[ISSUE] AFWall Release 3.5.0 doesn't save its preferences

[bonbonboi]

Describe the bug AFWall 3.5 doesn't save its preferences.

Firewall Logs Sorry, I back to the previous version for now, and that logcat pic has taken while version 3.5 was installed.

Smartphone (please complete the following information):

• Device: [Mi]
• Android OS: [Android 10 AOSP]

[ukanth]

Seems like EdXposed issue rather than AFWall+ issue. Can you check if any module prevents it ?

[bonbonboi]

Seems like EdXposed issue rather than AFWall+ issue. Can you check if any module prevents it ?

Okay I disabled it completely then enabled it. Disabled all modules. Enabled them one by one while was checking on AFWall status. So far so good. I enabled all modules and by now AFWall is working fine.

[bonbonboi]

It back when I upgraded to Version 3.5.1, I found out that if I just enabled a single EdXposed Module e.g. greenify after reboot that disables and reset AFWall. Tried to enable just AFWall+ Module, got the same result. If you managed to have AFWall+ and EdXposed together, please let me know what version are you using. Mine is Riru v25.4.2.r415 | Riru - EdXposed v0.5.2.2_4683. Let me know if that issue is regarding to EdXposed only, so I open an issue on their project. FYI version AFWall 3.4 was working fine with my current EdXposed.

[ukanth]

I have stopped using xposed for various reasons. I have not tested the latest version with Xposed. Please provide logs, I will have a look.

[powerman]

I've just updated from 3.4.0 to 3.5.0 (F-Droid) and got similar issue: after update firewall became disabled and all my settings was lost. I've restored 3.4.0 using TitaniumBackup, exported settings, updated to 3.5.0 again, tried to import settings but import fails. So, I had to rollback to 3.4.0 for now.

I'm also EdXposed user: Android 10 (LineageOS), Magisk 22.1, Riru 25.4.2.r415, Riru - EdXposed 0.5.2.2_4683, EdXposed Manager 4.6.2.

[bonbonboi]

I've just updated from 3.4.0 to 3.5.0 (F-Droid) and got similar issue: after update firewall became disabled and all my settings was lost. I've restored 3.4.0 using TitaniumBackup, exported settings, updated to 3.5.0 again, tried to import settings but import fails. So, I had to rollback to 3.4.0 for now.

I'm also EdXposed user: Android 10 (LineageOS), Magisk 22.1, Riru 25.4.2.r415, Riru - EdXposed 0.5.2.2_4683, EdXposed Manager 4.6.2.

Can you provide logcat for the developer? Because he asked me for the logs but I'm busy now to reproduce the issue and collect the logs. Thanks

[ukanth]

Please wait for 3.5.1 release on f-droid. Also import all fails for everyone due to recent change in the code. I will fix it in next release.

[HidingCherry]

So, we basically are with the issue on our own - automatically updated to 3.5.0, then I have issues and check github. Ah, there it is - wait for 3.5.1 on f-droid - 23 days ago. Release on PS was probably 25 days ago?

And then that issue appeared -> #1204 Feels like f-droid is for dumb people.

edit: I request to completely remove the xposed feature, since it causes more problems than it helps. (I have deactivated it ever since, because it doesn't work properly for me.)

[ukanth]

I will be removing xposed support from next version. Thanks.

[bonbonboi]

No wait, what's the use of afwall exposed module?

[MrEngineerMind]

I have a Pixel 4a (A10) and I am using Magisk 21.4 with Riru 23.5 and Riru - EdXposed 0.5.2.1-4677 and everything is working fine, even with the latest 3.5.2 afwall donate.

I too had issues of not being able to import my settings in a previous afwall (I think 3.5.0), but the next version fixed that issue.

I also had an issue that when I upgraded from playstore from version 3.5.1 to 3.5.2 and it trashed all my settings and disabled the firewall, but doing an import of the settings/rules from 3.5.1 worked fine.

