package com.reactsocks.vpnforegroundservice;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see .
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.ContentValues;
import android.content.Context;
import android.content.SharedPreferences;
import android.database.Cursor;
import android.database.sqlite.SQLiteDatabase;
import android.database.sqlite.SQLiteDoneException;
import android.database.sqlite.SQLiteOpenHelper;
import android.os.Handler;
import android.os.HandlerThread;
import android.os.Message;
import android.preference.PreferenceManager;
import android.util.Log;
import java.io.File;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.ReentrantReadWriteLock;
public class DatabaseHelper extends SQLiteOpenHelper {
private static final String TAG = "NetGuard.Database";
private static final String DB_NAME = "Netguard";
private static final int DB_VERSION = 21;
private static boolean once = true;
private static List logChangedListeners = new ArrayList<>();
private static List accessChangedListeners = new ArrayList<>();
private static List forwardChangedListeners = new ArrayList<>();
private static HandlerThread hthread = null;
private static Handler handler = null;
private static final Map mapUidHosts = new HashMap<>();
private final static int MSG_LOG = 1;
private final static int MSG_ACCESS = 2;
private final static int MSG_FORWARD = 3;
private SharedPreferences prefs;
private ReentrantReadWriteLock lock = new ReentrantReadWriteLock(true);
static {
hthread = new HandlerThread("DatabaseHelper");
hthread.start();
handler = new Handler(hthread.getLooper()) {
@Override
public void handleMessage(Message msg) {
handleChangedNotification(msg);
}
};
}
private static DatabaseHelper dh = null;
public static DatabaseHelper getInstance(Context context) {
if (dh == null)
dh = new DatabaseHelper(context.getApplicationContext());
return dh;
}
public static void clearCache() {
synchronized (mapUidHosts) {
mapUidHosts.clear();
}
}
@Override
public void close() {
Log.w(TAG, "Database is being closed");
}
private DatabaseHelper(Context context) {
super(context, DB_NAME, null, DB_VERSION);
prefs = PreferenceManager.getDefaultSharedPreferences(context);
if (!once) {
once = true;
File dbfile = context.getDatabasePath(DB_NAME);
if (dbfile.exists()) {
Log.w(TAG, "Deleting " + dbfile);
dbfile.delete();
}
File dbjournal = context.getDatabasePath(DB_NAME + "-journal");
if (dbjournal.exists()) {
Log.w(TAG, "Deleting " + dbjournal);
dbjournal.delete();
}
}
}
@Override
public void onCreate(SQLiteDatabase db) {
Log.i(TAG, "Creating database " + DB_NAME + " version " + DB_VERSION);
createTableLog(db);
createTableAccess(db);
createTableDns(db);
createTableForward(db);
createTableApp(db);
}
@Override
public void onConfigure(SQLiteDatabase db) {
db.enableWriteAheadLogging();
super.onConfigure(db);
}
private void createTableLog(SQLiteDatabase db) {
Log.i(TAG, "Creating log table");
db.execSQL("CREATE TABLE log (" +
" ID INTEGER PRIMARY KEY AUTOINCREMENT" +
", time INTEGER NOT NULL" +
", version INTEGER" +
", protocol INTEGER" +
", flags TEXT" +
", saddr TEXT" +
", sport INTEGER" +
", daddr TEXT" +
", dport INTEGER" +
", dname TEXT" +
", uid INTEGER" +
", data TEXT" +
", allowed INTEGER" +
", connection INTEGER" +
", interactive INTEGER" +
");");
db.execSQL("CREATE INDEX idx_log_time ON log(time)");
db.execSQL("CREATE INDEX idx_log_dest ON log(daddr)");
db.execSQL("CREATE INDEX idx_log_dname ON log(dname)");
db.execSQL("CREATE INDEX idx_log_dport ON log(dport)");
db.execSQL("CREATE INDEX idx_log_uid ON log(uid)");
}
private void createTableAccess(SQLiteDatabase db) {
Log.i(TAG, "Creating access table");
db.execSQL("CREATE TABLE access (" +
" ID INTEGER PRIMARY KEY AUTOINCREMENT" +
