isEmpty() && dataList.isEmpty()) { + Log.w(TAG, "WARNING: No applications configured for firewall rules - firewall will not block any traffic!"); + Log.w(TAG, "Please configure applications in AFWall+ main screen and apply rules."); + } + + return new RuleDataSet(wifiList, + dataList, getListFromPref(savedPkg_roam_uid), getListFromPref(savedPkg_vpn_uid), getListFromPref(savedPkg_tether_uid), @@ -1090,12 +1392,18 @@ public static boolean applySavedIp4tablesRules(Context ctx, List cmds, R return false; } try { - Log.i(TAG, "Using applySaved4IptablesRules"); callback.setRetryExitCode(IPTABLES_TRY_AGAIN).run(ctx, cmds); return true; } catch (Exception e) { - Log.d(TAG, "Exception while applying rules: " + e.getMessage()); - applyDefaultChains(ctx, callback); + Log.e(TAG, "Exception while applying IPv4 rules: " + e.getMessage(), e); + // Only apply default chains if it's a critical failure + // Avoid overriding user chain preferences unnecessarily + if (e.getMessage() != null && !e.getMessage().contains("Chain") && !e.getMessage().contains("policy")) { + Log.w(TAG, "Applying default chains due to rule application failure"); + applyDefaultChains(ctx, callback); + } else { + Log.w(TAG, "Skipping default chains application to preserve user chain preferences"); + } return false; } } @@ -1106,12 +1414,18 @@ public static boolean applySavedIp6tablesRules(Context ctx, List cmds, R return false; } try { - Log.i(TAG, "Using applySavedIp6tablesRules"); callback.setRetryExitCode(IPTABLES_TRY_AGAIN).run(ctx, cmds,true); return true; } catch (Exception e) { - Log.d(TAG, "Exception while applying rules: " + e.getMessage()); - applyDefaultChains(ctx, callback); + Log.e(TAG, "Exception while applying IPv6 rules: " + e.getMessage(), e); + // Only apply default chains if it's a critical failure + // Avoid overriding user chain preferences unnecessarily + if (e.getMessage() != null && !e.getMessage().contains("Chain") && !e.getMessage().contains("policy")) { + Log.w(TAG, "Applying default chains due to rule application failure"); + applyDefaultChains(ctx, callback); + } else { + Log.w(TAG, "Skipping default chains application to preserve user chain preferences"); + } return false; } } @@ -1137,8 +1451,15 @@ public static boolean fastApply(Context ctx, RootCommand callback) { callback.setRetryExitCode(IPTABLES_TRY_AGAIN).run(ctx, out); } } catch (Exception e) { - Log.d(TAG, "Exception while applying rules: " + e.getMessage()); - applyDefaultChains(ctx, callback); + Log.e(TAG, "Exception in fastApply: " + e.getMessage(), e); + // Only apply default chains if it's a critical failure + // Avoid overriding user chain preferences unnecessarily + if (e.getMessage() != null && !e.getMessage().contains("Chain") && !e.getMessage().contains("policy")) { + Log.w(TAG, "Applying default chains due to fastApply failure"); + applyDefaultChains(ctx, callback); + } else { + Log.w(TAG, "Skipping default chains application in fastApply to preserve user chain preferences"); + } } setRulesUpToDate(true); return true; @@ -1288,7 +1609,31 @@ public static void purgeIptables(Context ctx, boolean showErrors, RootCommand ca } addCustomRules(Api.PREF_CUSTOMSCRIPT2, cmds); - + + // Execute the purge commands and call the callback + Log.i(TAG, "Executing purge commands for IPv4"); + cmds.addAll(cmdsv4); + iptablesCommands(cmds, out, false); + + if (G.enableIPv6()) { + Log.i(TAG, "Executing purge commands for IPv6"); + List cmdsv6 = new ArrayList<>(); + for (String s : staticChains) { + cmdsv6.add("-F " + chainName + s); + } + for (String s : dynChains) { + cmdsv6.add("-F " + chainName + s); + } + cmdsv6.add("#NOCHK# -D OUTPUT -j " + chainName); + cmdsv6.add("-P OUTPUT ACCEPT"); + if (G.enableInbound()) { + cmdsv6.add("-D INPUT -j " + chainName + "-input"); + } + iptablesCommands(cmdsv6, out, true); + } + + Log.i(TAG, "Purge completed, calling callback"); + callback.setRetryExitCode(IPTABLES_TRY_AGAIN).run(ctx, out); } /** @@ -1437,48 +1782,39 @@ public static List fetchLogs() { * @param callback Callback for completion status */ public static void runIfconfig(Context ctx, RootCommand callback) { - // Android 16+ fallback: try system ifconfig first, then busybox - if (Build.VERSION.SDK_INT >= 35) { // Android 16+ - callback.run(ctx, "ifconfig -a || " + getBusyBoxPath(ctx, true) + " ifconfig -a"); - } else { - callback.run(ctx, getBusyBoxPath(ctx, true) + " ifconfig -a"); - } + // Try system ifconfig first, then busybox for all versions + callback.run(ctx, "ifconfig -a || " + getBusyBoxPath(ctx, true) + " ifconfig -a"); } public static void runNetworkInterface(Context ctx, RootCommand callback) { - // Android 16+ fallback: try multiple methods for network interface detection - if (Build.VERSION.SDK_INT >= 35) { // Android 16+ - // First try Android API method as fallback - try { - StringBuilder result = new StringBuilder(); - java.util.Enumeration interfaces = java.net.NetworkInterface.getNetworkInterfaces(); - while (interfaces.hasMoreElements()) { - java.net.NetworkInterface networkInterface = interfaces.nextElement(); - result.append(networkInterface.getName()).append("\n"); - } - if (result.length() > 0) { - // Create a mock RootCommand with API results - RootCommand apiResult = new RootCommand(); - apiResult.res = result; - apiResult.exitCode = 0; - apiResult.done = true; - if (callback.cb != null) { - callback.cb.cbFunc(apiResult); - } - return; + // Try Android API method first for all versions + try { + StringBuilder result = new StringBuilder(); + java.util.Enumeration interfaces = java.net.NetworkInterface.getNetworkInterfaces(); + while (interfaces.hasMoreElements()) { + java.net.NetworkInterface networkInterface = interfaces.nextElement(); + result.append(networkInterface.getName()).append("\n"); + } + if (result.length() > 0) { + // Create a mock RootCommand with API results + RootCommand apiResult = new RootCommand(); + apiResult.res = result; + apiResult.exitCode = 0; + apiResult.done = true; + if (callback.cb != null) { + callback.cb.cbFunc(apiResult); } - } catch (Exception e) { - Log.d(TAG, "Android API network interface detection failed: " + e.getMessage()); + return; } - - // Fallback to shell commands - String cmd = "ls /sys/class/net 2>/dev/null || " + - getBusyBoxPath(ctx, true) + " ls /sys/class/net 2>/dev/null || " + - "ip link show 2>/dev/null"; - callback.run(ctx, cmd); - } else { - callback.run(ctx, getBusyBoxPath(ctx, true) + " ls /sys/class/net"); + } catch (Exception e) { + Log.d(TAG, "Android API network interface detection failed: " + e.getMessage()); } + + // Fallback to shell commands with multiple options + String cmd = "ls /sys/class/net 2>/dev/null || " + + getBusyBoxPath(ctx, true) + " ls /sys/class/net 2>/dev/null || " + + "ip link show 2>/dev/null"; + callback.run(ctx, cmd); } @@ -1621,7 +1957,22 @@ public static List getApps(Context ctx, GetAppList appList) { if (app == null) { app = new PackageInfoData(); app.uid = apinfo.uid; - app.installTime = new File(apinfo.sourceDir).lastModified(); + + // Handle null sourceDir to prevent NullPointerException + if (apinfo.sourceDir != null) { + app.installTime = new File(apinfo.sourceDir).lastModified(); + } else { + // Try to get install time from PackageInfo as fallback + try { + PackageInfo pkgInfo = pkgmanager.getPackageInfo(apinfo.packageName, 0); + app.installTime = pkgInfo.firstInstallTime; + } catch (PackageManager.NameNotFoundException e) { + // Skip this app if we can't get package info + Log.w(TAG, "Skipping app with null sourceDir and no package info: " + apinfo.packageName); + continue; + } + } + app.names = new ArrayList(); app.names.add(name); app.appinfo = apinfo; @@ -1831,17 +2182,25 @@ private static boolean packagesExistForUserUid(HashMap pkgs, int public static HashMap getPackagesForUser(List userProfile) { HashMap listApps = new HashMap<>(); for(Integer integer: userProfile) { - Shell.Result result = Shell.cmd("pm list packages -U --user " + integer).exec(); - List out = result.getOut(); - Matcher matcher; - for (String item : out) { - matcher = dual_pattern.matcher(item); - if (matcher.find() && matcher.groupCount() > 0) { - String packageName = matcher.group(1); - String packageId = matcher.group(2); - Log.i(TAG, packageId + " " + packageName); - listApps.put(Integer.parseInt(packageId), packageName); + try { + Shell.Result result = Shell.cmd("pm list packages -U --user " + integer).exec(); + List out = result.getOut(); + Matcher matcher; + for (String item : out) { + matcher = dual_pattern.matcher(item); + if (matcher.find() && matcher.groupCount() > 0) { + String packageName = matcher.group(1); + String packageId = matcher.group(2); + Log.i(TAG, packageId + " " + packageName); + listApps.put(Integer.parseInt(packageId), packageName); + } } + } catch (java.util.concurrent.RejectedExecutionException e) { + Log.w(TAG, "Package listing rejected for user " + integer + ": " + e.getMessage()); + break; // Stop processing other users if execution rejected + } catch (Exception e) { + Log.e(TAG, "Failed to list packages for user " + integer + ": " + e.getMessage()); + // Continue with next user on other errors } } return listApps.size() > 0 ? listApps : null; @@ -1968,13 +2327,28 @@ public static int runScriptAsRoot(Context ctx, List script, StringBuilde } try { - returnCode = new RunCommand().execute(script, res, ctx).get(); + RunCommand runCommand = new RunCommand(); + returnCode = runCommand.execute(script, res, ctx).get(); } catch (RejectedExecutionException r) { - Log.e(TAG, "runScript failed: " + r.getLocalizedMessage()); + Log.w(TAG, "Shell execution rejected, likely due to app shutdown: " + r.getLocalizedMessage()); + returnCode = -1; } catch (InterruptedException e) { - Log.e(TAG, "Caught InterruptedException"); + Log.w(TAG, "Shell execution was interrupted: " + e.getLocalizedMessage()); + Thread.currentThread().interrupt(); // Restore interrupted status + returnCode = -1; + } catch (java.util.concurrent.ExecutionException e) { + Throwable cause = e.getCause(); + if (cause instanceof java.io.InterruptedIOException) { + Log.w(TAG, "Shell execution interrupted (IO): " + cause.getMessage()); + } else if (cause instanceof java.util.concurrent.RejectedExecutionException) { + Log.w(TAG, "Shell execution rejected in wrapped exception: " + cause.getMessage()); + } else { + Log.e(TAG, "Shell execution failed with ExecutionException: " + e.getLocalizedMessage()); + } + returnCode = -1; } catch (Exception e) { - Log.e(TAG, "runScript failed: " + e.getLocalizedMessage()); + Log.e(TAG, "Unexpected error during shell execution: " + e.getLocalizedMessage()); + returnCode = -1; } return returnCode; @@ -1982,73 +2356,116 @@ public static int runScriptAsRoot(Context ctx, List script, StringBuilde private static boolean installBinary(Context ctx, int resId, String filename) { try { - File f = new File(ctx.getDir("bin", 0), filename); + File binDir = ctx.getDir("bin", 0); + File f = new File(binDir, filename); + + Log.d(TAG, "Installing binary: " + filename + " to " + f.getAbsolutePath()); + if (f.exists()) { - f.delete(); + Log.d(TAG, "Removing existing binary: " + filename); + if (!f.delete()) { + Log.w(TAG, "Failed to delete existing binary: " + filename); + } } + copyRawFile(ctx, resId, f, "0755"); + + // Verify the binary was installed correctly + if (!f.exists()) { + Log.e(TAG, "Binary installation failed - file does not exist: " + filename); + return false; + } + + if (!f.canExecute()) { + Log.w(TAG, "Binary installed but not executable: " + filename); + // Try to fix permissions manually + try { + f.setExecutable(true, false); + Log.d(TAG, "Fixed permissions for: " + filename); + } catch (Exception e) { + Log.e(TAG, "Failed to fix permissions for: " + filename + " - " + e.getMessage()); + } + } + + Log.d(TAG, "Successfully installed binary: " + filename + + " (size: " + f.length() + " bytes, executable: " + f.canExecute() + ")"); return true; + + } catch (Exception e) { + Log.e(TAG, "installBinary failed for " + filename + ": " + e.getClass().getSimpleName() + + " - " + e.getLocalizedMessage(), e); + return false; + } + } + + /** + * Install binary if the resource exists, using reflection to check for resource availability + * @param ctx Context + * @param resourceName Name of the resource (e.g., "busybox_arm64") + * @param filename Target filename + * @return true if installed successfully or resource doesn't exist, false on installation error + */ + private static boolean installBinaryIfExists(Context ctx, String resourceName, String filename) { + try { + // Use reflection to check if the resource exists + Class rawClass = R.raw.class; + java.lang.reflect.Field field = rawClass.getDeclaredField(resourceName); + int resId = field.getInt(null); + + // Resource exists, try to install it + return installBinary(ctx, resId, filename); + } catch (NoSuchFieldException e) { + // Resource doesn't exist - this is expected when binaries are not yet added + Log.d(TAG, "Resource " + resourceName + " not found - this is expected if binary is not yet available"); + return false; } catch (Exception e) { - Log.e(TAG, "installBinary failed: " + e.getLocalizedMessage()); + Log.e(TAG, "Error checking/installing binary " + resourceName + ": " + e.getMessage()); return false; } } - private static boolean installBinariesX86() { + private static boolean installBinariesX86(Context ctx) { if (!installBinary(ctx, R.raw.busybox_x86, "busybox")) return false; if (!installBinary(ctx, R.raw.iptables_x86, "iptables")) return false; if (!installBinary(ctx, R.raw.ip6tables_x86, "ip6tables")) return false; if (!installBinary(ctx, R.raw.nflog_x86, "nflog")) return false; - //if (!installBinary(ctx, R.raw.run_pie_x86, "run_pie")) return false; + + return true; } - private static boolean installBinariesMips() { - if (!installBinary(ctx, R.raw.busybox_mips, "busybox")) return false; - if (!installBinary(ctx, R.raw.iptables_mips, "iptables")) return false; - if (!installBinary(ctx, R.raw.ip6tables_mips, "ip6tables")) return false; - if (!installBinary(ctx, R.raw.nflog_mips, "nflog")) return false; - //if (!installBinary(ctx, R.raw.run_pie_mips, "run_pie")) return false; - return true; - } - private static boolean installBinariesArm64() { - // ARM64 devices use system binaries for iptables/busybox, only install nflog - try { - if (!installBinary(ctx, R.raw.nflog_arm64, "nflog")) { - Log.e(TAG, "Failed to install ARM64 nflog binary"); - return false; - } - Log.i(TAG, "Successfully installed ARM64 binaries"); - return true; - } catch (Exception e) { - Log.e(TAG, "Error installing ARM64 binaries: " + e.getMessage()); - return false; - } + private static boolean installBinariesArm64(Context ctx) { + if (!installBinary(ctx, R.raw.busybox_arm64, "busybox")) return false; + if (!installBinary(ctx, R.raw.iptables_arm64, "iptables")) return false; + if (!installBinary(ctx, R.raw.ip6tables_arm64, "ip6tables")) return false; + if (!installBinary(ctx, R.raw.nflog_arm64, "nflog")) return false; + + + return true; } - private static boolean installBinariesArm() { + private static boolean installBinariesArm(Context ctx) { if (!installBinary(ctx, R.raw.busybox_arm, "busybox")) return false; if (!installBinary(ctx, R.raw.iptables_arm, "iptables")) return false; if (!installBinary(ctx, R.raw.ip6tables_arm, "ip6tables")) return false; if (!installBinary(ctx, R.raw.nflog_arm, "nflog")) return false; - //if (!installBinary(ctx, R.raw.run_pie_arm, "run_pie")) return false; + + return true; } - private static boolean installBinariesForAbi(String abi) { + private static boolean installBinariesForAbi(Context ctx, String abi) { if (abi.startsWith("x86")) { - return installBinariesX86(); - } else if (abi.startsWith("mips")) { - return installBinariesMips(); + return installBinariesX86(ctx); } else if (abi.startsWith("arm64")) { - return installBinariesArm64(); + return installBinariesArm64(ctx); } else { - return installBinariesArm(); + return installBinariesArm(ctx); } } - private static int getPackageVersion() { + private static int getPackageVersion(Context ctx) { try { return ctx.getPackageManager().getPackageInfo(ctx.getPackageName(), 0).versionCode; } catch (NameNotFoundException e) { @@ -2065,6 +2482,9 @@ private static String getAbi() { } } + // Static lock object for synchronizing binary installation + private static final Object BINARY_INSTALL_LOCK = new Object(); + /** * Asserts that the binary files are installed in the cache directory. * @@ -2073,19 +2493,30 @@ private static String getAbi() { * @return false if the binary files could not be installed */ public static boolean assertBinaries(Context ctx, boolean showErrors) { - - int currentVer = getPackageVersion(); - - if (G.appVersion() == currentVer) { - // The version hasn't changed: Use the previously installed binaries. - return true; + synchronized (BINARY_INSTALL_LOCK) { + Log.d(TAG, "assertBinaries() called - Entry point"); + + int currentVer = getPackageVersion(ctx); + boolean wasAlreadyInstalled = (G.appVersion() == currentVer); + Log.d(TAG, "assertBinaries() - currentVer=" + currentVer + ", storedVer=" + G.appVersion() + ", wasAlreadyInstalled=" + wasAlreadyInstalled); + + if (wasAlreadyInstalled) { + // The version hasn't changed: Check if binaries are still functional + Log.d(TAG, "assertBinaries() - Verifying existing binaries..."); + if (verifyBinaries(ctx)) { + Log.d(TAG, "assertBinaries() - Verification passed, returning true (no reinstall needed)"); + return true; + } else { + Log.w(TAG, "Binaries verification failed, forcing reinstallation"); + } } String abi = getAbi(); - Log.d(TAG, "Installing binaries for " + abi + "..."); + Log.d(TAG, "Installing binaries for " + abi + " (currentVer=" + currentVer + + ", storedVer=" + G.appVersion() + ", wasAlreadyInstalled=" + wasAlreadyInstalled + ")..."); - if (!installBinariesForAbi(abi)) + if (!installBinariesForAbi(ctx, abi)) { Log.e(TAG, "Installation of the binaries for " + abi + " failed!"); toast(ctx, ctx.getString(R.string.error_binary), Toast.LENGTH_LONG); @@ -2101,11 +2532,119 @@ public static boolean assertBinaries(Context ctx, boolean showErrors) { } Log.d(TAG, "Installed binaries for " + abi + "."); - toast(ctx, ctx.getString(R.string.toast_bin_installed), Toast.LENGTH_SHORT); + + // Only show toast for actual new installations (not verification failures) + if (!wasAlreadyInstalled) { + Log.d(TAG, "New installation completed - showing toast"); + toast(ctx, ctx.getString(R.string.toast_bin_installed), Toast.LENGTH_SHORT); + } else { + Log.d(TAG, "Binaries reinstalled (wasAlreadyInstalled=true) - no toast shown"); + } G.appVersion(currentVer); // This indicates that the installation of the binaries for this version was successful. return true; + } // End synchronized block + } + + /** + * Force reinstallation of binaries regardless of version + * + * @param ctx Context + * @param showErrors indicates if errors should be alerted + * @return true if installation successful + */ + public static boolean forceReinstallBinaries(Context ctx, boolean showErrors) { + Log.i(TAG, "Forcing binary reinstallation..."); + + // Clear the version to force reinstallation + G.appVersion(-1); + + return assertBinaries(ctx, showErrors); + } + + /** + * Verify that installed binaries are functional + * + * @param ctx Context + * @return true if binaries are functional, false if they need reinstallation + */ + private static boolean verifyBinaries(Context ctx) { + Log.d(TAG, "verifyBinaries() called - Starting verification"); + String dir = ctx.getDir("bin", 0).getAbsolutePath(); + Log.d(TAG, "verifyBinaries() - Binary directory: " + dir); + + // Check if busybox exists and is executable + File busybox = new File(dir, "busybox"); + boolean exists = busybox.exists(); + boolean canExecute = busybox.canExecute(); + boolean canRead = busybox.canRead(); + long size = busybox.length(); + Log.d(TAG, "verifyBinaries() - Checking busybox: exists=" + exists + ", canExecute=" + canExecute + ", canRead=" + canRead + ", size=" + size + " bytes"); + if (!exists || !canExecute) { + Log.w(TAG, "Busybox binary missing or not executable"); + return false; + } + + // Test busybox functionality by running a simple command + // Note: On modern Android, binaries in app private directories may not be executable + // from the app context, but they will work when executed with root privileges + try { + Log.d(TAG, "verifyBinaries() - Testing busybox functionality with 'echo test'"); + ProcessBuilder pb = new ProcessBuilder(busybox.getAbsolutePath(), "echo", "test"); + pb.environment().clear(); + Process process = pb.start(); + int exitCode = process.waitFor(); + Log.d(TAG, "verifyBinaries() - Busybox test exitCode: " + exitCode); + + if (exitCode != 0) { + Log.w(TAG, "Busybox test command failed with exit code: " + exitCode); + return false; + } + + // Read and verify output + java.util.Scanner scanner = new java.util.Scanner(process.getInputStream()); + if (scanner.hasNextLine()) { + String output = scanner.nextLine().trim(); + Log.d(TAG, "verifyBinaries() - Busybox test output: '" + output + "'"); + scanner.close(); + if (!"test".equals(output)) { + Log.w(TAG, "Busybox test output unexpected: " + output); + return false; + } + } else { + scanner.close(); + Log.w(TAG, "Busybox test produced no output"); + return false; + } + + } catch (Exception e) { + String errorMsg = e.getMessage(); + if (errorMsg != null && (errorMsg.contains("Permission denied") || errorMsg.contains("error=13"))) { + Log.w(TAG, "Busybox execution test failed due to Android security restrictions (expected behavior)"); + Log.w(TAG, "Binary will be available for root execution. Skipping direct execution test."); + // Don't fail verification for permission denied - the binary will work with root + // Just log the issue and continue with other checks + } else { + Log.w(TAG, "Busybox verification failed: " + errorMsg); + return false; + } + } + + // Check other critical binaries exist + Log.d(TAG, "verifyBinaries() - Checking other required binaries"); + String[] requiredBinaries = {"iptables", "ip6tables"}; + for (String binary : requiredBinaries) { + File binaryFile = new File(dir, binary); + Log.d(TAG, "verifyBinaries() - Checking " + binary + ": exists=" + binaryFile.exists() + ", canExecute=" + binaryFile.canExecute()); + if (!binaryFile.exists() || !binaryFile.canExecute()) { + Log.w(TAG, "Required binary missing or not executable: " + binary); + return false; + } + } + + Log.d(TAG, "Binary verification successful - All checks passed"); + return true; } /** @@ -2140,10 +2679,13 @@ public static void setEnabled(Context ctx, boolean enabled, boolean showErrors) return; } - //addNotification(); Intent myService = new Intent(ctx, FirewallService.class); ctx.stopService(myService); - ctx.startService(myService); + if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.O) { + ctx.startForegroundService(myService); + } else { + ctx.startService(myService); + } /* notify */ Intent message = new Intent(ctx, StatusWidget.class); @@ -2171,6 +2713,12 @@ public static void errorNotification(Context ctx) { notificationChannel.setShowBadge(false); notificationChannel.enableLights(false); notificationChannel.enableVibration(false); + + // Android 16+ specific notification channel configurations + if (Build.VERSION.SDK_INT >= 36) { + notificationChannel.setAllowBubbles(false); + } + manager.createNotificationChannel(notificationChannel); } @@ -2221,6 +2769,12 @@ public static void updateNotification(boolean status, Context ctx) { notificationChannel.setShowBadge(false); notificationChannel.enableLights(false); notificationChannel.enableVibration(false); + + // Android 16+ specific notification channel configurations + if (Build.VERSION.SDK_INT >= 36) { + notificationChannel.setAllowBubbles(false); + } + manager.createNotificationChannel(notificationChannel); } @@ -2495,6 +3049,134 @@ public static void exportAllPreferencesToFileConfirm(final Context ctx) { } } + public static void exportRulesToFileWithPicker(final Context ctx) { + showExportFileDialog(ctx, false); + } + + public static void exportAllPreferencesToFileWithPicker(final Context ctx) { + showExportFileDialog(ctx, true); + } + + private static void showExportFileDialog(final Context ctx, final boolean exportAll) { + try { + File defaultPath; + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) { + defaultPath = new File(ctx.getExternalFilesDir(Environment.DIRECTORY_DOCUMENTS), "/"); + } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) { + defaultPath = new File(ctx.getExternalFilesDir(null), "/"); + } else { + defaultPath = new File(Environment.getExternalStorageDirectory().getAbsolutePath() + "/afwall/"); + defaultPath.mkdirs(); + } + + dev.ukanth.ufirewall.util.FileDialog fileDialog = new dev.ukanth.ufirewall.util.FileDialog((Activity) ctx, defaultPath, true); + fileDialog.setSelectDirectoryOption(true); + fileDialog.addDirectoryListener(directory -> { + String fileName = "afwall-backup" + (exportAll ? "-all" : "") + "-" + + new SimpleDateFormat("yyyy-MM-dd-HH-mm-ss").format(new Date()) + ".json"; + File fullPath = new File(directory, fileName); + + boolean success; + if (exportAll) { + success = exportAllToFile(ctx, fullPath); + } else { + success = exportRulesToFile(ctx, fullPath); + } + + if (success) { + Api.toast(ctx, ctx.getString(R.string.export_rules_success) + " " + fullPath.getAbsolutePath()); + } else { + Api.toast(ctx, ctx.getString(R.string.export_rules_fail)); + } + }); + fileDialog.showDialog(); + } catch (Exception e) { + // Fallback to original method if file dialog fails + if (exportAll) { + exportAllPreferencesToFileConfirm(ctx); + } else { + exportRulesToFileConfirm(ctx); + } + } + } + + private static boolean exportRulesToFile(Context ctx, File file) { + boolean res = false; + try (FileOutputStream fOut = new FileOutputStream(file); + OutputStreamWriter myOutWriter = new OutputStreamWriter(fOut)) { + + JSONObject obj = new JSONObject(getCurrentRulesAsMap(ctx)); + JSONArray jArray = new JSONArray("[" + obj.toString() + "]"); + JSONObject exportObject = new JSONObject(); + exportObject.put("rules", jArray); + String mode = G.pPrefs.getString(Api.PREF_MODE, Api.MODE_WHITELIST); + exportObject.put("mode", mode); + + myOutWriter.write(exportObject.toString()); + myOutWriter.flush(); // Ensure data is written + res = true; + Log.i(TAG, "Successfully exported rules to: " + file.getAbsolutePath()); + } catch (Exception e) { + Log.e(TAG, "Error exporting rules to file: " + file.getAbsolutePath(), e); + } + return res; + } + + private static boolean exportAllToFile(Context ctx, File file) { + boolean res = false; + try (FileOutputStream fOut = new FileOutputStream(file); + OutputStreamWriter myOutWriter = new OutputStreamWriter(fOut)) { + + JSONObject exportObject = new JSONObject(); + if (G.enableMultiProfile()) { + if (!G.isProfileMigrated()) { + JSONObject profileObject = new JSONObject(); + for (String profile : G.profiles) { + profileObject.put(profile, new JSONObject(getRulesForProfile(ctx, profile))); + } + exportObject.put("profiles", profileObject); + + JSONObject addProfileObject = new JSONObject(); + for (String profile : G.getAdditionalProfiles()) { + addProfileObject.put(profile, new JSONObject(getRulesForProfile(ctx, profile))); + } + exportObject.put("additional_profiles", addProfileObject); + } else { + JSONObject profileObject = new JSONObject(); + String profileName = "AFWallPrefs"; + profileObject.put(profileName, new JSONObject(getRulesForProfile(ctx, profileName))); + + List profileDataList = ProfileHelper.getProfiles(); + for (ProfileData profile : profileDataList) { + profileName = profile.getName(); + if (profile.getIdentifier().startsWith("AFWallProfile")) { + profileName = profile.getIdentifier(); + } + profileObject.put(profile.getName(), new JSONObject(getRulesForProfile(ctx, profileName))); + } + exportObject.put("_profiles", profileObject); + } + } else { + JSONObject obj = new JSONObject(getCurrentRulesAsMap(ctx)); + exportObject.put("default", obj); + } + + exportObject.put("prefs", getAllAppPreferences(ctx, G.gPrefs)); + // Export profile-specific preferences (mode, custom rules, etc.) + if (G.pPrefs != null) { + exportObject.put("profilePrefs", getAllAppPreferences(ctx, G.pPrefs)); + } + + myOutWriter.write(exportObject.toString()); + myOutWriter.flush(); // Ensure data is written + res = true; + Log.i(TAG, "Successfully exported all preferences to: " + file.getAbsolutePath()); + } catch (Exception e) { + Log.e(TAG, "Error exporting all preferences to file: " + file.getAbsolutePath(), e); + } + return res; + } + private static void updateExportPackage(Map exportMap, String packageName, boolean isChecked, int identifier) throws JSONException { if (!isChecked) { return; @@ -2548,12 +3230,17 @@ public static boolean exportAll(Context ctx, final String fileName) { boolean res = false; try { File file; - if (Build.VERSION.SDK_INT < Build.VERSION_CODES.Q) { + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) { + // Android 11+ (API 30+): Use scoped storage + file = new File(ctx.getExternalFilesDir(Environment.DIRECTORY_DOCUMENTS), fileName); + } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) { + // Android 10 (API 29): Use app-specific directory + file = new File(ctx.getExternalFilesDir(null), fileName); + } else { + // Android 9 and below: Use legacy external storage File dir = new File(Environment.getExternalStorageDirectory().getAbsolutePath() + File.separator + "afwall"); dir.mkdirs(); file = new File(dir, fileName); - } else { - file = new File(ctx.getExternalFilesDir(null), fileName); } try (FileOutputStream fOut = new FileOutputStream(file); @@ -2594,6 +3281,10 @@ public static boolean exportAll(Context ctx, final String fileName) { } exportObject.put("prefs", getAllAppPreferences(ctx, G.gPrefs)); + // Export profile-specific preferences (mode, custom rules, etc.) + if (G.pPrefs != null) { + exportObject.put("profilePrefs", getAllAppPreferences(ctx, G.pPrefs)); + } String mode = G.pPrefs.getString(Api.PREF_MODE, Api.MODE_WHITELIST); exportObject.put("mode", mode); @@ -2638,12 +3329,17 @@ public static boolean exportRules(Context ctx, final String fileName) { boolean res = false; File file; - if(Build.VERSION.SDK_INT < Build.VERSION_CODES.Q ){ - File dir = new File(Environment.getExternalStorageDirectory().getAbsolutePath() + "/afwall/" ); + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) { + // Android 11+ (API 30+): Use scoped storage + file = new File(ctx.getExternalFilesDir(Environment.DIRECTORY_DOCUMENTS), fileName); + } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) { + // Android 10 (API 29): Use app-specific directory + file = new File(ctx.getExternalFilesDir(null), fileName); + } else { + // Android 9 and below: Use legacy external storage + File dir = new File(Environment.getExternalStorageDirectory().getAbsolutePath() + "/afwall/"); dir.mkdirs(); file = new File(dir, fileName); - } else{ - file = new File(ctx.getExternalFilesDir(null) + "/" + fileName) ; } try { @@ -2702,10 +3398,12 @@ private static boolean importRulesRoot(Context ctx, File file, StringBuilder ms updateRulesFromJson(ctx, (JSONObject) array.get(0), PREFS_NAME); } returnVal = true; + } catch (java.util.concurrent.RejectedExecutionException e) { + Log.w(TAG, "Import rules file read rejected: " + e.getMessage()); } catch (JSONException e) { - Log.e(TAG, e.getLocalizedMessage()); + Log.e(TAG, "JSON parsing error during import: " + e.getLocalizedMessage()); } catch (Exception e) { - Log.e(TAG, e.getLocalizedMessage()); + Log.e(TAG, "Failed to import rules from file: " + e.getLocalizedMessage()); } finally { if (br != null) { try { @@ -2727,6 +3425,11 @@ private static boolean importRules(Context ctx, File file, StringBuilder msg) { text.append(line); } String data = text.toString(); + if (data.trim().isEmpty()) { + msg.append("Import file contains no data"); + return false; + } + JSONObject jsonObject = new JSONObject(data); if (jsonObject.has("mode")) { G.pPrefs.edit().putString(PREF_MODE, jsonObject.getString("mode")).apply(); @@ -2842,7 +3545,18 @@ private static boolean importAll(Context ctx, File file, StringBuilder msg) { text.append(line); } String data = text.toString(); + if (data.trim().isEmpty()) { + msg.append("Import file contains no data"); + return false; + } + JSONObject object = new JSONObject(data); + // Basic validation of expected JSON structure + if (!object.has("prefs") && !object.has("profiles") && !object.has("_profiles") && !object.has("default")) { + msg.append("Import file does not contain valid AFWall+ data"); + Log.w(TAG, "Invalid import file structure - missing expected keys"); + return false; + } // Allow/deny rule if (object.has("mode")) { @@ -2861,19 +3575,52 @@ private static boolean importAll(Context ctx, File file, StringBuilder msg) { continue; } if (value.equals("true") || value.equals("false")) { - G.gPrefs.edit().putBoolean(key, Boolean.parseBoolean(value)); + G.gPrefs.edit().putBoolean(key, Boolean.parseBoolean(value)).apply(); } else { try { if (key.equals("multiUserId")) { - G.gPrefs.edit().putLong(key, Long.parseLong(value)); + G.gPrefs.edit().putLong(key, Long.parseLong(value)).apply(); } else if (isIntType(key)) { - G.gPrefs.edit().putString(key, value); + G.gPrefs.edit().putString(key, value).apply(); } else { int intValue = Integer.parseInt(value); - G.gPrefs.edit().putInt(key, intValue); + G.gPrefs.edit().putInt(key, intValue).apply(); } } catch (NumberFormatException e) { - G.gPrefs.edit().putString(key, value); + G.gPrefs.edit().putString(key, value).apply(); + } + } + } + } + + // Import profile-specific preferences if available + if (object.has("profilePrefs")) { + JSONArray profilePrefArray = object.getJSONArray("profilePrefs"); + for (int i = 0; i < profilePrefArray.length(); i++) { + JSONObject prefObj = profilePrefArray.getJSONObject(i); + Iterator keys = prefObj.keys(); + + while (keys.hasNext()) { + String key = keys.next(); + String value = prefObj.getString(key); + if (shouldIgnoreKey(key)) { + continue; + } + if (value.equals("true") || value.equals("false")) { + G.pPrefs.edit().putBoolean(key, Boolean.parseBoolean(value)).apply(); + } else { + try { + if (key.equals("multiUserId")) { + G.pPrefs.edit().putLong(key, Long.parseLong(value)).apply(); + } else if (isIntType(key)) { + G.pPrefs.edit().putString(key, value).apply(); + } else { + int intValue = Integer.parseInt(value); + G.pPrefs.edit().putInt(key, intValue).apply(); + } + } catch (NumberFormatException e) { + G.pPrefs.edit().putString(key, value).apply(); + } } } } @@ -2907,11 +3654,27 @@ public static boolean loadSharedPreferencesFromFile(Context ctx, StringBuilder b boolean res = false; File file = new File(fileName); if (file.exists()) { + // Basic file validation + if (file.length() == 0) { + builder.append("Import file is empty"); + Log.w(TAG, "Import file is empty: " + fileName); + return false; + } + if (file.length() > 50 * 1024 * 1024) { // 50MB limit + builder.append("Import file is too large (>50MB)"); + Log.w(TAG, "Import file is too large: " + fileName + " (" + file.length() + " bytes)"); + return false; + } + + Log.i(TAG, "Importing from file: " + fileName + " (loadAll: " + loadAll + ")"); if (loadAll) { res = importAll(ctx, file, builder); } else { res = importRules(ctx, file, builder); } + } else { + builder.append("Import file does not exist: " + fileName); + Log.w(TAG, "Import file does not exist: " + fileName); } return res; } @@ -2938,8 +3701,16 @@ public static void showInstalledAppDetails(Context context, String packageName) public static boolean isNetfilterSupported() { boolean netfiler_exists = new File("/proc/net/netfilter").exists(); - Shell.Result result = Shell.cmd("cat /proc/net/ip_tables_targets").exec(); - return netfiler_exists && result.isSuccess(); + try { + Shell.Result result = Shell.cmd("cat /proc/net/ip_tables_targets").exec(); + return netfiler_exists && result.isSuccess(); + } catch (java.util.concurrent.RejectedExecutionException e) { + Log.w(TAG, "Netfilter check rejected: " + e.getMessage()); + return false; + } catch (Exception e) { + Log.e(TAG, "Failed to check netfilter support: " + e.getMessage()); + return false; + } } private static void initSpecial() { @@ -2965,7 +3736,7 @@ public static void updateLanguage(Context context, String lang) { Resources res = context.getResources(); Configuration conf = res.getConfiguration(); conf.locale = defaultLocale; - if (Build.VERSION.SDK_INT > Build.VERSION_CODES.N) { + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) { context.createConfigurationContext(conf); } else { context.getResources().updateConfiguration(conf, context.getResources().getDisplayMetrics()); @@ -2979,7 +3750,7 @@ public static void updateLanguage(Context context, String lang) { Resources res = context.getResources(); Configuration conf = res.getConfiguration(); conf.locale = locale; - if (Build.VERSION.SDK_INT > Build.VERSION_CODES.N) { + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) { context.createConfigurationContext(conf); } else { context.getResources().updateConfiguration(conf, context.getResources().getDisplayMetrics()); @@ -3034,12 +3805,15 @@ public static String loadData(final Context context, } /** - * Encrypt the password + * Encrypt the password - DEPRECATED: Use SecureCrypto.encryptSecure() for new code + * This method is kept for backward compatibility only * * @param key * @param data * @return + * @deprecated Use SecureCrypto.encryptSecure() instead for better security */ + @Deprecated public static String hideCrypt(String key, String data) { if (key == null || data == null) return null; @@ -3060,12 +3834,15 @@ public static String hideCrypt(String key, String data) { } /** - * Decrypt the password + * Decrypt the password - DEPRECATED: Use SecureCrypto.decryptSecure() for new code + * This method is kept for backward compatibility only * * @param key * @param data * @return + * @deprecated Use SecureCrypto.decryptSecure() instead for better security */ + @Deprecated public static String unhideCrypt(String key, String data) { if (key == null || data == null) return null; @@ -3369,6 +4146,94 @@ public String toString() { } } + /** + * Safe shell command execution that handles library-level crashes + */ + private static List executeSafeShellCommand(String command) { + // First try the primary libsu approach + try { + // Check if we can get a valid shell + if (Shell.getShell() == null || !Shell.getShell().isAlive()) { + Log.w(TAG, "Shell is not available or not alive, trying fallback"); + return executeFallbackShellCommand(command); + } + + // Execute with timeout and proper error handling + Shell.Result result = Shell.cmd(command).exec(); + return result != null ? result.getOut() : null; + + } catch (java.util.concurrent.RejectedExecutionException e) { + Log.w(TAG, "Shell execution rejected - trying fallback: " + e.getMessage()); + return executeFallbackShellCommand(command); + } catch (RuntimeException e) { + // Check for wrapped ExecutionException with InterruptedIOException + Throwable cause = e.getCause(); + if (cause instanceof java.util.concurrent.ExecutionException) { + java.util.concurrent.ExecutionException execEx = (java.util.concurrent.ExecutionException) cause; + if (execEx.getCause() instanceof java.io.InterruptedIOException) { + Log.w(TAG, "Shell execution interrupted at library level - trying