I also just did a play store update from 3.5.1 to 3.5.2 on another Pixel 4a (A10) I have with the same versions of magisk, riru/Edxposed and the upgrade worked perfectly without loosing settings and the firewall stayed enabled. And I checked and the Afwall edpoxed module was still enabled.

So, I don't see this as a xposed issue, because I am using it.

I need to use afwall with xposed

So I have some questions 1) Are you saying that you are just dropping support for the "extra" features that afwall offers when using xposed? 2) What are the extra features that xposed is suppose to offer when used with afwall? I just looked at the playstore page and it says "XPosed modules - Download manager Leak + Hide lock screen notification for 5.x+ devices" - what do these two features mean? 3) Will afwall work fine with xposed installed on the same device (after you remove support for xposed)? Because if afwall wont work if edxposed installed, then that would be a major problem.

[ukanth]

AFWall+ exposed module addresses two issues (extra ones) when you activate the plugin.

• Download manager Leak - Lets say, If you have an application called xyz and you deny access to it's internet. It can still uses standard download manager (by default we give access to it since it's core android) to download files. This is a problem with android. AFWall+ prevents this behaviour using xposed
• Hide lock screen notification might be only useful for 5.x devices to disable persist notification on lock screen.

I might probably separate the xposed plugin as independent module (remove it from AFWall+) and keep it separate. I will not be supporting it officially.

[MrEngineerMind]

Thank you for detailing those features. I've always had the exposed module enabled for afwall, and never know exactly what it did.

But, those features actually sound pretty cool, so I hope you won't get rid of them.

EDIT: The website said 5.x+ for the persist notification fix, but it seems like you are saying it ONLY helped 5.x and does not help A10 because it has built-in settings to hide it - is this a correct understanding?

[bonbonboi]

AFWall+ exposed module addresses two issues (extra ones) when you activate the plugin.

Download manager Leak - Lets say, If you have an application called xyz and you deny access to it's internet. It can still uses standard download manager (by default we give access to it since it's core android) to download files. This is a problem with android. AFWall+ prevents this behaviour using xposed Hide lock screen notification might be only useful for 5.x devices to disable persist notification on lock screen.

I might probably separate the xposed plugin as independent module (remove it from AFWall+) and keep it separate. I will not be supporting it officially.

I see but that issue I opened regarding to afwall wasn't storing its preferences once restarted has been somehow disappeared with recent builds, so the issue wasn't exactly with edxposed itself because we're still using edxposed with activated afwall module. So yes version 3.5 we suffered a little with it but 3.5.1 and later versions I noticed afwall become more stable and that issue didn't come back. So removing afwall edxposed module just annoying for edxposed users. Users who don't use edxposed or even who don't know about edxposed won't notice any difference. So I suggest you to keep it integrated with afwall package since the afwall module needs manual activation anyway. Finally it's up to you. You're the expert here.

[ukanth]

Yes. I removed support for LSposed to fix that missing preferences issue. The problem is not xposed, but various versions of xposed and combinations. Its extermely time consuming to test all those combinations. As I mentioned earlier, I will move xposed functionality out of AFWall+ and provide as external plugin. But I will not be supporting it going forward.

Thanks.

[MrEngineerMind]

OK, if the xposed integration only adds those two features and the persist notification feature is only for on 5.x devices (and not for android 6+), then that just leaves the download leak as the only useful feature xposed integration would provide.

So, what do you think about this idea...

Since the download manager is typically used once in a while, and us users know when it is being used because we are typically performing an update from the playstore, why not add a new feature to afwall+ that will popup a "Download Permission" dialog box when it sees something trying to use the download manager.

So, we would set the default action for the download manager to "Prompt" (instead of block or allow) and this prompt dialog could have a "Allow for 10 mins" option so that afwall will "allow" internet access to the download manager just long enough for us to download an update, then it will change back to "prompt" mode so it will be displayed the next time the download manager is used.

This way, if some hidden app is trying to use the download manager in an illegal way, we will know because this dialog will appear and possibly display the UID of the app trying to use the download manager.