", uid INTEGER NOT NULL" +
", version INTEGER NOT NULL" +
", protocol INTEGER NOT NULL" +
", daddr TEXT NOT NULL" +
", dport INTEGER NOT NULL" +
", time INTEGER NOT NULL" +
", allowed INTEGER" +
", block INTEGER NOT NULL" +
", sent INTEGER" +
", received INTEGER" +
", connections INTEGER" +
");");
db.execSQL("CREATE UNIQUE INDEX idx_access ON access(uid, version, protocol, daddr, dport)");
db.execSQL("CREATE INDEX idx_access_daddr ON access(daddr)");
db.execSQL("CREATE INDEX idx_access_block ON access(block)");
}
private void createTableDns(SQLiteDatabase db) {
Log.i(TAG, "Creating dns table");
db.execSQL("CREATE TABLE dns (" +
" ID INTEGER PRIMARY KEY AUTOINCREMENT" +
", time INTEGER NOT NULL" +
", qname TEXT NOT NULL" +
", aname TEXT NOT NULL" +
", resource TEXT NOT NULL" +
", ttl INTEGER" +
");");
db.execSQL("CREATE UNIQUE INDEX idx_dns ON dns(qname, aname, resource)");
db.execSQL("CREATE INDEX idx_dns_resource ON dns(resource)");
}
private void createTableForward(SQLiteDatabase db) {
Log.i(TAG, "Creating forward table");
db.execSQL("CREATE TABLE forward (" +
" ID INTEGER PRIMARY KEY AUTOINCREMENT" +
", protocol INTEGER NOT NULL" +
", dport INTEGER NOT NULL" +
", raddr TEXT NOT NULL" +
", rport INTEGER NOT NULL" +
", ruid INTEGER NOT NULL" +
");");
db.execSQL("CREATE UNIQUE INDEX idx_forward ON forward(protocol, dport)");
}
private void createTableApp(SQLiteDatabase db) {
Log.i(TAG, "Creating app table");
db.execSQL("CREATE TABLE app (" +
" ID INTEGER PRIMARY KEY AUTOINCREMENT" +
", package TEXT" +
", label TEXT" +
", system INTEGER NOT NULL" +
", internet INTEGER NOT NULL" +
", enabled INTEGER NOT NULL" +
");");
db.execSQL("CREATE UNIQUE INDEX idx_package ON app(package)");
}
private boolean columnExists(SQLiteDatabase db, String table, String column) {
Cursor cursor = null;
try {
cursor = db.rawQuery("SELECT * FROM " + table + " LIMIT 0", null);
return (cursor.getColumnIndex(column) >= 0);
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
return false;
} finally {
if (cursor != null)
cursor.close();
}
}
@Override
public void onUpgrade(SQLiteDatabase db, int oldVersion, int newVersion) {
Log.i(TAG, DB_NAME + " upgrading from version " + oldVersion + " to " + newVersion);
db.beginTransaction();
try {
if (oldVersion < 2) {
if (!columnExists(db, "log", "version"))
db.execSQL("ALTER TABLE log ADD COLUMN version INTEGER");
if (!columnExists(db, "log", "protocol"))
db.execSQL("ALTER TABLE log ADD COLUMN protocol INTEGER");
if (!columnExists(db, "log", "uid"))
db.execSQL("ALTER TABLE log ADD COLUMN uid INTEGER");
oldVersion = 2;
}
if (oldVersion < 3) {
if (!columnExists(db, "log", "port"))
db.execSQL("ALTER TABLE log ADD COLUMN port INTEGER");
if (!columnExists(db, "log", "flags"))
db.execSQL("ALTER TABLE log ADD COLUMN flags TEXT");
oldVersion = 3;
}
if (oldVersion < 4) {
if (!columnExists(db, "log", "connection"))
db.execSQL("ALTER TABLE log ADD COLUMN connection INTEGER");
oldVersion = 4;
}
if (oldVersion < 5) {
if (!columnExists(db, "log", "interactive"))
db.execSQL("ALTER TABLE log ADD COLUMN interactive INTEGER");
oldVersion = 5;
}
if (oldVersion < 6) {
if (!columnExists(db, "log", "allowed"))
db.execSQL("ALTER TABLE log ADD COLUMN allowed INTEGER");
oldVersion = 6;
}
if (oldVersion < 7) {
db.execSQL("DROP TABLE log");
createTableLog(db);
oldVersion = 8;
}
if (oldVersion < 8) {
if (!columnExists(db, "log", "data"))
db.execSQL("ALTER TABLE log ADD COLUMN data TEXT");
db.execSQL("DROP INDEX idx_log_source");
db.execSQL("DROP INDEX idx_log_dest");
db.execSQL("CREATE INDEX idx_log_source ON log(saddr)");
db.execSQL("CREATE INDEX idx_log_dest ON log(daddr)");
db.execSQL("CREATE INDEX IF NOT EXISTS idx_log_uid ON log(uid)");