fallback: " + execEx.getCause().getMessage()); + return executeFallbackShellCommand(command); + } + } + // Re-throw if it's not a known interruption issue + throw e; + } catch (Exception e) { + Log.w(TAG, "Unexpected error in safe shell execution, trying fallback: " + e.getMessage()); + return executeFallbackShellCommand(command); + } + } + + /** + * Fallback shell execution using the legacy RootShell library + * This provides an alternative when libsu fails due to interruptions + */ + private static List executeFallbackShellCommand(String command) { + try { + Log.d(TAG, "Using fallback shell execution for command: " + command); + + // Use the legacy RootShell library as fallback + final java.util.List output = new java.util.ArrayList<>(); + final boolean[] completed = {false}; + + com.stericson.rootshell.execution.Command cmd = new com.stericson.rootshell.execution.Command(0, command) { + @Override + public void commandCompleted(int id, int exitcode) { + super.commandCompleted(id, exitcode); + completed[0] = true; + } + + @Override + public void commandOutput(int id, String line) { + super.commandOutput(id, line); + if (line != null) { + output.add(line); + } + } + }; + + // Execute with timeout + com.stericson.roottools.RootTools.getShell(true, 0).add(cmd); + + // Wait for completion with timeout + long startTime = System.currentTimeMillis(); + while (!completed[0] && (System.currentTimeMillis() - startTime) < 30000) { + Thread.sleep(100); + } + + if (completed[0]) { + Log.d(TAG, "Fallback shell execution completed successfully"); + return output; + } else { + Log.w(TAG, "Fallback shell execution timed out"); + return null; + } + + } catch (Exception e) { + Log.e(TAG, "Fallback shell execution also failed: " + e.getMessage()); + return null; + } + } + private static class RunCommand extends AsyncTask, Integer> { private int exitCode = -1; @@ -3386,10 +4251,23 @@ protected Integer doInBackground(Object... params) { StringBuilder res = (StringBuilder) params[1]; Log.i(TAG, "Executing root commands of" + commands.size()); try { + // Check if task is cancelled before proceeding + if (isCancelled()) { + Log.d(TAG, "RunCommand task was cancelled, aborting execution"); + return -1; + } + if (Shell.getShell().isRoot() && !Shell.isAppGrantedRoot()) return -1; if (commands != null && commands.size() > 0) { - List output = Shell.cmd(String.valueOf(commands)).exec().getOut(); + // Check again before executing shell command + if (isCancelled()) { + Log.d(TAG, "RunCommand task was cancelled before shell execution"); + return -1; + } + + // Use a safe shell execution wrapper + List output = executeSafeShellCommand(String.valueOf(commands)); if (output != null) { exitCode = 0; if (output.size() > 0) { @@ -3402,13 +4280,49 @@ protected Integer doInBackground(Object... params) { exitCode = 1; } } + } catch (java.util.concurrent.RejectedExecutionException e) { + Log.w(TAG, "Shell execution rejected, likely due to app shutdown: " + e.getMessage()); + exitCode = -1; + } catch (RuntimeException ex) { + // Check if this is a wrapped ExecutionException with InterruptedIOException + Throwable cause = ex.getCause(); + if (cause instanceof java.util.concurrent.ExecutionException) { + java.util.concurrent.ExecutionException execEx = (java.util.concurrent.ExecutionException) cause; + if (execEx.getCause() instanceof java.io.InterruptedIOException) { + Log.w(TAG, "Shell command execution was interrupted: " + execEx.getCause().getMessage()); + exitCode = -1; + return exitCode; + } + } else if (ex.getCause() instanceof java.io.InterruptedIOException) { + Log.w(TAG, "Shell command execution was interrupted: " + ex.getCause().getMessage()); + exitCode = -1; + return exitCode; + } + Log.e(TAG, "Shell command execution failed: " + ex.getMessage()); + if (res != null) + res.append("\n").append(ex); + exitCode = -1; } catch (Exception ex) { + Log.e(TAG, "Shell command execution failed with unexpected exception: " + ex.getMessage()); if (res != null) res.append("\n").append(ex); + exitCode = -1; } return exitCode; } + @Override + protected void onCancelled() { + Log.d(TAG, "RunCommand task was cancelled"); + super.onCancelled(); + } + + @Override + protected void onCancelled(Integer result) { + Log.d(TAG, "RunCommand task was cancelled with result: " + result); + super.onCancelled(result); + } + } diff --git a/app/src/main/java/dev/ukanth/ufirewall/InterfaceDetails.java b/app/src/main/java/dev/ukanth/ufirewall/InterfaceDetails.java index 28f6197f2..6331ac4e7 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/InterfaceDetails.java +++ b/app/src/main/java/dev/ukanth/ufirewall/InterfaceDetails.java @@ -35,8 +35,9 @@ public class InterfaceDetails { public boolean isUsbTethered = false; public boolean tetherUsbStatusKnown = false; - public String lanMaskV4 = ""; - public String lanMaskV6 = ""; + // Support multiple LAN subnets (Issue #1362) + public java.util.List lanMaskV4 = new java.util.ArrayList<>(); + public java.util.List lanMaskV6 = new java.util.ArrayList<>(); // DNS servers for targeted rules instead of opening port 53 to all LAN hosts public java.util.List dnsServersV4 = new java.util.ArrayList<>(); diff --git a/app/src/main/java/dev/ukanth/ufirewall/InterfaceTracker.java b/app/src/main/java/dev/ukanth/ufirewall/InterfaceTracker.java index 02b42a0ac..97845bef9 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/InterfaceTracker.java +++ b/app/src/main/java/dev/ukanth/ufirewall/InterfaceTracker.java @@ -334,13 +334,13 @@ public static boolean checkForNewCfg(Context context) { "usb-tethered: " + (newCfg.isUsbTethered ? "yes" : "no") + ")"); } - if (!newCfg.lanMaskV4.equals("")) { - Log.i(TAG, "IPv4 LAN netmask on " + newCfg.wifiName + ": " + newCfg.lanMaskV4); + if (!newCfg.lanMaskV4.isEmpty()) { + Log.i(TAG, "IPv4 LAN netmasks on " + newCfg.wifiName + ": " + String.join(", ", newCfg.lanMaskV4)); } - if (!newCfg.lanMaskV6.equals("")) { - Log.i(TAG, "IPv6 LAN netmask on " + newCfg.wifiName + ": " + newCfg.lanMaskV6); + if (!newCfg.lanMaskV6.isEmpty()) { + Log.i(TAG, "IPv6 LAN netmasks on " + newCfg.wifiName + ": " + String.join(", ", newCfg.lanMaskV6)); } - if (newCfg.lanMaskV6.equals("") && newCfg.lanMaskV4.equals("")) { + if (newCfg.lanMaskV6.isEmpty() && newCfg.lanMaskV4.isEmpty()) { Log.i(TAG, "No ipaddress found"); } } @@ -496,6 +496,7 @@ public static void populateLanMasks(InterfaceDetails ret) { continue; ret.wifiName = intf.getName(); + // Collect ALL subnets from this interface (Issue #1362) Iterator addrList = intf.getInterfaceAddresses().iterator(); while (addrList.hasNext()) { InterfaceAddress addr = addrList.next(); @@ -503,15 +504,18 @@ public static void populateLanMasks(InterfaceDetails ret) { String mask = truncAfter(ip.getHostAddress(), "%") + "/" + addr.getNetworkPrefixLength(); - if(ret.lanMaskV4.isEmpty() || ret.lanMaskV6.isEmpty()) { - if (ip instanceof Inet4Address) { - ret.lanMaskV4 = mask; - } else if (ip instanceof Inet6Address) { - ret.lanMaskV6 = mask; + // Add all unique subnets, not just the first one + if (ip instanceof Inet4Address) { + if (!ret.lanMaskV4.contains(mask)) { + ret.lanMaskV4.add(mask); + } + } else if (ip instanceof Inet6Address) { + if (!ret.lanMaskV6.contains(mask)) { + ret.lanMaskV6.add(mask); } } } - if (ret.lanMaskV4.equals("") && ret.lanMaskV6.equals("")) { + if (ret.lanMaskV4.isEmpty() && ret.lanMaskV6.isEmpty()) { ret.noIP = true; } } diff --git a/app/src/main/java/dev/ukanth/ufirewall/MainActivity.java b/app/src/main/java/dev/ukanth/ufirewall/MainActivity.java index 2ec8b4b8a..0efa92319 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/MainActivity.java +++ b/app/src/main/java/dev/ukanth/ufirewall/MainActivity.java @@ -148,7 +148,6 @@ public class MainActivity extends AppCompatActivity implements AdapterView.OnIte private Spinner mSpinner; private TextWatcher filterTextWatcher; private MaterialDialog runProgress; - private AlertDialog dialogLegend = null; private BroadcastReceiver uiProgressReceiver4, uiProgressReceiver6, toastReceiver, themeRefreshReceiver, uiRefreshReceiver; private IntentFilter uiFilter4, uiFilter6; @@ -221,7 +220,10 @@ public void onCreate(Bundle savedInstanceState) { AlpSettings.Display.setStealthMode(getApplicationContext(), G.enableStealthPattern()); AlpSettings.Display.setMaxRetries(getApplicationContext(), G.getMaxPatternTry()); - Api.assertBinaries(this, true); + // Move binary assertion to background thread to avoid blocking main thread + // This includes file I/O and process execution (waitFor) which can cause ANR + final Context appContext = getApplicationContext(); + AsyncTask.execute(() -> Api.assertBinaries(appContext, true)); initDone = 0; mSwipeLayout = findViewById(R.id.swipe_container); @@ -235,6 +237,10 @@ public void onCreate(Bundle savedInstanceState) { startRootShell(); new SecurityUtil(MainActivity.this).passCheck(); registerNetworkObserver(); + // Ensure FirewallService is started if firewall is enabled + if (Api.isEnabled(this)) { + Api.setEnabled(this, true, false); + } } registerUIbroadcast4(); registerUIbroadcast6(); @@ -360,6 +366,9 @@ private void initTheme() { case "L": setTheme(R.style.AppLightTheme); break; + case "LHC": + setTheme(R.style.AppLightHighContrastTheme); + break; case "B": setTheme(R.style.AppBlackTheme); break; @@ -387,10 +396,10 @@ public void onTextChanged(CharSequence s, int start, int before, private void registerNetworkObserver() { - startService(new Intent(getBaseContext(), FirewallService.class)); //start log service if (G.enableLogService()) { - startService(new Intent(getBaseContext(), LogService.class)); + Intent logIntent = new Intent(getBaseContext(), LogService.class); + startService(logIntent); } } @@ -556,7 +565,6 @@ private void filterApps(int i) { try { Collections.sort(inputList, new PackageComparator()); } catch (Exception e) { - Log.d(Api.TAG, "Exception in filter Sorting"); } ArrayAdapter appAdapter; if (selectedColumns <= DEFAULT_VIEW_LIMIT) { @@ -569,7 +577,6 @@ private void filterApps(int i) { // restore this.listview.setSelectionFromTop(index, top); } else { - Log.d(Api.TAG, "Input list is empty"); } } @@ -733,7 +740,16 @@ private void reloadPreferences() { setupMultiProfile(); } - selectFilterGroup(); + // Use async loading to avoid blocking the main thread + // If the app list is already cached, filterApps will use the cache (fast path) + // If not cached, showOrLoadApplications will load asynchronously with a progress dialog + if (Api.applications != null && Api.applications.size() > 0) { + // Cache is warm - use it directly (fast, non-blocking) + selectFilterGroup(); + } else { + // Cache is cold - load asynchronously to avoid ANR + showOrLoadApplications(); + } } private void clearNotification() { @@ -907,7 +923,7 @@ private void checkPreferences() { changed = true; } if (changed) - editor.commit(); + editor.apply(); // Use apply() instead of commit() to avoid blocking main thread } /** @@ -1030,6 +1046,8 @@ private void showApplications(final String searchStr) { apps2 = apps; } else if (isResultsFound || searchApp.size() > 0) { apps2 = searchApp; + } else { + apps2 = new ArrayList<>(); } // Sort applications - selected first, then alphabetically try { @@ -1046,7 +1064,6 @@ private void showApplications(final String searchStr) { this.listview.setSelectionFromTop(index, top); } } catch (Exception e) { - Log.d(Api.TAG, "Exception on Sorting"); } } @@ -1148,36 +1165,21 @@ private void disableOrEnable() { public boolean onOptionsItemSelected(MenuItem item) { super.onOptionsItemSelected(item); int selectedItem = item.getItemId(); - if (selectedItem == R.id.menu_legend) { - LayoutInflater inflater = LayoutInflater.from(this); - View view = inflater.inflate(R.layout.legend, null, false); - dialogLegend = new AlertDialog.Builder(this) - .setView(view) - .setCancelable(true) - .setOnDismissListener(new DialogInterface.OnDismissListener() { - @Override - public void onDismiss(DialogInterface dialogInterface) { - dialogLegend = null; - } - }) - .create(); - dialogLegend.show(); - return true; - } else if (selectedItem == R.id.menu_toggle) { + if (selectedItem == R.id.menu_toggle) { disableOrEnable(); return true; } else if (selectedItem == R.id.allowmode) { item.setChecked(true); Editor editor = getSharedPreferences(Api.PREFS_NAME, 0).edit(); editor.putString(Api.PREF_MODE, Api.MODE_WHITELIST); - editor.commit(); + editor.apply(); refreshHeader(); return true; } else if (selectedItem == R.id.blockmode) { item.setChecked(true); Editor editor2 = getSharedPreferences(Api.PREFS_NAME, 0).edit(); editor2.putString(Api.PREF_MODE, Api.MODE_BLACKLIST); - editor2.commit(); + editor2.apply(); refreshHeader(); return true; } else if (selectedItem == R.id.sort_default) { @@ -1240,9 +1242,8 @@ public void onDismiss(DialogInterface dialogInterface) { return true; } else if (selectedItem == R.id.menu_import) { if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) { - // Do some stuff + // Copy old data and show import dialog when complete copyOldExportedData(); - showImportDialog(); } else { if (ActivityCompat.checkSelfPermission(this, Manifest.permission.READ_EXTERNAL_STORAGE) != PackageManager.PERMISSION_GRANTED) { @@ -1263,16 +1264,78 @@ public void onDismiss(DialogInterface dialogInterface) { private void copyOldExportedData() { if (!G.hasCopyOld()) { - //using root to copy existing data to current directory on A11 - String existingDir = Environment.getExternalStorageDirectory() + "//afwall//"; - String targetDir = ctx.getExternalFilesDir(null) + "/"; - String command = "cp -R " + existingDir + " " + targetDir; - Log.i(TAG, "Invoking migration script " + command); - com.topjohnwu.superuser.Shell.Result result = com.topjohnwu.superuser.Shell.cmd(command).exec(); - G.hasCopyOldExports(true); + copyOldExportedDataAsync(() -> { + // On completion, show import dialog + runOnUiThread(() -> { + showImportDialog(); + }); + }); + } else { + // Already copied, show dialog immediately + showImportDialog(); } } + private void copyOldExportedDataAsync(Runnable onComplete) { + // Show progress dialog + MaterialDialog progressDialog = null; + try { + progressDialog = new MaterialDialog.Builder(this) + .title("Migrating Files") + .content("Copying backup files to new location...") + .progress(true, 0) + .cancelable(false) + .show(); + } catch (Exception e) { + Log.w(TAG, "Could not show progress dialog due to MaterialDialog compatibility issue", e); + // Fallback: Show toast notification + Api.toast(this, "Migrating backup files to new location..."); + } + + final MaterialDialog finalProgressDialog = progressDialog; + + // Run file copy operation in background thread + new Thread(() -> { + try { + //using root to copy existing data to current directory on A11+ + String existingDir = Environment.getExternalStorageDirectory() + "//afwall//"; + String targetDir = ctx.getExternalFilesDir(null) + "/"; + String command = "cp -R " + existingDir + " " + targetDir; + Log.i(TAG, "Invoking migration script " + command); + + com.topjohnwu.superuser.Shell.Result result = com.topjohnwu.superuser.Shell.cmd(command).exec(); + + if (result.getCode() == 0) { + Log.i(TAG, "Migration script completed successfully"); + G.hasCopyOldExports(true); + } else { + Log.w(TAG, "Migration script failed with code: " + result.getCode()); + Log.w(TAG, "Migration output: " + result.getOut()); + } + + } catch (java.util.concurrent.RejectedExecutionException e) { + Log.w(TAG, "File migration rejected: " + e.getMessage()); + } catch (Exception e) { + // Check if the cause is an InterruptedIOException + if (e.getCause() instanceof java.io.InterruptedIOException) { + Log.w(TAG, "File migration interrupted: " + e.getCause().getMessage()); + } else { + Log.e(TAG, "Error during file migration", e); + } + } finally { + // Dismiss progress dialog and run completion callback on UI thread + runOnUiThread(() -> { + if (finalProgressDialog != null && finalProgressDialog.isShowing()) { + finalProgressDialog.dismiss(); + } + if (onComplete != null) { + onComplete.run(); + } + }); + } + }).start(); + } + private void search(MenuItem item) { item.setActionView(R.layout.searchbar); final EditText filterText = item.getActionView().findViewById( @@ -1302,13 +1365,14 @@ public boolean onMenuItemActionExpand(MenuItem item) { } private void showImportDialog() { - new MaterialDialog.Builder(this) - .title(R.string.imports) - .cancelable(false) - .items(new String[]{ - getString(R.string.import_rules), - getString(R.string.import_all)}) - .itemsCallbackSingleChoice(-1, (dialog, view, which, text) -> { + try { + new MaterialDialog.Builder(this) + .title(R.string.imports) + .cancelable(false) + .items(new String[]{ + getString(R.string.import_rules), + getString(R.string.import_all) + (G.isDoKey(getApplicationContext()) || isDonate() ? "" : " (" + getString(R.string.donate_only_short) + ")")}) + .itemsCallbackSingleChoice(-1, (dialog, view, which, text) -> { switch (which) { case 0: //Intent intent = new Intent(MainActivity.this, FileChooserActivity.class); @@ -1381,28 +1445,61 @@ private void showImportDialog() { .positiveText(R.string.imports) .negativeText(R.string.Cancel) .show(); + } catch (Exception e) { + Log.e(TAG, "MaterialDialog failed, likely due to cursor tinting issue on newer Android versions", e); + // Fallback: Show a simple toast message and try alternative approach + Api.toast(this, "Import dialog unavailable due to Android compatibility issue. Please use file manager to manually copy backup files to AFWall directory."); + } } private void showExportDialog() { - new MaterialDialog.Builder(this) - .title(R.string.exports) - .cancelable(false) - .items(new String[]{ - getString(R.string.export_rules), - getString(R.string.export_all)}) - .itemsCallbackSingleChoice(-1, (dialog, view, which, text) -> { - switch (which) { - case 0: - Api.exportRulesToFileConfirm(MainActivity.this); - break; - case 1: - Api.exportAllPreferencesToFileConfirm(MainActivity.this); - break; - } - return true; - }).positiveText(R.string.exports) - .negativeText(R.string.Cancel) - .show(); + try { + new MaterialDialog.Builder(this) + .title(R.string.exports) + .cancelable(false) + .items(new String[]{ + getString(R.string.export_rules), + getString(R.string.export_all) + (G.isDoKey(getApplicationContext()) || isDonate() ? "" : " (" + getString(R.string.donate_only_short) + ")")}) + .itemsCallbackSingleChoice(-1, (dialog, view, which, text) -> { + switch (which) { + case 0: + Api.exportRulesToFileWithPicker(MainActivity.this); + break; + case 1: + if (G.isDoKey(getApplicationContext()) || isDonate()) { + Api.exportAllPreferencesToFileWithPicker(MainActivity.this); + } else { + showExportAllWarningDialog(); + } + break; + } + return true; + }).positiveText(R.string.exports) + .negativeText(R.string.Cancel) + .show(); + } catch (Exception e) { + Log.e(TAG, "MaterialDialog failed, likely due to cursor tinting issue on newer Android versions", e); + Api.toast(this, "Export dialog unavailable due to Android compatibility issue. Please use Settings > Export to access export functionality."); + } + } + + private void showExportAllWarningDialog() { + try { + new MaterialDialog.Builder(this) + .title(R.string.export_all) + .content(R.string.export_all_warning) + .positiveText(R.string.exports) + .negativeText(R.string.Cancel) + .onPositive((dialog, which) -> { + Api.exportAllPreferencesToFileWithPicker(MainActivity.this); + }) + .show(); + } catch (Exception e) { + Log.e(TAG, "MaterialDialog failed, likely due to cursor tinting issue on newer Android versions", e); + // Fallback: Just show the export directly with a toast warning + Api.toast(this, getString(R.string.export_all_warning)); + Api.exportAllPreferencesToFileWithPicker(MainActivity.this); + } } private void showPreferences() { @@ -2284,10 +2381,6 @@ protected boolean isSuPackage(PackageManager pm, String suPackage) { @Override public void onDestroy() { super.onDestroy(); - if (dialogLegend != null) { - dialogLegend.dismiss(); - dialogLegend = null; - } if (getAppList != null) { getAppList.cancel(true); } @@ -2308,6 +2401,16 @@ public void onDestroy() { if (uiRefreshReceiver != null) { unregisterReceiver(uiRefreshReceiver); } + + // Clean up shell instances to prevent interruption crashes + try { + // Force close any existing shell instances + com.topjohnwu.superuser.Shell shell = com.topjohnwu.superuser.Shell.getCachedShell(); + if (shell != null && !shell.isAlive()) { + shell.close(); + } + } catch (Exception e) { + } } @Override @@ -2328,7 +2431,7 @@ private class PurgeTask extends AsyncTask { protected void onPreExecute() { progress = new MaterialDialog.Builder(activityReference.get()) .title(R.string.working) - .cancelable(false) + .cancelable(true) .content(R.string.purging_rules) .progress(true, 0) .show(); @@ -2376,6 +2479,10 @@ protected void onPostExecute(Boolean aVoid) { progress.dismiss(); progress = null; } catch (Exception ex) { + } finally { + assert progress != null; + progress.dismiss(); + progress = null; } } } @@ -2608,6 +2715,10 @@ public void onClick(@NonNull MaterialDialog dialog, @NonNull DialogAction which) startRootShell(); new SecurityUtil(MainActivity.this).passCheck(); registerNetworkObserver(); + // Ensure FirewallService is started if firewall is enabled + if (Api.isEnabled(MainActivity.this)) { + Api.setEnabled(MainActivity.this, true, false); + } } } } diff --git a/app/src/main/java/dev/ukanth/ufirewall/activity/AppDetailActivity.java b/app/src/main/java/dev/ukanth/ufirewall/activity/AppDetailActivity.java index 40877bc8a..c870f9d20 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/activity/AppDetailActivity.java +++ b/app/src/main/java/dev/ukanth/ufirewall/activity/AppDetailActivity.java @@ -146,6 +146,9 @@ private void initTheme() { setTheme(R.style.AppLightTheme); //set other colors break; + case "LHC": + setTheme(R.style.AppLightHighContrastTheme); + break; case "B": setTheme(R.style.AppBlackTheme); break; diff --git a/app/src/main/java/dev/ukanth/ufirewall/activity/CustomScriptActivity.java b/app/src/main/java/dev/ukanth/ufirewall/activity/CustomScriptActivity.java index 3b3f41f62..52c940e7a 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/activity/CustomScriptActivity.java +++ b/app/src/main/java/dev/ukanth/ufirewall/activity/CustomScriptActivity.java @@ -31,9 +31,10 @@ import android.view.MenuItem; import android.view.View; import android.view.View.OnClickListener; -import android.widget.EditText; import android.widget.TextView; +import com.google.android.material.textfield.TextInputEditText; + import androidx.annotation.NonNull; import androidx.appcompat.app.AppCompatActivity; import androidx.appcompat.widget.Toolbar; @@ -50,28 +51,27 @@ * This screen is displayed to change the custom scripts. */ public class CustomScriptActivity extends AppCompatActivity implements OnClickListener { - private EditText script; - private EditText script2; + private TextInputEditText script; + private TextInputEditText script2; @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); initTheme(); - final View view = getLayoutInflater().inflate(R.layout.customscript, null); + setContentView(R.layout.customscript); - view.findViewById(R.id.customscript_ok).setOnClickListener(this); - view.findViewById(R.id.customscript_cancel).setOnClickListener(this); - ((TextView) view.findViewById(R.id.customscript_link)).setMovementMethod(LinkMovementMethod.getInstance()); + findViewById(R.id.customscript_ok).setOnClickListener(this); + findViewById(R.id.customscript_cancel).setOnClickListener(this); + ((TextView) findViewById(R.id.customscript_link)).setMovementMethod(LinkMovementMethod.getInstance()); final SharedPreferences prefs = getSharedPreferences(Api.PREFS_NAME, 0); - this.script = view.findViewById(R.id.customscript); + this.script = findViewById(R.id.customscript); this.script.setText(prefs.getString(Api.PREF_CUSTOMSCRIPT, "")); - this.script2 = view.findViewById(R.id.customscript2); + this.script2 = findViewById(R.id.customscript2); this.script2.setText(prefs.getString(Api.PREF_CUSTOMSCRIPT2, "")); setTitle(R.string.set_custom_script); - setContentView(view); Toolbar toolbar = findViewById(R.id.custom_toolbar); setSupportActionBar(toolbar); @@ -91,6 +91,9 @@ private void initTheme() { case "L": setTheme(R.style.AppLightTheme); break; + case "LHC": + setTheme(R.style.AppLightHighContrastTheme); + break; case "B": setTheme(R.style.AppBlackTheme); break; diff --git a/app/src/main/java/dev/ukanth/ufirewall/activity/DataDumpActivity.java b/app/src/main/java/dev/ukanth/ufirewall/activity/DataDumpActivity.java index 210fb13c5..a7010447f 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/activity/DataDumpActivity.java +++ b/app/src/main/java/dev/ukanth/ufirewall/activity/DataDumpActivity.java @@ -24,6 +24,7 @@ package dev.ukanth.ufirewall.activity; import android.Manifest; +import android.annotation.SuppressLint; import android.content.Context; import android.content.pm.PackageManager; import java.util.concurrent.ExecutorService; @@ -45,16 +46,22 @@ import androidx.appcompat.app.AppCompatActivity; import androidx.appcompat.widget.Toolbar; import androidx.core.app.ActivityCompat; +import androidx.cardview.widget.CardView; +import androidx.core.widget.NestedScrollView; import java.io.File; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.lang.ref.WeakReference; +import java.text.SimpleDateFormat; +import java.util.Date; +import java.util.Locale; import dev.ukanth.ufirewall.Api; import dev.ukanth.ufirewall.R; import dev.ukanth.ufirewall.log.Log; +import dev.ukanth.ufirewall.util.FileDialog; import dev.ukanth.ufirewall.util.G; @@ -70,7 +77,21 @@ public abstract class DataDumpActivity extends AppCompatActivity { protected static final int MENU_ZOOM_IN = 22; protected static final int MENU_ZOOM_OUT = 23; TextView scaleGesture; - ScrollView mScrollView; + View mScrollView; // Can be either ScrollView or NestedScrollView + + // Modern layout components + private TextView rulesTitle; + private TextView rulesStatus; + private TextView rulesContent; + private TextView interfacesContent; + private TextView systemContent; + private TextView preferencesContent; + private TextView logcatContent; + private CardView interfacesCard; + private CardView systemCard; + private CardView preferencesCard; + private CardView logcatCard; + private boolean useModernLayout = true; protected Menu mainMenu; protected static String dataText; @@ -84,20 +105,190 @@ public abstract class DataDumpActivity extends AppCompatActivity { private static final int MY_PERMISSIONS_REQUEST_WRITE_STORAGE = 1; + private void initModernViews() { + rulesTitle = findViewById(R.id.rules_title); + rulesStatus = findViewById(R.id.rules_status); + rulesContent = findViewById(R.id.rules_content); + interfacesContent = findViewById(R.id.interfaces_content); + systemContent = findViewById(R.id.system_content); + preferencesContent = findViewById(R.id.preferences_content); + logcatContent = findViewById(R.id.logcat_content); + interfacesCard = findViewById(R.id.interfaces_card); + systemCard = findViewById(R.id.system_card); + preferencesCard = findViewById(R.id.preferences_card); + logcatCard = findViewById(R.id.logcat_card); + } + protected void setData(final String data) { dataText = data; Handler refresh = new Handler(Looper.getMainLooper()); refresh.post(() -> { - scaleGesture = findViewById(R.id.rules); - scaleGesture.setText(data); - scaleGesture.setTextSize(TypedValue.COMPLEX_UNIT_PX, G.ruleTextSize()); + if (useModernLayout) { + parseAndDisplayModernData(data); + } else { + scaleGesture = findViewById(R.id.rules); + scaleGesture.setText(data); + scaleGesture.setTextSize(TypedValue.COMPLEX_UNIT_PX, G.ruleTextSize()); + } }); } + @SuppressLint("SetTextI18n") + private void parseAndDisplayModernData(String data) { + // Initialize all sections as empty and hide cards + rulesContent.setText(""); + interfacesContent.setText(""); + systemContent.setText(""); + preferencesContent.setText(""); + logcatContent.setText(""); + + interfacesCard.setVisibility(View.GONE); + systemCard.setVisibility(View.GONE); + preferencesCard.setVisibility(View.GONE); + logcatCard.setVisibility(View.GONE); + + // Parse sections more intelligently by looking for section headers + String[] lines = data.split("\n"); + StringBuilder currentSection = new StringBuilder(); + String currentSectionType = null; + + for (String line : lines) { + // Check if this is a section header (starts with =, contains title, ends with =) + if (line.matches("^=+$")) { + // Skip separator lines + continue; + } + + // Check if this line is a section title + String sectionType = detectSectionType(line.trim()); + + if (sectionType != null) { + // Process previous section if it exists + if (currentSectionType != null && currentSection.length() > 0) { + processSectionContent(currentSectionType, currentSection.toString()); + } + + // Start new section + currentSectionType = sectionType; + currentSection = new StringBuilder(); + continue; + } + + // Add line to current section + if (currentSectionType != null) { + currentSection.append(line).append("\n"); + } + } + + // Process the last section + if (currentSectionType != null && currentSection.length() > 0) { + processSectionContent(currentSectionType, currentSection.toString()); + } + + // Set font sizes for all content views + float textSize = G.ruleTextSize(); + rulesContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, textSize); + interfacesContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, textSize); + systemContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, textSize); + preferencesContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, textSize); + logcatContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, textSize); + + // Keep the hidden TextView updated for backward compatibility (export, copy functions) + TextView hiddenRules = findViewById(R.id.rules); + hiddenRules.setText(data); + } + + private String detectSectionType(String line) { + String trimmed = line.trim(); + if (trimmed.equals(getString(R.string.ipv4_rules_title))) { + return "ipv4_rules"; + } else if (trimmed.equals(getString(R.string.ipv6_rules_title))) { + return "ipv6_rules"; + } else if (trimmed.contains("Network interfaces")) { + return "interfaces"; + } else if (trimmed.contains("ifconfig")) { + return "ifconfig"; + } else if (trimmed.contains("System info")) { + return "system"; + } else if (trimmed.contains("Preferences")) { + return "preferences"; + } else if (trimmed.contains("Logcat")) { + return "logcat"; + } + return null; + } + + private void processSectionContent(String sectionType, String content) { + String trimmedContent = content.trim(); + if (trimmedContent.isEmpty()) return; + + switch (sectionType) { + case "ipv4_rules": + rulesTitle.setText(getString(R.string.ipv4_rules_title)); + rulesStatus.setText(getString(R.string.ready)); + rulesContent.setText(trimmedContent); + break; + + case "ipv6_rules": + rulesTitle.setText(getString(R.string.ipv6_rules_title)); + rulesStatus.setText(getString(R.string.ready)); + rulesContent.setText(trimmedContent); + break; + + case "interfaces": + case "ifconfig": + interfacesCard.setVisibility(View.VISIBLE); + String existingInterfaces = interfacesContent.getText().toString(); + if (!existingInterfaces.isEmpty()) { + interfacesContent.setText(existingInterfaces + "\n\n" + trimmedContent); + } else { + interfacesContent.setText(trimmedContent); + } + break; + + case "system": + systemCard.setVisibility(View.VISIBLE); + systemContent.setText(trimmedContent); + break; + + case "preferences": + preferencesCard.setVisibility(View.VISIBLE); + String existingPrefs = preferencesContent.getText().toString(); + if (!existingPrefs.isEmpty()) { + preferencesContent.setText(existingPrefs + "\n\n" + trimmedContent); + } else { + preferencesContent.setText(trimmedContent); + } + break; + + case "logcat": + logcatCard.setVisibility(View.VISIBLE); + logcatContent.setText(trimmedContent); + break; + } + } + + private void updateModernTextSize(float sizeDelta) { + float currentSize = G.ruleTextSize(); + float newSize = currentSize + sizeDelta; + + if (newSize < 8.0f) newSize = 8.0f; // Minimum size + if (newSize > 30.0f) newSize = 30.0f; // Maximum size + + G.ruleTextSize((int) newSize); + + if (rulesContent != null) rulesContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, newSize); + if (interfacesContent != null) interfacesContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, newSize); + if (systemContent != null) systemContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, newSize); + if (preferencesContent != null) preferencesContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, newSize); + if (logcatContent != null) logcatContent.setTextSize(TypedValue.COMPLEX_UNIT_PX, newSize); + } + private void initTheme() { switch (G.getSelectedTheme()) { case "D" -> setTheme(R.style.AppDarkTheme); case "L" -> setTheme(R.style.AppLightTheme); + case "LHC" -> setTheme(R.style.AppLightHighContrastTheme); case "B" -> setTheme(R.style.AppBlackTheme); } } @@ -108,7 +299,12 @@ protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); initTheme(); - setContentView(R.layout.rules); + if (useModernLayout) { + setContentView(R.layout.rules_modern); + initModernViews(); + } else { + setContentView(R.layout.rules); + } Toolbar toolbar = findViewById(R.id.rule_toolbar); //toolbar.setTitle(getString(R.string.showrules_title)); @@ -172,15 +368,23 @@ public boolean onOptionsItemSelected(MenuItem item) { return true; } case MENU_ZOOM_IN -> { - newSize = scaleGesture.getTextSize() + 2.0f; - scaleGesture.setTextSize(TypedValue.COMPLEX_UNIT_PX, newSize); - G.ruleTextSize((int) newSize); + if (useModernLayout) { + updateModernTextSize(2.0f); + } else { + newSize = scaleGesture.getTextSize() + 2.0f; + scaleGesture.setTextSize(TypedValue.COMPLEX_UNIT_PX, newSize); + G.ruleTextSize((int) newSize); + } return false; } case MENU_ZOOM_OUT -> { - newSize = scaleGesture.getTextSize() - 2.0f; - scaleGesture.setTextSize(TypedValue.COMPLEX_UNIT_PX, newSize); - G.ruleTextSize((int) newSize); + if (useModernLayout) { + updateModernTextSize(-2.0f); + } else { + newSize = scaleGesture.getTextSize() - 2.0f; + scaleGesture.setTextSize(TypedValue.COMPLEX_UNIT_PX, newSize); + G.ruleTextSize((int) newSize); + } return false; } default -> { @@ -194,10 +398,12 @@ private static class Task implements Runnable { private final Context ctx; private final WeakReference activityReference; private final Handler handler = new Handler(Looper.getMainLooper()); + private final File selectedDirectory; // only retain a weak reference to the activity - Task(DataDumpActivity context) { + Task(DataDumpActivity context, File directory) { this.ctx = context; + this.selectedDirectory = directory; activityReference = new WeakReference<>(context); } @@ -207,13 +413,29 @@ public void run() { boolean res = false; try { + // Generate timestamped filename + String timestamp = new SimpleDateFormat("yyyy-MM-dd-HH-mm-ss", Locale.US).format(new Date()); + String baseFileName = sdDumpFile.replace(".log", ""); + String timestampedFileName = baseFileName + "-" + timestamp + ".log"; + File file; - if(Build.VERSION.SDK_INT < Build.VERSION_CODES.Q ){ + if (selectedDirectory != null) { + // Use user-selected directory + if (!selectedDirectory.exists()) { + selectedDirectory.mkdirs(); + } + file = new File(selectedDirectory, timestampedFileName); + } else if(Build.VERSION.SDK_INT < Build.VERSION_CODES.Q ){ File dir = new File(Environment.getExternalStorageDirectory().getAbsolutePath() + "/" ); dir.mkdirs(); - file = new File(dir, sdDumpFile); + file = new File(dir, timestampedFileName); } else{ - file = new File(ctx.getExternalFilesDir(null) + "/" + sdDumpFile) ; + // Use Documents/AFWall directory for user-friendly access + File dir = new File(Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_DOCUMENTS), "AFWall"); + if (!dir.exists()) { + dir.mkdirs(); + } + file = new File(dir, timestampedFileName); } output = new FileOutputStream(file); output.write(dataText.getBytes()); @@ -247,20 +469,54 @@ public void run() { } private void exportToSD() { + try { + // Get default path for file dialog + File defaultPath; + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) { + defaultPath = new File(Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_DOCUMENTS), "AFWall"); + } else { + defaultPath = new File(Environment.getExternalStorageDirectory().getAbsolutePath() + "/"); + } + if (!defaultPath.exists()) { + defaultPath.mkdirs(); + } - if(Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q ){ - // Do some stuff - ExecutorService executor = Executors.newSingleThreadExecutor(); - executor.execute(new Task(this)); - } else { - if (ActivityCompat.checkSelfPermission(this, Manifest.permission.WRITE_EXTERNAL_STORAGE) - != PackageManager.PERMISSION_GRANTED) { - // permissions have not been granted. - ActivityCompat.requestPermissions(DataDumpActivity.this, - new String[]{Manifest.permission.WRITE_EXTERNAL_STORAGE}, - MY_PERMISSIONS_REQUEST_WRITE_STORAGE); - } else{ - new Task(this).run(); + // Show directory picker dialog + FileDialog fileDialog = new FileDialog(this, defaultPath, true); + fileDialog.setSelectDirectoryOption(true); + fileDialog.addDirectoryListener(directory -> { + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) { + ExecutorService executor = Executors.newSingleThreadExecutor(); + executor.execute(new Task(DataDumpActivity.this, directory)); + executor.shutdown(); + } else { + if (ActivityCompat.checkSelfPermission(this, Manifest.permission.WRITE_EXTERNAL_STORAGE) + != PackageManager.PERMISSION_GRANTED) { + ActivityCompat.requestPermissions(DataDumpActivity.this, + new String[]{Manifest.permission.WRITE_EXTERNAL_STORAGE}, + MY_PERMISSIONS_REQUEST_WRITE_STORAGE); + } else { + new Task(DataDumpActivity.this, directory).run(); + } + } + }); + fileDialog.showDialog(); + } catch (Exception e) { + // Fallback to default behavior if file dialog fails + Log.e(TAG, "FileDialog failed, using default path", e); + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) { + ExecutorService executor = Executors.newSingleThreadExecutor(); + executor.execute(new Task(this, null)); + executor.shutdown(); + } else { + if (ActivityCompat.checkSelfPermission(this, Manifest.permission.WRITE_EXTERNAL_STORAGE) + != PackageManager.PERMISSION_GRANTED) { + ActivityCompat.requestPermissions(DataDumpActivity.this, + new String[]{Manifest.permission.WRITE_EXTERNAL_STORAGE}, + MY_PERMISSIONS_REQUEST_WRITE_STORAGE); + } else { + new Task(this, null).run(); + } } } } diff --git a/app/src/main/java/dev/ukanth/ufirewall/activity/HelpActivity.java b/app/src/main/java/dev/ukanth/ufirewall/activity/HelpActivity.java index 3346a4380..8bc8290c4 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/activity/HelpActivity.java +++ b/app/src/main/java/dev/ukanth/ufirewall/activity/HelpActivity.java @@ -2,63 +2,49 @@ import android.os.Bundle; import android.view.MenuItem; +import android.widget.TextView; import androidx.appcompat.app.AppCompatActivity; import androidx.appcompat.widget.Toolbar; -import androidx.core.content.ContextCompat; -import androidx.viewpager.widget.ViewPager; - +import dev.ukanth.ufirewall.BuildConfig; import dev.ukanth.ufirewall.R; -import dev.ukanth.ufirewall.ui.about.ViewPagerAdapter; import dev.ukanth.ufirewall.util.G; -import