This could address this download manager "leak" issue so that an xposed plugin would not even be needed.

[ukanth]

We can not intercept like that in Android (even with root). It would be possible only with xposed kind of frameworks.

[MrEngineerMind]

But I am a little confused...

If you can "detect" the block of the download manager trying to access the intenet and then display a notification for that block, why couldn't you instead display a popup asking if the user would like to "temporarily" grant internet permission to the download manager, say, for example, 10 mins. And if the user clicks "Yes", then afwall would "enable" internet to the download manager and then do an "Apply", then start a 10 min timer. When the timer ticks, afwall will "disable" internet access to the download manager and do another "apply".

I know that this would not allow the download manager to work for the first "block" because that first attempt has already been blocked. But by then "enabling" the download manager to work for the next 10 mins, the user could simply re-initiate the download action and this second user attempt will work.

I really think that a "Allow Temporary Internet Permission" feature in afwall+ would be very popular.

[ukanth]

Because Download manager can be used by many applications at same time. Also in few phones its combined/bundled with other system applications.

"Allow Temporary" is something I can do and that's technically possible. but that can be done only for user apps and not fir system apps.

[MrEngineerMind]

understood.

It's just that now that I know about this download leak, it has me concerned if you ever drop xposed support.

[bonbonboi]

But I am a little confused...

If you can "detect" the block of the download manager trying to access the intenet and then display a notification for that block, why couldn't you instead display a popup asking if the user would like to "temporarily" grant internet permission to the download manager, say, for example, 10 mins. And if the user clicks "Yes", then afwall would "enable" internet to the download manager and then do an "Apply", then start a 10 min timer. When the timer ticks, afwall will "disable" internet access to the download manager and do another "apply".

I know that this would not allow the download manager to work for the first "block" because that first attempt has already been blocked. But by then "enabling" the download manager to work for the next 10 mins, the user could simply re-initiate the download action and this second user attempt will work.

I really think that a "Allow Temporary Internet Permission" feature in afwall+ would be very popular.

Forget about that, I know afwall since ages, it's a passive tool to manipulate iptables with a graphical user interface, so it isn't an interactive app, at least for now. @ukanth does huge effort to make it successful as the only android firewall based on iptables available till today. I'm not asking too much, I'm just happy using AFWall as it is.

[MrEngineerMind]

It was just a suggestion.

I have been very happy with afwall+ over the many years of using it and I am glad he is still actively working on it :)

[bonbonboi]

It was just a suggestion.

Yea but it sounds like it will make things complicated more, I think your idea suites more those vpn-based firewalls.

[MrEngineerMind]

I'm sure there are probably many features already in afwall+ that you do not use and they haven't made things more complicated just by existing in the app.

[HidingCherry]

I will be removing xposed support from next version.

Although it causes some people to doubt that decision, thank you.

It caused blocked internet for me when enabled (EdXposed Sandhook variant) whenever the module was enabled. It broke the AFWall+ itself the last time (now fixed with v3.5.2.1), so I think it is a good decision to outsource the xposed module.

[MrEngineerMind]

It caused blocked internet for me when enabled (EdXposed Sandhook variant) whenever the module was enabled.

Since it does work for other users without any problems, the users that it causes problems with can simply disable the module.

[bonbonboi]

It caused blocked internet for me when enabled (EdXposed Sandhook variant) whenever the module was enabled. It broke the AFWall+ itself the last time (now fixed with v3.5.2.1), so I think it is a good decision to outsource the xposed module.

On A11 Lineageos I noticed afwall blocked the Download Manager forcibly even it was allowed. On A10 there's no issue such as one.

[HidingCherry]

Since it does work for other users without any problems, the users that it causes problems with can simply disable the module.

I did from the beginning - but then the issue in this ticket appeared. Why do you think the issue exists?

On A11 Lineageos I noticed afwall blocked the Download Manager forcibly even it was allowed. On A10 there's no issue such as one.

I am currently on Android 9/LOS16 - what should people say, who cannot upgrade?