oldVersion = 8;
}
if (oldVersion < 9) {
createTableAccess(db);
oldVersion = 9;
}
if (oldVersion < 10) {
db.execSQL("DROP TABLE log");
db.execSQL("DROP TABLE access");
createTableLog(db);
createTableAccess(db);
oldVersion = 10;
}
if (oldVersion < 12) {
db.execSQL("DROP TABLE access");
createTableAccess(db);
oldVersion = 12;
}
if (oldVersion < 13) {
db.execSQL("CREATE INDEX IF NOT EXISTS idx_log_dport ON log(dport)");
db.execSQL("CREATE INDEX IF NOT EXISTS idx_log_dname ON log(dname)");
oldVersion = 13;
}
if (oldVersion < 14) {
createTableDns(db);
oldVersion = 14;
}
if (oldVersion < 15) {
db.execSQL("DROP TABLE access");
createTableAccess(db);
oldVersion = 15;
}
if (oldVersion < 16) {
createTableForward(db);
oldVersion = 16;
}
if (oldVersion < 17) {
if (!columnExists(db, "access", "sent"))
db.execSQL("ALTER TABLE access ADD COLUMN sent INTEGER");
if (!columnExists(db, "access", "received"))
db.execSQL("ALTER TABLE access ADD COLUMN received INTEGER");
oldVersion = 17;
}
if (oldVersion < 18) {
db.execSQL("CREATE INDEX IF NOT EXISTS idx_access_block ON access(block)");
db.execSQL("DROP INDEX idx_dns");
db.execSQL("CREATE UNIQUE INDEX IF NOT EXISTS idx_dns ON dns(qname, aname, resource)");
db.execSQL("CREATE INDEX IF NOT EXISTS idx_dns_resource ON dns(resource)");
oldVersion = 18;
}
if (oldVersion < 19) {
if (!columnExists(db, "access", "connections"))
db.execSQL("ALTER TABLE access ADD COLUMN connections INTEGER");
oldVersion = 19;
}
if (oldVersion < 20) {
db.execSQL("CREATE INDEX IF NOT EXISTS idx_access_daddr ON access(daddr)");
oldVersion = 20;
}
if (oldVersion < 21) {
createTableApp(db);
oldVersion = 21;
}
if (oldVersion == DB_VERSION) {
db.setVersion(oldVersion);
db.setTransactionSuccessful();
Log.i(TAG, DB_NAME + " upgraded to " + DB_VERSION);
} else
throw new IllegalArgumentException(DB_NAME + " upgraded to " + oldVersion + " but required " + DB_VERSION);
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
} finally {
db.endTransaction();
}
}
public long getHostCount(int uid, boolean usecache) {
if (usecache)
synchronized (mapUidHosts) {
if (mapUidHosts.containsKey(uid))
return mapUidHosts.get(uid);
}
lock.readLock().lock();
try {
SQLiteDatabase db = this.getReadableDatabase();
// There is a segmented index on uid
// There is an index on block
long hosts = db.compileStatement("SELECT COUNT(*) FROM access WHERE block >= 0 AND uid =" + uid).simpleQueryForLong();
synchronized (mapUidHosts) {
mapUidHosts.put(uid, hosts);
}
return hosts;
} finally {
lock.readLock().unlock();
}
}
// DNS
public boolean insertDns(ResourceRecord rr) {
lock.writeLock().lock();
try {
SQLiteDatabase db = this.getWritableDatabase();
db.beginTransactionNonExclusive();
try {
int ttl = rr.TTL;
int min = Integer.parseInt(prefs.getString("ttl", "259200"));
if (ttl < min)
ttl = min;
ContentValues cv = new ContentValues();
cv.put("time", rr.Time);
cv.put("ttl", ttl * 1000L);
int rows = db.update("dns", cv, "qname = ? AND aname = ? AND resource = ?",
new String[]{rr.QName, rr.AName, rr.Resource});
if (rows == 0) {
cv.put("qname", rr.QName);
cv.put("aname", rr.AName);
cv.put("resource", rr.Resource);
if (db.insert("dns", null, cv) == -1)
Log.e(TAG, "Insert dns failed");
else
rows = 1;
} else if (rows != 1)
Log.e(TAG, "Update dns failed rows=" + rows);
db.setTransactionSuccessful();
return (rows > 0);
} finally {
db.endTransaction();
}
} finally {
lock.writeLock().unlock();
}
}
public void cleanupDns() {
lock.writeLock().lock();
try {
SQLiteDatabase db = this.getWritableDatabase();
db.beginTransactionNonExclusive();
try {
// There is no index on time for write performance
long now = new Date().getTime();
db.execSQL("DELETE FROM dns WHERE time + ttl < " + now);