dev.ukanth.ufirewall.util.SlidingTabLayout; public class HelpActivity extends AppCompatActivity { - private ViewPager viewPager; - private ViewPagerAdapter adapter; - private SlidingTabLayout tabs; - private final int count = 0; - private final int noOfTabs =2; - - - @Override + @Override public void onCreate(Bundle savedInstanceState) { - super.onCreate(savedInstanceState); - - String[] viewTitles = { getString(R.string.About), getString(R.string.FAQ) }; - - initTheme(); - - setContentView(R.layout.help_about); - - Toolbar toolbar = findViewById(R.id.help_toolbar); - setSupportActionBar(toolbar); - + super.onCreate(savedInstanceState); - // Creating The ViewPagerAdapter and Passing Fragment Manager, Titles fot the Tabs and Number Of Tabs. - adapter = new ViewPagerAdapter(getSupportFragmentManager(), viewTitles, noOfTabs); + initTheme(); - // Initilization - viewPager = findViewById(R.id.pager); - - viewPager.setAdapter(adapter); + setContentView(R.layout.help_about); + Toolbar toolbar = findViewById(R.id.help_toolbar); + setSupportActionBar(toolbar); + + if (getSupportActionBar() != null) { + getSupportActionBar().setTitle(R.string.help); getSupportActionBar().setHomeButtonEnabled(true); getSupportActionBar().setDisplayHomeAsUpEnabled(true); + } - // Assiging the Sliding Tab Layout View - tabs = findViewById(R.id.tabs); - tabs.setDistributeEvenly(true); // To make the Tabs Fixed set this true, This makes the tabs Space Evenly in Available width - - // Setting Custom Color for the Scroll bar indicator of the Tab View - tabs.setCustomTabColorizer(position -> ContextCompat.getColor(getApplicationContext(),R.color.white)); + setupContent(); + } - // Setting the ViewPager For the SlidingTabsLayout - tabs.setViewPager(viewPager); + private void setupContent() { + // Setup app title with version + String version = BuildConfig.VERSION_NAME; + TextView titleText = findViewById(R.id.afwall_title); + String versionText = getString(R.string.app_name) + " (v" + version + ")"; + if(G.isDoKey(this) || BuildConfig.APPLICATION_ID.equals("dev.ukanth.ufirewall.donate")) { + versionText = versionText + " (Donate) " + getString(R.string.donate_thanks) + " :)"; + } + titleText.setText(versionText); } + private void initTheme() { switch(G.getSelectedTheme()) { case "D": @@ -67,6 +53,9 @@ private void initTheme() { case "L": setTheme(R.style.AppLightTheme); break; + case "LHC": + setTheme(R.style.AppLightHighContrastTheme); + break; case "B": setTheme(R.style.AppBlackTheme); break; diff --git a/app/src/main/java/dev/ukanth/ufirewall/activity/LogActivity.java b/app/src/main/java/dev/ukanth/ufirewall/activity/LogActivity.java index 4ba5290af..41433202c 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/activity/LogActivity.java +++ b/app/src/main/java/dev/ukanth/ufirewall/activity/LogActivity.java @@ -78,7 +78,6 @@ public class LogActivity extends AppCompatActivity implements SwipeRefreshLayout protected static final int MENU_TOGGLE = -4; protected static final int MENU_CLEAR = 40; - protected static final int MENU_SWITCH_OLD = 42; @Override protected void onCreate(Bundle savedInstanceState) { @@ -177,6 +176,7 @@ private int getCount() { private class CollectLog implements Runnable { private Context context = null; MaterialDialog loadDialog = null; + private boolean fromSwipeRefresh = false; public CollectLog() { } @@ -186,16 +186,26 @@ public CollectLog setContext(Context context) { return this; } + public CollectLog setFromSwipeRefresh(boolean fromSwipe) { + this.fromSwipeRefresh = fromSwipe; + return this; + } + public void execute() { Handler handler = new Handler(Looper.getMainLooper()); handler.post(() -> { onPreExecute(); ExecutorService executor = Executors.newSingleThreadExecutor(); executor.execute(this); + executor.shutdown(); }); } protected void onPreExecute() { + // Skip modal dialog if triggered by swipe refresh (animation already showing) + if (fromSwipeRefresh) { + return; + } loadDialog = new MaterialDialog.Builder(context).cancelable(false) .title(getString(R.string.working)) .cancelable(false) @@ -240,13 +250,13 @@ protected void onPostExecute(Boolean logPresent) { if (logPresent != null && logPresent) { recyclerViewAdapter.notifyDataSetChanged(); recyclerView.setVisibility(View.VISIBLE); - mSwipeLayout.setVisibility(View.VISIBLE); emptyView.setVisibility(View.GONE); } else { - mSwipeLayout.setVisibility(View.GONE); recyclerView.setVisibility(View.GONE); emptyView.setVisibility(View.VISIBLE); } + // Keep SwipeRefreshLayout visible to allow pull-to-refresh even when log is empty + mSwipeLayout.setVisibility(View.VISIBLE); recyclerView.getRecycledViewPool().clear(); recyclerView.setRecycledViewPool(new RecyclerView.RecycledViewPool()); @@ -264,7 +274,6 @@ public boolean onCreateOptionsMenu(android.view.Menu menu) { // Common options: Copy, Export to SD Card, Refresh SubMenu sub = menu.addSubMenu(0, MENU_TOGGLE, 0, "").setIcon(R.drawable.ic_flow); sub.add(0, MENU_CLEAR, 0, R.string.clear_log).setIcon(R.drawable.ic_clearlog); - sub.add(0, MENU_SWITCH_OLD, 0, R.string.switch_old).setIcon(R.drawable.ic_log); //populateMenu(sub); sub.getItem().setShowAsAction(MenuItem.SHOW_AS_ACTION_ALWAYS| MenuItem.SHOW_AS_ACTION_WITH_TEXT); super.onCreateOptionsMenu(menu); @@ -345,12 +354,6 @@ public boolean onOptionsItemSelected(MenuItem item) { /*case MENU_EXPORT_LOG: //exportToSD(); return true;*/ - case MENU_SWITCH_OLD: - Intent i = new Intent(this, OldLogActivity.class); - G.oldLogView(true); - startActivity(i); - finish(); - return true; default: return super.onOptionsItemSelected(item); } @@ -384,7 +387,8 @@ public void onClick(@NonNull MaterialDialog dialog, @NonNull DialogAction which) @Override public void onRefresh() { - (new CollectLog()).setContext(this).run(); + mSwipeLayout.setRefreshing(true); + (new CollectLog()).setContext(this).setFromSwipeRefresh(true).execute(); } /*@Override diff --git a/app/src/main/java/dev/ukanth/ufirewall/activity/LogDetailActivity.java b/app/src/main/java/dev/ukanth/ufirewall/activity/LogDetailActivity.java index e48642faf..e4b1e290b 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/activity/LogDetailActivity.java +++ b/app/src/main/java/dev/ukanth/ufirewall/activity/LogDetailActivity.java @@ -38,6 +38,8 @@ import android.widget.Toast; import androidx.appcompat.app.AppCompatActivity; +import androidx.annotation.NonNull; +import androidx.core.content.ContextCompat; import androidx.appcompat.widget.Toolbar; import androidx.core.app.ActivityCompat; import androidx.recyclerview.widget.LinearLayoutManager; @@ -80,6 +82,19 @@ public class LogDetailActivity extends AppCompatActivity implements SwipeRefresh protected Menu mainMenu; private LogData current_selected_logData; private static List logDataList; + private static List fullLogDataList; // Store full dataset + + // Pagination + private static final int PAGE_SIZE = 100; // Load 100 items at a time + private int currentPage = 0; + private boolean isLoading = false; + + // Summary views + private TextView totalBlocks; + private TextView uniqueDestinations; + private TextView timePeriod; + private TextView mostBlockedDestination; + private TextView loadingMoreIndicator; protected static final int MENU_EXPORT_LOG = 100; @@ -97,6 +112,9 @@ private void initTheme() { case "L": setTheme(R.style.AppLightTheme); break; + case "LHC": + setTheme(R.style.AppLightHighContrastTheme); + break; case "B": setTheme(R.style.AppBlackTheme); break; @@ -126,6 +144,13 @@ protected void onCreate(Bundle savedInstanceState) { recyclerView = findViewById(R.id.detailrecyclerview); emptyView = findViewById(R.id.emptydetail_view); + + // Initialize summary views + totalBlocks = findViewById(R.id.total_blocks); + uniqueDestinations = findViewById(R.id.unique_destinations); + timePeriod = findViewById(R.id.time_period); + mostBlockedDestination = findViewById(R.id.most_blocked_destination); + loadingMoreIndicator = findViewById(R.id.loading_more_indicator); initializeRecyclerView(getApplicationContext()); @@ -149,6 +174,8 @@ private void initializeRecyclerView(final Context ctx) { menu.add(0, v.getId(), 4, R.string.ping_source); menu.add(0, v.getId(), 5, R.string.resolve_destination); menu.add(0, v.getId(), 6, R.string.resolve_source); + menu.add(0, v.getId(), 9, "Block this destination permanently"); + menu.add(0, v.getId(), 10, "Whitelist this destination"); LogPreference logPreference = SQLite.select() .from(LogPreference.class) .where(LogPreference_Table.uid.eq(uid)).querySingle(); @@ -239,6 +266,12 @@ public boolean onContextItemSelected(MenuItem item) { case 8: G.updateLogNotification(uid, true); break; + case 9: // Block destination permanently + showBlockDestinationDialog(); + break; + case 10: // Whitelist destination + showWhitelistDestinationDialog(); + break; } return super.onContextItemSelected(item); @@ -252,6 +285,17 @@ private List getLogData(final int uid) { .orderBy(LogData_Table.timestamp, false) .queryList(); } + + private List getPagedLogData(final int uid, int page, int pageSize) { + int offset = page * pageSize; + return SQLite.select() + .from(LogData.class) + .where(LogData_Table.uid.eq(uid)) + .orderBy(LogData_Table.timestamp, false) + .limit(pageSize) + .offset(offset) + .queryList(); + } private int getCount() { long l = SQLite.selectCountOf().from(LogData.class).where(LogData_Table.uid.eq(uid)).count(); @@ -285,8 +329,22 @@ public void doProgress(int value) { @Override protected Boolean doInBackground(Void... params) { - logDataList = getLogData(uid); try { + // First, get total count for statistics + int totalCount = getCount(); + publishProgress(totalCount); + + if (totalCount > PAGE_SIZE) { + // Large dataset - use pagination + fullLogDataList = getLogData(uid); // Get full list for statistics + logDataList = getPagedLogData(uid, 0, PAGE_SIZE); // Get first page + currentPage = 0; + } else { + // Small dataset - load all + logDataList = getLogData(uid); + fullLogDataList = logDataList; + } + if (logDataList != null && logDataList.size() > 0) { Collections.sort(logDataList, new DateComparator()); recyclerViewAdapter.updateData(logDataList); @@ -295,10 +353,9 @@ protected Boolean doInBackground(Void... params) { return false; } } catch (Exception e) { - Log.e(Api.TAG, "Exception while retrieving data" + e.getLocalizedMessage()); + Log.e(Api.TAG, "Exception while retrieving data" + e.getLocalizedMessage()); return null; } - } @Override @@ -312,7 +369,7 @@ protected void onProgressUpdate(Integer... progress) { } @Override - protected void onPostExecute(Boolean logPresent) { + protected void onPostExecute(Boolean logPresent) { super.onPostExecute(logPresent); doProgress(-1); try { @@ -334,6 +391,17 @@ protected void onPostExecute(Boolean logPresent) { mSwipeLayout.setVisibility(View.VISIBLE); emptyView.setVisibility(View.GONE); recyclerViewAdapter.notifyDataSetChanged(); + + // Update title with log count + updateTitleWithLogCount(); + + // Update summary statistics using full dataset + updateSummaryStatistics(); + + // Setup load more functionality for large datasets + if (fullLogDataList != null && fullLogDataList.size() > PAGE_SIZE) { + setupLoadMoreFunctionality(); + } } else { mSwipeLayout.setVisibility(View.GONE); recyclerView.setVisibility(View.GONE); @@ -402,6 +470,190 @@ private void clearDatabase(final Context ctx) { public void onRefresh() { (new CollectDetailLog()).setContext(this).execute(); } + + private void updateTitleWithLogCount() { + if (logDataList != null && logDataList.size() > 0) { + String appName = ""; + if (logDataList.get(0).getAppName() != null) { + appName = logDataList.get(0).getAppName(); + } + String title = appName + " (" + logDataList.size() + " blocked)"; + setTitle(title); + } + } + + private void showBlockDestinationDialog() { + if (current_selected_logData == null) return; + + new MaterialDialog.Builder(this) + .title("Block Destination") + .content("Add a permanent rule to block all connections to " + + current_selected_logData.getDst() + ":" + current_selected_logData.getDpt() + "?") + .positiveText("Block") + .negativeText("Cancel") + .onPositive((dialog, which) -> { + // Here you would integrate with AFWall's custom rule system + // This is a placeholder for the actual implementation + Api.toast(this, "Feature requires integration with custom rules system"); + }) + .show(); + } + + private void showWhitelistDestinationDialog() { + if (current_selected_logData == null) return; + + new MaterialDialog.Builder(this) + .title("Whitelist Destination") + .content("Add a permanent rule to allow all connections to " + + current_selected_logData.getDst() + ":" + current_selected_logData.getDpt() + "?") + .positiveText("Allow") + .negativeText("Cancel") + .onPositive((dialog, which) -> { + // Here you would integrate with AFWall's custom rule system + // This is a placeholder for the actual implementation + Api.toast(this, "Feature requires integration with custom rules system"); + }) + .show(); + } + + private void updateSummaryStatistics() { + if (fullLogDataList == null || fullLogDataList.isEmpty()) { + return; + } + + // Show basic count immediately for better UX (full dataset count) + totalBlocks.setText(String.valueOf(fullLogDataList.size())); + + // Process complex statistics in background thread using full dataset + new Thread(() -> { + // Calculate unique destinations and most blocked + java.util.Map destinationCounts = new java.util.HashMap<>(); + java.util.Set uniqueDests = new java.util.HashSet<>(); + + long oldestTimestamp = Long.MAX_VALUE; + long newestTimestamp = Long.MIN_VALUE; + + for (LogData logData : fullLogDataList) { + String destination = logData.getDst() + ":" + logData.getDpt(); + uniqueDests.add(destination); + Integer currentCount = destinationCounts.get(destination); + destinationCounts.put(destination, (currentCount == null ? 0 : currentCount) + 1); + + // Track time range + oldestTimestamp = Math.min(oldestTimestamp, logData.getTimestamp()); + newestTimestamp = Math.max(newestTimestamp, logData.getTimestamp()); + } + + final int uniqueCount = uniqueDests.size(); + final String period = (oldestTimestamp != Long.MAX_VALUE && newestTimestamp != Long.MIN_VALUE) ? + formatTimePeriod(newestTimestamp - oldestTimestamp) : "0s"; + + // Find most blocked destination + String mostBlocked = "No data"; + int maxCount = 0; + for (java.util.Map.Entry entry : destinationCounts.entrySet()) { + if (entry.getValue() > maxCount) { + maxCount = entry.getValue(); + mostBlocked = entry.getKey() + " (" + maxCount + "x)"; + } + } + final String finalMostBlocked = mostBlocked; + + // Update UI on main thread + runOnUiThread(() -> { + uniqueDestinations.setText(String.valueOf(uniqueCount)); + timePeriod.setText(period); + mostBlockedDestination.setText(finalMostBlocked); + }); + }).start(); + } + + private void setupLoadMoreFunctionality() { + // Add scroll listener to load more data when user reaches bottom + recyclerView.addOnScrollListener(new RecyclerView.OnScrollListener() { + @Override + public void onScrolled(@NonNull RecyclerView recyclerView, int dx, int dy) { + super.onScrolled(recyclerView, dx, dy); + + LinearLayoutManager layoutManager = (LinearLayoutManager) recyclerView.getLayoutManager(); + if (layoutManager != null && !isLoading) { + int visibleItemCount = layoutManager.getChildCount(); + int totalItemCount = layoutManager.getItemCount(); + int firstVisibleItem = layoutManager.findFirstVisibleItemPosition(); + + // Load more when we're near the bottom + if ((visibleItemCount + firstVisibleItem) >= totalItemCount - 10) { + loadMoreData(); + } + } + } + }); + } + + private void loadMoreData() { + if (isLoading || fullLogDataList == null) return; + + int totalAvailable = fullLogDataList.size(); + int currentLoaded = (currentPage + 1) * PAGE_SIZE; + + if (currentLoaded >= totalAvailable) { + return; // No more data to load + } + + isLoading = true; + currentPage++; + + // Show loading indicator + loadingMoreIndicator.setVisibility(View.VISIBLE); + + new Thread(() -> { + try { + List newData = getPagedLogData(uid, currentPage, PAGE_SIZE); + if (newData != null && !newData.isEmpty()) { + Collections.sort(newData, new DateComparator()); + + runOnUiThread(() -> { + // Add new data to existing list + logDataList.addAll(newData); + recyclerViewAdapter.notifyItemRangeInserted( + logDataList.size() - newData.size(), + newData.size() + ); + loadingMoreIndicator.setVisibility(View.GONE); + isLoading = false; + }); + } else { + runOnUiThread(() -> { + loadingMoreIndicator.setVisibility(View.GONE); + isLoading = false; + }); + } + } catch (Exception e) { + Log.e(Api.TAG, "Error loading more data", e); + runOnUiThread(() -> { + loadingMoreIndicator.setVisibility(View.GONE); + isLoading = false; + }); + } + }).start(); + } + + private String formatTimePeriod(long millis) { + long seconds = millis / 1000; + long minutes = seconds / 60; + long hours = minutes / 60; + long days = hours / 24; + + if (days > 0) { + return days + "d"; + } else if (hours > 0) { + return hours + "h"; + } else if (minutes > 0) { + return minutes + "m"; + } else { + return seconds + "s"; + } + } private static class Task extends AsyncTask { public String filename = ""; diff --git a/app/src/main/java/dev/ukanth/ufirewall/activity/RulesActivity.java b/app/src/main/java/dev/ukanth/ufirewall/activity/RulesActivity.java index cff6a5cc1..957cf05fe 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/activity/RulesActivity.java +++ b/app/src/main/java/dev/ukanth/ufirewall/activity/RulesActivity.java @@ -32,6 +32,7 @@ import android.os.Bundle; import android.view.MenuItem; import android.view.SubMenu; +import android.widget.TextView; import androidx.annotation.NonNull; @@ -192,8 +193,8 @@ protected void appendSystemInfo(final Context ctx) { result.append("Bluetooth Tether status: ").append(cfg.tetherBluetoothStatusKnown ? (cfg.isBluetoothTethered ? "yes" : "no") : "unknown").append("\n"); result.append("Usb Tether status: ").append(cfg.tetherUsbStatusKnown ? (cfg.isUsbTethered ? "yes" : "no") : "unknown").append("\n"); result.append("Roam status: ").append(cfg.isRoaming ? "yes" : "no").append("\n"); - result.append("IPv4 subnet: ").append(cfg.lanMaskV4).append("\n"); - result.append("IPv6 subnet: ").append(cfg.lanMaskV6).append("\n"); + result.append("IPv4 subnets: ").append(cfg.lanMaskV4.isEmpty() ? "none" : String.join(", ", cfg.lanMaskV4)).append("\n"); + result.append("IPv6 subnets: ").append(cfg.lanMaskV6.isEmpty() ? "none" : String.join(", ", cfg.lanMaskV6)).append("\n"); // filesystem calls can block, so run in another thread new AsyncTask() { @@ -204,6 +205,7 @@ public String doInBackground(Void... args) { ret.append(getFileInfo("/system/bin/su")); ret.append(getFileInfo("/system/xbin/su")); ret.append(getFileInfo("/data/magisk/magisk")); + ret.append(getFileInfo("/data/adb/magisk")); ret.append(getFileInfo("/system/app/Superuser.apk")); PackageManager pm = ctx.getPackageManager(); @@ -216,6 +218,7 @@ public String doInBackground(Void... args) { @Override public void onPostExecute(String suInfo) { result.append(suInfo); + updateLoadingState(getString(R.string.finalizing)); appendPreferences(ctx); } }.execute(); @@ -225,6 +228,7 @@ public void onPostExecute(String suInfo) { protected void appendIfconfig(final Context ctx) { // Third section: "ifconfig" (for interface info obtained through busybox) writeHeading(result, true, "ifconfig"); + updateLoadingState(getString(R.string.loading_system_info)); Api.runIfconfig(ctx, new RootCommand() .setLogging(true) .setCallback(new RootCommand.Callback() { @@ -252,8 +256,11 @@ public void cbFunc(RootCommand state) { protected void populateData(final Context ctx) { result = new StringBuilder(); + // Update loading state for modern layout + updateLoadingState(getString(R.string.loading)); + // First section: "IPxx Rules" - writeHeading(result, false, showIPv6 ? "IPv6 Rules" : "IPv4 Rules"); + writeHeading(result, false, showIPv6 ? getString(R.string.ipv6_rules_title) : getString(R.string.ipv4_rules_title)); if (showIPv6) { sdDumpFile = "IPv6rules.log"; } else { @@ -266,11 +273,26 @@ protected void populateData(final Context ctx) { .setCallback(new RootCommand.Callback() { public void cbFunc(RootCommand state) { result.append(state.res); + updateLoadingState(getString(R.string.loading_network_info)); appendNetworkInterfaces(ctx); } })); } + private void updateLoadingState(String status) { + runOnUiThread(() -> { + TextView rulesStatus = findViewById(R.id.rules_status); + TextView rulesTitle = findViewById(R.id.rules_title); + if (rulesStatus != null) { + rulesStatus.setText(status); + } + if (rulesTitle != null) { + String title = showIPv6 ? getString(R.string.ipv6_rules_title) : getString(R.string.ipv4_rules_title); + rulesTitle.setText(title); + } + }); + } + @Override public boolean onOptionsItemSelected(MenuItem item) { final Context ctx = this; @@ -286,10 +308,12 @@ public boolean onOptionsItemSelected(MenuItem item) { return true; case MENU_IPV6_RULES: showIPv6 = true; + updateLoadingState(getString(R.string.loading)); populateData(this); return true; case MENU_IPV4_RULES: showIPv6 = false; + updateLoadingState(getString(R.string.loading)); populateData(this); return true; case MENU_SEND_REPORT: @@ -338,12 +362,7 @@ public void cbFunc(RootCommand state) { dialog.dismiss(); }) - .onNegative(new MaterialDialog.SingleButtonCallback() { - @Override - public void onClick(@NonNull MaterialDialog dialog, @NonNull DialogAction which) { - dialog.dismiss(); - } - }) + .onNegative((dialog, which) -> dialog.dismiss()) .show(); } diff --git a/app/src/main/java/dev/ukanth/ufirewall/broadcast/ConnectivityChangeReceiver.java b/app/src/main/java/dev/ukanth/ufirewall/broadcast/ConnectivityChangeReceiver.java index 39090bd71..69277d990 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/broadcast/ConnectivityChangeReceiver.java +++ b/app/src/main/java/dev/ukanth/ufirewall/broadcast/ConnectivityChangeReceiver.java @@ -32,6 +32,7 @@ import dev.ukanth.ufirewall.log.Log; import dev.ukanth.ufirewall.util.BootRuleManager; import dev.ukanth.ufirewall.util.G; +import dev.ukanth.ufirewall.util.NetworkChangeDebouncer; public class ConnectivityChangeReceiver extends BroadcastReceiver { @@ -72,10 +73,10 @@ public void onReceive(final Context context, Intent intent) { if (action.equals(CONNECTIVITY_ACTION)) { Log.i(TAG, "Network change captured."); - InterfaceTracker.applyRulesOnChange(context, InterfaceTracker.CONNECTIVITY_CHANGE); + NetworkChangeDebouncer.scheduleNetworkChange(context, InterfaceTracker.CONNECTIVITY_CHANGE); } else if (action.equals(TETHER_STATE_CHANGED_ACTION)) { Log.i(TAG, "Tether change captured."); - InterfaceTracker.applyRulesOnChange(context, InterfaceTracker.TETHER_STATE_CHANGED); + NetworkChangeDebouncer.scheduleNetworkChange(context, InterfaceTracker.TETHER_STATE_CHANGED); } } } diff --git a/app/src/main/java/dev/ukanth/ufirewall/broadcast/PackageBroadcast.java b/app/src/main/java/dev/ukanth/ufirewall/broadcast/PackageBroadcast.java index 8f43ba210..c9c994da9 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/broadcast/PackageBroadcast.java +++ b/app/src/main/java/dev/ukanth/ufirewall/broadcast/PackageBroadcast.java @@ -50,6 +50,7 @@ import dev.ukanth.ufirewall.log.Log; import dev.ukanth.ufirewall.service.RootCommand; import dev.ukanth.ufirewall.util.G; +import dev.ukanth.ufirewall.util.UidResolver; /** * Broadcast receiver responsible for removing rules that affect uninstalled @@ -91,6 +92,9 @@ public void cbFunc(RootCommand state) { Api.removeAllUnusedCacheLabel(context); // Force app list reload next time Api.applications = null; + // Invalidate UID resolver cache for this UID + UidResolver.invalidateUid(uid); + Log.d(TAG, "Package removed, invalidated UID cache for: " + uid); } } })); @@ -105,6 +109,11 @@ public void cbFunc(RootCommand state) { } else { // Force app list reload next time Api.applications = null; + + // Clear UID resolver cache since new package may get a UID we've seen before + UidResolver.clearCache(); + Log.d(TAG, "Package added, cleared UID resolver cache"); + SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context); boolean isNotify = prefs.getBoolean("notifyAppInstall", true); if (isNotify && Api.isEnabled(context)) { diff --git a/app/src/main/java/dev/ukanth/ufirewall/log/LogDetailRecyclerViewAdapter.java b/app/src/main/java/dev/ukanth/ufirewall/log/LogDetailRecyclerViewAdapter.java index 0eb190092..c3ae8ee92 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/log/LogDetailRecyclerViewAdapter.java +++ b/app/src/main/java/dev/ukanth/ufirewall/log/LogDetailRecyclerViewAdapter.java @@ -11,6 +11,9 @@ import java.util.ArrayList; import java.util.List; +import java.util.concurrent.ConcurrentHashMap; +import java.util.Map; +import java.util.HashMap; import dev.ukanth.ufirewall.R; @@ -24,6 +27,13 @@ public class LogDetailRecyclerViewAdapter extends RecyclerView.Adapter connectionAttempts = new ConcurrentHashMap<>(); + + // Cache for expensive operations + private final Map serviceCache = new HashMap<>(); + private final Map interfaceNameCache = new HashMap<>(); public LogDetailRecyclerViewAdapter(final Context context, RecyclerItemClickListener recyclerItemClickListener) { @@ -48,18 +58,168 @@ public void onBindViewHolder(ViewHolder holder, int position) { data = logData.get(position); if (data != null) { holder.bind(logData.get(position), recyclerItemClickListener); - if(data.getOut() != null) { - holder.deniedTime.setText(pretty(data.getTimestamp()) + "(" + data.getOut() + ")"); - if((data.getOut().contains("lan") || data.getOut().startsWith("eth") || data.getOut().startsWith("ra") || data.getOut().startsWith("bnep"))) { - holder.icon.setImageDrawable(context.getResources().getDrawable(R.drawable.ic_wifi)); - } else{ - holder.icon.setImageDrawable(context.getResources().getDrawable(R.drawable.ic_mobiledata)); + + // Format timestamp with interface info (cached) + String timeAndInterface = pretty(data.getTimestamp()); + if (data.getOut() != null && !data.getOut().isEmpty()) { + String interfaceType = getCachedInterfaceDisplayName(data.getOut()); + timeAndInterface += " via " + interfaceType; + } + holder.deniedTime.setText(timeAndInterface); + + // Set connection type icon with better logic + setConnectionIcon(holder.icon, data.getOut()); + + // Format destination with better readability + String destination = data.getDst() + ":" + data.getDpt(); + holder.dataDest.setText(destination); + + // Format source with better readability + String source = data.getSrc() + ":" + data.getSpt(); + holder.dataSrc.setText(source); + + // Format protocol with more context (cached) + String protocol = data.getProto(); + if (protocol != null) { + protocol = protocol.toUpperCase(); + // Add service context for common ports (cached) + String serviceInfo = getCachedServiceInfo(data.getDpt(), protocol); + if (!serviceInfo.isEmpty()) { + protocol += " (" + serviceInfo + ")"; } } - holder.dataDest.setText(context.getResources().getString(R.string.log_dst) + data.getDst() + ":" + data.getDpt()); - holder.dataSrc.setText(context.getResources().getString(R.string.log_src) + data.getSrc() + ":" + data.getSpt()); - holder.dataProto.setText(context.getResources().getString(R.string.log_proto) + data.getProto()); - holder.dataHost.setText(context.getResources().getString(R.string.host) + data.getHostname()); + holder.dataProto.setText(protocol != null ? protocol : "Unknown"); + + // Format hostname with better handling + if (data.getHostname() != null && !data.getHostname().trim().isEmpty() && !data.getHostname().equals(data.getDst())) { + holder.dataHost.setText(data.getHostname()); + holder.dataHost.setVisibility(View.VISIBLE); + } else { + holder.dataHost.setVisibility(View.GONE); + } + + // Show packet size if available + if (data.getLen() > 0 && holder.packetSize != null) { + holder.packetSize.setText(formatBytes(data.getLen())); + holder.packetSize.setVisibility(View.VISIBLE); + } else if (holder.packetSize != null) { + holder.packetSize.setVisibility(View.GONE); + } + + // Hide block count for now to improve performance - can be re-enabled later + if (holder.blockCount != null) { + holder.blockCount.setVisibility(View.GONE); + } + } + } + + private void setConnectionIcon(ImageView icon, String outInterface) { + if (outInterface == null || outInterface.isEmpty()) { + icon.setImageDrawable(context.getResources().getDrawable(R.drawable.ic_help)); + return; + } + + if (outInterface.contains("lan") || outInterface.startsWith("eth") || + outInterface.startsWith("ra") || outInterface.startsWith("bnep") || + outInterface.contains("wlan") || outInterface.contains("wifi")) { + icon.setImageDrawable(context.getResources().getDrawable(R.drawable.ic_wifi)); + } else if (outInterface.contains("mobile") || outInterface.contains("rmnet") || + outInterface.contains("ccmni") || outInterface.contains("pdp")) { + icon.setImageDrawable(context.getResources().getDrawable(R.drawable.ic_mobiledata)); + } else if (outInterface.contains("tun") || outInterface.contains("ppp")) { + icon.setImageDrawable(context.getResources().getDrawable(R.drawable.ic_lan)); // Use lan icon for VPN as fallback + } else { + icon.setImageDrawable(context.getResources().getDrawable(R.drawable.ic_help)); // Use help icon as fallback + } + } + + private String getCachedInterfaceDisplayName(String outInterface) { + if (outInterface == null || outInterface.isEmpty()) { + return "Unknown"; + } + + // Check cache first + if (interfaceNameCache.containsKey(outInterface)) { + return interfaceNameCache.get(outInterface); + } + + String displayName = getInterfaceDisplayName(outInterface); + interfaceNameCache.put(outInterface, displayName); + return displayName; + } + + private String getInterfaceDisplayName(String outInterface) { + if (outInterface == null || outInterface.isEmpty()) { + return "Unknown"; + } + + if (outInterface.contains("lan") || outInterface.startsWith("eth") || + outInterface.startsWith("ra") || outInterface.startsWith("bnep") || + outInterface.contains("wlan") || outInterface.contains("wifi")) { + return "Wi-Fi"; + } else if (outInterface.contains("mobile") || outInterface.contains("rmnet") || + outInterface.contains("ccmni") || outInterface.contains("pdp")) { + return "Mobile Data"; + } else if (outInterface.contains("tun") || outInterface.contains("ppp")) { + return "VPN"; + } else { + return outInterface; + } + } + + private String getCachedServiceInfo(int port, String protocol) { + int key = (protocol != null ? protocol.hashCode() : 0) * 100000 + port; + + // Check cache first + if (serviceCache.containsKey(key)) { + return serviceCache.get(key); + } + + String serviceInfo = getServiceInfo(port, protocol); + serviceCache.put(key, serviceInfo); + return serviceInfo; + } + + private String getServiceInfo(int port, String protocol) { + if ("TCP".equals(protocol)) { + switch (port) { + case 80: return "HTTP"; + case 443: return "HTTPS"; + case 21: return "FTP"; + case 22: return "SSH"; + case 23: return "Telnet"; + case 25: return "SMTP"; + case 53: return "DNS"; + case 110: return "POP3"; + case 143: return "IMAP"; + case 993: return "IMAPS"; + case 995: return "POP3S"; + case 1723: return "PPTP"; + case 3389: return "RDP"; + case 5060: return "SIP"; + case 8080: return "HTTP Alt"; + } + } else if ("UDP".equals(protocol)) { + switch (port) { + case 53: return "DNS"; + case 67: return "DHCP Server"; + case 68: return "DHCP Client"; + case 123: return "NTP"; + case 500: return "IPSec"; + case 1194: return "OpenVPN"; + case 5060: return "SIP"; + } + } + return ""; + } + + private String formatBytes(int bytes) { + if (bytes < 1024) { + return bytes + "B"; + } else if (bytes < 1024 * 1024) { + return String.format("%.1fKB", bytes / 1024.0); + } else { + return String.format("%.1fMB", bytes / (1024.0 * 1024.0)); } } @@ -76,24 +236,24 @@ public int getItemCount() { public static class ViewHolder extends RecyclerView.ViewHolder { final ImageView icon; - //final TextView appName; final TextView deniedTime; - //final TextView dataInterface; final TextView dataDest; final TextView dataSrc; final TextView dataProto; final TextView dataHost; + final TextView packetSize; + final TextView blockCount; public ViewHolder(View itemView) { super(itemView); icon = itemView.findViewById(R.id.data_icon); - //appName = (TextView)itemView.findViewById(R.id.app_name); deniedTime = itemView.findViewById(R.id.denied_time); - //dataInterface = (TextView)itemView.findViewById(R.id.data_interface); dataDest = itemView.findViewById(R.id.data_dest); dataSrc = itemView.findViewById(R.id.data_src); dataProto = itemView.findViewById(R.id.data_proto); dataHost = itemView.findViewById(R.id.data_host); + packetSize = itemView.findViewById(R.id.packet_size); + blockCount = itemView.findViewById(R.id.block_count); } public void bind(final LogData item, final RecyclerItemClickListener listener) { diff --git a/app/src/main/java/dev/ukanth/ufirewall/log/LogInfo.java b/app/src/main/java/dev/ukanth/ufirewall/log/LogInfo.java index e8b1e3155..5175c7638 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/log/LogInfo.java +++ b/app/src/main/java/dev/ukanth/ufirewall/log/LogInfo.java @@ -43,6 +43,8 @@ import dev.ukanth.ufirewall.InterfaceTracker; import dev.ukanth.ufirewall.R; import dev.ukanth.ufirewall.util.G; +import dev.ukanth.ufirewall.util.UidResolver; +import dev.ukanth.ufirewall.util.UidCorrelator; public class LogInfo { public String uidString; @@ -125,14 +127,26 @@ public static String parseLog(Context ctx, List listLogData) { for (int i = 0; i < map.size(); i++) { StringBuilder address = new StringBuilder(); id = map.keyAt(i); + appName = ""; // Reset for each iteration + appId = -1; + if (id != -1) { + // First, try to find in cached app list + boolean foundInApps = false; for (PackageInfoData app : apps) { if (app.uid == id) { appId = id; appName = app.names.get(0); + foundInApps = true; break; } } + + // If not found in apps, use comprehensive UID resolver + if (!foundInApps) { + appId = id; + appName = UidResolver.resolveUid(ctx, id); + } } else { appName = ctx.getString(R.string.unknown_item); } @@ -249,9 +263,26 @@ public static LogInfo parseLogs(String result, final Context ctx, String pattern return null; //logInfo.uid = 0; } else if(uid == -100) { - appName = ctx.getString(R.string.unknown_item); - logInfo.uid = uid; - } else { + // Attempt enhanced UID correlation before giving up + int correlatedUid = UidCorrelator.correlateUid( + logInfo.src, logInfo.dst, logInfo.dpt, logInfo.spt, + logInfo.proto, System.currentTimeMillis()); + + if (correlatedUid != -100) { + // Successfully correlated! Update UID and continue with normal processing + uid = correlatedUid; + logInfo.uid = correlatedUid; + Log.d(Api.TAG, "Enhanced correlation resolved UID " + correlatedUid + + " for connection to " + logInfo.dst + ":" + logInfo.dpt); + } else { + // Still unknown after correlation attempt + appName = ctx.getString(R.string.unknown_item); + logInfo.uid = uid; + } + } + + // Process the UID (whether original, correlated, or unknown) + if (uid != -100) { if (uid < 2000) { appName = Api.getSpecialAppName(uid); if(uid == 1000) { @@ -291,7 +322,7 @@ public static LogInfo parseLogs(String result, final Context ctx, String pattern address.append(":"); address.append(logInfo.dpt); logInfo.type = type; - if (G.showHost()) { + if (G.showHost() && (G.isDoKey(ctx) || G.isDonate())) { try { String add = InetAddress.getByName(logInfo.dst).getHostName(); if (add != null) { diff --git a/app/src/main/java/dev/ukanth/ufirewall/log/LogRecyclerViewAdapter.java b/app/src/main/java/dev/ukanth/ufirewall/log/LogRecyclerViewAdapter.java index c7b75b2b8..d9e62ceae 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/log/LogRecyclerViewAdapter.java +++ b/app/src/main/java/dev/ukanth/ufirewall/log/LogRecyclerViewAdapter.java @@ -58,54 +58,9 @@ public ViewHolder onCreateViewHolder(ViewGroup parent, int viewType) { return new ViewHolder(mView); } - /*private Bitmap getAppIcon(PackageManager mPackageManager, ApplicationInfo applicationInfo) { - if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) { - return getAppIcon26(mPackageManager, applicationInfo); - } - try { - Drawable drawable = mPackageManager.getApplicationIcon(applicationInfo); - return ((BitmapDrawable) drawable).getBitmap(); - } catch (Exception e) { - Log.e(TAG, e.getMessage(), e); - } - return null; - } - - @RequiresApi(api = Build.VERSION_CODES.O) - private Bitmap getAppIcon26(PackageManager mPackageManager, ApplicationInfo applicationInfo) { - Drawable drawable = mPackageManager.getApplicationIcon(applicationInfo); - if (drawable instanceof BitmapDrawable) { - return ((BitmapDrawable) drawable).getBitmap(); - } else if (drawable instanceof AdaptiveIconDrawable) { - Drawable backgroundDr = ((AdaptiveIconDrawable) drawable).getBackground(); - Drawable foregroundDr = ((AdaptiveIconDrawable) drawable).getForeground(); - - Drawable[] drr = new Drawable[2]; - drr[0] = backgroundDr; - drr[1] = foregroundDr; - - LayerDrawable layerDrawable = new LayerDrawable(drr); - - int width = layerDrawable.getIntrinsicWidth(); - int height = layerDrawable.getIntrinsicHeight(); - - Bitmap bitmap = Bitmap.createBitmap(width, height, Bitmap.Config.ARGB_8888); - - Canvas canvas = new Canvas(bitmap); - - layerDrawable.setBounds(0, 0, canvas.getWidth(), canvas.getHeight()); - layerDrawable.draw(canvas); - - return bitmap; - } - - return null; - }*/ - @Override public void onBindViewHolder(ViewHolder holder, int position) { data = logData.get(position); - PackageManager manager = context.getPackageManager(); holder.bind(logData.get(position),recyclerItemClickListener); try { Drawable applicationIcon = Api.getApplicationIcon(context, data.getUid()); diff --git a/app/src/main/java/dev/ukanth/ufirewall/log/LogRxEvent.java b/app/src/main/java/dev/ukanth/ufirewall/log/LogRxEvent.java deleted file mode 100644 index 1a8823406..000000000 --- a/app/src/main/java/dev/ukanth/ufirewall/log/LogRxEvent.java +++ /dev/null @@ -1,32 +0,0 @@ -package dev.ukanth.ufirewall.log; - -import androidx.annotation.NonNull; - -import dev.ukanth.ufirewall.events.LogEvent; -import io.reactivex.rxjava3.disposables.Disposable; -import io.reactivex.rxjava3.functions.Consumer; -import io.reactivex.rxjava3.subjects.PublishSubject; - -/** - * Created by ukanth on 25/9/17. - */ - -public class LogRxEvent { - private static final PublishSubject sSubject = PublishSubject.create(); - - private LogRxEvent() { - // hidden constructor - } - - public static Disposable subscribe(@NonNull Consumer action) { - return sSubject.subscribe(action); - } - - public static void publish(@NonNull LogEvent message) { - sSubject.onNext(message); - } - - public static PublishSubject getSubject() { - return sSubject; - } -} diff --git a/app/src/main/java/dev/ukanth/ufirewall/preferences/LogPreferenceFragment.java b/app/src/main/java/dev/ukanth/ufirewall/preferences/LogPreferenceFragment.java index e4a7eca46..cb0838f11 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/preferences/LogPreferenceFragment.java +++ b/app/src/main/java/dev/ukanth/ufirewall/preferences/LogPreferenceFragment.java @@ -1,15 +1,25 @@ package dev.ukanth.ufirewall.preferences; +import android.content.Context; +import android.content.Intent; import android.os.Bundle; +import android.os.Handler; +import android.os.Looper; import android.preference.CheckBoxPreference; import