package com.anpo.gbz.util;

import android.content.Context;
import android.os.Process;
import com.anpo.gbz.SQLHelper.DBHelper;
import com.anpo.gbz.bean.AccessUid;
import java.util.List;

/* loaded from: classes.dex */
public class Firewall {
    public static boolean applyIptablesRules(Context context, List<AccessUid> list) {
        if (context == null) {
            return false;
        }
        try {
            return RootExecUtil.runScriptAsRoot(context, createIptablesRules(context, list).toString(), new StringBuilder()) == 0;
        } catch (Exception e) {
            return false;
        }
    }

    public static StringBuilder createIptablesRules(Context context, List<AccessUid> list) {
        RootExecUtil.assertBinaries(context, false);
        String[] strArr = {"tiwlan+", "wlan+", "eth+", "ra+"};
        String[] strArr2 = {"rmnet+", "pdp+", "ppp+", "uwbr+", "wimax+", "vsnet+", "ccmni+", "usb+"};
        StringBuilder sb = new StringBuilder();
        try {
            sb.append(scriptHeader(context));
            sb.append("$IPTABLES --version || exit 1\n# Create the kaba chains if necessary\n$IPTABLES -L kaba >/dev/null 2>/dev/null || $IPTABLES --new kaba || exit 2\n$IPTABLES -L kaba-3g >/dev/null 2>/dev/null || $IPTABLES --new kaba-3g || exit 3\n$IPTABLES -L kaba-wifi >/dev/null 2>/dev/null || $IPTABLES --new kaba-wifi || exit 4\n$IPTABLES -L kaba-reject >/dev/null 2>/dev/null || $IPTABLES --new kaba-reject || exit 5\n# Add droidwall chain to OUTPUT chain if necessary\n$IPTABLES -L OUTPUT | $GREP -q kaba || $IPTABLES -A OUTPUT -j kaba || exit 6\n# Flush existing rules\n$IPTABLES -F kaba || exit 7\n$IPTABLES -F kaba-3g || exit 8\n$IPTABLES -F kaba-wifi || exit 9\n$IPTABLES -F kaba-reject || exit 10\n");
            sb.append("# Create the log and reject rules (ignore errors on the LOG target just in case it is not available)\n#$IPTABLES -A kaba-reject -j LOG --log-prefix \"[DROIDWALL] \" --log-uid\n$IPTABLES -A kaba-reject -j REJECT || exit 11\n");
            if ("".length() > 0) {
                sb.append("\n# BEGIN OF CUSTOM SCRIPT (user-defined)\n");
                sb.append("");
                sb.append("\n# END OF CUSTOM SCRIPT (user-defined)\n\n");
            }
            sb.append("# Allow DNS lookups on white-list for a better logging (ignore errors)\n");
            sb.append("$IPTABLES -A kaba -p udp --dport 53 -j RETURN\n");
            sb.append("# Main rules (per interface)\n");
            for (String str : strArr2) {
                sb.append("$IPTABLES -A kaba -o ").append(str).append(" -j kaba-3g || exit\n");
            }
            for (String str2 : strArr) {
                sb.append("$IPTABLES -A kaba -o ").append(str2).append(" -j kaba-wifi || exit\n");
            }
            sb.append("# Filtering rules\n");
            int uidForName = Process.getUidForName("dhcp");
            if (uidForName != -1) {
                sb.append("# dhcp user\n");
                sb.append("$IPTABLES -A kaba-wifi -m owner --uid-owner ").append(uidForName).append(" -j RETURN || exit\n");
            }
            int uidForName2 = Process.getUidForName(DBHelper.FireWall_Wifi);
            if (uidForName2 != -1) {
                sb.append("# wifi user\n");
                sb.append("$IPTABLES -A kaba-wifi -m owner --uid-owner ").append(uidForName2).append(" -j RETURN || exit\n");
            }
            if (list != null) {
                for (AccessUid accessUid : list) {
                    if (accessUid.isMobi() && accessUid.getUid() >= 0) {
                        sb.append("$IPTABLES -A kaba-3g -m owner --uid-owner ").append(accessUid.getUid()).append(" -j ").append("RETURN").append(" || exit\n");
                    }
                }
            }
            if (list != null) {
                for (AccessUid accessUid2 : list) {
                    if (accessUid2.isWifi() && accessUid2.getUid() >= 0) {
                        sb.append("$IPTABLES -A kaba-wifi -m owner --uid-owner ").append(accessUid2.getUid()).append(" -j ").append("RETURN").append(" || exit\n");
                    }
                }
            }
            sb.append("$IPTABLES -A kaba-3g -j kaba-reject || exit\n");
            sb.append("$IPTABLES -A kaba-wifi -j kaba-reject || exit\n");
            return sb;
        } catch (Exception e) {
            return sb;
        }
    }

    public static boolean purgeIptables(Context context) {
        StringBuilder sb = new StringBuilder();
        try {
            RootExecUtil.assertBinaries(context, false);
            StringBuilder sb2 = new StringBuilder();
            sb2.append(scriptHeader(context));
            sb2.append("$IPTABLES -F kaba\n$IPTABLES -F kaba-reject\n$IPTABLES -F kaba-3g\n$IPTABLES -F kaba-wifi\n");
            if ("".length() > 0) {
                sb2.append("\n# BEGIN OF CUSTOM SCRIPT (user-defined)\n");
                sb2.append("");
                sb2.append("\n# END OF CUSTOM SCRIPT (user-defined)\n\n");
            }
            return RootExecUtil.runScriptAsRoot(context, sb2.toString(), sb) != -1;
        } catch (Exception e) {
            return false;
        }
    }

    private static String scriptHeader(Context context) {
        String absolutePath = context.getDir("bin", 0).getAbsolutePath();
        String str = absolutePath + "/iptables_armv5";
        return "IPTABLES=iptables\nBUSYBOX=busybox\nGREP=grep\nECHO=echo\n# Try to find busybox\nif " + absolutePath + "/busybox_g1 --help >/dev/null 2>/dev/null ; then\n\tBUSYBOX=" + absolutePath + "/busybox_g1\n\tGREP=\"$BUSYBOX grep\"\n\tECHO=\"$BUSYBOX echo\"\nelif busybox --help >/dev/null 2>/dev/null ; then\n\tBUSYBOX=busybox\nelif /system/xbin/busybox --help >/dev/null 2>/dev/null ; then\n\tBUSYBOX=/system/xbin/busybox\nelif /system/bin/busybox --help >/dev/null 2>/dev/null ; then\n\tBUSYBOX=/system/bin/busybox\nfi\n# Try to find grep\nif ! $ECHO 1 | $GREP -q 1 >/dev/null 2>/dev/null ; then\n\tif $ECHO 1 | $BUSYBOX grep -q 1 >/dev/null 2>/dev/null ; then\n\t\tGREP=\"$BUSYBOX grep\"\n\tfi\n\t# Grep is absolutely required\n\tif ! $ECHO 1 | $GREP -q 1 >/dev/null 2>/dev/null ; then\n\t\t$ECHO The grep command is required. kaba will not work.\n\t\texit 1\n\tfi\nfi\n# Try to find iptables\nif " + str + " --version >/dev/null 2>/dev/null ; then\n\tIPTABLES=" + str + "\nfi\n";
    }
}