Log.i(TAG, "Cleanup DNS");
db.setTransactionSuccessful();
} finally {
db.endTransaction();
}
} finally {
lock.writeLock().unlock();
}
}
public void clearDns() {
lock.writeLock().lock();
try {
SQLiteDatabase db = this.getWritableDatabase();
db.beginTransactionNonExclusive();
try {
db.delete("dns", null, new String[]{});
db.setTransactionSuccessful();
} finally {
db.endTransaction();
}
} finally {
lock.writeLock().unlock();
}
}
public String getQName(int uid, String ip) {
lock.readLock().lock();
try {
SQLiteDatabase db = this.getReadableDatabase();
// There is a segmented index on resource
String query = "SELECT d.qname";
query += " FROM dns AS d";
query += " WHERE d.resource = '" + ip.replace("'", "''") + "'";
query += " ORDER BY d.qname";
query += " LIMIT 1";
// There is no way to known for sure which domain name an app used, so just pick the first one
return db.compileStatement(query).simpleQueryForString();
} catch (SQLiteDoneException ignored) {
// Not found
return null;
} finally {
lock.readLock().unlock();
}
}
public Cursor getAlternateQNames(String qname) {
lock.readLock().lock();
try {
SQLiteDatabase db = this.getReadableDatabase();
String query = "SELECT DISTINCT d2.qname";
query += " FROM dns d1";
query += " JOIN dns d2";
query += " ON d2.resource = d1.resource AND d2.id <> d1.id";
query += " WHERE d1.qname = ?";
query += " ORDER BY d2.qname";
return db.rawQuery(query, new String[]{qname});
} finally {
lock.readLock().unlock();
}
}
public Cursor getDns() {
lock.readLock().lock();
try {
SQLiteDatabase db = this.getReadableDatabase();
// There is an index on resource
// There is a segmented index on qname
String query = "SELECT ID AS _id, *";
query += " FROM dns";
query += " ORDER BY resource, qname";
return db.rawQuery(query, new String[]{});
} finally {
lock.readLock().unlock();
}
}
public Cursor getAccessDns(String dname) {
long now = new Date().getTime();
lock.readLock().lock();
try {
SQLiteDatabase db = this.getReadableDatabase();
// There is a segmented index on dns.qname
// There is an index on access.daddr and access.block
String query = "SELECT a.uid, a.version, a.protocol, a.daddr, d.resource, a.dport, a.block, d.time, d.ttl";
query += " FROM access AS a";
query += " LEFT JOIN dns AS d";
query += " ON d.qname = a.daddr";
query += " WHERE a.block >= 0";
query += " AND (d.time IS NULL OR d.time + d.ttl >= " + now + ")";
if (dname != null)
query += " AND a.daddr = ?";
return db.rawQuery(query, dname == null ? new String[]{} : new String[]{dname});
} finally {
lock.readLock().unlock();
}
}
// Forward
public void addForward(int protocol, int dport, String raddr, int rport, int ruid) {
lock.writeLock().lock();
try {
SQLiteDatabase db = this.getWritableDatabase();
db.beginTransactionNonExclusive();
try {
ContentValues cv = new ContentValues();
cv.put("protocol", protocol);
cv.put("dport", dport);
cv.put("raddr", raddr);
cv.put("rport", rport);
cv.put("ruid", ruid);
if (db.insert("forward", null, cv) < 0)
Log.e(TAG, "Insert forward failed");
db.setTransactionSuccessful();
} finally {
db.endTransaction();
}
} finally {
lock.writeLock().unlock();
}
notifyForwardChanged();
}
public void deleteForward() {
lock.writeLock().lock();
try {
SQLiteDatabase db = this.getWritableDatabase();
db.beginTransactionNonExclusive();
try {
db.delete("forward", null, null);
db.setTransactionSuccessful();
} finally {
db.endTransaction();
}
} finally {
lock.writeLock().unlock();
}
notifyForwardChanged();
}
public void deleteForward(int protocol, int dport) {
lock.writeLock().lock();
try {
SQLiteDatabase db = this.getWritableDatabase();
db.beginTransactionNonExclusive();
try {
db.delete("forward", "protocol = ? AND dport = ?",