android.preference.ListPreference; import android.preference.Preference; import android.preference.PreferenceFragment; import android.preference.PreferenceGroup; +import android.widget.Toast; + +import com.afollestad.materialdialogs.DialogAction; +import com.afollestad.materialdialogs.MaterialDialog; import dev.ukanth.ufirewall.Api; import dev.ukanth.ufirewall.R; import dev.ukanth.ufirewall.log.Log; +import dev.ukanth.ufirewall.service.LogService; +import dev.ukanth.ufirewall.service.RootCommand; import dev.ukanth.ufirewall.util.G; public class LogPreferenceFragment extends PreferenceFragment { @@ -43,6 +53,24 @@ private void populateLogTarget(Preference logTarget) { if (listPreference != null) { listPreference.setEntries(items); listPreference.setEntryValues(items); + + // Add custom listener to intercept preference changes + listPreference.setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() { + @Override + public boolean onPreferenceChange(Preference preference, Object newValue) { + String newLogTarget = (String) newValue; + String oldLogTarget = G.logTarget(); + + // If it's the same target, allow change immediately + if (newLogTarget.equals(oldLogTarget)) { + return true; + } + + // Show confirmation dialog and prevent automatic change + showLogTargetChangeDialog(oldLogTarget, newLogTarget, listPreference); + return false; // Prevent automatic preference change + } + }); } //if there is only one entry if(items.length == 1) { @@ -157,4 +185,71 @@ private Integer[] selectItems(ArrayList entryValuesList) { } return items.toArray(new Integer[0]); }*/ + + private void showLogTargetChangeDialog(String oldLogTarget, String newLogTarget, ListPreference listPreference) { + new MaterialDialog.Builder(getActivity()) + .title(R.string.log_target_change_title) + .content(getString(R.string.log_target_change_message, oldLogTarget, newLogTarget)) + .positiveText(R.string.Yes) + .negativeText(R.string.Cancel) + .onPositive(new MaterialDialog.SingleButtonCallback() { + @Override + public void onClick(MaterialDialog dialog, DialogAction which) { + // Apply the log target change + applyLogTargetChange(newLogTarget, listPreference); + } + }) + .onNegative(new MaterialDialog.SingleButtonCallback() { + @Override + public void onClick(MaterialDialog dialog, DialogAction which) { + // Do nothing - preference change was already prevented by returning false + Log.d("LogPreferenceFragment", "Log target change cancelled by user"); + } + }) + .show(); + } + + private void applyLogTargetChange(String newLogTarget, ListPreference listPreference) { + Context ctx = getActivity(); + + // Set the new log target in preferences + G.logTarget(newLogTarget); + + // Update the ListPreference to show the new value + listPreference.setValue(newLogTarget); + + // Update log rules + Api.updateLogRules(ctx, new RootCommand() + .setReopenShell(true) + .setSuccessToast(R.string.log_target_success) + .setFailureToast(R.string.log_target_fail)); + + // Change log target without restarting service + changeLogTargetInService(ctx, newLogTarget); + } + + /** + * Change log target in the running service without restarting it + */ + private void changeLogTargetInService(Context ctx, String newLogTarget) { + Log.i("LogPreferenceFragment", "Changing log target to: " + newLogTarget); + + if (G.enableLogService()) { + // Send log target change request to the running service + Intent changeIntent = new Intent(ctx, LogService.class); + changeIntent.setAction(LogService.ACTION_CHANGE_LOG_TARGET); + changeIntent.putExtra(LogService.EXTRA_NEW_LOG_TARGET, newLogTarget); + ctx.startService(changeIntent); + + // Show success message after a delay to allow the change to process + Handler handler = new Handler(Looper.getMainLooper()); + handler.postDelayed(() -> { + Toast.makeText(ctx, getString(R.string.log_target_changed_success, newLogTarget), Toast.LENGTH_LONG).show(); + }, 2000); + } else { + // Service is not running, just update the preference + Log.i("LogPreferenceFragment", "Log service disabled, only updating preference"); + Toast.makeText(ctx, getString(R.string.log_target_changed_success, newLogTarget), Toast.LENGTH_SHORT).show(); + } + } } diff --git a/app/src/main/java/dev/ukanth/ufirewall/preferences/PreferencesActivity.java b/app/src/main/java/dev/ukanth/ufirewall/preferences/PreferencesActivity.java index 46bca172f..ba15a208d 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/preferences/PreferencesActivity.java +++ b/app/src/main/java/dev/ukanth/ufirewall/preferences/PreferencesActivity.java @@ -69,9 +69,6 @@ public class PreferencesActivity extends PreferenceActivity implements SharedPre private RxEvent rxEvent; private Disposable disposable; - - - private void initTheme() { switch(G.getSelectedTheme()) { case "D": @@ -80,6 +77,9 @@ private void initTheme() { case "L": setTheme(R.style.AppLightTheme); break; + case "LHC": + setTheme(R.style.AppLightHighContrastTheme); + break; case "B": setTheme(R.style.AppBlackTheme); break; @@ -111,11 +111,14 @@ protected void onCreate(Bundle savedInstanceState) { // set language Api.updateLanguage(getApplicationContext(), G.locale()); initTheme(); - super.onCreate(savedInstanceState); + prepareLayout(); subscribe(); + handleIntentExtras(); + } + private void handleIntentExtras() { Bundle bundle = getIntent().getExtras(); if (bundle != null) { Object data = bundle.get("validate"); @@ -177,6 +180,8 @@ private void prepareLayout() { mToolBar = toolbarContainer.findViewById(R.id.toolbar); mToolBar.setTitle(getTitle() + " " + getString(R.string.preferences)); + mToolBar.setNavigationIcon(androidx.appcompat.content.res.AppCompatResources.getDrawable(this, + androidx.appcompat.R.drawable.abc_ic_ab_back_material)); mToolBar.setNavigationOnClickListener(new View.OnClickListener() { @Override public void onClick(View v) { @@ -185,7 +190,6 @@ public void onClick(View v) { }); } - @Override protected void onApplyThemeResource(Resources.Theme theme, int resid, boolean first) { theme.applyStyle(resid, true); @@ -248,13 +252,17 @@ public boolean onOptionsItemSelected(MenuItem item) { @Override protected boolean isValidFragment(String fragmentName) { + // Prevent fragment injection attacks by explicitly allowing only known safe fragments + if (fragmentName == null) { + return false; + } + return UIPreferenceFragment.class.getName().equals(fragmentName) || ThemePreferenceFragment.class.getName().equals(fragmentName) || RulesPreferenceFragment.class.getName().equals(fragmentName) || LogPreferenceFragment.class.getName().equals(fragmentName) || ExpPreferenceFragment.class.getName().equals(fragmentName) - || CustomBinaryPreferenceFragment.class.getName().equals( - fragmentName) + || CustomBinaryPreferenceFragment.class.getName().equals(fragmentName) || SecPreferenceFragment.class.getName().equals(fragmentName) || MultiProfilePreferenceFragment.class.getName().equals(fragmentName) || WidgetPreferenceFragment.class.getName().equals(fragmentName) @@ -313,38 +321,43 @@ public void onSharedPreferenceChanged(SharedPreferences sharedPreferences, Strin rxEvent.publish(new RulesEvent("", ctx)); } + handleNotificationChanges(sharedPreferences, key, ctx); + handleLogServiceChanges(sharedPreferences, key, ctx); + handleProfileAndThemeChanges(key, ctx, isRefreshRequired); + /*if (key.equals("logDmesg")) { rxEvent.publish(new LogChangeEvent("", ctx)); }*/ + } + private void handleNotificationChanges(SharedPreferences prefs, String key, Context ctx) { if (key.equals("notification_priority")) { NotificationManager notificationManager = (NotificationManager) ctx.getSystemService(Context.NOTIFICATION_SERVICE); notificationManager.cancelAll(); Api.updateNotification(Api.isEnabled(ctx), ctx); } - if(key.equals("activeNotification")) { - boolean enabled = sharedPreferences.getBoolean(key, false); - if(!enabled) { - NotificationManager notificationManager = (NotificationManager) ctx.getSystemService(Context.NOTIFICATION_SERVICE); - notificationManager.cancelAll(); + if (key.equals("activeNotification")) { + boolean enabled = prefs.getBoolean(key, false); + if (!enabled) { + NotificationManager nm = (NotificationManager) ctx.getSystemService(Context.NOTIFICATION_SERVICE); + nm.cancelAll(); } else { Api.updateNotification(Api.isEnabled(ctx), ctx); } } + } + private void handleLogServiceChanges(SharedPreferences prefs, String key, Context ctx) { if(key.equals("logTarget")) { - Api.updateLogRules(ctx, new RootCommand() - .setReopenShell(true) - .setSuccessToast(R.string.log_target_success) - .setFailureToast(R.string.log_target_fail)); - Intent intent = new Intent(ctx, LogService.class); - ctx.stopService(intent); - ctx.startService(intent); + // Log target changes are now handled by LogPreferenceFragment + // This should not be called anymore due to the OnPreferenceChangeListener + Log.d("PreferencesActivity", "logTarget preference changed: " + prefs.getString(key, "")); } + if (key.equals("enableLogService")) { if(G.logTarget() !=null && !G.logTarget().trim().isEmpty()) { - boolean enabled = sharedPreferences.getBoolean(key, false); + boolean enabled = prefs.getBoolean(key, false); if (enabled) { Toast.makeText(getApplicationContext(), getString(R.string.log_service_start), Toast.LENGTH_LONG).show(); Intent intent = new Intent(ctx, LogService.class); @@ -359,9 +372,13 @@ public void onSharedPreferenceChanged(SharedPreferences sharedPreferences, Strin Toast.makeText(getApplicationContext(), getString(R.string.log_service_select), Toast.LENGTH_LONG).show(); } } + } + + private void handleProfileAndThemeChanges(String key, Context ctx, boolean isRefreshRequired) { if (key.equals("enableMultiProfile")) { G.reloadProfile(); } + if (key.equals("theme")) { initTheme(); recreate(); @@ -377,7 +394,6 @@ public void onSharedPreferenceChanged(SharedPreferences sharedPreferences, Strin } } - @Override public void onDestroy() { if (rxEvent != null && disposable != null) { @@ -391,5 +407,4 @@ protected void attachBaseContext(Context base) { super.attachBaseContext(Api.updateBaseContextLocale(base)); } - } diff --git a/app/src/main/java/dev/ukanth/ufirewall/preferences/SecPreferenceFragment.java b/app/src/main/java/dev/ukanth/ufirewall/preferences/SecPreferenceFragment.java index 5049aba59..1caf20fac 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/preferences/SecPreferenceFragment.java +++ b/app/src/main/java/dev/ukanth/ufirewall/preferences/SecPreferenceFragment.java @@ -61,8 +61,6 @@ public class SecPreferenceFragment extends PreferenceFragment implements private ComponentName deviceAdmin; private DevicePolicyManager mDPM; - private Context globalContext = null; - //private String passOption = "p0"; public void setupEnableAdmin(Preference pref) { @@ -84,8 +82,6 @@ public void onCreate(Bundle savedInstanceState) { .getApplicationContext(), AdminDeviceReceiver.class); super.onCreate(savedInstanceState); - globalContext = this.getActivity(); - // Load the preferences from an XML resource addPreferencesFromResource(R.xml.security_preferences); @@ -118,8 +114,9 @@ private void setupDeviceSecurityCheck(Preference pref) { if (Build.VERSION.SDK_INT >= 21) { //only for donate version if ((G.isDoKey(getActivity()) || G.isDonate())) { - if (globalContext != null) { - KeyguardManager keyguardManager = (KeyguardManager) globalContext.getSystemService(KEYGUARD_SERVICE); + Context context = getActivity(); + if (context != null) { + KeyguardManager keyguardManager = (KeyguardManager) context.getSystemService(KEYGUARD_SERVICE); //enable only when keyguard has set if (keyguardManager.isKeyguardSecure()) { enableDeviceCheckPref.setEnabled(true); @@ -318,11 +315,15 @@ public void onSharedPreferenceChanged(SharedPreferences sharedPreferences, @TargetApi(Build.VERSION_CODES.M) private boolean canUserFingerPrint() { try { - KeyguardManager keyguardManager = (KeyguardManager) globalContext.getSystemService(KEYGUARD_SERVICE); - FingerprintManager fingerprintManager = (FingerprintManager) globalContext.getSystemService(FINGERPRINT_SERVICE); + Context context = getActivity(); + if (context == null) { + return false; + } + KeyguardManager keyguardManager = (KeyguardManager) context.getSystemService(KEYGUARD_SERVICE); + FingerprintManager fingerprintManager = (FingerprintManager) context.getSystemService(FINGERPRINT_SERVICE); return fingerprintManager.isHardwareDetected() && - ActivityCompat.checkSelfPermission(globalContext, Manifest.permission.USE_FINGERPRINT) == PackageManager.PERMISSION_GRANTED && + ActivityCompat.checkSelfPermission(context, Manifest.permission.USE_FINGERPRINT) == PackageManager.PERMISSION_GRANTED && fingerprintManager.hasEnrolledFingerprints() && keyguardManager.isKeyguardSecure(); } catch (Exception e) { @@ -334,28 +335,32 @@ private boolean canUserFingerPrint() { @TargetApi(Build.VERSION_CODES.M) private void checkFingerprintDeviceSupport() { // Initializing both Android Keyguard Manager and Fingerprint Manager - KeyguardManager keyguardManager = (KeyguardManager) globalContext.getSystemService(KEYGUARD_SERVICE); - FingerprintManager fingerprintManager = (FingerprintManager) globalContext.getSystemService(FINGERPRINT_SERVICE); + Context context = getActivity(); + if (context == null) { + return; + } + KeyguardManager keyguardManager = (KeyguardManager) context.getSystemService(KEYGUARD_SERVICE); + FingerprintManager fingerprintManager = (FingerprintManager) context.getSystemService(FINGERPRINT_SERVICE); ListPreference itemList = (ListPreference) findPreference("passSetting"); // Check whether the device has a Fingerprint sensor. if (!fingerprintManager.isHardwareDetected()) { - Api.toast(globalContext, getString(R.string.device_with_no_fingerprint_sensor)); + Api.toast(context, getString(R.string.device_with_no_fingerprint_sensor)); itemList.setValueIndex(0); } else { // Checks whether fingerprint permission is set on manifest - if (ActivityCompat.checkSelfPermission(globalContext, Manifest.permission.USE_FINGERPRINT) != PackageManager.PERMISSION_GRANTED) { - Api.toast(globalContext, getString(R.string.fingerprint_permission_manifest_missing)); + if (ActivityCompat.checkSelfPermission(context, Manifest.permission.USE_FINGERPRINT) != PackageManager.PERMISSION_GRANTED) { + Api.toast(context, getString(R.string.fingerprint_permission_manifest_missing)); itemList.setValueIndex(0); } else { // Check whether at least one fingerprint is registered if (!fingerprintManager.hasEnrolledFingerprints()) { - Api.toast(globalContext, getString(R.string.register_at_least_one_fingerprint)); + Api.toast(context, getString(R.string.register_at_least_one_fingerprint)); itemList.setValueIndex(0); } else { // Checks whether lock screen security is enabled or not if (!keyguardManager.isKeyguardSecure()) { - Api.toast(globalContext, getString(R.string.lock_screen_not_enabled)); + Api.toast(context, getString(R.string.lock_screen_not_enabled)); itemList.setValueIndex(0); } else { // Anything is ok @@ -363,7 +368,7 @@ private void checkFingerprintDeviceSupport() { G.isFingerprintEnabled(true); //make sure we set the index itemList.setValueIndex(3); - Api.toast(globalContext, getString(R.string.fingerprint_enabled_successfully)); + Api.toast(context, getString(R.string.fingerprint_enabled_successfully)); } return; } @@ -430,16 +435,19 @@ public void onInput(MaterialDialog dialog, CharSequence input) { final FingerprintUtil.FingerprintDialog dialog; if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.M) { - dialog = new FingerprintUtil.FingerprintDialog(globalContext); - dialog.setOnFingerprintFailureListener(() -> { - itemList.setValueIndex(3); - dialog.dismiss(); - }); - dialog.setOnFingerprintSuccess(() -> { - G.isFingerprintEnabled(false); - Api.toast(globalContext, getString(R.string.fingerprint_disabled_successfully)); - }); - dialog.show(); + Context context = getActivity(); + if (context != null) { + dialog = new FingerprintUtil.FingerprintDialog(context); + dialog.setOnFingerprintFailureListener(() -> { + itemList.setValueIndex(3); + dialog.dismiss(); + }); + dialog.setOnFingerprintSuccess(() -> { + G.isFingerprintEnabled(false); + Api.toast(context, getString(R.string.fingerprint_disabled_successfully)); + }); + dialog.show(); + } } } @@ -460,55 +468,72 @@ public void onPause() { super.onPause(); } + @Override + public void onDestroy() { + super.onDestroy(); + enableAdminPref = null; + enableDeviceCheckPref = null; + } + @Override public void onActivityResult(int requestCode, int resultCode, Intent data) { super.onActivityResult(requestCode, resultCode, data); + if (!isAdded()) return; setupEnableAdmin(findPreference("enableAdmin")); switch (requestCode) { - case REQ_CREATE_PATTERN: { - ListPreference itemList = (ListPreference) findPreference("passSetting"); - if (resultCode == getActivity().RESULT_OK) { - char[] pattern = data.getCharArrayExtra( - EXTRA_PATTERN); - final SharedPreferences.Editor editor = G.sPrefs.edit(); - editor.putString("LockPassword", new String(pattern)); - editor.commit(); - G.enableDeviceCheck(false); - //enable - if (itemList != null) { - final ListPreference patternMaxTry = (ListPreference) findPreference("patternMax"); - final CheckBoxPreference stealthMode = (CheckBoxPreference) findPreference("stealthMode"); - if (stealthMode != null) stealthMode.setEnabled(true); - if (patternMaxTry != null) patternMaxTry.setEnabled(true); - } - - } else { - itemList = (ListPreference) findPreference("passSetting"); - if (itemList != null) { - itemList.setValueIndex(0); - } - } + handleCreatePatternResult(resultCode, data); break; } - case REQ_ENTER_PATTERN: { - ListPreference itemList = (ListPreference) findPreference("passSetting"); - if (resultCode == getActivity().RESULT_OK) { - final SharedPreferences.Editor editor = G.sPrefs.edit(); - editor.putString("LockPassword", ""); - editor.commit(); - itemList = (ListPreference) findPreference("passSetting"); - if (itemList != null) { - itemList.setValueIndex(0); - } - } else { - if (itemList != null) { - itemList.setValueIndex(2); - G.enableDeviceCheck(false); - } - } + handleEnterPatternResult(resultCode); + } + } + } + + private void handleCreatePatternResult(int resultCode, Intent data) { + ListPreference itemList = (ListPreference) findPreference("passSetting"); + if (resultCode == getActivity().RESULT_OK && data != null) { + char[] pattern = data.getCharArrayExtra(EXTRA_PATTERN); + if (pattern != null) { + savePattern(new String(pattern)); + enablePatternFeatures(); + } + } else { + resetPatternSelection(itemList); + } + } + + private void handleEnterPatternResult(int resultCode) { + ListPreference itemList = (ListPreference) findPreference("passSetting"); + if (resultCode == getActivity().RESULT_OK) { + G.sPrefs.edit().putString("LockPassword", "").apply(); + if (itemList != null) { + itemList.setValueIndex(0); + } + } else { + if (itemList != null) { + itemList.setValueIndex(2); + G.enableDeviceCheck(false); } } } + + private void savePattern(String pattern) { + G.sPrefs.edit().putString("LockPassword", pattern).apply(); + G.enableDeviceCheck(false); + } + + private void enablePatternFeatures() { + final ListPreference patternMaxTry = (ListPreference) findPreference("patternMax"); + final CheckBoxPreference stealthMode = (CheckBoxPreference) findPreference("stealthMode"); + if (stealthMode != null) stealthMode.setEnabled(true); + if (patternMaxTry != null) patternMaxTry.setEnabled(true); + } + + private void resetPatternSelection(ListPreference itemList) { + if (itemList != null) { + itemList.setValueIndex(0); + } + } } diff --git a/app/src/main/java/dev/ukanth/ufirewall/preferences/SeekBarPreference.java b/app/src/main/java/dev/ukanth/ufirewall/preferences/SeekBarPreference.java new file mode 100644 index 000000000..e60339822 --- /dev/null +++ b/app/src/main/java/dev/ukanth/ufirewall/preferences/SeekBarPreference.java @@ -0,0 +1,180 @@ +package dev.ukanth.ufirewall.preferences; + +import android.content.Context; +import android.content.res.TypedArray; +import android.preference.Preference; +import android.util.AttributeSet; +import android.view.View; +import android.view.ViewGroup; +import android.widget.SeekBar; +import android.widget.TextView; + +import dev.ukanth.ufirewall.R; + +/** + * Custom SeekBar preference for selecting numeric values with a slider + */ +public class SeekBarPreference extends Preference implements SeekBar.OnSeekBarChangeListener { + + private static final int DEFAULT_MIN = 0; + private static final int DEFAULT_MAX = 100; + private static final int DEFAULT_VALUE = 0; + + private int mMax; + private int mMin; + private int mValue; + private String mSuffix; + private TextView mValueText; + private SeekBar mSeekBar; + + public SeekBarPreference(Context context, AttributeSet attrs, int defStyleAttr) { + super(context, attrs, defStyleAttr); + init(context, attrs); + } + + public SeekBarPreference(Context context, AttributeSet attrs) { + super(context, attrs); + init(context, attrs); + } + + public SeekBarPreference(Context context) { + super(context); + init(context, null); + } + + private void init(Context context, AttributeSet attrs) { + setLayoutResource(R.layout.preference_seekbar); + + if (attrs != null) { + TypedArray a = context.obtainStyledAttributes(attrs, R.styleable.SeekBarPreference); + mMax = a.getInt(R.styleable.SeekBarPreference_android_max, DEFAULT_MAX); + mMin = a.getInt(R.styleable.SeekBarPreference_min, DEFAULT_MIN); + mSuffix = a.getString(R.styleable.SeekBarPreference_suffix); + a.recycle(); + } else { + mMax = DEFAULT_MAX; + mMin = DEFAULT_MIN; + mSuffix = ""; + } + } + + @Override + protected View onCreateView(ViewGroup parent) { + View view = super.onCreateView(parent); + return view; + } + + @Override + protected void onBindView(View view) { + super.onBindView(view); + + mSeekBar = view.findViewById(R.id.seekbar); + mValueText = view.findViewById(R.id.seekbar_value); + + if (mSeekBar != null) { + mSeekBar.setMax(mMax - mMin); + mSeekBar.setProgress(mValue - mMin); + mSeekBar.setOnSeekBarChangeListener(this); + } + + updateValueText(); + } + + @Override + protected Object onGetDefaultValue(TypedArray a, int index) { + return a.getInt(index, DEFAULT_VALUE); + } + + @Override + protected void onSetInitialValue(boolean restoreValue, Object defaultValue) { + if (restoreValue) { + try { + mValue = getPersistedInt(DEFAULT_VALUE); + } catch (ClassCastException e) { + // Handle migration from EditTextPreference (String) to SeekBarPreference (Integer) + String stringValue = getSharedPreferences().getString(getKey(), String.valueOf(DEFAULT_VALUE)); + try { + mValue = Integer.parseInt(stringValue); + // Remove old String value and migrate to integer storage + getSharedPreferences().edit().remove(getKey()).commit(); + getSharedPreferences().edit().putInt(getKey(), mValue).commit(); + } catch (NumberFormatException nfe) { + mValue = DEFAULT_VALUE; + getSharedPreferences().edit().remove(getKey()).commit(); + getSharedPreferences().edit().putInt(getKey(), mValue).commit(); + } + } + } else { + mValue = (Integer) defaultValue; + persistInt(mValue); + } + } + + @Override + public void onProgressChanged(SeekBar seekBar, int progress, boolean fromUser) { + if (fromUser) { + int newValue = progress + mMin; + if (callChangeListener(newValue)) { + setValue(newValue); + } + } + } + + @Override + public void onStartTrackingTouch(SeekBar seekBar) { + // Not needed + } + + @Override + public void onStopTrackingTouch(SeekBar seekBar) { + persistInt(mValue); + } + + public void setValue(int value) { + if (value < mMin) { + value = mMin; + } + if (value > mMax) { + value = mMax; + } + + if (value != mValue) { + mValue = value; + persistInt(value); + updateValueText(); + if (mSeekBar != null) { + mSeekBar.setProgress(value - mMin); + } + } + } + + public int getValue() { + return mValue; + } + + private void updateValueText() { + if (mValueText != null) { + String suffix = mSuffix != null ? " " + mSuffix : ""; + mValueText.setText(String.valueOf(mValue) + suffix); + } + } + + public void setMax(int max) { + mMax = max; + if (mSeekBar != null) { + mSeekBar.setMax(max - mMin); + } + } + + public void setMin(int min) { + mMin = min; + if (mSeekBar != null) { + mSeekBar.setMax(mMax - min); + } + } + + public void setSuffix(String suffix) { + mSuffix = suffix; + updateValueText(); + } +} diff --git a/app/src/main/java/dev/ukanth/ufirewall/preferences/ThemePreferenceFragment.java b/app/src/main/java/dev/ukanth/ufirewall/preferences/ThemePreferenceFragment.java index 5d64a139d..142732f38 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/preferences/ThemePreferenceFragment.java +++ b/app/src/main/java/dev/ukanth/ufirewall/preferences/ThemePreferenceFragment.java @@ -66,6 +66,14 @@ public void onSharedPreferenceChanged(SharedPreferences sharedPreferences, G.getSelectedTheme("D"); } break; + case "LHC": + if ((G.isDoKey(ctx) || isDonate())) { + G.getInstance().setTheme(R.style.AppLightHighContrastTheme); + } else { + Api.toast(ctx, ctx.getText(R.string.donate_only), Toast.LENGTH_LONG); + G.getSelectedTheme("D"); + } + break; case "B": if ((G.isDoKey(ctx) || isDonate())) { G.getInstance().setTheme(R.style.AppBlackTheme); diff --git a/app/src/main/java/dev/ukanth/ufirewall/service/FirewallService.java b/app/src/main/java/dev/ukanth/ufirewall/service/FirewallService.java index 4d0c2829e..ee2afd16c 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/service/FirewallService.java +++ b/app/src/main/java/dev/ukanth/ufirewall/service/FirewallService.java @@ -31,13 +31,17 @@ public class FirewallService extends Service { + private static final String TAG = "AFWall"; private static final int NOTIFICATION_ID = 1; + private static boolean logServiceActive = false; // Track if LogService is running + private static FirewallService instance = null; // Track service instance BroadcastReceiver connectivityReciver; BroadcastReceiver packageReceiver; IntentFilter filter; private BluetoothAdapter bluetoothAdapter; private BluetoothProfile.ServiceListener btListener; private static BluetoothProfile btPanProfile; + private static boolean btConnectionRequested = false; // Track if connection was requested public Context context; @Override public IBinder onBind(Intent intent) { @@ -48,21 +52,29 @@ public IBinder onBind(Intent intent) { public void onCreate() { super.onCreate(); context = this; + instance = this; + // Reset log service status on create + logServiceActive = false; + Log.d(TAG, "FirewallService created, logServiceActive reset to false"); } private void registerBTListener() { - btListener = new BluetoothProfile.ServiceListener() { - @Override - public void onServiceConnected(int profile, BluetoothProfile proxy) { - Log.d(G.TAG, "BluetoothProfile.ServiceListener connected"); - btPanProfile = proxy; - } + // Only create listener if it doesn't exist to prevent leaks + if (btListener == null) { + btListener = new BluetoothProfile.ServiceListener() { + @Override + public void onServiceConnected(int profile, BluetoothProfile proxy) { + Log.d(G.TAG, "BluetoothProfile.ServiceListener connected"); + btPanProfile = proxy; + } - @Override - public void onServiceDisconnected(int profile) { - Log.d(G.TAG, "BluetoothProfile.ServiceListener disconected"); - } - }; + @Override + public void onServiceDisconnected(int profile) { + Log.d(G.TAG, "BluetoothProfile.ServiceListener disconnected"); + btPanProfile = null; // Clear reference on disconnect + } + }; + } } @@ -75,14 +87,16 @@ private void addNotification() { if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) { NotificationChannel notificationChannel = new NotificationChannel(NOTIFICATION_CHANNEL_ID, channelName, NotificationManager.IMPORTANCE_LOW); - notificationChannel.setLockscreenVisibility(Notification.VISIBILITY_PRIVATE); + notificationChannel.setLockscreenVisibility(Notification.VISIBILITY_PUBLIC); assert manager != null; if(G.getNotificationPriority() == 0) { notificationChannel.setImportance(NotificationManager.IMPORTANCE_DEFAULT); + } else { + notificationChannel.setImportance(NotificationManager.IMPORTANCE_LOW); } notificationChannel.setSound(null, null); notificationChannel.enableLights(false); - notificationChannel.setShowBadge(false); + notificationChannel.setShowBadge(true); notificationChannel.enableVibration(false); manager.createNotificationChannel(notificationChannel); } @@ -125,11 +139,17 @@ private void addNotification() { } else { notificationText = getString(R.string.active); } + // Append log service status if active + if (logServiceActive) { + notificationText += " • " + getString(R.string.log_monitoring); + } //notificationText = context.getString(R.string.active); icon = R.drawable.notification; + Log.d(TAG, "Firewall ENABLED - notification text: " + notificationText); } else { notificationText = getString(R.string.inactive); icon = R.drawable.notification_error; + Log.d(TAG, "Firewall DISABLED - notification text: " + notificationText); } @@ -145,19 +165,23 @@ private void addNotification() { .setChannelId(NOTIFICATION_CHANNEL_ID) .setPriority(NotificationCompat.PRIORITY_LOW) .setCategory(Notification.CATEGORY_SERVICE) - .setVisibility(NotificationCompat.VISIBILITY_SECRET) + .setVisibility(NotificationCompat.VISIBILITY_PUBLIC) .setContentText(notificationText) .setSmallIcon(icon) .setOngoing(true) .build(); - //if(G.activeNotification()) { if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) { startForeground(NOTIFICATION_ID, notification, FOREGROUND_SERVICE_TYPE_SPECIAL_USE); + Log.d(TAG, "Updated notification via startForeground (Android 14+): " + notificationText); } else if(Build.VERSION.SDK_INT >= Build.VERSION_CODES.O ) { startForeground(NOTIFICATION_ID, notification); + Log.d(TAG, "Updated notification via startForeground (Android 8+): " + notificationText); } else { - manager.notify(NOTIFICATION_ID, notification); + if(G.activeNotification()) { + manager.notify(NOTIFICATION_ID, notification); + Log.d(TAG, "Updated notification via notify: " + notificationText); + } } /*} else { if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) { @@ -171,6 +195,41 @@ private void addNotification() { } + /** + * Update notification when LogService status changes + */ + public static void setLogServiceActive(boolean active) { + logServiceActive = active; + if (instance != null) { + instance.addNotification(); + } + } + + /** + * Check if FirewallService is running + */ + public static boolean isInstanceRunning() { + return instance != null; + } + + /** + * Refresh the notification + */ + public static void refreshNotification() { + if (instance != null) { + Log.d(TAG, "Refreshing FirewallService notification"); + // Ensure we run on the main thread + new android.os.Handler(android.os.Looper.getMainLooper()).post(() -> { + if (instance != null) { + instance.addNotification(); + Log.d(TAG, "FirewallService notification refreshed"); + } + }); + } else { + Log.w(TAG, "Cannot refresh notification - FirewallService instance is null"); + } + } + @Override public int onStartCommand(Intent intent, int flags, int startId) { @@ -215,9 +274,8 @@ public int onStartCommand(Intent intent, int flags, int startId) { registerReceiver(packageReceiver, intentFilter); } - if(bluetoothAdapter == null) { - bluetoothAdapter = getBTAdapter(context); - } + // TEMPORARY: Bluetooth initialization completely disabled to prevent connection leaks + Log.d(G.TAG, "Bluetooth initialization disabled to prevent service connection leaks"); return START_STICKY; } @@ -228,16 +286,12 @@ private BluetoothAdapter getBTAdapter(Context context) { boolean hasBluetooth = pm.hasSystemFeature(PackageManager.FEATURE_BLUETOOTH); if (hasBluetooth) { bluetoothAdapter = BluetoothAdapter.getDefaultAdapter(); - if (bluetoothAdapter != null && btListener != null && btPanProfile == null) { - try { - boolean success = bluetoothAdapter.getProfileProxy(context, btListener, 5); // BluetoothProfile.PAN - if (!success) { - Log.w(G.TAG, "Failed to get Bluetooth PAN profile proxy"); - } - } catch (Exception e) { - Log.e(G.TAG, "Error getting Bluetooth profile proxy", e); - } - } + + // TEMPORARY: Disable Bluetooth profile connection to prevent service leaks + // TODO: Find better way to handle Bluetooth tethering detection without connection leaks + Log.d(G.TAG, "Bluetooth PAN profile connection disabled to prevent service leaks"); + } else { + Log.d(G.TAG, "Device does not support Bluetooth, skipping"); } return bluetoothAdapter; } @@ -258,6 +312,7 @@ public void onDestroy() { if(btPanProfile != null) { bluetoothAdapter.closeProfileProxy(5, btPanProfile); // BluetoothProfile.PAN btPanProfile = null; + Log.d(G.TAG, "Closed Bluetooth PAN profile proxy"); } } catch (Exception e){ Log.e(G.TAG, "Error closing bt profile", e); @@ -265,7 +320,15 @@ public void onDestroy() { // Always clean up references regardless of profile state btListener = null; bluetoothAdapter = null; + btConnectionRequested = false; // Reset connection flag + Log.d(G.TAG, "Bluetooth cleanup completed"); } + } else if (btConnectionRequested || btPanProfile != null) { + // Edge case: Clean up even if adapter is null + Log.w(G.TAG, "Bluetooth adapter is null but connection state exists, cleaning up"); + btPanProfile = null; + btListener = null; + btConnectionRequested = false; } super.onDestroy(); } @@ -273,6 +336,9 @@ public void onDestroy() { public static BluetoothProfile getBtPanProfile() { - return btPanProfile; + // TEMPORARY: Return null to disable Bluetooth tethering detection + // This prevents service connection leaks while we find a better solution + Log.d(G.TAG, "Bluetooth PAN profile disabled, returning null"); + return null; } } diff --git a/app/src/main/java/dev/ukanth/ufirewall/service/LogService.java b/app/src/main/java/dev/ukanth/ufirewall/service/LogService.java index 2feb7fdad..548b76172 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/service/LogService.java +++ b/app/src/main/java/dev/ukanth/ufirewall/service/LogService.java @@ -47,6 +47,7 @@ import com.raizlabs.android.dbflow.config.FlowConfig; import com.raizlabs.android.dbflow.config.FlowManager; import com.topjohnwu.superuser.CallbackList; +import com.topjohnwu.superuser.NoShellException; import com.topjohnwu.superuser.Shell; import org.ocpsoft.prettytime.PrettyTime; @@ -60,6 +61,7 @@ import java.util.concurrent.Executors; import dev.ukanth.ufirewall.Api; +import dev.ukanth.ufirewall.MainActivity; import dev.ukanth.ufirewall.R; import dev.ukanth.ufirewall.activity.LogActivity; import dev.ukanth.ufirewall.events.LogEvent; @@ -67,6 +69,7 @@ import dev.ukanth.ufirewall.log.LogData; import dev.ukanth.ufirewall.log.LogDatabase; import dev.ukanth.ufirewall.log.LogInfo; +import dev.ukanth.ufirewall.service.FirewallService; import dev.ukanth.ufirewall.util.G; public class LogService extends Service { @@ -74,6 +77,10 @@ public class LogService extends Service { public static final String TAG = "AFWall"; public static String logPath; public static final int QUEUE_NUM = 40; + + public static final String ACTION_GRACEFUL_SHUTDOWN = "dev.ukanth.ufirewall.GRACEFUL_SHUTDOWN"; + public static final String ACTION_CHANGE_LOG_TARGET = "dev.ukanth.ufirewall.CHANGE_LOG_TARGET"; + public static final String EXTRA_NEW_LOG_TARGET = "new_log_target"; private String NOTIFICATION_CHANNEL_ID = "firewall.logservice"; @@ -83,6 +90,7 @@ public class LogService extends Service { private List callbackList; private ExecutorService executorService; + private volatile boolean isShuttingDown = false; private Shell logWatcherShell; // Additional shell for long running log-watcher process @@ -94,6 +102,21 @@ public IBinder onBind(Intent intent) { @Override public int onStartCommand(Intent intent, int flags, int startId) { + if (intent != null) { + if (ACTION_GRACEFUL_SHUTDOWN.equals(intent.getAction())) { + Log.i(TAG, "Received graceful shutdown request"); + initiateGracefulShutdown(); + return START_NOT_STICKY; + } else if (ACTION_CHANGE_LOG_TARGET.equals(intent.getAction())) { + String newLogTarget = intent.getStringExtra(EXTRA_NEW_LOG_TARGET); + Log.i(TAG, "Received log target change request to: " + newLogTarget); + changeLogTarget(newLogTarget); + return START_STICKY; + } + } + + // Reset shutdown flag when service starts normally + isShuttingDown = false; startLogService(); return START_STICKY; } @@ -105,6 +128,52 @@ public void onCreate() { } + /** + * Get the best available command for reading kernel logs with iptables messages + * Tries multiple methods in order of preference for efficiency and compatibility + * @return command string or null if no suitable method is available + */ + private String getBestLogCommand() { + // Method 1: Try dmesg with follow and grep (most efficient for iptables logs) + if (isCommandAvailable("dmesg --follow")) { + return "dmesg --follow | grep '{AFL}'"; + } + + // Method 2: Try dmesg with tail simulation (good fallback) + if (isCommandAvailable("dmesg") && isCommandAvailable("tail")) { + return "while true; do dmesg | grep '{AFL}' | tail -n +$(( $(wc -l < /tmp/afwall_lastline 2>/dev/null || echo 0) + 1 )); dmesg | wc -l > /tmp/afwall_lastline; sleep 1; done"; + } + + // Method 3: Try logcat kernel logs (Android 7+) + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N && isCommandAvailable("logcat")) { + return "logcat -s kernel:* | grep '{AFL}'"; + } + + // Method 4: Try journalctl if available (some Android variants) + if (isCommandAvailable("journalctl")) { + return "journalctl -k -f | grep '{AFL}'"; + } + + // Method 5: Fall back to /proc/kmsg with improvements + Log.w(TAG, "Falling back to /proc/kmsg - less efficient method"); + return "cat /proc/kmsg | grep --line-buffered '{AFL}'"; + } + + /** + * Check if a command is available on the system + * @param command the command to test + * @return true if command is available + */ + private boolean isCommandAvailable(String command) { + try { + String testCommand = command.split(" ")[0]; // Get the base command + Shell.Result result = Shell.cmd("which " + testCommand + " || command -v " + testCommand).exec(); + return result.isSuccess() && !result.getOut().isEmpty(); + } catch (Exception e) { + return false; + } + } + private void startLogService() { if (G.enableLogService()) { // this method is executed in a background thread @@ -118,15 +187,18 @@ private void startLogService() { } switch (log) { case "LOG": - logPath = "cat /proc/kmsg"; + logPath = getBestLogCommand(); + if (logPath == null) { + Log.e(TAG, "No suitable log reading method available"); + return; + } break; case "NFLOG": - logPath = Api.getNflogPath(getApplicationContext()); + logPath = Api.getEnhancedNflogCommand(getApplicationContext(), QUEUE_NUM); if (logPath == null) { Log.e(TAG, "NFLOG binary not available, cannot start logging service"); return; } - logPath = logPath + " " + QUEUE_NUM; break; } @@ -134,11 +206,17 @@ private void startLogService() { callbackList = new CallbackList() { @Override public void onAddElement(String line) { - //kmsg entering into idle state, wait for few seconds and start again ? - if(line.contains("suspend exit")) { + // Handle device suspend/resume scenarios + if(line.contains("suspend exit") || line.contains("PM: suspend exit")) { + restartWatcher(logPath); + } + + // Handle log rotation or kernel ring buffer wrap + if(line.contains("log_buf_len") || line.contains("Buffer wrap")) { restartWatcher(logPath); } + // Process iptables/netfilter log entries if(line.contains("{AFL}")) { storeLogInfo(line, getApplicationContext()); } @@ -157,68 +235,411 @@ public void onAddElement(String line) { } private void restartWatcher(String logPath) { + if (isShuttingDown) { + return; + } + final Handler handler = new Handler(Looper.getMainLooper()); handler.postDelayed(() -> { - Log.i(G.TAG, "Restarting log watcher after 5s"); - initiateLogWatcher(logPath); + if (G.enableLogService() && !isShuttingDown) { + Log.i(G.TAG, "Restarting log watcher after 5s"); + cleanupTempFiles(); + initiateLogWatcher(logPath); + } }, 5000); } + + /** + * Clean up temporary files used by log watchers + */ + private void cleanupTempFiles() { + try { + Shell.cmd("rm -f /tmp/afwall_lastline").exec(); + } catch (Exception e) { + // Ignore cleanup errors + } + } + + /** + * Initiate graceful shutdown of the log service + */ + private void initiateGracefulShutdown() { + Log.i(TAG, "Starting graceful shutdown process"); + + // Set shutdown flag to prevent new tasks + isShuttingDown = true; + + // Stop in background thread to avoid blocking the main thread + new Thread(() -> { + try { + // Close shell first to stop generating new tasks + if (logWatcherShell != null) { + try { + logWatcherShell.close(); + Log.i(TAG, "Log watcher shell closed"); + } catch (Exception e) { + Log.w(TAG, "Error closing log watcher shell during graceful shutdown: " + e.getMessage()); + } + logWatcherShell = null; + } + + // Give executor service time to finish current tasks + if (executorService != null) { + try { + Log.i(TAG, "Shutting down executor service..."); + executorService.shutdown(); // Don't accept new tasks + if (!executorService.awaitTermination(5000, java.util.concurrent.TimeUnit.MILLISECONDS)) { + Log.w(TAG, "Executor service didn't terminate within 5s, forcing shutdown"); + executorService.shutdownNow(); + // Wait a bit more for tasks to respond to being cancelled + if (!executorService.awaitTermination(2000, java.util.concurrent.TimeUnit.MILLISECONDS)) { + Log.w(TAG, "Executor service still didn't terminate after force shutdown"); + } + } + Log.i(TAG, "Executor service shutdown complete"); + } catch (InterruptedException e) { + Log.w(TAG, "Interrupted while shutting down executor service"); + executorService.shutdownNow(); + Thread.currentThread().interrupt(); + } + } + + // Clean up and stop service + cleanupTempFiles(); + Log.i(TAG, "Graceful shutdown complete, stopping service"); + + // Stop the service on the main thread + Handler mainHandler = new Handler(Looper.getMainLooper()); + mainHandler.post(() -> stopSelf()); + + } catch (Exception e) { + Log.e(TAG, "Error during graceful shutdown: " + e.getMessage(), e); + // Fallback to immediate stop + Handler mainHandler = new Handler(Looper.getMainLooper()); + mainHandler.post(() -> stopSelf()); + } + }, "LogService-GracefulShutdown").start(); + } + + /** + * Change the log target without restarting the service + */ + private void changeLogTarget(String newLogTarget) { + if (newLogTarget == null || newLogTarget.trim().isEmpty()) { + Log.w(TAG, "Invalid log target provided, ignoring change request"); + return; + } + + String currentLogTarget = G.logTarget(); + if (newLogTarget.equals(currentLogTarget)) { + Log.i(TAG, "New log target is same as current, no change needed"); + return; + } + + Log.i(TAG, "Changing log target from " + currentLogTarget + " to " + newLogTarget); + + // Stop current log watcher gracefully in background thread + new Thread(() -> { + try { + // Set shutdown flag temporarily to prevent restarts + isShuttingDown = true; + + // Close current shell and executor + if (logWatcherShell != null) { + try { + logWatcherShell.close(); + Log.i(TAG, "Closed existing log watcher shell"); + } catch (Exception e) { + Log.w(TAG, "Error closing existing shell: " + e.getMessage()); + } + logWatcherShell = null; + } + + if (executorService != null) { + try { + executorService.shutdown(); + if (!executorService.awaitTermination(3000, java.util.concurrent.TimeUnit.MILLISECONDS)) { + Log.w(TAG, "Executor didn't terminate gracefully, forcing shutdown"); + executorService.shutdownNow(); + } + Log.i(TAG, "Executor service shut down successfully"); + } catch (InterruptedException e) { + Log.w(TAG, "Interrupted while shutting down executor"); + executorService.shutdownNow(); + Thread.currentThread().interrupt(); + } + executorService = null; + } + + // Wait a moment for cleanup + Thread.sleep(1000); + + // Update log target in preferences + G.logTarget(newLogTarget); + + // Reset shutdown flag + isShuttingDown = false; + + // Restart log service with new target on main thread + Handler mainHandler = new Handler(Looper.getMainLooper()); + mainHandler.post(() -> { + Log.i(TAG, "Restarting log service with new target: " + newLogTarget); + startLogService(); + }); + + } catch (Exception e) { + Log.e(TAG, "Error during log target change: " + e.getMessage(), e); + isShuttingDown = false; // Reset flag on error + } + }, "LogService-ChangeTarget").start(); + } private void createNotification() { manager = (NotificationManager) ctx.getSystemService(Context.NOTIFICATION_SERVICE); manager.cancel(109); + // On Android 8+, LogService must piggyback on FirewallService's notification if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) { - NotificationChannel notificationChannel = new NotificationChannel(NOTIFICATION_CHANNEL_ID, ctx.getString(R.string.firewall_log_notify), NotificationManager.IMPORTANCE_DEFAULT); - notificationChannel.setLockscreenVisibility(Notification.VISIBILITY_PRIVATE); - assert manager != null; + // Set the flag so FirewallService knows to include log monitoring status + FirewallService.setLogServiceActive(true); + + // LogService MUST call startForeground() within 5 seconds on Android 8+ + // Create a notification using FirewallService's channel and style + String SHARED_CHANNEL_ID = "firewall.service"; + + // Ensure the channel exists + NotificationChannel notificationChannel = new NotificationChannel(SHARED_CHANNEL_ID, ctx.getString(R.string.firewall_service), NotificationManager.IMPORTANCE_LOW); + notificationChannel.setLockscreenVisibility(Notification.VISIBILITY_PUBLIC); if (G.getNotificationPriority() == 0) { notificationChannel.setImportance(NotificationManager.IMPORTANCE_DEFAULT); + } else { + notificationChannel.setImportance(NotificationManager.IMPORTANCE_LOW); } notificationChannel.setSound(null, null); - notificationChannel.setShowBadge(false); notificationChannel.enableLights(false); + notificationChannel.setShowBadge(true); notificationChannel.enableVibration(false); manager.createNotificationChannel(notificationChannel); + + // Build notification in FirewallService style (opens MainActivity, not LogActivity) + Intent appIntent = new Intent(ctx, MainActivity.class); + appIntent.setAction(Intent.ACTION_MAIN); + appIntent.addCategory(Intent.CATEGORY_LAUNCHER); + appIntent.setFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP); + + PendingIntent notifyPendingIntent = PendingIntent.getActivity(ctx, 0, appIntent, PendingIntent.FLAG_IMMUTABLE); + + String notificationText = Api.isEnabled(ctx) ? ctx.getString(R.string.active) : ctx.getString(R.string.inactive); + notificationText += " • " + ctx.getString(R.string.log_monitoring); + + int icon = Api.isEnabled(ctx) ? R.drawable.notification : R.drawable.notification_error; + + NotificationCompat.Builder builder = new NotificationCompat.Builder(ctx, SHARED_CHANNEL_ID); + builder.setContentIntent(notifyPendingIntent) + .setSmallIcon(icon) + .setContentTitle(ctx.getString(R.string.app_name)) + .setContentText(notificationText) + .setOngoing(true) + .setPriority(NotificationCompat.PRIORITY_LOW) + .setCategory(NotificationCompat.CATEGORY_SERVICE); + + Notification notification = builder.build(); + startForeground(1, notification); + Log.i(TAG, "LogService started as foreground with shared notification ID 1"); + + if (FirewallService.isInstanceRunning()) { + // FirewallService is already running, it will refresh and take over the notification + FirewallService.refreshNotification(); + Log.i(TAG, "FirewallService notification refreshed to include log status"); + } else { + // Start FirewallService so it can take over notification management + Log.i(TAG, "Starting FirewallService to manage shared notification"); + Intent intent = new Intent(ctx, FirewallService.class); + ctx.startForegroundService(intent); + } + } else { + // Pre-Android 8: Create notification channel for individual log events + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) { + NotificationChannel notificationChannel = new NotificationChannel(NOTIFICATION_CHANNEL_ID, ctx.getString(R.string.firewall_log_notify), NotificationManager.IMPORTANCE_DEFAULT); + notificationChannel.setLockscreenVisibility(Notification.VISIBILITY_PRIVATE); + assert manager != null; + if (G.getNotificationPriority() == 0) { + notificationChannel.setImportance(NotificationManager.IMPORTANCE_DEFAULT); + } + notificationChannel.setSound(null, null); + notificationChannel.setShowBadge(false); + notificationChannel.enableLights(false); + notificationChannel.enableVibration(false); + manager.createNotificationChannel(notificationChannel); + } + + // Pre-Android 8: respect user preference for showing notifications + if (G.activeNotification()) { + Intent appIntent = new Intent(ctx, LogActivity.class); + appIntent.setAction(Intent.ACTION_MAIN); + appIntent.addCategory(Intent.CATEGORY_LAUNCHER); + appIntent.setFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP); + + PendingIntent notifyPendingIntent = PendingIntent.getActivity(ctx, 0, appIntent, PendingIntent.FLAG_IMMUTABLE); + notificationBuilder = new NotificationCompat.Builder(ctx, NOTIFICATION_CHANNEL_ID); + notificationBuilder.setContentIntent(notifyPendingIntent) + .setSmallIcon(R.drawable.notification) + .setContentTitle(ctx.getString(R.string.firewall_log_notify)) + .setContentText(ctx.getString(R.string.log_service_running)) + .setOngoing(true) + .setPriority(NotificationCompat.PRIORITY_LOW) + .setCategory(NotificationCompat.CATEGORY_SERVICE); + + Notification notification = notificationBuilder.build(); + assert manager != null; + manager.notify(1, notification); + Log.i(TAG, "LogService notification shown (user preference enabled)"); + } else { + Log.i(TAG, "LogService notification hidden (user preference disabled)"); + } } - - Intent appIntent = new Intent(ctx, LogActivity.class); - appIntent.setAction(Intent.ACTION_MAIN); - appIntent.addCategory(Intent.CATEGORY_LAUNCHER); - appIntent.setFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP); - - PendingIntent notifyPendingIntent = PendingIntent.getActivity(ctx, 0, appIntent, PendingIntent.FLAG_IMMUTABLE); - notificationBuilder = new NotificationCompat.Builder(ctx, NOTIFICATION_CHANNEL_ID); - notificationBuilder.setContentIntent(notifyPendingIntent); } - private void initiateLogWatcher(String logCommand) { + private void initiateLogWatcher(String logCommand) { // Clear/remove existing tasks if(executorService != null) { executorService.shutdownNow(); } //make sure it's enabled first - if(G.enableLogService()) { + if(G.enableLogService() && !isShuttingDown) { if (executorService == null) { executorService = Executors.newCachedThreadPool(); } if (logWatcherShell == null) { - logWatcherShell = Shell.Builder.create().setFlags(Shell.FLAG_REDIRECT_STDERR).build(); + try { + logWatcherShell = Shell.Builder.create() + .setFlags(Shell.FLAG_REDIRECT_STDERR) + .setTimeout(10) // 10 second timeout for shell creation + .build(); + } catch (NoShellException e) { + Log.e(TAG, "Failed to create root shell for log watcher", e); + return; + } } - Log.i(TAG, "Staring log watcher"); + + Log.i(TAG, "Starting log watcher with command: " + logCommand); try { - logWatcherShell.newJob().add(logCommand).to(callbackList).submit(executorService, out -> { - //failed to start, try restarting - if (out.getCode() == 0) { - restartWatcher(logPath); - } else { - Log.i(TAG, "Started successfully"); + if (executorService == null || executorService.isShutdown() || executorService.isTerminated()) { + Log.w(TAG, "ExecutorService is not available, recreating..."); + if (executorService != null) { + executorService.shutdownNow(); } - }); + executorService = Executors.newCachedThreadPool(); + } + + logWatcherShell.newJob() + .add(logCommand) + .to(callbackList) + .submit(executorService, out -> { + try { + Log.i(TAG, "Log watcher finished with code: " + out.getCode()); + + // Don't restart if service is shutting down + if (isShuttingDown) { + Log.i(TAG, "Service is shutting down, not restarting log watcher"); + return; + } + + // Handle different exit scenarios + if (out.getCode() == 0) { + // Normal termination, try restart after delay + Log.w(TAG, "Log watcher terminated normally, restarting..."); + restartWatcher(logPath); + } else if (out.getCode() == 130) { + // SIGINT - likely manual termination + Log.i(TAG, "Log watcher interrupted (SIGINT)"); + } else if (out.getCode() == 137) { + // SIGKILL - system killed the process + Log.w(TAG, "Log watcher killed by system, restarting..."); + restartWatcher(logPath); + } else { + // Other error codes, try fallback method + Log.w(TAG, "Log watcher failed with code " + out.getCode() + ", trying fallback"); + tryFallbackLogMethod(); + } + } catch (Exception e) { + if (e.getMessage() != null && e.getMessage().contains("RejectedExecutionException")) { + Log.w(TAG, "Caught SuperUser library RejectedExecutionException during app shutdown, ignoring to prevent crash"); + } else { + Log.e(TAG, "Error in log watcher completion callback: " + e.getMessage(), e); + } + } + }); + } catch(Exception e) { + Log.e(TAG, "Unable to start log service: " + e.getMessage(), e); + if (e.getMessage() != null && (e.getMessage().contains("rejected") || e.getMessage().contains("terminated"))) { + Log.w(TAG, "ExecutorService rejected task, recreating executor and retrying..."); + try { + if (executorService != null) { + executorService.shutdownNow(); + } + executorService = Executors.newCachedThreadPool(); + initiateLogWatcher(logPath); + return; + } catch (Exception retryException) { + Log.e(TAG, "Retry also failed: " + retryException.getMessage(), retryException); + } + } + tryFallbackLogMethod(); + } + } + } + + /** + * Try a fallback log reading method if the primary method fails + */ + private void tryFallbackLogMethod() { + if (isShuttingDown) { + return; + } + + Log.i(TAG, "Attempting fallback to basic /proc/kmsg reading"); + String fallbackCommand = "cat /proc/kmsg | grep --line-buffered '{AFL}'"; + + final Handler handler = new Handler(Looper.getMainLooper()); + handler.postDelayed(() -> { + if (G.enableLogService() && !isShuttingDown) { + Log.i(TAG, "Starting fallback log watcher"); + initiateLogWatcherWithCommand(fallbackCommand); + } + }, 3000); + } + + /** + * Initiate log watcher with a specific command (used for fallback) + */ + private void initiateLogWatcherWithCommand(String logCommand) { + if(G.enableLogService() && logWatcherShell != null && !isShuttingDown) { + try { + if (executorService == null || executorService.isShutdown() || executorService.isTerminated()) { + Log.w(TAG, "ExecutorService is not available for fallback, recreating..."); + if (executorService != null) { + executorService.shutdownNow(); + } + executorService = Executors.newCachedThreadPool(); + } + + logWatcherShell.newJob() + .add(logCommand) + .to(callbackList) + .submit(executorService, out -> { + Log.i(TAG, "Fallback log watcher finished with code: " + out.getCode()); + if (out.getCode() == 0) { + restartWatcher(logCommand); + } + }); } catch(Exception e) { - Log.i(TAG, "Unable to start log service."); + Log.e(TAG, "Fallback log service also failed: " + e.getMessage(), e); + if (e.getMessage() != null && (e.getMessage().contains("rejected") || e.getMessage().contains("terminated"))) { + Log.w(TAG, "ExecutorService rejected fallback task, service may be shutting down"); + } } } } @@ -264,14 +685,28 @@ public static String pretty(Date date) { @SuppressLint("RestrictedApi") private void showNotification(LogInfo logInfo) { - if(G.enableLogService()) { - manager.notify(109, notificationBuilder.setOngoing(false) - .setCategory(NotificationCompat.CATEGORY_EVENT) - .setVisibility(NotificationCompat.VISIBILITY_SECRET) + if(G.enableLogService() && G.canShow(logInfo.uid) && logInfo.uid != -100) { + // Create a separate notification for log events (disposable notifications) + // These use a different channel and notification ID than the foreground service + NotificationCompat.Builder logEventBuilder = new NotificationCompat.Builder(ctx, NOTIFICATION_CHANNEL_ID); + + Intent appIntent = new Intent(ctx, LogActivity.class); + appIntent.setAction(Intent.ACTION_MAIN); + appIntent.addCategory(Intent.CATEGORY_LAUNCHER); + appIntent.setFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP); + PendingIntent notifyPendingIntent = PendingIntent.getActivity(ctx, 0, appIntent, PendingIntent.FLAG_IMMUTABLE); + + logEventBuilder.setContentIntent(notifyPendingIntent) + .setContentTitle(ctx.getString(R.string.firewall_log_notify)) .setContentText(logInfo.uidString) .setSmallIcon(R.drawable.ic_block_black_24dp) + .setOngoing(false) .setAutoCancel(true) - .build()); + .setCategory(NotificationCompat.CATEGORY_EVENT) + .setVisibility(NotificationCompat.VISIBILITY_SECRET) + .setPriority(NotificationCompat.PRIORITY_LOW); + + manager.notify(109, logEventBuilder.build()); } } @@ -321,27 +756,95 @@ private static void store(final LogInfo logInfo, Context context) { @Override public void onDestroy() { - Log.d(TAG, "Log service onDestroy"); + + // Set shutdown flag to prevent new tasks from starting + isShuttingDown = true; + + // Close log watcher shell first to stop generating new tasks + if(logWatcherShell != null) { + try { + logWatcherShell.close(); + } catch (Exception e) { + Log.w(TAG, "Error closing log watcher shell: " + e.getMessage()); + } + logWatcherShell = null; + } + + // Shutdown executor service gracefully if(executorService != null) { - executorService.shutdownNow(); + try { + executorService.shutdown(); // Try graceful shutdown first + if (!executorService.awaitTermination(2000, java.util.concurrent.TimeUnit.MILLISECONDS)) { + Log.w(TAG, "ExecutorService did not terminate gracefully, forcing shutdown"); + executorService.shutdownNow(); + // Wait a bit more for tasks to respond to being cancelled + if (!executorService.awaitTermination(1000, java.util.concurrent.TimeUnit.MILLISECONDS)) { + Log.w(TAG, "ExecutorService did not terminate after force shutdown"); + } + } + } catch (InterruptedException e) { + Log.w(TAG, "Interrupted while shutting down ExecutorService"); + executorService.shutdownNow(); + Thread.currentThread().interrupt(); + } } executorService = null; + + // Update FirewallService notification if it's running + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O && FirewallService.isInstanceRunning()) { + FirewallService.setLogServiceActive(false); + Log.i(TAG, "Notified FirewallService that log monitoring stopped"); + } else { + // Stop our own foreground service + try { + stopForeground(true); + Log.i(TAG, "Stopped foreground service"); + } catch (Exception e) { + Log.w(TAG, "Error stopping foreground service: " + e.getMessage()); + } + } + + // Clean up temporary files + cleanupTempFiles(); + super.onDestroy(); } @Override public void onTaskRemoved(Intent rootIntent) { super.onTaskRemoved(rootIntent); - Log.d(TAG, "Log service removed"); - Intent intent = new Intent(getApplicationContext(), LogService.class); - PendingIntent pendingIntent = PendingIntent.getService(this, 1, intent, PendingIntent.FLAG_MUTABLE); - AlarmManager alarmManager = (AlarmManager) getSystemService(Context.ALARM_SERVICE); - alarmManager.set(AlarmManager.RTC_WAKEUP, SystemClock.elapsedRealtime() + 000, pendingIntent); + // Restart service if log service is still enabled + if (G.enableLogService()) { + Intent intent = new Intent(getApplicationContext(), LogService.class); + PendingIntent pendingIntent = PendingIntent.getService(this, 1, intent, PendingIntent.FLAG_MUTABLE); + AlarmManager alarmManager = (AlarmManager) getSystemService(Context.ALARM_SERVICE); + alarmManager.set(AlarmManager.RTC_WAKEUP, SystemClock.elapsedRealtime() + 5000, pendingIntent); + } + + // Clean up resources gracefully + if(logWatcherShell != null && !logWatcherShell.isAlive()) { + try { + logWatcherShell.close(); + } catch (Exception e) { + Log.w(TAG, "Error closing shell in onTaskRemoved: " + e.getMessage()); + } + logWatcherShell = null; + } + if(executorService != null) { - executorService.shutdownNow(); + try { + executorService.shutdown(); + if (!executorService.awaitTermination(1000, java.util.concurrent.TimeUnit.MILLISECONDS)) { + executorService.shutdownNow(); + } + } catch (InterruptedException e) { + executorService.shutdownNow(); + Thread.currentThread().interrupt(); + } } executorService = null; - super.onTaskRemoved(rootIntent); + + cleanupTempFiles(); } } diff --git a/app/src/main/java/dev/ukanth/ufirewall/service/RootShellService.java b/app/src/main/java/dev/ukanth/ufirewall/service/RootShellService.java index acc36c80f..69101fedf 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/service/RootShellService.java +++ b/app/src/main/java/dev/ukanth/ufirewall/service/RootShellService.java @@ -60,7 +60,7 @@ public class RootShellService extends Service implements Cloneable { public static final String TAG = "AFWall"; - public static final int NOTIFICATION_ID = 33347; + public static final int NOTIFICATION_ID = 1; public static final int EXIT_NO_ROOT_ACCESS = -1; public static final int NO_TOAST = -1; /* write command completion times to logcat */ @@ -90,8 +90,10 @@ private void complete(final RootCommand state, int exitCode) { Api.sendToastBroadcast(mContext, mContext.getString(state.failureToast)); } - if (notificationManager != null) { - notificationManager.cancel(NOTIFICATION_ID); + // Refresh FirewallService notification after rules complete + if (FirewallService.isInstanceRunning()) { + Log.d(TAG, "Rules completed, refreshing FirewallService notification"); + FirewallService.refreshNotification(); } } @@ -110,7 +112,6 @@ private void runNextSubmission() { } if (state != null) { //same as last one. ignore it - Log.i(TAG, "Start processing next state(4)"); if (enableProfiling) { state.startTime = new Date(); } @@ -120,9 +121,10 @@ private void runNextSubmission() { //continue; } else if (rootState == ShellState.READY) { rootState = ShellState.BUSY; - if (G.isRun()) { - createNotification(mContext); - } + // Don't create notification - let FirewallService handle it + // if (G.isRun()) { + // createNotification(mContext); + // } processCommands(state); } } @@ -148,6 +150,13 @@ private void processCommands(final RootCommand state) { state.lastCommand = command; state.lastCommandResult = new StringBuilder(); try { + // Check if shell is still valid before executing command + if (rootSession == null || !rootSession.isRunning() ) { + rootState = ShellState.FAIL; + complete(state, -1); + return; + } + rootSession.addCommand(command, 0, (Shell.OnCommandResultListener2) (commandCode, exitCode, output, STDERR)-> { ListIterator iter = output.listIterator(); while (iter.hasNext()) { @@ -159,11 +168,27 @@ private void processCommands(final RootCommand state) { state.lastCommandResult.append(line).append("\n"); } } + // Special handling for exit code 126 (command not executable) - fallback to system iptables + if (exitCode == 126 && shouldFallbackToSystem(state)) { + Log.w(TAG, "Built-in iptables failed with exit 126, attempting fallback to system iptables"); + // Remember that built-in iptables failed for future preference + G.setBuiltinIptablesFailed(true); + fallbackToSystemBinary(state); + processCommands(state); + return; + } + if (exitCode >= 0 && exitCode == state.retryExitCode && state.retryCount < MAX_RETRIES) { //lets wait for few ms before trying ? state.retryCount++; - Log.d(TAG, "command '" + state.lastCommand + "' exited with status " + exitCode + - ", retrying (attempt " + state.retryCount + "/" + MAX_RETRIES + ")"); + + // Add exponential backoff delay for retries + try { + Thread.sleep(100 * state.retryCount); + } catch (InterruptedException e) { + Thread.currentThread().interrupt(); + } + processCommands(state); return; } @@ -210,7 +235,7 @@ private void sendUpdate(final RootCommand state2) { private void createNotification(Context context) { - String CHANNEL_ID = "firewall.apply"; + String CHANNEL_ID = "firewall.service"; notificationManager = (NotificationManager) context.getSystemService(Context.NOTIFICATION_SERVICE); NotificationCompat.Builder builder = new NotificationCompat.Builder(context, CHANNEL_ID); @@ -218,7 +243,7 @@ private void createNotification(Context context) { if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) { /* Create or update. */ - NotificationChannel channel = new NotificationChannel(CHANNEL_ID, context.getString(R.string.runNotification), + NotificationChannel channel = new NotificationChannel(CHANNEL_ID, context.getString(R.string.firewall_service), NotificationManager.IMPORTANCE_LOW); channel.setDescription(""); channel.setShowBadge(false); @@ -237,7 +262,7 @@ private void createNotification(Context context) { int notifyType = G.getNotificationPriority(); - Notification notification = builder.setSmallIcon(R.drawable.ic_apply) + Notification notification = builder.setSmallIcon(R.drawable.notification) .setAutoCancel(false) .setContentTitle(context.getString(R.string.applying_rules)) .setTicker(context.getString(R.string.app_name)) @@ -281,11 +306,15 @@ private void setupLogging() { } - private void startShellInBackground() { + private synchronized void startShellInBackground() { Log.d(TAG, "Starting root shell(4)..."); setupLogging(); - //start only rootSession is null - if (rootSession == null) { + //start only rootSession is null or closed + if (rootSession == null || !rootSession.isRunning()) { + if (rootSession != null && !rootSession.isRunning()) { + rootSession = null; + } + rootSession = new Shell.Builder(). useSU(). setWatchdogTimeout(5). @@ -320,7 +349,6 @@ private void reOpenShell(Context context) { public void runScriptAsRoot(Context ctx, List cmds, RootCommand state) { - Log.i(TAG, "Received cmds: #" + cmds.size()); state.setCommmands(cmds); state.commandIndex = 0; state.retryCount = 0; @@ -329,7 +357,6 @@ public void runScriptAsRoot(Context ctx, List cmds, RootCommand state) { } //already in memory and applied //add it to queue - Log.d(TAG, "Hashing4...." + state.isv6); waitQueue.add(state); @@ -358,6 +385,61 @@ public void run() { public IBinder onBind(Intent intent) { return null; } + + /** + * Check if fallback to system binary should be attempted for exit code 126 + * Only fallback once per command to avoid infinite loops + */ + private boolean shouldFallbackToSystem(RootCommand state) { + if (state.lastCommand == null || mContext == null) { + return false; + } + + // Check if command contains built-in iptables path and hasn't been fallback attempted + String builtinDir = mContext.getDir("bin", 0).getAbsolutePath(); + return state.lastCommand.contains(builtinDir) && + !state.lastCommand.contains("__FALLBACK_ATTEMPTED__"); + } + + /** + * Replace built-in iptables/ip6tables paths with system paths in the current command + */ + private void fallbackToSystemBinary(RootCommand state) { + if (state.lastCommand == null || mContext == null) { + return; + } + + String builtinDir = mContext.getDir("bin", 0).getAbsolutePath(); + String originalCommand = state.lastCommand; + + // Try to find system iptables + String systemIptables = Api.findSystemBinary("iptables"); + String systemIp6tables = Api.findSystemBinary("ip6tables"); + + if (systemIptables != null || systemIp6tables != null) { + String updatedCommand = originalCommand; + + // Replace built-in paths with system paths + if (systemIptables != null) { + updatedCommand = updatedCommand.replace(builtinDir + "/iptables", systemIptables); + } + if (systemIp6tables != null) { + updatedCommand = updatedCommand.replace(builtinDir + "/ip6tables", systemIp6tables); + } + + // Mark as fallback attempted to prevent infinite loops + updatedCommand += " # __FALLBACK_ATTEMPTED__"; + + // Update the command in the current state + List commands = state.getCommmands(); + if (state.commandIndex < commands.size()) { + commands.set(state.commandIndex, updatedCommand); + Log.i(TAG, "Fallback applied: " + originalCommand + " -> " + updatedCommand); + } + } else { + Log.w(TAG, "No system iptables found for fallback"); + } + } public enum ShellState { INIT, diff --git a/app/src/main/java/dev/ukanth/ufirewall/service/RootShellService2.java b/app/src/main/java/dev/ukanth/ufirewall/service/RootShellService2.java index c82ec50bd..fa7c8de07 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/service/RootShellService2.java +++ b/app/src/main/java/dev/ukanth/ufirewall/service/RootShellService2.java @@ -60,7 +60,7 @@ public class RootShellService2 extends Service { public static final String TAG = "AFWall6"; - public static final int NOTIFICATION_ID = 33347; + public static final int NOTIFICATION_ID = 1; public static final int EXIT_NO_ROOT_ACCESS = -1; public static final int NO_TOAST = -1; /* write command completion times to logcat */ @@ -90,8 +90,10 @@ private void complete(final RootCommand state, int exitCode) { Api.sendToastBroadcast(mContext, mContext.getString(state.failureToast)); } - if (notificationManager != null) { - notificationManager.cancel(NOTIFICATION_ID); + // Refresh FirewallService notification after rules complete + if (FirewallService.isInstanceRunning()) { + Log.d(TAG, "Rules completed, refreshing FirewallService notification"); + FirewallService.refreshNotification(); } } @@ -110,7 +112,6 @@ private void runNextSubmission() { } if (state != null) { //same as last one. ignore it - Log.i(TAG, "Start processing next state(6)"); if (enableProfiling) { state.startTime = new Date(); } @@ -120,9 +121,10 @@ private void runNextSubmission() { //continue; } else if (rootState == ShellState2.READY) { rootState = ShellState2.BUSY; - if (G.isRun()) { - createNotification(mContext); - } + // Don't create notification - let FirewallService handle it + // if (G.isRun()) { + // createNotification(mContext); + // } processCommands(state); } } @@ -157,6 +159,16 @@ private void processCommands(final RootCommand state) { state.lastCommandResult.append(line).append("\n"); } } + // Special handling for exit code 126 (command not executable) - fallback to system iptables + if (exitCode == 126 && shouldFallbackToSystem(state)) { + Log.w(TAG, "Built-in iptables failed with exit 126, attempting fallback to system iptables"); + // Remember that built-in iptables failed for future preference + G.setBuiltinIptablesFailed(true); + fallbackToSystemBinary(state); + processCommands(state); + return; + } + if (exitCode >= 0 && exitCode == state.retryExitCode && state.retryCount < MAX_RETRIES) { //lets wait for few ms before trying ? state.retryCount++; @@ -208,7 +220,7 @@ private void sendUpdate(final RootCommand state2) { private void createNotification(Context context) { - String CHANNEL_ID = "firewall.apply"; + String CHANNEL_ID = "firewall.service"; notificationManager = (NotificationManager) context.getSystemService(Context.NOTIFICATION_SERVICE); NotificationCompat.Builder builder = new NotificationCompat.Builder(context, CHANNEL_ID); @@ -216,7 +228,7 @@ private void createNotification(Context context) { if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) { /* Create or update. */ - NotificationChannel channel = new NotificationChannel(CHANNEL_ID, context.getString(R.string.runNotification), + NotificationChannel channel = new NotificationChannel(CHANNEL_ID, context.getString(R.string.firewall_service), NotificationManager.IMPORTANCE_LOW); channel.setDescription(""); channel.setShowBadge(false); @@ -238,7 +250,7 @@ private void createNotification(Context context) { int notifyType = G.getNotificationPriority(); - Notification notification = builder.setSmallIcon(R.drawable.ic_apply) + Notification notification = builder.setSmallIcon(R.drawable.notification) .setAutoCancel(false) .setContentTitle(context.getString(R.string.applying_rules)) .setTicker(context.getString(R.string.app_name)) @@ -310,7 +322,6 @@ private void reOpenShell(Context context) { public void runScriptAsRoot(Context ctx, List cmds, RootCommand state) { - Log.i(TAG, "Received cmds: #" + cmds.size()); state.setCommmands(cmds); state.commandIndex = 0; state.retryCount = 0; @@ -347,6 +358,61 @@ public void run() { public IBinder onBind(Intent intent) { return null; } + + /** + * Check if fallback to system binary should be attempted for exit code 126 + * Only fallback once per command to avoid infinite loops + */ + private boolean shouldFallbackToSystem(RootCommand state) { + if (state.lastCommand == null) { + return false; + } + + // Check if command contains built-in iptables path and hasn't been fallback attempted + String builtinDir = getApplicationContext().getDir("bin", 0).getAbsolutePath(); + return state.lastCommand.contains(builtinDir) && + !state.lastCommand.contains("__FALLBACK_ATTEMPTED__"); + } + + /** + * Replace built-in iptables/ip6tables paths with system paths in the current command + */ + private void fallbackToSystemBinary(RootCommand state) { + if (state.lastCommand == null) { + return; + } + + String builtinDir = getApplicationContext().getDir("bin", 0).getAbsolutePath(); + String originalCommand = state.lastCommand; + + // Try to find system iptables + String systemIptables = Api.findSystemBinary("iptables"); + String systemIp6tables = Api.findSystemBinary("ip6tables"); + + if (systemIptables != null || systemIp6tables != null) { + String updatedCommand = originalCommand; + + // Replace built-in paths with system paths + if (systemIptables != null) { + updatedCommand = updatedCommand.replace(builtinDir + "/iptables", systemIptables); + } + if (systemIp6tables != null) { + updatedCommand = updatedCommand.replace(builtinDir + "/ip6tables", systemIp6tables); + } + + // Mark as fallback attempted to prevent infinite loops + updatedCommand += " # __FALLBACK_ATTEMPTED__"; + + // Update the command in the current state + List commands = state.getCommmands(); + if (state.commandIndex < commands.size()) { + commands.set(state.commandIndex, updatedCommand); + Log.i(TAG, "Fallback applied: " + originalCommand + " -> " + updatedCommand); + } + } else { + Log.w(TAG, "No system iptables found for fallback"); + } + } public enum ShellState2 { INIT, diff --git a/app/src/main/java/dev/ukanth/ufirewall/ui/about/AboutFragment.java b/app/src/main/java/dev/ukanth/ufirewall/ui/about/AboutFragment.java index 1dc883fbd..9ce66c5aa 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/ui/about/AboutFragment.java +++ b/app/src/main/java/dev/ukanth/ufirewall/ui/about/AboutFragment.java @@ -1,15 +1,20 @@ package dev.ukanth.ufirewall.ui.about; +import android.content.Intent; +import android.net.Uri; import android.os.Bundle; import android.util.Log; import android.view.LayoutInflater; import android.view.View; import android.view.ViewGroup; import android.webkit.WebView; +import android.webkit.WebViewClient; import android.widget.TextView; import androidx.fragment.app.Fragment; +import com.google.android.material.snackbar.Snackbar; + import java.io.IOException; import dev.ukanth.ufirewall.Api; @@ -27,90 +32,123 @@ public View onCreateView(LayoutInflater inflater, ViewGroup group, } @Override - public void onActivityCreated(Bundle savedInstanceState) { - super.onActivityCreated(savedInstanceState); + public void onViewCreated(View view, Bundle savedInstanceState) { + super.onViewCreated(view, savedInstanceState); String version = BuildConfig.VERSION_NAME; - TextView text = getActivity().findViewById(R.id.afwall_title); + TextView titleText = view.findViewById(R.id.afwall_title); String versionText = getString(R.string.app_name) + " (v" + version + ")"; - if(G.isDoKey(getActivity().getApplicationContext()) || BuildConfig.APPLICATION_ID.equals("dev.ukanth.ufirewall.donate")) { - versionText = versionText + " (Donate) " + getActivity().getString(R.string.donate_thanks)+ ":)"; + if(G.isDoKey(requireContext()) || BuildConfig.APPLICATION_ID.equals("dev.ukanth.ufirewall.donate")) { + versionText = versionText + " (Donate) " + getString(R.string.donate_thanks) + " :)"; } - text.setText(versionText); + titleText.setText(versionText); - WebView creditsWebView = getActivity().findViewById(R.id.about_thirdsparty_credits); - try { - String data = Api.loadData(getActivity().getBaseContext(), "about"); - creditsWebView.loadDataWithBaseURL(null, data, "text/html","UTF-8",null); - } catch (IOException ioe) { - Log.e(Api.TAG, "Error reading changelog file!", ioe); - } + loadCreditsContent(view); } - - /*class ActivitySwipeDetector implements View.OnTouchListener { - static final String logTag = "ActivitySwipeDetector"; - static final int MIN_DISTANCE = 100; - private float downX, downY, upX, upY; - - public ActivitySwipeDetector() { - } - - public void onRightToLeftSwipe(View v) { - Log.i(logTag, "RightToLeftSwipe!"); - } - - public void onLeftToRightSwipe(View v){ - Log.i(logTag, "LeftToRightSwipe!"); - } - - public void onTopToBottomSwipe(View v){ - Log.i(logTag, "onTopToBottomSwipe!"); - } - - public void onBottomToTopSwipe(View v){ - Log.i(logTag, "onBottomToTopSwipe!"); - Toast.makeText(getActivity(),"Swipe Works great",Toast.LENGTH_LONG).show(); - } - - public boolean onTouch(View v, MotionEvent event) { - switch(event.getAction()){ - case MotionEvent.ACTION_DOWN: { - downX = event.getX(); - downY = event.getY(); + private void loadCreditsContent(View view) { + WebView creditsWebView = view.findViewById(R.id.about_thirdsparty_credits); + + // Configure WebView for better user experience + creditsWebView.getSettings().setJavaScriptEnabled(false); + creditsWebView.getSettings().setBuiltInZoomControls(true); + creditsWebView.getSettings().setDisplayZoomControls(false); + + // Handle links to open in external browser + creditsWebView.setWebViewClient(new WebViewClient() { + @Override + public boolean shouldOverrideUrlLoading(WebView webView, String url) { + try { + Intent browserIntent = new Intent(Intent.ACTION_VIEW, Uri.parse(url)); + startActivity(browserIntent); return true; - } - case MotionEvent.ACTION_UP: { - upX = event.getX(); - upY = event.getY(); - - float deltaX = downX - upX; - float deltaY = downY - upY; - - // swipe horizontal? - if(Math.abs(deltaX) > MIN_DISTANCE){ - // left or right - if(deltaX < 0) { this.onLeftToRightSwipe(v); return true; } - if(deltaX > 0) { this.onRightToLeftSwipe(v); return true; } - } - else { - Log.i(logTag, "Swipe was only " + Math.abs(deltaX) + " long, need at least " + MIN_DISTANCE); - } - - // swipe vertical? - if(Math.abs(deltaY) > MIN_DISTANCE){ - // top or down - if(deltaY < 0) { this.onTopToBottomSwipe(v); return true; } - if(deltaY > 0) { this.onBottomToTopSwipe(v); return true; } - } - else { - Log.i(logTag, "Swipe was only " + Math.abs(deltaX) + " long, need at least " + MIN_DISTANCE); - v.performClick(); - } + } catch (Exception e) { + Log.e(Api.TAG, "Error opening URL: " + url, e); + return false; } } - return false; + }); + + try { + String data = Api.loadData(requireContext(), "about"); + // Enhance the HTML with modern styling that adapts to theme + String enhancedData = enhanceHTMLForModernUI(data); + creditsWebView.loadDataWithBaseURL(null, enhancedData, "text/html", "UTF-8", null); + } catch (IOException ioe) { + Log.e(Api.TAG, "Error reading about file!", ioe); + // Show error state + Snackbar.make(view, "Unable to load about content", Snackbar.LENGTH_LONG).show(); } - }*/ + } + + private String enhanceHTMLForModernUI(String originalHTML) { + // Replace the old styling with modern, theme-aware styling + String modernCSS = + ""; + + // Replace the existing style section with modern styling + if (originalHTML.contains("]*>.*?", modernCSS); + } else { + originalHTML = originalHTML.replace("", "" + modernCSS); + } + + return originalHTML; + } } diff --git a/app/src/main/java/dev/ukanth/ufirewall/ui/about/FAQFragment.java b/app/src/main/java/dev/ukanth/ufirewall/ui/about/FAQFragment.java deleted file mode 100644 index c95157dae..000000000 --- a/app/src/main/java/dev/ukanth/ufirewall/ui/about/FAQFragment.java +++ /dev/null @@ -1,43 +0,0 @@ -package dev.ukanth.ufirewall.ui.about; - -import android.os.Bundle; -import android.util.Log; -import android.view.LayoutInflater; -import android.view.View; -import android.view.ViewGroup; -import android.webkit.WebView; -import android.widget.TextView; - -import androidx.fragment.app.Fragment; - -import java.io.IOException; - -import dev.ukanth.ufirewall.Api; -import dev.ukanth.ufirewall.R; - - -public class FAQFragment extends Fragment { - private static final String TAG = "FAQFragment"; - - @Override - public View onCreateView(LayoutInflater inflater, ViewGroup group, - Bundle saved) { - return inflater.inflate(R.layout.help_faq_content, group, false); - } - - @Override - public void onActivityCreated(Bundle savedInstanceState) { - super.onActivityCreated(savedInstanceState); - - TextView text = getActivity().findViewById(R.id.faq_afwall_title); - text.setText(R.string.faq); - - WebView creditsWebView = getActivity().findViewById(R.id.faq_webview); - try { - String data = Api.loadData(getActivity().getBaseContext(), "faq"); - creditsWebView.loadDataWithBaseURL(null, data, "text/html","UTF-8",null); - } catch (IOException ioe) { - Log.e(TAG, "Error reading changelog file!", ioe); - } - } -} diff --git a/app/src/main/java/dev/ukanth/ufirewall/ui/about/ViewPagerAdapter.java b/app/src/main/java/dev/ukanth/ufirewall/ui/about/ViewPagerAdapter.java deleted file mode 100644 index ff6df3ae6..000000000 --- a/app/src/main/java/dev/ukanth/ufirewall/ui/about/ViewPagerAdapter.java +++ /dev/null @@ -1,41 +0,0 @@ -package dev.ukanth.ufirewall.ui.about; - -import androidx.fragment.app.Fragment; -import androidx.fragment.app.FragmentManager; -import androidx.fragment.app.FragmentStatePagerAdapter; - -/** - * Created by ukanth on 2/5/15. - */ -public class ViewPagerAdapter extends FragmentStatePagerAdapter { - - CharSequence[] pageTitles; - int noOfTabs; - - - // Build a Constructor and assign the passed Values to appropriate values in the class - public ViewPagerAdapter(FragmentManager fm, CharSequence[] mTitles, int mNumbOfTabsumb) { - super(fm); - this.pageTitles = mTitles; - this.noOfTabs = mNumbOfTabsumb; - - } - @Override - public Fragment getItem(int position) { - if(position == 0) { - return new AboutFragment(); - } else { - return new FAQFragment(); - } - } - - @Override - public CharSequence getPageTitle(int position) { - return pageTitles[position]; - } - - @Override - public int getCount() { - return noOfTabs; - } -} diff --git a/app/src/main/java/dev/ukanth/ufirewall/util/AppListArrayAdapter.java b/app/src/main/java/dev/ukanth/ufirewall/util/AppListArrayAdapter.java index 11fe46c01..04545f4b1 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/util/AppListArrayAdapter.java +++ b/app/src/main/java/dev/ukanth/ufirewall/util/AppListArrayAdapter.java @@ -16,8 +16,13 @@ import android.widget.CompoundButton; import android.widget.ImageView; import android.widget.TextView; +import android.widget.LinearLayout; import java.util.List; +import java.util.HashSet; +import java.util.Set; + +import com.raizlabs.android.dbflow.sql.language.SQLite; import dev.ukanth.ufirewall.Api; import dev.ukanth.ufirewall.Api.PackageInfoData; @@ -25,6 +30,22 @@ import dev.ukanth.ufirewall.R; import dev.ukanth.ufirewall.activity.AppDetailActivity; import dev.ukanth.ufirewall.log.Log; +import dev.ukanth.ufirewall.log.LogPreference; +import dev.ukanth.ufirewall.log.LogPreference_Table; +import dev.ukanth.ufirewall.log.LogData; +import dev.ukanth.ufirewall.log.LogData_Table; +import dev.ukanth.ufirewall.util.G; +import dev.ukanth.ufirewall.util.DataUsageParser; + +import java.text.SimpleDateFormat; +import java.util.Date; +import java.util.Locale; +import android.graphics.Color; +import android.graphics.PorterDuff; +import android.graphics.drawable.Drawable; +import android.content.res.ColorStateList; +import androidx.core.content.ContextCompat; +import androidx.core.widget.CompoundButtonCompat; public class AppListArrayAdapter extends ArrayAdapter { @@ -35,6 +56,7 @@ public class AppListArrayAdapter extends ArrayAdapter { private final Activity activity; private boolean useOld = false; + private Set expandedPositions = new HashSet<>(); //final int color = G.sysColor(); //final int defaultColor = Color.WHITE; @@ -140,8 +162,10 @@ public View getView(final int position, View convertView, ViewGroup parent) { } final int id = holder.app.uid; - holder.icon.setOnClickListener(v -> StartAppDetailActivityIntent(v,holder,id)); - holder.text.setOnClickListener(v -> StartAppDetailActivityIntent(v,holder,id)); + final View finalConvertView = convertView; + final int finalPosition = position; + holder.icon.setOnClickListener(v -> toggleExpansion(finalConvertView, finalPosition)); + holder.text.setOnClickListener(v -> toggleExpansion(finalConvertView, finalPosition)); ApplicationInfo info = holder.app.appinfo; @@ -199,11 +223,238 @@ public View getView(final int position, View convertView, ViewGroup parent) { holder.box_tor = addSupport(holder.box_tor, holder.app, 3); } + // Apply high contrast checkbox tinting for e-paper displays + applyHighContrastCheckboxTint(holder); + + setupExpandableView(holder, convertView, position); addEventListenter(holder); return convertView; } + private void toggleExpansion(View convertView, int position) { + AppStateHolder holder = (AppStateHolder) convertView.getTag(); + if (expandedPositions.contains(position)) { + expandedPositions.remove(position); + holder.expandedOptions.setVisibility(View.GONE); + } else { + expandedPositions.add(position); + holder.expandedOptions.setVisibility(View.VISIBLE); + updateLogStatistics(holder); + updateDataUsageStats(holder); + } + } + + private void setupExpandableView(AppStateHolder holder, View convertView, int position) { + holder.expandedOptions = convertView.findViewById(R.id.expanded_options); + holder.actionToggleLog = convertView.findViewById(R.id.action_toggle_log); + holder.actionOpenApp = convertView.findViewById(R.id.action_open_app); + holder.actionViewLogs = convertView.findViewById(R.id.action_view_logs); + holder.blockedCount = convertView.findViewById(R.id.blocked_count); + holder.lastActivity = convertView.findViewById(R.id.last_activity); + holder.lastBlockedDestination = convertView.findViewById(R.id.last_blocked_destination); + holder.dataUsage = convertView.findViewById(R.id.data_usage); + + if (expandedPositions.contains(position)) { + holder.expandedOptions.setVisibility(View.VISIBLE); + updateLogStatistics(holder); + updateDataUsageStats(holder); + } else { + holder.expandedOptions.setVisibility(View.GONE); + } + + updateLogNotificationIcon(holder); + updateLogsIconVisibility(holder); + applyThemeColors(holder); + + holder.actionToggleLog.setOnClickListener(v -> { + Log.d(TAG, "Notification toggle clicked for UID: " + holder.app.uid); + toggleLogNotification(holder); + }); + holder.actionOpenApp.setOnClickListener(v -> { + Log.d(TAG, "Open app settings clicked for: " + holder.app.pkgName); + openAppSettings(holder); + }); + holder.actionViewLogs.setOnClickListener(v -> { + Log.d(TAG, "View logs clicked for UID: " + holder.app.uid); + openFirewallLogs(holder); + }); + } + + private void updateLogNotificationIcon(AppStateHolder holder) { + try { + LogPreference logPreference = SQLite.select() + .from(LogPreference.class) + .where(LogPreference_Table.uid.eq(holder.app.uid)).querySingle(); + + boolean isDisabled = logPreference != null && logPreference.isDisable(); + + holder.actionToggleLog.setImageResource( + isDisabled ? R.drawable.ic_notifications_off_black_24dp + : R.drawable.ic_notifications_on_black_24dp + ); + } catch (Exception e) { + Log.e(TAG, "Error updating notification icon", e); + holder.actionToggleLog.setImageResource(R.drawable.ic_notifications_on_black_24dp); + } + } + + private void applyThemeColors(AppStateHolder holder) { + int iconColor = G.userColor(); + int textColor = G.userColor(); + + // Apply color filter to icons using setColorFilter on ImageView, not the Drawable + // This preserves click functionality + holder.actionToggleLog.setColorFilter(iconColor, PorterDuff.Mode.SRC_IN); + holder.actionOpenApp.setColorFilter(iconColor, PorterDuff.Mode.SRC_IN); + holder.actionViewLogs.setColorFilter(iconColor, PorterDuff.Mode.SRC_IN); + + // Apply text colors + if (holder.blockedCount != null) { + holder.blockedCount.setTextColor(textColor); + } + if (holder.lastActivity != null) { + holder.lastActivity.setTextColor(textColor); + } + if (holder.lastBlockedDestination != null) { + holder.lastBlockedDestination.setTextColor(textColor); + } + if (holder.dataUsage != null) { + holder.dataUsage.setTextColor(textColor); + } + } + + private void toggleLogNotification(AppStateHolder holder) { + try { + LogPreference logPreference = SQLite.select() + .from(LogPreference.class) + .where(LogPreference_Table.uid.eq(holder.app.uid)).querySingle(); + + // Current state: if logPreference exists and isDisable() is true, notifications are disabled + boolean currentlyDisabled = logPreference != null && logPreference.isDisable(); + + // Toggle: if currently disabled, enable (false); if currently enabled, disable (true) + boolean newDisabledState = !currentlyDisabled; + + Log.d(TAG, "Toggling log notification for UID " + holder.app.uid + + ": currently disabled=" + currentlyDisabled + ", new disabled state=" + newDisabledState); + + G.updateLogNotification(holder.app.uid, newDisabledState); + updateLogNotificationIcon(holder); + applyThemeColors(holder); + } catch (Exception e) { + Log.e(TAG, "Error toggling log notification", e); + } + } + + private void openAppSettings(AppStateHolder holder) { + if (!holder.app.pkgName.startsWith("dev.afwall.special.")) { + Api.showInstalledAppDetails(context, holder.app.pkgName); + } + } + + private void updateLogsIconVisibility(AppStateHolder holder) { + try { + // Check if logs exist for this app + long logCount = SQLite.selectCountOf() + .from(LogData.class) + .where(LogData_Table.uid.eq(holder.app.uid)) + .count(); + + holder.actionViewLogs.setVisibility(logCount > 0 ? View.VISIBLE : View.GONE); + } catch (Exception e) { + Log.e(TAG, "Error checking log availability", e); + holder.actionViewLogs.setVisibility(View.GONE); + } + } + + private void openFirewallLogs(AppStateHolder holder) { + try { + Intent intent = new Intent(context, dev.ukanth.ufirewall.activity.LogDetailActivity.class); + intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + intent.putExtra("DATA", holder.app.uid); + context.startActivity(intent); + } catch (Exception e) { + Log.e(TAG, "Error opening firewall logs", e); + } + } + + private void updateLogStatistics(AppStateHolder holder) { + try { + int uid = holder.app.uid; + + // Get blocked count + long blockedCountValue = SQLite.selectCountOf() + .from(LogData.class) + .where(LogData_Table.uid.eq(uid)) + .count(); + + holder.blockedCount.setText("Blocked: " + blockedCountValue); + + // Get most recent log entry + LogData lastLogEntry = SQLite.select() + .from(LogData.class) + .where(LogData_Table.uid.eq(uid)) + .orderBy(LogData_Table.timestamp, false) + .querySingle(); + + if (lastLogEntry != null) { + // Format last activity time + SimpleDateFormat sdf = new SimpleDateFormat("MMM dd, HH:mm", Locale.getDefault()); + String formattedTime = sdf.format(new Date(lastLogEntry.getTimestamp())); + holder.lastActivity.setText("Last: " + formattedTime); + + // Show last blocked destination + String destination = lastLogEntry.getDst(); + if (destination != null && !destination.isEmpty()) { + String hostname = lastLogEntry.getHostname(); + String displayDestination = hostname != null && !hostname.isEmpty() ? + hostname : destination; + holder.lastBlockedDestination.setText("Last blocked: " + displayDestination); + } else { + holder.lastBlockedDestination.setText("Last blocked: -"); + } + } else { + holder.lastActivity.setText("Last activity: -"); + holder.lastBlockedDestination.setText("Last blocked: -"); + } + + } catch (Exception e) { + Log.e(TAG, "Error updating log statistics", e); + holder.blockedCount.setText("Blocked: -"); + holder.lastActivity.setText("Last activity: -"); + holder.lastBlockedDestination.setText("Last blocked: -"); + } + } + + private void updateDataUsageStats(AppStateHolder holder) { + // Run in background thread to avoid blocking UI + new Thread(() -> { + try { + DataUsageParser.DataUsageStats stats = DataUsageParser.getDataUsageForUID(holder.app.uid); + String dataUsageText = DataUsageParser.formatWifiMobileUsage(stats); + + // Update UI on main thread + if (activity != null) { + activity.runOnUiThread(() -> { + if (holder.dataUsage != null) { + holder.dataUsage.setText("Data: " + dataUsageText); + } + }); + } + } catch (Exception e) { + Log.e(TAG, "Error updating data usage stats", e); + if (activity != null) { + activity.runOnUiThread(() -> { + if (holder.dataUsage != null) { + holder.dataUsage.setText("Data: Not available"); + } + }); + } + } + }).start(); + } + private void StartAppDetailActivityIntent(View v, AppStateHolder holder, Integer id) { Intent intent = new Intent(context, AppDetailActivity.class); intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK); @@ -373,6 +624,40 @@ private CheckBox removeSupport(View convertView, int id) { return check; } + /** + * Apply high contrast checkbox tinting for e-paper displays + */ + private void applyHighContrastCheckboxTint(AppStateHolder holder) { + if (!"LHC".equals(G.getSelectedTheme())) { + return; + } + + // Pure black color for maximum contrast on e-paper + ColorStateList colorStateList = ColorStateList.valueOf(Color.BLACK); + + if (holder.box_wifi != null) { + CompoundButtonCompat.setButtonTintList(holder.box_wifi, colorStateList); + } + if (holder.box_3g != null) { + CompoundButtonCompat.setButtonTintList(holder.box_3g, colorStateList); + } + if (holder.box_roam != null) { + CompoundButtonCompat.setButtonTintList(holder.box_roam, colorStateList); + } + if (holder.box_vpn != null) { + CompoundButtonCompat.setButtonTintList(holder.box_vpn, colorStateList); + } + if (holder.box_tether != null) { + CompoundButtonCompat.setButtonTintList(holder.box_tether, colorStateList); + } + if (holder.box_lan != null) { + CompoundButtonCompat.setButtonTintList(holder.box_lan, colorStateList); + } + if (holder.box_tor != null) { + CompoundButtonCompat.setButtonTintList(holder.box_tor, colorStateList); + } + } + static class AppStateHolder { private CheckBox box_lan; @@ -385,6 +670,14 @@ static class AppStateHolder { private TextView text; private ImageView icon; private PackageInfoData app; + private LinearLayout expandedOptions; + private ImageView actionToggleLog; + private ImageView actionOpenApp; + private ImageView actionViewLogs; + private TextView blockedCount; + private TextView lastActivity; + private TextView lastBlockedDestination; + private TextView dataUsage; } /** diff --git a/app/src/main/java/dev/ukanth/ufirewall/util/BootRuleManager.java b/app/src/main/java/dev/ukanth/ufirewall/util/BootRuleManager.java index b30cb574b..0c541c01d 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/util/BootRuleManager.java +++ b/app/src/main/java/dev/ukanth/ufirewall/util/BootRuleManager.java @@ -94,7 +94,9 @@ private static void checkFixLeakScript(Context context) { */ private static void applyInitialBootRules(Context context) { Log.i(TAG, "Applying initial boot rules"); - + + InterfaceTracker.getCurrentCfg(context, true); + InterfaceTracker.applyBootRules(InterfaceTracker.BOOT_COMPLETED + "_INITIAL"); initialBootRulesApplied.set(true); @@ -178,7 +180,7 @@ public static boolean shouldProcessNetworkChange(Context context, String reason) Log.d(TAG, "Network change during boot delay period (" + reason + ") - allowing limited processing"); // Allow processing but don't trigger a full rule reapplication // The delayed boot rules will handle the final state - return false; + return true; } // Boot rules applied but no delay configured, allow network change processing diff --git a/app/src/main/java/dev/ukanth/ufirewall/util/DataUsageParser.java b/app/src/main/java/dev/ukanth/ufirewall/util/DataUsageParser.java new file mode 100644 index 000000000..088477946 --- /dev/null +++ b/app/src/main/java/dev/ukanth/ufirewall/util/DataUsageParser.java @@ -0,0 +1,280 @@ +package dev.ukanth.ufirewall.util; + +import com.topjohnwu.superuser.Shell; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +import dev.ukanth.ufirewall.log.Log; + +/** + * Utility class to parse network data usage from /proc/net/xt_qtaguid + * Provides WiFi/Mobile separation and caching for performance + */ +public class DataUsageParser { + private static final String TAG = "DataUsageParser"; + + // Cache for data usage stats to avoid frequent root shell calls + private static final Map dataUsageCache = new ConcurrentHashMap<>(); + private static long lastCacheUpdate = 0; + private static final long CACHE_VALIDITY_MS = 30000; // 30 seconds cache + + public static class DataUsageStats { + public long wifiRxBytes = 0; + public long wifiTxBytes = 0; + public long mobileRxBytes = 0; + public long mobileTxBytes = 0; + public long totalRxBytes = 0; + public long totalTxBytes = 0; + + public long getTotalWifiBytes() { + return wifiRxBytes + wifiTxBytes; + } + + public long getTotalMobileBytes() { + return mobileRxBytes + mobileTxBytes; + } + + public long getTotalBytes() { + return totalRxBytes + totalTxBytes; + } + } + + /** + * Get data usage statistics for a specific UID + * @param uid The application UID + * @return DataUsageStats object with WiFi/Mobile breakdown + */ + public static DataUsageStats getDataUsageForUID(int uid) { + // Check cache first + if (isCacheValid() && dataUsageCache.containsKey(uid)) { + return dataUsageCache.get(uid); + } + + // Refresh cache if needed + if (!isCacheValid()) { + refreshDataUsageCache(); + } + + DataUsageStats stats = dataUsageCache.get(uid); + return stats != null ? stats : new DataUsageStats(); + } + + /** + * Check if the cache is still valid + */ + private static boolean isCacheValid() { + return (System.currentTimeMillis() - lastCacheUpdate) < CACHE_VALIDITY_MS; + } + + /** + * Refresh the entire data usage cache by parsing /proc/net/xt_qtaguid + */ + private static void refreshDataUsageCache() { + try { + dataUsageCache.clear(); + + // Try different possible locations for xt_qtaguid + String[] possiblePaths = { + "/proc/net/xt_qtaguid/stats", + "/proc/net/xt_qtaguid/ctrl", + "/proc/net/xt_qtaguid", + "/sys/kernel/debug/xt_qtaguid/stats" + }; + + String qtaguidData = null; + for (String path : possiblePaths) { + Shell.Result result = Shell.cmd("test -f " + path + " && cat " + path).exec(); + if (result.isSuccess() && !result.getOut().isEmpty()) { + qtaguidData = String.join("\n", result.getOut()); + Log.d(TAG, "Found xt_qtaguid data at: " + path); + break; + } + } + + if (qtaguidData != null) { + parseQtaguidData(qtaguidData); + } else { + // Fallback to TrafficStats if xt_qtaguid is not available + Log.w(TAG, "xt_qtaguid not available, using fallback method"); + useFallbackMethod(); + } + + lastCacheUpdate = System.currentTimeMillis(); + + } catch (Exception e) { + Log.e(TAG, "Error refreshing data usage cache", e); + useFallbackMethod(); + } + } + + /** + * Parse the xt_qtaguid data format + * Format: idx iface acct_tag_hex uid_tag_int cnt_set rx_bytes rx_packets tx_bytes tx_packets rx_tcp_bytes rx_tcp_packets tx_tcp_packets rx_udp_bytes rx_udp_packets tx_udp_bytes tx_udp_packets rx_other_bytes rx_other_packets tx_other_bytes tx_other_packets + */ + private static void parseQtaguidData(String qtaguidData) { + String[] lines = qtaguidData.split("\n"); + + for (String line : lines) { + if (line.trim().isEmpty() || line.startsWith("idx")) { + continue; // Skip empty lines and header + } + + String[] parts = line.trim().split("\\s+"); + if (parts.length < 8) { + continue; // Skip malformed lines + } + + try { + // Parse fields based on xt_qtaguid format + String iface = parts[1]; + String uidTagStr = parts[3]; + long rxBytes = Long.parseLong(parts[5]); + long txBytes = Long.parseLong(parts[7]); + + // Extract UID from uid_tag_int (format: uid << 32 | tag) + long uidTag = Long.parseLong(uidTagStr); + int uid = (int) (uidTag >> 32); + + if (uid <= 0) { + continue; // Skip invalid UIDs + } + + // Get or create stats for this UID + DataUsageStats stats = dataUsageCache.get(uid); + if (stats == null) { + stats = new DataUsageStats(); + dataUsageCache.put(uid, stats); + } + + // Classify interface type and accumulate data + if (isWiFiInterface(iface)) { + stats.wifiRxBytes += rxBytes; + stats.wifiTxBytes += txBytes; + } else if (isMobileInterface(iface)) { + stats.mobileRxBytes += rxBytes; + stats.mobileTxBytes += txBytes; + } + + // Update totals + stats.totalRxBytes += rxBytes; + stats.totalTxBytes += txBytes; + + } catch (NumberFormatException e) { + Log.w(TAG, "Failed to parse line: " + line); + } + } + + Log.d(TAG, "Parsed data usage for " + dataUsageCache.size() + " UIDs"); + } + + /** + * Check if interface is WiFi-related + */ + private static boolean isWiFiInterface(String iface) { + return iface != null && ( + iface.startsWith("wlan") || + iface.startsWith("wifi") || + iface.equals("wl0") || + iface.equals("eth0") // Sometimes WiFi appears as eth0 + ); + } + + /** + * Check if interface is mobile data-related + */ + private static boolean isMobileInterface(String iface) { + return iface != null && ( + iface.startsWith("rmnet") || + iface.startsWith("ccmni") || + iface.startsWith("pdp") || + iface.startsWith("ppp") || + iface.startsWith("mobile") || + iface.startsWith("radio") || + iface.matches("rmnet\\d+") || + iface.matches("rmnet_data\\d+") + ); + } + + /** + * Fallback method when xt_qtaguid is not available + * Uses /proc/uid_stat as AFWall+ already does + */ + private static void useFallbackMethod() { + // This provides total data only, no WiFi/Mobile separation + Shell.Result result = Shell.cmd("find /proc/uid_stat -name '[0-9]*' -type d 2>/dev/null").exec(); + + if (result.isSuccess()) { + for (String uidDir : result.getOut()) { + try { + String uidStr = uidDir.substring(uidDir.lastIndexOf('/') + 1); + int uid = Integer.parseInt(uidStr); + + // Read rx and tx bytes + Shell.Result rxResult = Shell.cmd("cat " + uidDir + "/tcp_rcv 2>/dev/null || echo 0").exec(); + Shell.Result txResult = Shell.cmd("cat " + uidDir + "/tcp_snd 2>/dev/null || echo 0").exec(); + + if (rxResult.isSuccess() && txResult.isSuccess()) { + long rxBytes = Long.parseLong(rxResult.getOut().get(0).trim()); + long txBytes = Long.parseLong(txResult.getOut().get(0).trim()); + + DataUsageStats stats = new DataUsageStats(); + stats.totalRxBytes = rxBytes; + stats.totalTxBytes = txBytes; + // Cannot separate WiFi/Mobile in fallback mode + + dataUsageCache.put(uid, stats); + } + + } catch (NumberFormatException e) { + Log.w(TAG, "Failed to parse UID directory: " + uidDir); + } + } + } + + Log.d(TAG, "Fallback method parsed " + dataUsageCache.size() + " UIDs"); + } + + /** + * Clear the cache to force refresh on next request + */ + public static void clearCache() { + dataUsageCache.clear(); + lastCacheUpdate = 0; + } + + /** + * Get human readable data usage string + */ + public static String formatDataUsage(long bytes) { + if (bytes < 0) return "0 B"; + if (bytes < 1024) return bytes + " B"; + + int unit = 1024; + int exp = (int) (Math.log(bytes) / Math.log(unit)); + String pre = "KMGTPE".charAt(exp - 1) + ""; + return String.format("%.1f %sB", bytes / Math.pow(unit, exp), pre); + } + + /** + * Format WiFi/Mobile breakdown for display + */ + public static String formatWifiMobileUsage(DataUsageStats stats) { + if (stats.getTotalWifiBytes() == 0 && stats.getTotalMobileBytes() == 0) { + return "No data usage"; + } + + StringBuilder sb = new StringBuilder(); + if (stats.getTotalWifiBytes() > 0) { + sb.append("📶 ").append(formatDataUsage(stats.getTotalWifiBytes())); + } + if (stats.getTotalMobileBytes() > 0) { + if (sb.length() > 0) sb.append(" | "); + sb.append("📱 ").append(formatDataUsage(stats.getTotalMobileBytes())); + } + + return sb.toString(); + } +} \ No newline at end of file diff --git a/app/src/main/java/dev/ukanth/ufirewall/util/FileDialog.java b/app/src/main/java/dev/ukanth/ufirewall/util/FileDialog.java index 8fcf82304..af60065e6 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/util/FileDialog.java +++ b/app/src/main/java/dev/ukanth/ufirewall/util/FileDialog.java @@ -3,10 +3,13 @@ import android.app.Activity; import android.app.Dialog; import android.os.Environment; +import android.util.Log; import com.afollestad.materialdialogs.MaterialDialog; import com.topjohnwu.superuser.Shell; +import dev.ukanth.ufirewall.R; + import java.io.File; import java.io.FilenameFilter; import java.util.ArrayList; @@ -60,27 +63,46 @@ public Dialog createFileDialog() { Dialog dialog = null; //MaterialDialog.Builder - MaterialDialog.Builder builder = new MaterialDialog.Builder(activity); + MaterialDialog.Builder builder; + try { + builder = new MaterialDialog.Builder(activity); + } catch (Exception e) { + android.util.Log.e(TAG, "MaterialDialog.Builder failed due to Android compatibility issue", e); + // Return null to indicate dialog creation failed + return null; + } builder.title(currentPath.getPath()); if (selectDirectoryOption) { - + builder.positiveText(R.string.select_dir); + builder.negativeText(R.string.Cancel); builder.onPositive((dialog12, which) -> fireDirectorySelectedEvent(currentPath)); } builder.items(fileList); builder.itemsCallback((dialog1, view, which, text) -> { - String fileChosen = fileList[which]; - File chosenFile = getChosenFile(fileChosen); - if (chosenFile.isDirectory()) { - loadFileList(chosenFile,flag); - dialog1.cancel(); - dialog1.dismiss(); - showDialog(); - } else fireFileSelectedEvent(chosenFile); + try { + String fileChosen = fileList[which]; + File chosenFile = getChosenFile(fileChosen); + if (chosenFile != null && chosenFile.exists() && chosenFile.isDirectory()) { + loadFileList(chosenFile,flag); + dialog1.cancel(); + dialog1.dismiss(); + showDialog(); + } else if (chosenFile != null && chosenFile.exists()) { + fireFileSelectedEvent(chosenFile); + } + } catch (Exception e) { + Log.e(TAG, "Error in file selection callback", e); + } }); - dialog = builder.show(); + try { + dialog = builder.show(); + } catch (Exception e) { + android.util.Log.e(TAG, "MaterialDialog.show() failed due to Android compatibility issue", e); + return null; + } return dialog; } @@ -109,7 +131,13 @@ public void removeDirectoryListener(DirectorySelectedListener listener) { * Show file dialog */ public void showDialog() { - createFileDialog().show(); + Dialog dialog = createFileDialog(); + if (dialog != null) { + dialog.show(); + } else { + android.util.Log.e(TAG, "Cannot show file dialog due to MaterialDialog compatibility issue"); + // Could implement alternative file picker here if needed + } } private void fireFileSelectedEvent(final File file) { @@ -213,8 +241,14 @@ private void loadFileList(File path,final boolean flag) { } private File getChosenFile(String fileChosen) { - if (fileChosen.equals(PARENT_DIR)) return currentPath.getParentFile(); - else return new File(currentPath, fileChosen); + if (currentPath == null) { + return null; + } + if (fileChosen.equals(PARENT_DIR)) { + return currentPath.getParentFile(); // Can return null if at root + } else { + return new File(currentPath, fileChosen); + } } /*public void setFileEndsWith(String[] fileEndsWith,String notContains) { diff --git a/app/src/main/java/dev/ukanth/ufirewall/util/G.java b/app/src/main/java/dev/ukanth/ufirewall/util/G.java index 36d6aee15..d97fafb88 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/util/G.java +++ b/app/src/main/java/dev/ukanth/ufirewall/util/G.java @@ -46,6 +46,8 @@ import com.raizlabs.android.dbflow.config.FlowManager; import com.raizlabs.android.dbflow.sql.language.SQLite; +import dev.ukanth.ufirewall.MainActivity; + import java.io.File; import java.util.ArrayList; import java.util.Arrays; @@ -73,12 +75,13 @@ public class G extends Application implements Application.ActivityLifecycleCallb private static boolean enabledPrivateLink = false; private static boolean isActivityVisible; + + private static Thread.UncaughtExceptionHandler defaultExceptionHandler; static { - //TODO: Remove this line before release - //com.topjohnwu.superuser.Shell.enableVerboseLogging = BuildConfig.DEBUG; com.topjohnwu.superuser.Shell.setDefaultBuilder(com.topjohnwu.superuser.Shell.Builder.create() .setFlags(com.topjohnwu.superuser.Shell.FLAG_REDIRECT_STDERR) + .setTimeout(30) // 30 second timeout for shell operations ); } @@ -117,6 +120,7 @@ public static Context getContext() { private static final String NOTIFY_INSTALL = "notifyAppInstall"; private static final String DISABLE_ICONS = "disableIcons"; private static final String IPTABLES_PATH = "ipt_path"; + private static final String IPTABLES_BUILTIN_FAILED = "ipt_builtin_failed"; private static final String PROTECTION_OPTION = "passSetting"; private static final String BUSYBOX_PATH = "bb_path"; private static final String TOAST_POS = "toast_pos"; @@ -133,7 +137,7 @@ public static Context getContext() { private static final String ACTIVE_RULES = "activeRules"; private static final String ADD_DELAY = "addDelay"; - //private static final String ACTIVE_NOTIFICATION = "activeNotification"; + private static final String ACTIVE_NOTIFICATION = "activeNotification"; private static final String PROFILE_SWITCH = "applyOnSwitchProfiles"; private static final String LOG_TARGET = "logTarget"; private static final String LOG_TARGETS = "logTargets"; @@ -186,7 +190,6 @@ public static Context getContext() { private static final String INITPATH = "initPath"; private static final String AFWALL_PROFILE = "AFWallProfile"; - //private static final String SHOW_LOG_TOAST = "showLogToasts"; public static String[] profiles = {"AFWallPrefs", AFWALL_PROFILE + 1, AFWALL_PROFILE + 2, AFWALL_PROFILE + 3}; public static String[] default_profiles = {"AFWallProfile1", "AFWallProfile2", "AFWallProfile3"}; public static Context ctx; @@ -389,7 +392,7 @@ public static boolean hasRoot(boolean val) { return val; } - /* public static boolean activeNotification() { + public static boolean activeNotification() { return gPrefs.getBoolean(ACTIVE_NOTIFICATION, true); } @@ -398,14 +401,6 @@ public static boolean activeNotification(boolean val) { return val; } - public static boolean showLogToasts() { - return gPrefs.getBoolean(SHOW_LOG_TOAST, false); - } - - public static boolean showLogToasts(boolean val) { - gPrefs.edit().putBoolean(SHOW_LOG_TOAST, val).commit(); - return val; - }*/ public static boolean fixLeak() { return gPrefs.getBoolean(FIX_START_LEAK, false); @@ -542,6 +537,14 @@ public static String ip_path(String val) { gPrefs.edit().putString(IPTABLES_PATH, val).commit(); return val; } + + public static boolean isBuiltinIptablesFailed() { + return gPrefs.getBoolean(IPTABLES_BUILTIN_FAILED, false); + } + + public static void setBuiltinIptablesFailed(boolean failed) { + gPrefs.edit().putBoolean(IPTABLES_BUILTIN_FAILED, failed).commit(); + } public static String bb_path() { @@ -593,7 +596,7 @@ public static String storedProfile(String val) { } public static int userColor() { - if (G.getSelectedTheme().equals("L")) { + if (G.getSelectedTheme().equals("L") || G.getSelectedTheme().equals("LHC")) { return Color.parseColor("#000000"); } else { return Color.parseColor("#FFFFFF"); @@ -603,6 +606,9 @@ public static int userColor() { public static int sysColor() { if (G.getSelectedTheme().equals("L")) { return gPrefs.getInt(SYSTEM_APP_COLOR, Color.parseColor("#000000")); + } else if (G.getSelectedTheme().equals("LHC")) { + // High contrast: always black, no custom colors + return Color.parseColor("#000000"); } else { return gPrefs.getInt(SYSTEM_APP_COLOR, Color.parseColor("#0F9D58")); } @@ -776,6 +782,26 @@ public static boolean enableTor(boolean val) { return val; } + private static Boolean ownerModuleAvailable = null; + + public static boolean hasOwnerModule() { + if (ownerModuleAvailable == null) { + // Test if owner module is available by attempting a simple command + // This will be cached for the lifetime of the application + try { + String testCmd = "iptables -t filter -N afwall_owner_test 2>/dev/null; iptables -A afwall_owner_test -m owner --uid-owner 0 -j RETURN 2>/dev/null; iptables -F afwall_owner_test 2>/dev/null; iptables -X afwall_owner_test 2>/dev/null"; + // For now, assume owner module is available - this will be tested at runtime + ownerModuleAvailable = true; + } catch (Exception e) { + ownerModuleAvailable = false; + } + } + return ownerModuleAvailable; + } + + public static void resetOwnerModuleCheck() { + ownerModuleAvailable = null; + } public static boolean isDonate() { return BuildConfig.APPLICATION_ID.equals("dev.ukanth.ufirewall.donate"); @@ -816,6 +842,10 @@ public static int getCustomDelay() { return gPrefs.getInt(CUSTOM_DELAY_SECONDS, 5) * 1000; } + public static int getNetworkDebounceDelay() { + return gPrefs.getInt("networkDebounceDelay", 2); + } + public static int getWidgetY(Context ctx) { DisplayMetrics dm = new DisplayMetrics(); WindowManager wm = (WindowManager) ctx.getSystemService(Context.WINDOW_SERVICE); @@ -951,6 +981,35 @@ public void onCreate() { //Shell.setFlags(Shell.ROOT_SHELL); //Shell.setFlags(Shell.FLAG_REDIRECT_STDERR); //Shell.verboseLogging(BuildConfig.DEBUG); + + // Store the default exception handler before replacing it + defaultExceptionHandler = Thread.getDefaultUncaughtExceptionHandler(); + + // Set up global exception handler for uncaught library crashes + Thread.setDefaultUncaughtExceptionHandler(new Thread.UncaughtExceptionHandler() { + @Override + public void uncaughtException(Thread thread, Throwable throwable) { + // Check if this is the SuperUser library crash we're trying to prevent + if (throwable instanceof java.util.concurrent.RejectedExecutionException && + thread.getName().startsWith("pool-")) { + Log.w(TAG, "Caught SuperUser library RejectedExecutionException during app shutdown, ignoring to prevent crash"); + return; // Silently ignore this specific crash + } + + // Check for ExecutionException with InterruptedIOException + if (throwable instanceof java.util.concurrent.ExecutionException && + throwable.getCause() instanceof java.io.InterruptedIOException) { + Log.w(TAG, "Caught SuperUser library ExecutionException with InterruptedIOException during app shutdown, ignoring to prevent crash"); + return; // Silently ignore this specific crash + } + + // For all other exceptions, use the default handler + if (defaultExceptionHandler != null) { + defaultExceptionHandler.uncaughtException(thread, throwable); + } + } + }); + registerActivityLifecycleCallbacks(this); super.onCreate(); try { @@ -1118,7 +1177,10 @@ public void onActivityResumed(Activity activity) { @Override public void onActivityPaused(Activity activity) { - + if (activity instanceof MainActivity) { + isActivityVisible = false; + cleanupShellInstances(); + } } @Override @@ -1194,4 +1256,35 @@ public void onLinkPropertiesChanged(Network network, LinkProperties linkProperti Log.i(TAG, "Private link has registered already"); } } + + @Override + public void onTerminate() { + try { + com.topjohnwu.superuser.Shell.getCachedShell().close(); + } catch (Exception e) { + } + super.onTerminate(); + } + + @Override + public void onLowMemory() { + try { + com.topjohnwu.superuser.Shell.getCachedShell().close(); + } catch (Exception e) { + } + super.onLowMemory(); + } + + private static void cleanupShellInstances() { + new Thread(() -> { + try { + com.topjohnwu.superuser.Shell shell = com.topjohnwu.superuser.Shell.getCachedShell(); + if (shell != null && !shell.isAlive()) { + shell.close(); + } + Thread.sleep(100); + } catch (Exception e) { + } + }).start(); + } } diff --git a/app/src/main/java/dev/ukanth/ufirewall/util/InputValidator.java b/app/src/main/java/dev/ukanth/ufirewall/util/InputValidator.java new file mode 100644 index 000000000..ef49e3a74 --- /dev/null +++ b/app/src/main/java/dev/ukanth/ufirewall/util/InputValidator.java @@ -0,0 +1,318 @@ +package dev.ukanth.ufirewall.util; + +import android.content.Intent; +import android.os.Bundle; +import android.text.TextUtils; +import android.util.Log; + +import java.util.regex.Pattern; + +/** + * Input validation utility to prevent injection attacks and validate external data + */ +public class InputValidator { + private static final String TAG = "InputValidator"; + + // Patterns for common validation scenarios + private static final Pattern PACKAGE_NAME_PATTERN = Pattern.compile("^[a-zA-Z][a-zA-Z0-9_]*(\\.[a-zA-Z][a-zA-Z0-9_]*)*$"); + private static final Pattern UID_PATTERN = Pattern.compile("^[0-9]+$"); + private static final Pattern IP_ADDRESS_PATTERN = Pattern.compile( + "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$" + ); + private static final Pattern PORT_PATTERN = Pattern.compile("^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$"); + private static final Pattern INTERFACE_NAME_PATTERN = Pattern.compile("^[a-zA-Z0-9]+$"); + + // Dangerous characters that should not appear in most inputs + private static final Pattern DANGEROUS_CHARS = Pattern.compile("[;&|`$\\r\\n<>\"'\\\\]"); + + // Maximum lengths for various input types + private static final int MAX_PACKAGE_NAME_LENGTH = 256; + private static final int MAX_FILE_PATH_LENGTH = 4096; + private static final int MAX_RULE_LENGTH = 1024; + private static final int MAX_PROFILE_NAME_LENGTH = 64; + + /** + * Validate and sanitize a package name + */ + public static String validatePackageName(String packageName) { + if (TextUtils.isEmpty(packageName)) { + return null; + } + + if (packageName.length() > MAX_PACKAGE_NAME_LENGTH) { + Log.w(TAG, "Package name too long: " + packageName.length() + " characters"); + return null; + } + + if (!PACKAGE_NAME_PATTERN.matcher(packageName).matches()) { + Log.w(TAG, "Invalid package name format: " + packageName); + return null; + } + + return packageName.trim(); + } + + /** + * Validate UID string + */ + public static Integer validateUid(String uidString) { + if (TextUtils.isEmpty(uidString)) { + return null; + } + + String trimmed = uidString.trim(); + if (!UID_PATTERN.matcher(trimmed).matches()) { + Log.w(TAG, "Invalid UID format: " + uidString); + return null; + } + + try { + int uid = Integer.parseInt(trimmed); + if (uid < 0 || uid > 99999) { // Android UID range + Log.w(TAG, "UID out of valid range: " + uid); + return null; + } + return uid; + } catch (NumberFormatException e) { + Log.w(TAG, "Could not parse UID: " + uidString, e); + return null; + } + } + + /** + * Validate IP address + */ + public static String validateIpAddress(String ipAddress) { + if (TextUtils.isEmpty(ipAddress)) { + return null; + } + + String trimmed = ipAddress.trim(); + if (!IP_ADDRESS_PATTERN.matcher(trimmed).matches()) { + Log.w(TAG, "Invalid IP address format: " + ipAddress); + return null; + } + + return trimmed; + } + + /** + * Validate port number + */ + public static Integer validatePort(String portString) { + if (TextUtils.isEmpty(portString)) { + return null; + } + + String trimmed = portString.trim(); + if (!PORT_PATTERN.matcher(trimmed).matches()) { + Log.w(TAG, "Invalid port format: " + portString); + return null; + } + + try { + return Integer.parseInt(trimmed); + } catch (NumberFormatException e) { + Log.w(TAG, "Could not parse port: " + portString, e); + return null; + } + } + + /** + * Validate network interface name + */ + public static String validateInterfaceName(String interfaceName) { + if (TextUtils.isEmpty(interfaceName)) { + return null; + } + + String trimmed = interfaceName.trim(); + if (!INTERFACE_NAME_PATTERN.matcher(trimmed).matches()) { + Log.w(TAG, "Invalid interface name: " + interfaceName); + return null; + } + + if (trimmed.length() > 16) { // Linux interface name limit + Log.w(TAG, "Interface name too long: " + trimmed); + return null; + } + + return trimmed; + } + + /** + * Validate and sanitize file path to prevent directory traversal + */ + public static String validateFilePath(String filePath) { + if (TextUtils.isEmpty(filePath)) { + return null; + } + + if (filePath.length() > MAX_FILE_PATH_LENGTH) { + Log.w(TAG, "File path too long: " + filePath.length() + " characters"); + return null; + } + + String normalized = filePath.trim(); + + // Check for directory traversal attempts + if (normalized.contains("../") || normalized.contains("..