new String[]{Integer.toString(protocol), Integer.toString(dport)});
db.setTransactionSuccessful();
} finally {
db.endTransaction();
}
} finally {
lock.writeLock().unlock();
}
notifyForwardChanged();
}
public Cursor getForwarding() {
lock.readLock().lock();
try {
SQLiteDatabase db = this.getReadableDatabase();
String query = "SELECT ID AS _id, *";
query += " FROM forward";
query += " ORDER BY dport";
return db.rawQuery(query, new String[]{});
} finally {
lock.readLock().unlock();
}
}
public void addApp(String packageName, String label, boolean system, boolean internet, boolean enabled) {
lock.writeLock().lock();
try {
SQLiteDatabase db = this.getWritableDatabase();
db.beginTransactionNonExclusive();
try {
ContentValues cv = new ContentValues();
cv.put("package", packageName);
if (label == null)
cv.putNull("label");
else
cv.put("label", label);
cv.put("system", system ? 1 : 0);
cv.put("internet", internet ? 1 : 0);
cv.put("enabled", enabled ? 1 : 0);
if (db.insert("app", null, cv) < 0)
Log.e(TAG, "Insert app failed");
db.setTransactionSuccessful();
} finally {
db.endTransaction();
}
} finally {
lock.writeLock().unlock();
}
}
public Cursor getApp(String packageName) {
lock.readLock().lock();
try {
SQLiteDatabase db = this.getReadableDatabase();
// There is an index on package
String query = "SELECT * FROM app WHERE package = ?";
return db.rawQuery(query, new String[]{packageName});
} finally {
lock.readLock().unlock();
}
}
public void clearApps() {
lock.writeLock().lock();
try {
SQLiteDatabase db = this.getWritableDatabase();
db.beginTransactionNonExclusive();
try {
db.delete("app", null, null);
db.setTransactionSuccessful();
} finally {
db.endTransaction();
}
} finally {
lock.writeLock().unlock();
}
}
public void addLogChangedListener(LogChangedListener listener) {
logChangedListeners.add(listener);
}
public void removeLogChangedListener(LogChangedListener listener) {
logChangedListeners.remove(listener);
}
public void addAccessChangedListener(AccessChangedListener listener) {
accessChangedListeners.add(listener);
}
public void removeAccessChangedListener(AccessChangedListener listener) {
accessChangedListeners.remove(listener);
}
public void addForwardChangedListener(ForwardChangedListener listener) {
forwardChangedListeners.add(listener);
}
public void removeForwardChangedListener(ForwardChangedListener listener) {
forwardChangedListeners.remove(listener);
}
private void notifyLogChanged() {
Message msg = handler.obtainMessage();
msg.what = MSG_LOG;
handler.sendMessage(msg);
}
private void notifyAccessChanged() {
Message msg = handler.obtainMessage();
msg.what = MSG_ACCESS;
handler.sendMessage(msg);
}
private void notifyForwardChanged() {
Message msg = handler.obtainMessage();
msg.what = MSG_FORWARD;
handler.sendMessage(msg);
}
private static void handleChangedNotification(Message msg) {
// Batch notifications
try {
Thread.sleep(1000);
if (handler.hasMessages(msg.what))
handler.removeMessages(msg.what);
} catch (InterruptedException ignored) {
}
// Notify listeners
if (msg.what == MSG_LOG) {
for (LogChangedListener listener : logChangedListeners)
try {
listener.onChanged();
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
} else if (msg.what == MSG_ACCESS) {
for (AccessChangedListener listener : accessChangedListeners)
try {
listener.onChanged();
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
} else if (msg.what == MSG_FORWARD) {
for (ForwardChangedListener listener : forwardChangedListeners)
try {
listener.onChanged();
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
}
public interface LogChangedListener {
void onChanged();
}
public interface AccessChangedListener {
void onChanged();
}
public interface ForwardChangedListener {
void onChanged();
}
}