\\") || + normalized.contains("/..") || normalized.contains("\\..")) { + Log.w(TAG, "Directory traversal attempt detected: " + filePath); + return null; + } + + // Check for dangerous characters + if (DANGEROUS_CHARS.matcher(normalized).find()) { + Log.w(TAG, "Dangerous characters in file path: " + filePath); + return null; + } + + return normalized; + } + + /** + * Validate custom iptables rule (additional validation beyond sanitizeRule in Api.java) + */ + public static String validateCustomRule(String rule) { + if (TextUtils.isEmpty(rule)) { + return null; + } + + if (rule.length() > MAX_RULE_LENGTH) { + Log.w(TAG, "Custom rule too long: " + rule.length() + " characters"); + return null; + } + + String trimmed = rule.trim(); + + // Additional security checks beyond Api.sanitizeRule + if (trimmed.toLowerCase().contains("exec") || + trimmed.toLowerCase().contains("system") || + trimmed.toLowerCase().contains("eval") || + trimmed.toLowerCase().contains("shell")) { + Log.w(TAG, "Potentially dangerous custom rule: " + rule); + return null; + } + + return trimmed; + } + + /** + * Validate profile name + */ + public static String validateProfileName(String profileName) { + if (TextUtils.isEmpty(profileName)) { + return null; + } + + if (profileName.length() > MAX_PROFILE_NAME_LENGTH) { + Log.w(TAG, "Profile name too long: " + profileName.length() + " characters"); + return null; + } + + String trimmed = profileName.trim(); + + // Only allow alphanumeric characters, spaces, hyphens, and underscores + if (!trimmed.matches("^[a-zA-Z0-9 _-]+$")) { + Log.w(TAG, "Invalid profile name format: " + profileName); + return null; + } + + return trimmed; + } + + /** + * Safely extract string from Intent extras with validation + */ + public static String getValidatedStringExtra(Intent intent, String key, int maxLength) { + if (intent == null || TextUtils.isEmpty(key)) { + return null; + } + + try { + String value = intent.getStringExtra(key); + if (TextUtils.isEmpty(value)) { + return null; + } + + if (value.length() > maxLength) { + Log.w(TAG, "Intent extra too long for key " + key + ": " + value.length() + " characters"); + return null; + } + + // Basic sanitization - remove control characters + String sanitized = value.replaceAll("[\\x00-\\x1F\\x7F]", ""); + return sanitized.trim(); + + } catch (Exception e) { + Log.w(TAG, "Error extracting intent extra for key: " + key, e); + return null; + } + } + + /** + * Safely extract string from Bundle with validation + */ + public static String getValidatedBundleString(Bundle bundle, String key, int maxLength) { + if (bundle == null || TextUtils.isEmpty(key)) { + return null; + } + + try { + String value = bundle.getString(key); + if (TextUtils.isEmpty(value)) { + return null; + } + + if (value.length() > maxLength) { + Log.w(TAG, "Bundle value too long for key " + key + ": " + value.length() + " characters"); + return null; + } + + // Basic sanitization - remove control characters + String sanitized = value.replaceAll("[\\x00-\\x1F\\x7F]", ""); + return sanitized.trim(); + + } catch (Exception e) { + Log.w(TAG, "Error extracting bundle value for key: " + key, e); + return null; + } + } + + /** + * General purpose string sanitization + */ + public static String sanitizeString(String input, int maxLength) { + if (TextUtils.isEmpty(input)) { + return null; + } + + if (input.length() > maxLength) { + Log.w(TAG, "Input too long: " + input.length() + " characters"); + return null; + } + + // Remove control characters and potentially dangerous characters + String sanitized = input.replaceAll("[\\x00-\\x1F\\x7F]", ""); + + if (DANGEROUS_CHARS.matcher(sanitized).find()) { + Log.w(TAG, "Dangerous characters found in input"); + return null; + } + + return sanitized.trim(); + } + + /** + * Check if a string contains only safe characters for use in shell commands + */ + public static boolean isSafeForShell(String input) { + if (TextUtils.isEmpty(input)) { + return false; + } + + // Allow only alphanumeric characters, hyphens, underscores, dots, and forward slashes + return input.matches("^[a-zA-Z0-9._/-]+$"); + } +} \ No newline at end of file diff --git a/app/src/main/java/dev/ukanth/ufirewall/util/NetworkChangeDebouncer.java b/app/src/main/java/dev/ukanth/ufirewall/util/NetworkChangeDebouncer.java new file mode 100644 index 000000000..416784042 --- /dev/null +++ b/app/src/main/java/dev/ukanth/ufirewall/util/NetworkChangeDebouncer.java @@ -0,0 +1,218 @@ +/** + * Debounces rapid network connectivity changes to avoid excessive iptables rule applications. + *

+ * When network changes occur rapidly (e.g., switching between WiFi and mobile data), + * this class delays rule application until the network has been stable for a configurable + * period. If new changes arrive before the delay expires, the pending job is cancelled + * and rescheduled. + *

+ * Copyright (C) 2025 Umakanthan Chandran + *

+ * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * @author Umakanthan Chandran + * @version 1.0 + */ +package dev.ukanth.ufirewall.util; + +import android.content.Context; +import android.os.Handler; +import android.os.Looper; + +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicReference; + +import dev.ukanth.ufirewall.Api; +import dev.ukanth.ufirewall.InterfaceTracker; +import dev.ukanth.ufirewall.log.Log; + +public class NetworkChangeDebouncer { + private static final String TAG = "AFWall"; + + // Default debounce delay in milliseconds + private static final long DEFAULT_DEBOUNCE_DELAY_MS = 2000; // 2 seconds + //Retry delay when rules are currently being applied + private static final long RETRY_DELAY_MS = 500; // 500ms + + // Maximum retry attempts + private static final int MAX_RETRY_ATTEMPTS = 10; + + // + // Handler for posting delayed tasks + private static final Handler handler = new Handler(Looper.getMainLooper()); + + // Currently scheduled runnable (if any) + private static final AtomicReference pendingRunnable = new AtomicReference<>(null); + + // Latest network change reason + private static final AtomicReference latestReason = new AtomicReference<>(null); + + // Latest context + private static final AtomicReference latestContext = new AtomicReference<>(null); + + // Flag to track if a job is currently scheduled + private static final AtomicBoolean isScheduled = new AtomicBoolean(false); + + // Retry counter + private static volatile int retryCount = 0; + + // Timestamp of last change request + private static volatile long lastChangeTimestamp = 0; + + // Counter for tracking how many changes were coalesced + private static volatile int coalescedCount = 0; + + /** + * Schedule a network change to be processed after the debounce delay. + * If a job is already scheduled, it will be cancelled and replaced with this one. + * + * @param context Application context + * @param reason Reason for the network change (e.g., CONNECTIVITY_CHANGE) + */ + public static void scheduleNetworkChange(Context context, String reason) { + // Cancel any existing pending job + cancelPendingJob(); + + // Store the latest change information + latestContext.set(context.getApplicationContext()); + latestReason.set(reason); + lastChangeTimestamp = System.currentTimeMillis(); + + // Get debounce delay from preferences + long debounceDelay = getDebounceDelay(); + + // Increment coalesced counter + if (isScheduled.get()) { + coalescedCount++; + Log.d(TAG, "Network change coalesced (total: " + coalescedCount + "): " + reason); + } else { + coalescedCount = 0; + retryCount = 0; + Log.d(TAG, "Network change scheduled with " + debounceDelay + "ms delay: " + reason); + } + + // Create new runnable for applying rules + Runnable applyRulesRunnable = new Runnable() { + @Override + public void run() { + try { + Context ctx = latestContext.get(); + String finalReason = latestReason.get(); + + if (ctx != null && finalReason != null) { + // Check if rules are currently being applied + if (Api.isRulesBeingApplied()) { + if (retryCount < MAX_RETRY_ATTEMPTS) { + retryCount++; + Log.d(TAG, "Rules currently being applied, retrying in " + RETRY_DELAY_MS + "ms (attempt " + retryCount + ")"); + // Reschedule with shorter delay + handler.postDelayed(this, RETRY_DELAY_MS); + return; + } else { + Log.w(TAG, "Max retry attempts reached, forcing rule application"); + } + } + + long elapsedTime = System.currentTimeMillis() - lastChangeTimestamp; + if (coalescedCount > 0) { + Log.i(TAG, "Applying rules after debounce (" + elapsedTime + "ms, " + + coalescedCount + " changes coalesced): " + finalReason); + } else { + Log.i(TAG, "Applying rules after debounce (" + elapsedTime + "ms): " + finalReason); + } + + // Apply the rules + InterfaceTracker.applyRulesOnChange(ctx, finalReason); + + // Reset state + coalescedCount = 0; + retryCount = 0; + } else { + Log.w(TAG, "Cannot apply rules: context or reason is null"); + } + } catch (Exception e) { + Log.e(TAG, "Error applying rules after debounce: " + e.getMessage(), e); + } finally { + // Clear scheduled state only if not retrying + if (retryCount == 0 || retryCount >= MAX_RETRY_ATTEMPTS) { + isScheduled.set(false); + pendingRunnable.set(null); + } + } + } + }; + + // Store the runnable and schedule it + pendingRunnable.set(applyRulesRunnable); + isScheduled.set(true); + handler.postDelayed(applyRulesRunnable, debounceDelay); + } + + /** + * Cancel any pending network change job. + */ + private static void cancelPendingJob() { + Runnable existingRunnable = pendingRunnable.getAndSet(null); + if (existingRunnable != null) { + handler.removeCallbacks(existingRunnable); + Log.d(TAG, "Cancelled pending network change job"); + } + isScheduled.set(false); + } + + /** + * Check if a job is currently scheduled. + * + * @return true if a network change job is pending + */ + public static boolean isPending() { + return isScheduled.get(); + } + + /** + * Get the debounce delay from preferences. + * Falls back to default if preference is not set or invalid. + * + * @return Debounce delay in milliseconds + */ + private static long getDebounceDelay() { + try { + // Try to get user-configured delay from preferences + int delaySeconds = G.getNetworkDebounceDelay(); + if (delaySeconds > 0 && delaySeconds <= 30) { + return delaySeconds * 1000L; + } + } catch (Exception e) { + Log.w(TAG, "Error reading debounce delay preference: " + e.getMessage()); + } + return DEFAULT_DEBOUNCE_DELAY_MS; + } + + /** + * Force immediate execution of any pending job (for testing or emergency situations). + */ + public static void flushPending() { + Runnable existingRunnable = pendingRunnable.getAndSet(null); + if (existingRunnable != null) { + handler.removeCallbacks(existingRunnable); + Log.i(TAG, "Flushing pending network change job immediately"); + // Execute immediately on current thread + existingRunnable.run(); + } + } + + /** + * Clear all pending jobs without executing them (for cleanup). + */ + public static void clear() { + cancelPendingJob(); + latestContext.set(null); + latestReason.set(null); + coalescedCount = 0; + retryCount = 0; + Log.d(TAG, "Cleared all pending network change jobs"); + } +} diff --git a/app/src/main/java/dev/ukanth/ufirewall/util/SecureCrypto.java b/app/src/main/java/dev/ukanth/ufirewall/util/SecureCrypto.java new file mode 100644 index 000000000..45ab209da --- /dev/null +++ b/app/src/main/java/dev/ukanth/ufirewall/util/SecureCrypto.java @@ -0,0 +1,248 @@ +package dev.ukanth.ufirewall.util; + +import android.content.Context; +import android.content.SharedPreferences; +import android.os.Build; +import android.security.keystore.KeyGenParameterSpec; +import android.security.keystore.KeyProperties; +import android.util.Base64; +import android.util.Log; + +import java.nio.charset.StandardCharsets; +import java.security.SecureRandom; +import java.security.spec.KeySpec; + +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.DESKeySpec; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + +/** + * Secure cryptographic utility with backward compatibility for DES-encrypted passwords. + * + * This class provides: + * - Modern AES-256-GCM encryption for new passwords + * - Backward compatibility for existing DES-encrypted passwords + * - Automatic migration from DES to AES when passwords are verified + * - Secure key derivation using PBKDF2 + */ +public class SecureCrypto { + private static final String TAG = "SecureCrypto"; + + // Modern encryption constants + private static final String AES_ALGORITHM = "AES/GCM/NoPadding"; + private static final String KEY_DERIVATION = "PBKDF2WithHmacSHA256"; + private static final int AES_KEY_LENGTH = 256; + private static final int GCM_IV_LENGTH = 12; + private static final int GCM_TAG_LENGTH = 16; + private static final int PBKDF2_ITERATIONS = 100000; + private static final int SALT_LENGTH = 32; + + // Legacy DES constants (for backward compatibility) + private static final String DES_ALGORITHM = "DES"; + private static final String CHARSET_NAME = "UTF-8"; + private static final int BASE64_MODE = Base64.DEFAULT; + + // Version identifiers for encrypted data + private static final String AES_PREFIX = "AES:"; + private static final String DES_PREFIX = "DES:"; + + private static final String PREF_ENCRYPTION_VERSION = "encryption_version"; + private static final String PREF_PASSWORD_SALT = "password_salt"; + private static final int ENCRYPTION_VERSION_AES = 2; + private static final int ENCRYPTION_VERSION_DES = 1; + + /** + * Encrypt data using modern AES-256-GCM encryption + */ + public static String encryptSecure(Context context, String masterKey, String data) { + if (masterKey == null || data == null) { + return null; + } + + try { + SharedPreferences prefs = context.getSharedPreferences("secure_crypto", Context.MODE_PRIVATE); + + // Generate or retrieve salt + String saltBase64 = prefs.getString(PREF_PASSWORD_SALT, null); + byte[] salt; + if (saltBase64 == null) { + salt = new byte[SALT_LENGTH]; + new SecureRandom().nextBytes(salt); + saltBase64 = Base64.encodeToString(salt, Base64.NO_WRAP); + prefs.edit().putString(PREF_PASSWORD_SALT, saltBase64).apply(); + } else { + salt = Base64.decode(saltBase64, Base64.NO_WRAP); + } + + // Derive key using PBKDF2 + SecretKey key = deriveKey(masterKey, salt); + + // Generate random IV + byte[] iv = new byte[GCM_IV_LENGTH]; + new SecureRandom().nextBytes(iv); + + // Encrypt data + Cipher cipher = Cipher.getInstance(AES_ALGORITHM); + GCMParameterSpec gcmSpec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, iv); + cipher.init(Cipher.ENCRYPT_MODE, key, gcmSpec); + + byte[] encrypted = cipher.doFinal(data.getBytes(StandardCharsets.UTF_8)); + + // Combine IV and encrypted data + byte[] combined = new byte[iv.length + encrypted.length]; + System.arraycopy(iv, 0, combined, 0, iv.length); + System.arraycopy(encrypted, 0, combined, iv.length, encrypted.length); + + // Mark encryption version and store + prefs.edit().putInt(PREF_ENCRYPTION_VERSION, ENCRYPTION_VERSION_AES).apply(); + + return AES_PREFIX + Base64.encodeToString(combined, Base64.NO_WRAP); + + } catch (Exception e) { + Log.e(TAG, "AES encryption failed", e); + return null; + } + } + + /** + * Decrypt data - handles both AES and legacy DES formats + */ + public static String decryptSecure(Context context, String masterKey, String encryptedData) { + if (masterKey == null || encryptedData == null) { + return null; + } + + try { + if (encryptedData.startsWith(AES_PREFIX)) { + // Modern AES decryption + return decryptAES(context, masterKey, encryptedData.substring(AES_PREFIX.length())); + } else if (encryptedData.startsWith(DES_PREFIX)) { + // Legacy DES decryption (marked format) + return decryptDES(masterKey, encryptedData.substring(DES_PREFIX.length())); + } else { + // Assume legacy DES format (no prefix) + return decryptDES(masterKey, encryptedData); + } + } catch (Exception e) { + Log.e(TAG, "Decryption failed", e); + return null; + } + } + + /** + * Decrypt using modern AES-256-GCM + */ + private static String decryptAES(Context context, String masterKey, String encryptedData) throws Exception { + SharedPreferences prefs = context.getSharedPreferences("secure_crypto", Context.MODE_PRIVATE); + + // Get salt + String saltBase64 = prefs.getString(PREF_PASSWORD_SALT, null); + if (saltBase64 == null) { + throw new IllegalStateException("Salt not found for AES decryption"); + } + byte[] salt = Base64.decode(saltBase64, Base64.NO_WRAP); + + // Derive key + SecretKey key = deriveKey(masterKey, salt); + + // Decode encrypted data + byte[] combined = Base64.decode(encryptedData, Base64.NO_WRAP); + + // Extract IV and encrypted data + byte[] iv = new byte[GCM_IV_LENGTH]; + byte[] encrypted = new byte[combined.length - GCM_IV_LENGTH]; + System.arraycopy(combined, 0, iv, 0, GCM_IV_LENGTH); + System.arraycopy(combined, GCM_IV_LENGTH, encrypted, 0, encrypted.length); + + // Decrypt + Cipher cipher = Cipher.getInstance(AES_ALGORITHM); + GCMParameterSpec gcmSpec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, iv); + cipher.init(Cipher.DECRYPT_MODE, key, gcmSpec); + + byte[] decrypted = cipher.doFinal(encrypted); + return new String(decrypted, StandardCharsets.UTF_8); + } + + /** + * Legacy DES decryption for backward compatibility + */ + private static String decryptDES(String masterKey, String encryptedData) throws Exception { + byte[] dataBytes = Base64.decode(encryptedData, BASE64_MODE); + DESKeySpec desKeySpec = new DESKeySpec(masterKey.getBytes(CHARSET_NAME)); + SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(DES_ALGORITHM); + SecretKey secretKey = secretKeyFactory.generateSecret(desKeySpec); + Cipher cipher = Cipher.getInstance(DES_ALGORITHM); + cipher.init(Cipher.DECRYPT_MODE, secretKey); + byte[] dataBytesDecrypted = cipher.doFinal(dataBytes); + return new String(dataBytesDecrypted, CHARSET_NAME); + } + + /** + * Derive AES key using PBKDF2 + */ + private static SecretKey deriveKey(String password, byte[] salt) throws Exception { + KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, PBKDF2_ITERATIONS, AES_KEY_LENGTH); + SecretKeyFactory factory = SecretKeyFactory.getInstance(KEY_DERIVATION); + byte[] keyBytes = factory.generateSecret(spec).getEncoded(); + return new SecretKeySpec(keyBytes, "AES"); + } + + /** + * Check if data is encrypted with legacy DES + */ + public static boolean isLegacyEncryption(String encryptedData) { + return encryptedData != null && + !encryptedData.startsWith(AES_PREFIX) && + !encryptedData.startsWith(DES_PREFIX); + } + + /** + * Migrate password from DES to AES encryption + * This should be called when a legacy password is successfully verified + */ + public static String migrateToAES(Context context, String masterKey, String plaintext) { + Log.i(TAG, "Migrating password from DES to AES encryption"); + return encryptSecure(context, masterKey, plaintext); + } + + /** + * Get current encryption version + */ + public static int getCurrentEncryptionVersion(Context context) { + SharedPreferences prefs = context.getSharedPreferences("secure_crypto", Context.MODE_PRIVATE); + return prefs.getInt(PREF_ENCRYPTION_VERSION, ENCRYPTION_VERSION_DES); + } + + /** + * Validate that the crypto system is working correctly + */ + public static boolean validateCrypto(Context context) { + try { + String testData = "AFWall+ Security Test"; + String testKey = "TestKey123"; + + String encrypted = encryptSecure(context, testKey, testData); + if (encrypted == null) return false; + + String decrypted = decryptSecure(context, testKey, encrypted); + return testData.equals(decrypted); + + } catch (Exception e) { + Log.e(TAG, "Crypto validation failed", e); + return false; + } + } + + /** + * Clear all crypto preferences (for testing or reset purposes) + */ + public static void clearCryptoPreferences(Context context) { + SharedPreferences prefs = context.getSharedPreferences("secure_crypto", Context.MODE_PRIVATE); + prefs.edit().clear().apply(); + } +} \ No newline at end of file diff --git a/app/src/main/java/dev/ukanth/ufirewall/util/SecurePasswordManager.java b/app/src/main/java/dev/ukanth/ufirewall/util/SecurePasswordManager.java new file mode 100644 index 000000000..436776a12 --- /dev/null +++ b/app/src/main/java/dev/ukanth/ufirewall/util/SecurePasswordManager.java @@ -0,0 +1,160 @@ +package dev.ukanth.ufirewall.util; + +import android.content.Context; +import android.util.Log; + +/** + * Secure password manager that handles encryption, storage, and migration + * with backward compatibility for existing DES-encrypted passwords + */ +public class SecurePasswordManager { + private static final String TAG = "SecurePasswordManager"; + private static final String MASTER_KEY = "AFW@LL_P@SSWORD_PR0T3CTI0N"; + + /** + * Store a password securely using modern AES encryption + * + * @param context Application context + * @param password Plain text password to store + * @return true if password was stored successfully + */ + public static boolean storePasswordSecure(Context context, String password) { + if (password == null || password.isEmpty()) { + return false; + } + + try { + String encrypted = SecureCrypto.encryptSecure(context, MASTER_KEY, password); + if (encrypted != null) { + // Use G's helper method to store password + G.profile_pwd(encrypted); + G.gPrefs.edit() + .putBoolean("enc", true) + .putBoolean("secure_enc", true) // Flag for new encryption + .apply(); + Log.i(TAG, "Password stored with secure encryption"); + return true; + } + } catch (Exception e) { + Log.e(TAG, "Failed to store password securely", e); + } + return false; + } + + /** + * Verify a password against stored encrypted password with automatic migration + * + * @param context Application context + * @param enteredPassword Password entered by user + * @return true if password matches + */ + public static boolean verifyPassword(Context context, String enteredPassword) { + if (enteredPassword == null) { + return false; + } + + String storedPassword = G.profile_pwd(); + if (storedPassword == null || storedPassword.isEmpty()) { + return false; + } + + try { + if (G.isEnc()) { + // Check if using new secure encryption + if (G.gPrefs.getBoolean("secure_enc", false)) { + String decrypted = SecureCrypto.decryptSecure(context, MASTER_KEY, storedPassword); + return enteredPassword.equals(decrypted); + } else { + // Try new secure decryption first (for migrated passwords) + String decrypted = SecureCrypto.decryptSecure(context, MASTER_KEY, storedPassword); + if (decrypted != null && enteredPassword.equals(decrypted)) { + return true; + } + + // Fallback to legacy DES decryption + decrypted = dev.ukanth.ufirewall.Api.unhideCrypt(MASTER_KEY, storedPassword); + if (decrypted != null && enteredPassword.equals(decrypted)) { + // Auto-migrate to secure encryption + if (migrateToSecureEncryption(context, enteredPassword)) { + Log.i(TAG, "Successfully migrated password from DES to AES"); + } + return true; + } + } + } else { + // Plain text password - migrate to secure encryption + if (enteredPassword.equals(storedPassword)) { + if (migrateToSecureEncryption(context, enteredPassword)) { + Log.i(TAG, "Successfully migrated plaintext password to AES"); + } + return true; + } + } + } catch (Exception e) { + Log.e(TAG, "Error during password verification", e); + } + + return false; + } + + /** + * Migrate existing password to secure AES encryption + */ + private static boolean migrateToSecureEncryption(Context context, String plainPassword) { + try { + return storePasswordSecure(context, plainPassword); + } catch (Exception e) { + Log.e(TAG, "Failed to migrate password to secure encryption", e); + return false; + } + } + + /** + * Check if password is encrypted with legacy DES + */ + public static boolean isLegacyEncryption() { + return G.isEnc() && !G.gPrefs.getBoolean("secure_enc", false); + } + + /** + * Get encryption status information for debugging + */ + public static String getEncryptionStatus(Context context) { + StringBuilder status = new StringBuilder(); + status.append("Encrypted: ").append(G.isEnc()).append("\n"); + status.append("Secure encryption: ").append(G.gPrefs.getBoolean("secure_enc", false)).append("\n"); + status.append("Legacy encryption: ").append(isLegacyEncryption()).append("\n"); + + if (G.isEnc()) { + String stored = G.profile_pwd(); + status.append("Uses AES prefix: ").append(stored != null && stored.startsWith("AES:")).append("\n"); + status.append("Crypto validation: ").append(SecureCrypto.validateCrypto(context)).append("\n"); + } + + return status.toString(); + } + + /** + * Force password re-encryption (for testing or security updates) + */ + public static boolean reencryptPassword(Context context, String currentPassword) { + if (!verifyPassword(context, currentPassword)) { + Log.w(TAG, "Cannot re-encrypt: current password verification failed"); + return false; + } + + return storePasswordSecure(context, currentPassword); + } + + /** + * Clear all password data (for reset/logout) + */ + public static void clearPassword() { + G.profile_pwd(""); // Clear password using G's method + G.gPrefs.edit() + .remove("enc") + .remove("secure_enc") + .apply(); + Log.i(TAG, "Password data cleared"); + } +} \ No newline at end of file diff --git a/app/src/main/java/dev/ukanth/ufirewall/util/SecurityUtil.java b/app/src/main/java/dev/ukanth/ufirewall/util/SecurityUtil.java index 92301ff0c..71cc501ce 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/util/SecurityUtil.java +++ b/app/src/main/java/dev/ukanth/ufirewall/util/SecurityUtil.java @@ -11,6 +11,7 @@ import android.content.Intent; import android.os.Build; import android.text.InputType; +import android.util.Log; import android.widget.Toast; import androidx.annotation.RequiresApi; @@ -115,8 +116,7 @@ public boolean isPasswordProtected() { private void requestFingerprint() { FingerprintUtil.FingerprintDialog dialog = new FingerprintUtil.FingerprintDialog(activity); dialog.setOnFingerprintFailureListener(() -> { - activity.finish(); - android.os.Process.killProcess(android.os.Process.myPid()); + gracefulShutdown(); }); dialog.show(); } @@ -125,8 +125,7 @@ private void requestFingerprint() { private void requestFingerprintQ() { BiometricUtil.FingerprintDialog dialog = new BiometricUtil.FingerprintDialog(activity); dialog.setOnFingerprintFailureListener(() -> { - activity.finish(); - android.os.Process.killProcess(android.os.Process.myPid()); + gracefulShutdown(); }); dialog.show(); } @@ -141,24 +140,18 @@ private void requestPassword() { .positiveText(R.string.submit) .negativeText(R.string.Cancel) .onNegative((dialog, which) -> { - activity.finish(); - android.os.Process.killProcess(android.os.Process.myPid()); + gracefulShutdown(); }) .input(R.string.enterpass, R.string.password_empty, (dialog, input) -> { - String pass = input.toString(); - boolean isAllowed = false; - if (G.isEnc()) { - String decrypt = Api.unhideCrypt("AFW@LL_P@SSWORD_PR0T3CTI0N", G.profile_pwd()); - if (decrypt != null) { - if (decrypt.equals(pass)) { - isAllowed = true; - } - } - } else { - if (pass.equals(G.profile_pwd())) { - isAllowed = true; - } + String pass = InputValidator.sanitizeString(input.toString(), 256); + if (pass == null) { + Api.toast(activity, context.getString(R.string.wrong_password)); + return; } + + // Use secure password manager for verification and auto-migration + boolean isAllowed = SecurePasswordManager.verifyPassword(context, pass); + if (isAllowed) { dialog.dismiss(); } else { @@ -177,4 +170,33 @@ private void requestPassword() { } } + + /** + * Perform graceful shutdown instead of abrupt process termination + * This ensures proper cleanup and prevents firewall rules from being left in inconsistent state + */ + private void gracefulShutdown() { + try { + // Give some time for any pending operations to complete + new android.os.Handler(android.os.Looper.getMainLooper()).post(() -> { + try { + // Attempt to save any pending state or cleanup + activity.moveTaskToBack(true); + activity.finishAndRemoveTask(); + } catch (Exception e) { + // If graceful methods fail, fall back to finish() + activity.finish(); + } finally { + // Only use process kill as absolute last resort after cleanup attempt + new android.os.Handler(android.os.Looper.getMainLooper()).postDelayed(() -> { + android.os.Process.killProcess(android.os.Process.myPid()); + }, 500); // 500ms delay to allow cleanup + } + }); + } catch (Exception e) { + Log.e("SecurityUtil", "Error during graceful shutdown", e); + // Emergency fallback + activity.finish(); + } + } } diff --git a/app/src/main/java/dev/ukanth/ufirewall/util/UidCorrelator.java b/app/src/main/java/dev/ukanth/ufirewall/util/UidCorrelator.java new file mode 100644 index 000000000..60fb481b9 --- /dev/null +++ b/app/src/main/java/dev/ukanth/ufirewall/util/UidCorrelator.java @@ -0,0 +1,297 @@ +/** + * Enhanced UID correlation system for AFWall+ + * Attempts to resolve Unknown UID (-100) entries by correlating + * netfilter logs with active network connections + * + * Copyright (C) 2024 AFWall+ Contributors + */ +package dev.ukanth.ufirewall.util; + +import android.util.Log; +import com.topjohnwu.superuser.Shell; + +import java.io.BufferedReader; +import java.io.StringReader; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +public class UidCorrelator { + private static final String TAG = "UidCorrelator"; + + // Cache active connections for correlation + private static final Map activeConnections = new ConcurrentHashMap<>(); + private static final Map recentConnections = new ConcurrentHashMap<>(); + private static long lastRefresh = 0; + private static final long REFRESH_INTERVAL = 5000; // 5 seconds + private static final long CORRELATION_WINDOW = 10000; // 10 seconds + + public static class ConnectionInfo { + public final int uid; + public final String localAddress; + public final String remoteAddress; + public final int localPort; + public final int remotePort; + public final String protocol; + public final long timestamp; + + public ConnectionInfo(int uid, String localAddr, String remoteAddr, + int localPort, int remotePort, String protocol) { + this.uid = uid; + this.localAddress = localAddr; + this.remoteAddress = remoteAddr; + this.localPort = localPort; + this.remotePort = remotePort; + this.protocol = protocol; + this.timestamp = System.currentTimeMillis(); + } + + public String getConnectionKey() { + return protocol + ":" + remoteAddress + ":" + remotePort; + } + } + + /** + * Attempt to correlate unknown UID with active/recent connections + * + * @param srcIp Source IP from netfilter log + * @param dstIp Destination IP from netfilter log + * @param dstPort Destination port from netfilter log + * @param srcPort Source port from netfilter log + * @param protocol Protocol (TCP/UDP) + * @param logTimestamp Timestamp of the log entry + * @return UID if found, -100 if still unknown + */ + public static int correlateUid(String srcIp, String dstIp, int dstPort, + int srcPort, String protocol, long logTimestamp) { + + refreshConnectionCache(); + + if (activeConnections.isEmpty()) { + Log.w(TAG, "No active connections in cache - /proc/net parsing may have failed"); + } + + // Try exact match first (outbound connection) + String connectionKey = protocol.toUpperCase() + ":" + dstIp + ":" + dstPort; + ConnectionInfo conn = activeConnections.get(connectionKey); + + // Also try reverse lookup (for return traffic where src/dst are swapped) + if (conn == null) { + String reverseKey = protocol.toUpperCase() + ":" + srcIp + ":" + srcPort; + conn = activeConnections.get(reverseKey); + } + + if (conn != null && isWithinTimeWindow(conn.timestamp, logTimestamp)) { + Log.d(TAG, "Found exact match for " + connectionKey + " -> UID " + conn.uid); + return conn.uid; + } + + // Try recent connections cache + Integer recentUid = recentConnections.get(connectionKey); + if (recentUid != null) { + Log.d(TAG, "Found recent connection for " + connectionKey + " -> UID " + recentUid); + return recentUid; + } + + // Fallback: scan all connections for partial matches + for (ConnectionInfo connection : activeConnections.values()) { + if (isPartialMatch(connection, srcIp, dstIp, dstPort, srcPort, protocol, logTimestamp)) { + Log.d(TAG, "Found partial match -> UID " + connection.uid); + // Cache for future lookups + recentConnections.put(connectionKey, connection.uid); + return connection.uid; + } + } + + Log.d(TAG, "No correlation found for " + connectionKey); + return -100; // Still unknown + } + + /** + * Refresh the connection cache by parsing /proc/net files + */ + private static void refreshConnectionCache() { + long now = System.currentTimeMillis(); + if (now - lastRefresh < REFRESH_INTERVAL) { + return; // Cache still fresh + } + + try { + // Clear old data + activeConnections.clear(); + cleanupOldRecentConnections(now); + + // Parse TCP connections + parseNetworkConnections("/proc/net/tcp", "TCP"); + parseNetworkConnections("/proc/net/tcp6", "TCP"); + + // Parse UDP connections + parseNetworkConnections("/proc/net/udp", "UDP"); + parseNetworkConnections("/proc/net/udp6", "UDP"); + + lastRefresh = now; + if (activeConnections.isEmpty()) { + Log.w(TAG, "Connection cache refresh completed but no connections found - check root access"); + } else { + Log.d(TAG, "Refreshed connection cache: " + activeConnections.size() + " active connections"); + } + + } catch (Exception e) { + Log.e(TAG, "Error refreshing connection cache", e); + } + } + + /** + * Parse network connection files from /proc/net + * Uses root shell to ensure access on modern Android versions + */ + private static void parseNetworkConnections(String filePath, String protocol) { + try { + // Use getSU() to ensure root shell is used for /proc/net access + Shell.Result result = Shell.cmd("cat " + filePath).exec(); + if (!result.isSuccess()) { + Log.w(TAG, "Failed to read " + filePath + " - exit code: " + result.getCode()); + return; + } + + String output = String.join("\n", result.getOut()); + BufferedReader reader = new BufferedReader(new StringReader(output)); + String line; + boolean firstLine = true; + + while ((line = reader.readLine()) != null) { + if (firstLine) { + firstLine = false; + continue; // Skip header + } + + ConnectionInfo conn = parseConnectionLine(line, protocol); + if (conn != null && conn.uid > 0) { + activeConnections.put(conn.getConnectionKey(), conn); + // Also cache by local port for better matching + String localKey = protocol + ":" + conn.localAddress + ":" + conn.localPort; + activeConnections.put(localKey, conn); + } + } + + } catch (Exception e) { + Log.w(TAG, "Failed to parse " + filePath, e); + } + } + + /** + * Parse a single line from /proc/net/tcp or /proc/net/udp + * Format: sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode + */ + private static ConnectionInfo parseConnectionLine(String line, String protocol) { + try { + String[] parts = line.trim().split("\\s+"); + if (parts.length < 8) { + return null; + } + + // Parse local address (IP:PORT in hex) + String[] localAddr = parts[1].split(":"); + String localIp = hexToIp(localAddr[0]); + int localPort = Integer.parseInt(localAddr[1], 16); + + // Parse remote address + String[] remoteAddr = parts[2].split(":"); + String remoteIp = hexToIp(remoteAddr[0]); + int remotePort = Integer.parseInt(remoteAddr[1], 16); + + // Get UID (column 7) - handle potential parsing errors + int uid; + try { + uid = Integer.parseInt(parts[7]); + } catch (NumberFormatException e) { + Log.w(TAG, "Failed to parse UID from: " + parts[7]); + return null; + } + + // Only interested in established connections or UDP sockets + // TCP state 01 = ESTABLISHED, for UDP we take all + if (protocol.equals("TCP")) { + String state = parts[3]; + if (!"01".equals(state)) { + return null; // Not established + } + } + + return new ConnectionInfo(uid, localIp, remoteIp, localPort, remotePort, protocol); + + } catch (Exception e) { + Log.w(TAG, "Failed to parse connection line: " + line, e); + return null; + } + } + + /** + * Convert hex IP address to dotted decimal + * /proc/net format uses little-endian hex representation + */ + private static String hexToIp(String hexIp) { + if (hexIp.length() == 8) { + // IPv4 - /proc/net uses little-endian format + long ip = Long.parseLong(hexIp, 16); + // Convert from little-endian: reverse byte order + return (ip & 0xFF) + "." + ((ip >> 8) & 0xFF) + "." + + ((ip >> 16) & 0xFF) + "." + ((ip >> 24) & 0xFF); + } else if (hexIp.length() == 32) { + // IPv6 - check if it's an IPv4-mapped IPv6 address + // Format: 0000000000000000FFFF0000XXXXXXXX where XXXXXXXX is the IPv4 in hex + if (hexIp.startsWith("0000000000000000FFFF0000")) { + // Extract the IPv4 part (last 8 characters) + String ipv4Hex = hexIp.substring(24); + long ip = Long.parseLong(ipv4Hex, 16); + // Convert from big-endian for IPv6 mapped addresses + return ((ip >> 24) & 0xFF) + "." + ((ip >> 16) & 0xFF) + "." + + ((ip >> 8) & 0xFF) + "." + (ip & 0xFF); + } + } + // IPv6 or unknown format - return as is for now + return hexIp; + } + + /** + * Check if connection matches the netfilter log entry + */ + private static boolean isPartialMatch(ConnectionInfo conn, String srcIp, String dstIp, + int dstPort, int srcPort, String protocol, long logTime) { + + // Protocol must match + if (!conn.protocol.equalsIgnoreCase(protocol)) { + return false; + } + + // Time window check + if (!isWithinTimeWindow(conn.timestamp, logTime)) { + return false; + } + + // Check if this is an outbound connection matching the log + boolean outboundMatch = conn.remoteAddress.equals(dstIp) && + conn.remotePort == dstPort; + + // Check if local port matches (if available) + boolean portMatch = srcPort == 0 || conn.localPort == srcPort; + + return outboundMatch && portMatch; + } + + private static boolean isWithinTimeWindow(long connTime, long logTime) { + return Math.abs(connTime - logTime) <= CORRELATION_WINDOW; + } + + private static void cleanupOldRecentConnections(long now) { + // Remove entries older than correlation window + Iterator> iterator = recentConnections.entrySet().iterator(); + while (iterator.hasNext()) { + Map.Entry entry = iterator.next(); + if (now - lastRefresh > CORRELATION_WINDOW) { + iterator.remove(); + } + } + } +} \ No newline at end of file diff --git a/app/src/main/java/dev/ukanth/ufirewall/util/UidResolver.java b/app/src/main/java/dev/ukanth/ufirewall/util/UidResolver.java new file mode 100644 index 000000000..241109f85 --- /dev/null +++ b/app/src/main/java/dev/ukanth/ufirewall/util/UidResolver.java @@ -0,0 +1,667 @@ +/** + * UID Resolution Helper - Provides fallback mechanisms for identifying UIDs + * + * Copyright (C) 2024 AFWall+ Contributors + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + */ + +package dev.ukanth.ufirewall.util; + +import android.annotation.TargetApi; +import android.content.Context; +import android.content.pm.PackageManager; +import android.os.Build; +import android.util.Log; +import android.util.LruCache; +import android.util.SparseArray; + +import java.io.BufferedReader; +import java.io.File; +import java.io.FileReader; +import java.io.IOException; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +import dev.ukanth.ufirewall.R; + +public class UidResolver { + + private static final String TAG = "AFWall"; + + // System UID database - well-known Android system UIDs + private static final SparseArray SYSTEM_UIDS = new SparseArray<>(); + + static { + // Core system UIDs + SYSTEM_UIDS.put(0, "root"); + SYSTEM_UIDS.put(1000, "system"); + SYSTEM_UIDS.put(1001, "radio"); + SYSTEM_UIDS.put(1002, "bluetooth"); + SYSTEM_UIDS.put(1003, "graphics"); + SYSTEM_UIDS.put(1004, "input"); + SYSTEM_UIDS.put(1005, "audio"); + SYSTEM_UIDS.put(1006, "camera"); + SYSTEM_UIDS.put(1007, "log"); + SYSTEM_UIDS.put(1008, "compass"); + SYSTEM_UIDS.put(1009, "mount"); + SYSTEM_UIDS.put(1010, "wifi"); + SYSTEM_UIDS.put(1011, "adb"); + SYSTEM_UIDS.put(1012, "install"); + SYSTEM_UIDS.put(1013, "media"); + SYSTEM_UIDS.put(1014, "dhcp"); + SYSTEM_UIDS.put(1015, "sdcard_rw"); + SYSTEM_UIDS.put(1016, "vpn"); + SYSTEM_UIDS.put(1017, "keystore"); + SYSTEM_UIDS.put(1018, "usb"); + SYSTEM_UIDS.put(1019, "drm"); + SYSTEM_UIDS.put(1020, "mdnsr"); + SYSTEM_UIDS.put(1021, "gps"); + SYSTEM_UIDS.put(1023, "media_rw"); + SYSTEM_UIDS.put(1024, "mtp"); + SYSTEM_UIDS.put(1025, "unused1"); + SYSTEM_UIDS.put(1026, "unused2"); + SYSTEM_UIDS.put(1027, "unused3"); + SYSTEM_UIDS.put(1028, "unused4"); + SYSTEM_UIDS.put(1029, "clat"); + SYSTEM_UIDS.put(1030, "hsm"); + SYSTEM_UIDS.put(1031, "reserved"); + + // Shell and nobody + SYSTEM_UIDS.put(2000, "shell"); + SYSTEM_UIDS.put(9999, "nobody"); + + // Android framework UIDs (1000-1999 range commonly used) + for (int uid = 1032; uid <= 1099; uid++) { + SYSTEM_UIDS.put(uid, "system_" + uid); + } + } + + // Cache for resolved UIDs with timestamp + private static final ConcurrentHashMap UID_CACHE = new ConcurrentHashMap<>(); + private static final long CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes TTL + private static final int MAX_CACHE_SIZE = 500; // Maximum cache entries + + // LRU cache for frequently accessed UIDs + private static final LruCache FREQUENT_UID_CACHE = new LruCache(100) { + @Override + protected void entryRemoved(boolean evicted, Integer key, String oldValue, String newValue) { + if (evicted) { + Log.d(TAG, "LRU cache evicted UID " + key + " -> " + oldValue); + } + } + }; + + // Cache entry with TTL + private static class CacheEntry { + final String name; + final long timestamp; + final ResolutionMethod method; + + CacheEntry(String name, ResolutionMethod method) { + this.name = name; + this.timestamp = System.currentTimeMillis(); + this.method = method; + } + + boolean isExpired() { + return System.currentTimeMillis() - timestamp > CACHE_TTL_MS; + } + } + + // Track which resolution method was used + private enum ResolutionMethod { + SYSTEM_DB, PACKAGE_MANAGER, PROC_FS, PACKAGES_LIST, UNKNOWN + } + + // Process information from /proc/[pid]/status + private static class ProcessInfo { + String name; + int uid; + int pid; + String state; + + ProcessInfo(String name, int uid, int pid, String state) { + this.name = name; + this.uid = uid; + this.pid = pid; + this.state = state; + } + } + + /** + * Resolve UID to app name using fallback chain with caching + * + * @param ctx Context for accessing resources + * @param uid UID to resolve + * @return Resolved name or "Unknown" if all methods fail + */ + public static String resolveUid(Context ctx, int uid) { + // Check LRU cache first (most frequently accessed) + String frequent = FREQUENT_UID_CACHE.get(uid); + if (frequent != null) { + Log.d(TAG, "UID " + uid + " resolved from LRU cache: " + frequent); + return frequent; + } + + // Check main cache + CacheEntry cached = UID_CACHE.get(uid); + if (cached != null && !cached.isExpired()) { + // Move to frequent cache if accessed multiple times + FREQUENT_UID_CACHE.put(uid, cached.name); + Log.d(TAG, "UID " + uid + " resolved from cache (" + cached.method + "): " + cached.name); + return cached.name; + } + + // Clean expired entries periodically + if (UID_CACHE.size() > MAX_CACHE_SIZE) { + cleanExpiredEntries(); + } + + String result; + ResolutionMethod method = ResolutionMethod.UNKNOWN; + + // Method 1: Check system UID database + result = resolveSystemUid(uid); + if (result != null) { + method = ResolutionMethod.SYSTEM_DB; + cacheResult(uid, result, method); + Log.d(TAG, "UID " + uid + " resolved via system database: " + result); + return result; + } + + // Method 2: Use PackageManager + result = resolveViaPackageManager(ctx, uid); + if (result != null) { + method = ResolutionMethod.PACKAGE_MANAGER; + cacheResult(uid, result, method); + Log.d(TAG, "UID " + uid + " resolved via PackageManager: " + result); + return result; + } + + // Method 3: Check running processes + result = resolveViaProc(uid); + if (result != null) { + method = ResolutionMethod.PROC_FS; + cacheResult(uid, result, method); + Log.d(TAG, "UID " + uid + " resolved via /proc: " + result); + return result; + } + + // Method 4: Parse packages.list (requires root) + result = resolveViaPackagesList(uid); + if (result != null) { + method = ResolutionMethod.PACKAGES_LIST; + cacheResult(uid, result, method); + Log.d(TAG, "UID " + uid + " resolved via packages.list: " + result); + return result; + } + + // Cache unknown result with shorter TTL + String unknown = ctx.getString(R.string.unknown_item); + UID_CACHE.put(uid, new CacheEntry(unknown, ResolutionMethod.UNKNOWN)); + Log.w(TAG, "UID " + uid + " could not be resolved by any method"); + return unknown; + } + + /** + * Resolve UID using system UID database + */ + private static String resolveSystemUid(int uid) { + return SYSTEM_UIDS.get(uid); + } + + /** + * Resolve UID using PackageManager with multi-user support + */ + private static String resolveViaPackageManager(Context ctx, int uid) { + try { + PackageManager pm = ctx.getPackageManager(); + + // Try direct lookup first + String[] packages = pm.getPackagesForUid(uid); + if (packages != null && packages.length > 0) { + String packageName = packages[0]; + + // For multi-user UIDs, add user context + if (isMultiUserUid(uid)) { + int userId = getUserId(uid); + int appId = getAppId(uid); + return packageName + " (User " + userId + ")"; + } + return packageName; + } + + // Try getNameForUid as fallback + String name = pm.getNameForUid(uid); + if (name != null && !name.isEmpty()) { + if (isMultiUserUid(uid)) { + int userId = getUserId(uid); + return name + " (User " + userId + ")"; + } + return name; + } + + // For multi-user UIDs, try looking up the base app UID + if (isMultiUserUid(uid)) { + int appId = getAppId(uid); + int userId = getUserId(uid); + + Log.d(TAG, "Trying base UID lookup for multi-user UID " + uid + " (user:" + userId + ", app:" + appId + ")"); + + // Try to resolve the base app UID + String[] basePackages = pm.getPackagesForUid(appId); + if (basePackages != null && basePackages.length > 0) { + return basePackages[0] + " (User " + userId + ")"; + } + + String baseName = pm.getNameForUid(appId); + if (baseName != null && !baseName.isEmpty()) { + return baseName + " (User " + userId + ")"; + } + } + + } catch (Exception e) { + Log.w(TAG, "PackageManager resolution failed for UID " + uid, e); + } + return null; + } + + /** + * Resolve UID by checking running processes in /proc (enhanced version) + */ + private static String resolveViaProc(int uid) { + try { + File procDir = new File("/proc"); + if (!procDir.exists() || !procDir.canRead()) { + Log.d(TAG, "/proc directory not accessible"); + return null; + } + + File[] pidDirs = procDir.listFiles(file -> { + try { + Integer.parseInt(file.getName()); + return file.isDirectory(); + } catch (NumberFormatException e) { + return false; + } + }); + + if (pidDirs == null) return null; + + // Track best match found + String bestMatch = null; + int bestScore = 0; + + for (File pidDir : pidDirs) { + try { + File statusFile = new File(pidDir, "status"); + if (!statusFile.exists() || !statusFile.canRead()) continue; + + // Check if this process belongs to our UID + ProcessInfo procInfo = parseProcessStatus(statusFile); + if (procInfo != null && procInfo.uid == uid) { + + // Try multiple sources for process name + String processName = null; + int score = 0; + + // Method 1: Get from cmdline (highest priority) + File cmdlineFile = new File(pidDir, "cmdline"); + if (cmdlineFile.exists() && cmdlineFile.canRead()) { + String cmdline = readFirstLine(cmdlineFile); + if (cmdline != null && !cmdline.isEmpty()) { + processName = cleanProcessName(cmdline); + score = 3; // Highest score for cmdline + } + } + + // Method 2: Get from comm file (medium priority) + if (processName == null || processName.isEmpty()) { + File commFile = new File(pidDir, "comm"); + if (commFile.exists() && commFile.canRead()) { + String comm = readFirstLine(commFile); + if (comm != null && !comm.isEmpty()) { + processName = comm.trim(); + score = 2; + } + } + } + + // Method 3: Get from status Name field (lowest priority) + if (processName == null || processName.isEmpty()) { + if (procInfo.name != null && !procInfo.name.isEmpty()) { + processName = procInfo.name; + score = 1; + } + } + + // Track the best match found + if (processName != null && score > bestScore) { + bestMatch = processName; + bestScore = score; + } + } + } catch (Exception e) { + // Skip this process and continue + continue; + } + } + + if (bestMatch != null) { + Log.d(TAG, "Found process for UID " + uid + ": " + bestMatch + " (score: " + bestScore + ")"); + } + return bestMatch; + + } catch (Exception e) { + Log.w(TAG, "Failed to resolve UID via /proc", e); + } + return null; + } + + /** + * Parse comprehensive process information from /proc/[pid]/status file + */ + private static ProcessInfo parseProcessStatus(File statusFile) { + try (BufferedReader reader = new BufferedReader(new FileReader(statusFile))) { + String line; + String name = null; + int uid = -1; + int pid = -1; + String state = null; + + while ((line = reader.readLine()) != null) { + if (line.startsWith("Name:")) { + String[] parts = line.split("\\s+", 2); + if (parts.length >= 2) { + name = parts[1].trim(); + } + } else if (line.startsWith("Pid:")) { + String[] parts = line.split("\\s+"); + if (parts.length >= 2) { + try { + pid = Integer.parseInt(parts[1]); + } catch (NumberFormatException e) { + // Ignore + } + } + } else if (line.startsWith("State:")) { + String[] parts = line.split("\\s+", 2); + if (parts.length >= 2) { + state = parts[1].trim(); + } + } else if (line.startsWith("Uid:")) { + String[] parts = line.split("\\s+"); + if (parts.length >= 2) { + try { + uid = Integer.parseInt(parts[1]); // Real UID + } catch (NumberFormatException e) { + // Ignore + } + } + } + } + + if (uid != -1) { + return new ProcessInfo(name, uid, pid, state); + } + + } catch (IOException e) { + // Ignore, process might have died + } + return null; + } + + /** + * Read first line from file + */ + private static String readFirstLine(File file) { + try (BufferedReader reader = new BufferedReader(new FileReader(file))) { + String line = reader.readLine(); + return line != null ? line.trim() : null; + } catch (IOException e) { + return null; + } + } + + /** + * Clean process name from cmdline + */ + private static String cleanProcessName(String cmdline) { + if (cmdline == null || cmdline.isEmpty()) return null; + + // Replace null bytes with spaces + cmdline = cmdline.replace('\0', ' ').trim(); + + // Extract just the command name + String[] parts = cmdline.split("\\s+"); + if (parts.length > 0) { + String cmd = parts[0]; + // Remove path if present + int lastSlash = cmd.lastIndexOf('/'); + if (lastSlash >= 0) { + cmd = cmd.substring(lastSlash + 1); + } + return cmd; + } + return cmdline; + } + + /** + * Resolve UID by parsing /data/system/packages.list (requires root) - enhanced version + */ + private static String resolveViaPackagesList(int uid) { + // Try multiple possible locations for packages list + String[] possiblePaths = { + "/data/system/packages.list", + "/system/etc/packages.list", // Some ROMs + "/data/data/packages.list" // Alternative location + }; + + for (String path : possiblePaths) { + String result = tryReadPackagesList(path, uid); + if (result != null) { + Log.d(TAG, "Found UID " + uid + " in " + path + ": " + result); + return result; + } + } + + return null; + } + + /** + * Try to read packages list from specific path + */ + private static String tryReadPackagesList(String path, int uid) { + try { + File packagesFile = new File(path); + if (!packagesFile.exists() || !packagesFile.canRead()) { + return null; + } + + try (BufferedReader reader = new BufferedReader(new FileReader(packagesFile))) { + String line; + while ((line = reader.readLine()) != null) { + // Skip comments and empty lines + if (line.trim().isEmpty() || line.startsWith("#")) { + continue; + } + + String[] parts = line.split("\\s+"); + // Format: package_name uid debuggable data_dir selinux_label + if (parts.length >= 2) { + try { + int packageUid = Integer.parseInt(parts[1]); + + // Handle multi-user UIDs (user ID is in higher bits) + int baseUid = packageUid % 100000; // Remove user ID part + + if (packageUid == uid || baseUid == (uid % 100000)) { + String packageName = parts[0]; + + // Validate package name format + if (isValidPackageName(packageName)) { + return packageName; + } + } + } catch (NumberFormatException e) { + // Skip malformed line + Log.d(TAG, "Malformed line in " + path + ": " + line); + continue; + } + } + } + } + } catch (IOException e) { + Log.d(TAG, "Failed to read " + path + ": " + e.getMessage()); + } catch (SecurityException e) { + Log.d(TAG, "No permission to read " + path + " (expected on non-root)"); + } + return null; + } + + /** + * Validate package name format + */ + private static boolean isValidPackageName(String packageName) { + if (packageName == null || packageName.trim().isEmpty()) { + return false; + } + + // Basic package name validation (at least one dot, reasonable length) + return packageName.contains(".") && + packageName.length() > 3 && + packageName.length() < 256 && + packageName.matches("^[a-zA-Z0-9._]+$"); + } + + /** + * Check if UID is in system range + */ + public static boolean isSystemUid(int uid) { + return uid >= 0 && uid < 10000; + } + + /** + * Check if UID is in app range + */ + public static boolean isAppUid(int uid) { + return uid >= 10000; + } + + /** + * Check if UID is in multi-user range + */ + public static boolean isMultiUserUid(int uid) { + return uid >= 100000; // User 1 and above + } + + /** + * Extract user ID from multi-user UID + * @param uid the multi-user UID + * @return user ID (0 for primary user, 1+ for secondary users) + */ + public static int getUserId(int uid) { + return uid / 100000; + } + + /** + * Extract app ID from multi-user UID + * @param uid the multi-user UID + * @return app ID (the base UID without user component) + */ + public static int getAppId(int uid) { + return uid % 100000; + } + + /** + * Create multi-user UID from user ID and app ID + * @param userId user ID (0, 1, 2, etc.) + * @param appId app ID (10000+) + * @return multi-user UID + */ + public static int createMultiUserUid(int userId, int appId) { + return userId * 100000 + appId; + } + + /** + * Get user-friendly description of UID type + */ + public static String getUidTypeDescription(int uid) { + if (uid < 0) { + return "invalid"; + } else if (uid == 0) { + return "root"; + } else if (uid < 1000) { + return "system_low"; + } else if (uid < 10000) { + return "system"; + } else if (uid < 100000) { + return "app_primary"; + } else { + int userId = getUserId(uid); + int appId = getAppId(uid); + return String.format("app_user%d(app:%d)", userId, appId); + } + } + + /** + * Cache a resolved UID result + */ + private static void cacheResult(int uid, String name, ResolutionMethod method) { + UID_CACHE.put(uid, new CacheEntry(name, method)); + + // Add system UIDs to frequent cache immediately (they're stable) + if (method == ResolutionMethod.SYSTEM_DB) { + FREQUENT_UID_CACHE.put(uid, name); + } + } + + /** + * Clean expired entries from cache + */ + public static void cleanExpiredEntries() { + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) { + UID_CACHE.entrySet().removeIf(entry -> entry.getValue().isExpired()); + } else { + // Fallback for older APIs + Iterator> iterator = UID_CACHE.entrySet().iterator(); + while (iterator.hasNext()) { + Map.Entry entry = iterator.next(); + if (entry.getValue().isExpired()) { + iterator.remove(); + } + } + } + } + /** + * Clear all caches (useful for testing or when packages change) + */ + public static void clearCache() { + UID_CACHE.clear(); + FREQUENT_UID_CACHE.evictAll(); + Log.i(TAG, "UID resolution caches cleared"); + } + + /** + * Invalidate cache entry for specific UID + */ + public static void invalidateUid(int uid) { + UID_CACHE.remove(uid); + FREQUENT_UID_CACHE.remove(uid); + Log.d(TAG, "Cache invalidated for UID: " + uid); + } + + /** + * Get cache statistics for debugging + */ + public static String getCacheStats() { + return String.format("Cache: %d entries, LRU: %d entries", + UID_CACHE.size(), FREQUENT_UID_CACHE.size()); + } +} \ No newline at end of file diff --git a/app/src/main/java/dev/ukanth/ufirewall/widget/StatusWidget.java b/app/src/main/java/dev/ukanth/ufirewall/widget/StatusWidget.java index 167a6cd29..7de89e14e 100644 --- a/app/src/main/java/dev/ukanth/ufirewall/widget/StatusWidget.java +++ b/app/src/main/java/dev/ukanth/ufirewall/widget/StatusWidget.java @@ -38,6 +38,8 @@ import dev.ukanth.ufirewall.R; import dev.ukanth.ufirewall.service.RootCommand; import dev.ukanth.ufirewall.util.G; +import android.graphics.drawable.AnimationDrawable; +import android.graphics.drawable.TransitionDrawable; /** * ON/OFF Widget implementation @@ -63,6 +65,11 @@ public void onReceive(final Context context, final Intent intent) { */ final SharedPreferences prefs = context.getSharedPreferences(Api.PREF_FIREWALL_STATUS, 0); final boolean enabled = !prefs.getBoolean(Api.PREF_ENABLED, true); + final AppWidgetManager manager = AppWidgetManager.getInstance(context); + final int[] widgetIds = manager.getAppWidgetIds(new ComponentName(context, StatusWidget.class)); + + // Show immediate pending state + showPendingState(context, manager, widgetIds, enabled); Log.d(Api.TAG, "Protection Level: " + G.protectionLevel()); if (!G.protectionLevel().equals("p0") || G.enableDeviceCheck()) { @@ -78,6 +85,13 @@ public void onReceive(final Context context, final Intent intent) { .setCallback(new RootCommand.Callback() { public void cbFunc(RootCommand state) { boolean status = (state.exitCode == 0); + if (state.exitCode != 0) { + // Show error state on failure + showErrorState(context, manager, widgetIds); + } else { + // Show success state briefly before final state + showSuccessState(context, manager, widgetIds, status); + } // setEnabled always sends us a STATUS_CHANGED_MSG intent to update the icon Api.setEnabled(context, status, true); } @@ -89,6 +103,13 @@ public void cbFunc(RootCommand state) { .setCallback(new RootCommand.Callback() { public void cbFunc(RootCommand state) { boolean status = (state.exitCode != 0); + if (state.exitCode != 0 && !status) { + // Show error state on failure (when status doesn't match expected) + showErrorState(context, manager, widgetIds); + } else if (state.exitCode == 0) { + // Show success state briefly before final state + showSuccessState(context, manager, widgetIds, status); + } Api.setEnabled(context, status, true); } })); @@ -111,11 +132,76 @@ private void showWidget(Context context, AppWidgetManager manager, final RemoteViews views = new RemoteViews(context.getPackageName(), R.layout.onoff_widget); final int iconId = enabled ? R.drawable.widget_on : R.drawable.widget_off; views.setInt(R.id.widgetCanvas, "setBackgroundResource", iconId); + + // Note: Animation support removed for compatibility + + final Intent msg = new Intent(context, StatusWidget.class); + msg.setAction(Api.TOGGLE_REQUEST_MSG); + final PendingIntent intent = PendingIntent.getBroadcast(context, -1, msg, PendingIntent.FLAG_IMMUTABLE); + views.setOnClickPendingIntent(R.id.widgetCanvas, intent); + manager.updateAppWidget(widgetIds, views); + } + + private void showPendingState(Context context, AppWidgetManager manager, int[] widgetIds, boolean willEnable) { + final RemoteViews views = new RemoteViews(context.getPackageName(), R.layout.onoff_widget); + try { + final int iconId = willEnable ? R.drawable.widget_enabling : R.drawable.widget_disabling; + views.setInt(R.id.widgetCanvas, "setBackgroundResource", iconId); + } catch (Exception e) { + // Fallback to original icons if enhanced resources fail + final int iconId = willEnable ? R.drawable.widget_on : R.drawable.widget_off; + views.setInt(R.id.widgetCanvas, "setBackgroundResource", iconId); + } + final Intent msg = new Intent(context, StatusWidget.class); + msg.setAction(Api.TOGGLE_REQUEST_MSG); + final PendingIntent intent = PendingIntent.getBroadcast(context, -1, msg, PendingIntent.FLAG_IMMUTABLE); + views.setOnClickPendingIntent(R.id.widgetCanvas, intent); + manager.updateAppWidget(widgetIds, views); + } + + private void showErrorState(Context context, AppWidgetManager manager, int[] widgetIds) { + final RemoteViews views = new RemoteViews(context.getPackageName(), R.layout.onoff_widget); + try { + views.setInt(R.id.widgetCanvas, "setBackgroundResource", R.drawable.widget_error); + } catch (Exception e) { + // Fallback to off icon if error resource fails + views.setInt(R.id.widgetCanvas, "setBackgroundResource", R.drawable.widget_off); + } + final Intent msg = new Intent(context, StatusWidget.class); + msg.setAction(Api.TOGGLE_REQUEST_MSG); + final PendingIntent intent = PendingIntent.getBroadcast(context, -1, msg, PendingIntent.FLAG_IMMUTABLE); + views.setOnClickPendingIntent(R.id.widgetCanvas, intent); + manager.updateAppWidget(widgetIds, views); + + // Auto-revert to normal state after 2 seconds + android.os.Handler handler = new android.os.Handler(android.os.Looper.getMainLooper()); + handler.postDelayed(() -> { + final SharedPreferences prefs = context.getSharedPreferences(Api.PREF_FIREWALL_STATUS, 0); + boolean currentEnabled = prefs.getBoolean(Api.PREF_ENABLED, true); + showWidget(context, manager, widgetIds, currentEnabled); + }, 2000); + } + + private void showSuccessState(Context context, AppWidgetManager manager, int[] widgetIds, boolean finalState) { + final RemoteViews views = new RemoteViews(context.getPackageName(), R.layout.onoff_widget); + try { + views.setInt(R.id.widgetCanvas, "setBackgroundResource", R.drawable.widget_success); + } catch (Exception e) { + // Fallback to final state icon if success resource fails + final int iconId = finalState ? R.drawable.widget_on : R.drawable.widget_off; + views.setInt(R.id.widgetCanvas, "setBackgroundResource", iconId); + } final Intent msg = new Intent(context, StatusWidget.class); msg.setAction(Api.TOGGLE_REQUEST_MSG); final PendingIntent intent = PendingIntent.getBroadcast(context, -1, msg, PendingIntent.FLAG_IMMUTABLE); views.setOnClickPendingIntent(R.id.widgetCanvas, intent); manager.updateAppWidget(widgetIds, views); + + // Auto-revert to final state after 1 second + android.os.Handler handler = new android.os.Handler(android.os.Looper.getMainLooper()); + handler.postDelayed(() -> { + showWidget(context, manager, widgetIds, finalState); + }, 1000); } } diff --git a/app/src/main/res/anim/widget_pulse.xml b/app/src/main/res/anim/widget_pulse.xml new file mode 100644 index 000000000..9a3d2654e --- /dev/null +++ b/app/src/main/res/anim/widget_pulse.xml @@ -0,0 +1,20 @@ + + + + + + + + \ No newline at end of file diff --git a/app/src/main/res/anim/widget_scale_in.xml b/app/src/main/res/anim/widget_scale_in.xml new file mode 100644 index 000000000..4a1a6df8b --- /dev/null +++ b/app/src/main/res/anim/widget_scale_in.xml @@ -0,0 +1,19 @@ + + + + + + + + \ No newline at end of file diff --git a/app/src/main/res/drawable/card_border.xml b/app/src/main/res/drawable/card_border.xml new file mode 100644 index 000000000..7581dae0b --- /dev/null +++ b/app/src/main/res/drawable/card_border.xml @@ -0,0 +1,9 @@ + + + + + + \ No newline at end of file diff --git a/app/src/main/res/drawable/circle_background.xml b/app/src/main/res/drawable/circle_background.xml new file mode 100644 index 000000000..3953e54ba --- /dev/null +++ b/app/src/main/res/drawable/circle_background.xml @@ -0,0 +1,5 @@ + + + + \ No newline at end of file diff --git a/app/src/main/res/drawable/ic_block_black_24dp.xml b/app/src/main/res/drawable/ic_block_black_24dp.xml index 6119526db..2cc82ad43 100644 --- a/app/src/main/res/drawable/ic_block_black_24dp.xml +++ b/app/src/main/res/drawable/ic_block_black_24dp.xml @@ -1,9 +1,9 @@ - + + android:pathData="M10,1a9,9 0,1 0,9 9a9,9 0,0 0,-9 -9m5,10H5V9h10z" + android:fillColor="#FFFFFF"/> diff --git a/app/src/main/res/drawable/ic_notifications_off_black_24dp.xml b/app/src/main/res/drawable/ic_notifications_off_black_24dp.xml new file mode 100644 index 000000000..a7916a849 --- /dev/null +++ b/app/src/main/res/drawable/ic_notifications_off_black_24dp.xml @@ -0,0 +1,10 @@ + + + + \ No newline at end of file diff --git a/app/src/main/res/drawable/ic_notifications_on_black_24dp.xml b/app/src/main/res/drawable/ic_notifications_on_black_24dp.xml new file mode 100644 index 000000000..838c288fc --- /dev/null +++ b/app/src/main/res/drawable/ic_notifications_on_black_24dp.xml @@ -0,0 +1,10 @@ + + + + \ No newline at end of file diff --git a/app/src/main/res/drawable/ic_open_in_new_black_24dp.xml b/app/src/main/res/drawable/ic_open_in_new_black_24dp.xml new file mode 100644 index 000000000..ecadb900e --- /dev/null +++ b/app/src/main/res/drawable/ic_open_in_new_black_24dp.xml @@ -0,0 +1,10 @@ + + + + \ No newline at end of file diff --git a/app/src/main/res/drawable/text_background_rounded.xml b/app/src/main/res/drawable/text_background_rounded.xml new file mode 100644 index 000000000..7581dae0b --- /dev/null +++ b/app/src/main/res/drawable/text_background_rounded.xml @@ -0,0 +1,9 @@ + + + + + + \ No newline at end of file diff --git a/app/src/main/res/drawable/widget_disabling.xml b/app/src/main/res/drawable/widget_disabling.xml new file mode 100644 index 000000000..667d464de --- /dev/null +++ b/app/src/main/res/drawable/widget_disabling.xml @@ -0,0 +1,13 @@ + + + + + + + + + + + + + \ No newline at end of file diff --git a/app/src/main/res/drawable/widget_enabling.xml b/app/src/main/res/drawable/widget_enabling.xml new file mode 100644 index 000000000..ed4d41c40 --- /dev/null +++ b/app/src/main/res/drawable/widget_enabling.xml @@ -0,0 +1,13 @@ + + + + + + + + + + + + + \ No newline at end of file diff --git a/app/src/main/res/drawable/widget_error.xml b/app/src/main/res/drawable/widget_error.xml new file mode 100644 index 000000000..40f28f319 --- /dev/null +++ b/app/src/main/res/drawable/widget_error.xml @@ -0,0 +1,13 @@ + + + + + + + + + + + + + \ No newline at end of file diff --git a/app/src/main/res/drawable/widget_success.xml b/app/src/main/res/drawable/widget_success.xml new file mode 100644 index 000000000..b7a91d222 --- /dev/null +++ b/app/src/main/res/drawable/widget_success.xml @@ -0,0 +1,13 @@ + + + + + + + + + + + + + \ No newline at end of file diff --git a/app/src/main/res/layout/app_detail.xml b/app/src/main/res/layout/app_detail.xml index 383e93c11..6c92d4b85 100644 --- a/app/src/main/res/layout/app_detail.xml +++ b/app/src/main/res/layout/app_detail.xml @@ -21,7 +21,9 @@ android:id="@+id/app_icon" android:layout_width="38.0dip" android:layout_height="38.0dip" - android:layout_gravity="center_vertical" /> + android:layout_gravity="center_vertical" + android:scaleType="fitCenter" + android:background="?android:attr/selectableItemBackground" /> + android:background="?attr/colorPrimary" /> - + - - - - - - - - + + - + - + + + + + + + + + + + + + + + + + + - + + - + + + + + + + + + + + + + + + + + + - + + + android:orientation="horizontal" + android:gravity="end" + android:padding="12dp" + android:background="?attr/itemBackground" + android:elevation="4dp"> + android:layout_marginEnd="8dp" + android:text="@android:string/cancel" + android:background="?android:attr/selectableItemBackground" + android:textColor="?android:attr/textColorSecondary" + style="?android:attr/buttonBarButtonStyle" /> + android:text="@android:string/ok" + android:backgroundTint="?attr/colorPrimary" + android:textColor="@android:color/white" + style="?android:attr/buttonBarButtonStyle" /> + diff --git a/app/src/main/res/layout/help_about.xml b/app/src/main/res/layout/help_about.xml index 51e8f9bb0..0dc597827 100644 --- a/app/src/main/res/layout/help_about.xml +++ b/app/src/main/res/layout/help_about.xml @@ -1,9 +1,8 @@ - @@ -14,16 +13,536 @@ android:background="?attr/colorPrimary" android:minHeight="?attr/actionBarSize" /> - + android:layout_height="match_parent" + android:fillViewport="true"> - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/app/src/main/res/layout/help_about_content.xml b/app/src/main/res/layout/help_about_content.xml index f8503310e..d4aa2c20d 100644 --- a/app/src/main/res/layout/help_about_content.xml +++ b/app/src/main/res/layout/help_about_content.xml @@ -1,25 +1,289 @@ - + android:layout_width="match_parent" + android:layout_height="match_parent" + android:fillViewport="true"> - - + + + + + + + + + + + + + + + + + + + + + + + + + + + app:cardCornerRadius="16dp" + app:cardElevation="2dp" + android:layout_marginBottom="24dp"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - \ No newline at end of file + \ No newline at end of file diff --git a/app/src/main/res/layout/help_faq_content.xml b/app/src/main/res/layout/help_faq_content.xml deleted file mode 100644 index fa1b10da2..000000000 --- a/app/src/main/res/layout/help_faq_content.xml +++ /dev/null @@ -1,32 +0,0 @@ - - - - - - - - - - - - - \ No newline at end of file diff --git a/app/src/main/res/layout/help_legend_section.xml b/app/src/main/res/layout/help_legend_section.xml new file mode 100644 index 000000000..e94422a10 --- /dev/null +++ b/app/src/main/res/layout/help_legend_section.xml @@ -0,0 +1,607 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/app/src/main/res/layout/legend.xml b/app/src/main/res/layout/legend.xml index 26e237a81..ce0713237 100644 --- a/app/src/main/res/layout/legend.xml +++ b/app/src/main/res/layout/legend.xml @@ -1,298 +1,671 @@ - + android:fillViewport="true"> - - - - - - - + android:orientation="vertical" + android:padding="24dp"> + + android:orientation="horizontal" + android:gravity="center_vertical" + android:layout_marginBottom="24dp"> - + + android:layout_gravity="center" + android:src="@drawable/ic_launcher" + android:scaleType="centerInside" + app:tint="@android:color/white" /> - - + - - + android:layout_weight="1" + android:orientation="vertical" + android:layout_marginStart="16dp"> - - - - - + android:text="@string/menu_legend" + android:textAppearance="?android:attr/textAppearanceLarge" + android:textColor="?android:attr/textColorPrimary" /> - + android:text="Icon meanings and functions" + android:textAppearance="?android:attr/textAppearanceSmall" + android:textColor="?android:attr/textColorSecondary" + android:layout_marginTop="2dp" /> - - - - - + - - - - - - + + - - + android:orientation="vertical" + android:padding="20dp"> - - - - - - - + + - - - - - + android:orientation="vertical"> - + - - - - - - - + + + + + + + + + + + + + + + + + + - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + android:orientation="horizontal" + android:gravity="center_vertical" + android:paddingVertical="12dp"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + android:orientation="vertical" + android:padding="20dp"> + android:text="Actions" + android:textAppearance="?attr/textAppearanceSubtitle1" + android:textStyle="bold" + android:textColor="?attr/colorAccent" + android:layout_marginBottom="16dp" /> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + + diff --git a/app/src/main/res/layout/log_detail_summary.xml b/app/src/main/res/layout/log_detail_summary.xml new file mode 100644 index 000000000..c072cad2d --- /dev/null +++ b/app/src/main/res/layout/log_detail_summary.xml @@ -0,0 +1,138 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/app/src/main/res/layout/logdetail_recycle_item.xml b/app/src/main/res/layout/logdetail_recycle_item.xml index 27cef7836..6b1ae1dd2 100644 --- a/app/src/main/res/layout/logdetail_recycle_item.xml +++ b/app/src/main/res/layout/logdetail_recycle_item.xml @@ -1,75 +1,199 @@ + android:layout_marginBottom="2dp" + android:layout_marginLeft="8dp" + android:layout_marginRight="8dp" + android:layout_marginTop="4dp" + card_view:cardCornerRadius="8dp" + card_view:cardElevation="3dp" + card_view:cardUseCompatPadding="true"> - - - - + + + + + + + + + - - + + android:orientation="horizontal" + android:gravity="center_vertical"> - + - + + + - + + android:orientation="vertical" + android:layout_marginTop="8dp"> - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + + + + \ No newline at end of file diff --git a/app/src/main/res/layout/logdetail_view.xml b/app/src/main/res/layout/logdetail_view.xml index dd1f2b7da..13331da25 100644 --- a/app/src/main/res/layout/logdetail_view.xml +++ b/app/src/main/res/layout/logdetail_view.xml @@ -28,11 +28,40 @@ android:layout_width="match_parent" android:layout_height="match_parent"> - + android:layout_height="match_parent"> + + + + + + + + + + + + + diff --git a/app/src/main/res/layout/main_list.xml b/app/src/main/res/layout/main_list.xml index b22af234d..f74640991 100644 --- a/app/src/main/res/layout/main_list.xml +++ b/app/src/main/res/layout/main_list.xml @@ -2,12 +2,12 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/app/src/main/res/layout/main_list_old.xml b/app/src/main/res/layout/main_list_old.xml index 05ed5f373..312802873 100644 --- a/app/src/main/res/layout/main_list_old.xml +++ b/app/src/main/res/layout/main_list_old.xml @@ -2,79 +2,184 @@ - - - - - - - - - - - - - - - - - - + android:layout_height="wrap_content" + android:orientation="vertical"> + - - + + - - + + - + + + + + + + + + + + + + + + + + + + + + + + - + android:orientation="vertical" + android:padding="12dp" + android:background="?android:attr/selectableItemBackground" + android:visibility="gone"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/app/src/main/res/layout/preference_seekbar.xml b/app/src/main/res/layout/preference_seekbar.xml new file mode 100644 index 000000000..be7e9a701 --- /dev/null +++ b/app/src/main/res/layout/preference_seekbar.xml @@ -0,0 +1,60 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/app/src/main/res/layout/rules_modern.xml b/app/src/main/res/layout/rules_modern.xml new file mode 100644 index 000000000..8c07d2d0e --- /dev/null +++ b/app/src/main/res/layout/rules_modern.xml @@ -0,0 +1,326 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/app/src/main/res/menu/menu_bar.xml b/app/src/main/res/menu/menu_bar.xml index 48962abd9..50fbff518 100644 --- a/app/src/main/res/menu/menu_bar.xml +++ b/app/src/main/res/menu/menu_bar.xml @@ -108,11 +108,6 @@ android:icon="@drawable/ic_import" android:title="@string/imports" app:showAsAction="always" /> - Dark Light (Donate) + Light High Contrast (Donate) Black (Donate) D L + LHC B diff --git a/app/src/main/res/values/attrs.xml b/app/src/main/res/values/attrs.xml index e2537b0c4..1e546adca 100644 --- a/app/src/main/res/values/attrs.xml +++ b/app/src/main/res/values/attrs.xml @@ -5,4 +5,10 @@ + + + + + + \ No newline at end of file diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml index 27375320d..36c767499 100644 --- a/app/src/main/res/values/strings.xml +++ b/app/src/main/res/values/strings.xml @@ -160,6 +160,9 @@ Log disabled Log target change succesful Log target change failed + Change Log Target + You are switching from %1$s to %2$s.\n\nThis will restart the log service which may cause a brief interruption in logging. Do you want to continue? + Log target changed to %1$s successfully Error toggling log status Error: Kernel is missing LOG/NFLOG support Log cleared @@ -389,6 +392,9 @@ This feature is available only in the donate version/Unlocker + Donate Only + Note: While you can export rules and preferences for free, importing them back requires the donate version. Continue with export? + Note: This will export your rules, profile settings, and preferences. You can import this backup later since you have the donate version. Continue with export? Purchase donate version or Unlocker tap to unlock donate You can now use donate features. @@ -605,6 +611,10 @@ Display resolved hostname from DNS (Donate feature/Need INTERNET access to AFWall+) Show hostname Host: + Connection Blocked + Size: %s + %dx blocked + via %s Whitelist afwall+ doze AFWall+ needs to run in the background and apply rules when there is a connectivity change. Please remove/ignore AFWall+ from battery optimization/Doze preference. Firewall Service @@ -614,6 +624,8 @@ Hide Firewall Issue Log Notification + Firewall log monitoring active + Log monitoring Themes UI Theme @@ -635,9 +647,27 @@ Starting Log service Stopping Log service Please select log target first - Opening log watcher... + Opening log watcher… Started Log service Successfully! Unable to clone Add Delay Apply rules with 1sec delay. + Network change delay + Delay rule application when network changes frequently (seconds) + Ready + Loading iptables rules… + Network Interfaces + System Information + + Loading… + Loading system info… + Loading network info… + Finalizing… + IPv4 Rules + IPv6 Rules + Application Log + Custom Startup Script + Custom Shutdown Script + Enter iptables commands to execute on firewall startup + Enter iptables commands to execute on firewall shutdown diff --git a/app/src/main/res/values/styles.xml b/app/src/main/res/values/styles.xml index 13cc6068c..ad169f953 100644 --- a/app/src/main/res/values/styles.xml +++ b/app/src/main/res/values/styles.xml @@ -33,6 +33,40 @@ @color/black + + + + + +