Skip to content

Latest commit

 

History

History
181 lines (116 loc) · 9.86 KB

DATABASE.md

File metadata and controls

181 lines (116 loc) · 9.86 KB

WARNING: MODIFYING THE DATABASES DIRECTLY MAY CAUSE ISSUES (INCLUDING BOOT LOOPS) WITH YOUR DEVICE. PROCEED AT YOUR OWN RISK AND ALWAYS PERFORM A BACKUP BEFORE CHANGING ANYTHING!

Introduction

XPrivacy utilizes 2 databases (xprivacy.db and usage.db), both are located in /data/system/xprivacy. Making a file backup of the database cannot safely be done in a running system and should be done from recovery!

XPrivacy checks both the xprivacy database and usage database at system boot for integrity (using 'PRAGMA integrity_check'). If a database is found to be corrupt, the database is deleted, because repairing an sqlite database is mostly not possible (and Android doesn't have the tools for it installed). This can happen to the database of any application, but for XPrivacy it is of course a greater concern. Given the support info I receive, this fortunately happens rarely to the xprivacy database, but more to the usage database. The cause for this difference is that the usage database is set to asynchronous mode for speed reasons (using 'PRAGMA synchronous=OFF').

The usage database is just an aid and not critical for the operation of XPrivacy. Both the xprivacy and usage database are compacted at boot (using 'VACUUM'). This saves space and is good for performance, but the disadvantage is that twice the size of the database on disk space is temporarily needed.

A full disk (/data/system is mounted on internal memory) is fatal for XPrivacy, because the database will become corrupt in this situation. Again looking at the support info, this also rarely happens.

All mentioned sqlite commands are properly documented on the SQLite website

Accessing the databases:

From a PC:

adb shell

su

sqlite3 /data/system/xprivacy/xprivacy.db

From a Terminal Emulator within Android:

su

sqlite3 /data/system/xprivacy/xprivacy.db

*Note: You may need to install sqlite3 binaries

xprivacy.db consists of two relevant tables

TABLE:restriction

FIELD TYPE NULLABLE
uid INTEGER NOT NULL
restriction TEXT NOT NULL
method TEXT NOT NULL
restricted INTEGER

The restriction table holds information pertaining to the restriction and onDemand settings on a per UID basis.

The 'restriction' field always lists the restriction category (Accounts, Browser, Calendar, etc.).

The method field lists the restriction methods (addOnAccountsUpdateListener, blockingGetAuthToken, getAccounts, etc.)

Entries where the method field is blank always pertain to the restriction category.

If a restriction category is set to block or allow the entire category, the individual methods will not be listed (with the exception of dangerous methods).

The 'restricted' field lists the status of the restrictions settings, the possible values are 0-3.

The meaning of the 'restricted' field depends on whether the restriction pertains to a category or a method:

For category:

Value as seen in XPrivacy Meaning
0 [ ] [?] not restricted, ask
1 [x] [?] restricted, ask
2 [ ] [ ] not restricted, asked
3 [x] [ ] restricted, asked

For method:

Value as seen in XPrivacy Meaning
0 [x] [?] restricted, ask
1 [ ] [?] not restricted, ask
2 [x] [ ] restricted, asked
3 [ ] [ ] not restricted, asked

*NOTE: Although the 'method' field doesn't always contain data, it is still NOT NULL. To query empty entries: WHERE method=''

*NOTE: Changes to the restriction table require a flush of the server side cache to take effect, this can be achieved with a reboot, using the option 'Flush cache' found in Menu - Settings, or by sending the intent am startservice -a biz.bokhorst.xprivacy.action.FLUSH. The intent can either be sent with root privileges or from an app which has permission biz.bokhorst.xprivacy.MANAGE_XPRIVACY. For more info see here and here

TABLE:setting

The setting table holds information pertaining to settings on a global (uid=userID; 0 for the main user) and per UID basis, as well as the white/blacklists.

Field Type NULLABLE
uid INTEGER NOT NULL
name TEXT NOT NULL
value TEXT
type TEXT

*Note: WHERE name='State' and value='0' means ‘restrictions need attention’ (orange), WHERE name='State' and value='1' means ‘restrictions are changed’ (grey), WHERE name='State' and value='2' means ‘restrictions are submitted’ (green)

*Note: WHERE uid='0' and type='Template' contains the values designated in the restrictions template

*Note: WHERE type IN (Command, Filename, IPAddress, Library, Proc, Url) pertain to the white/blacklist entries

usage.db consists of one relevant table

TABLE:usage

The usage database holds information regarding used restrictions by apps.

The 'restriction' field lists the restriction category (Accounts, Browser, Calendar, etc.).

The 'method' field lists the restriction methods (addOnAccountsUpdateListener, blockingGetAuthToken, getAccounts, etc.)

The 'extra' field holds the parameter information (when applicable)

The 'restricted' field indicates whether the restriction was allowed '0' or denied '1'

The 'time' field holds a UNIX timestamp indicating when the restriction was last accessed.

Field Type NULLABLE
uid INTEGER NOT NULL
restriction TEXT NOT NULL
method TEXT NOT NULL
extra TEXT NOT NULL
restricted INTEGER NOT NULL
time INTEGER NOT NULL
value TEXT NOT NULL

NOTE: Although the 'extra' field doesn't always contain data, it is still NOT NULL. To query empty entries: WHERE extra=''

QUERY EXAMPLES:

xprivacy.db

SELECT * FROM setting WHERE uid='0';

This will show all global XPrivacy settings (including those not visible within the app)

SELECT * FROM restriction WHERE uid='1000';

This will show all restriction settings for UID 1000

SELECT * from setting WHERE name='OnDemand' and value='false';

This will list all apps where onDemand is not active

SELECT * from restriction WHERE restriction='internet' and method='' and restricted='2' ORDER BY uid;

This will list all apps that have unrestricted access to the Internet category, ordered by UID

SELECT * FROM restriction WHERE method='inet' and restricted='3';

This will list all apps that have unrestricted Internet/Inet access

SELECT * FROM setting WHERE type='Contact' ORDER BY uid;

This will list all allowed contacts, ordered by UID. Note that contact value corresponds to the same entry in /data/data/com.android.providers.contacts/databases/contacts2.db:raw_contacts:contact_id (Location may very depending on your ROM)

SELECT * FROM setting WHERE type='Application' ORDER BY uid;

This will list all allowed applications, ordered by UID.

UPDATE setting SET value='true' where name='OnDemand' and uid IN (10001,10002,10003);

This will enable onDemand for apps listed in the IN ()

UPDATE restriction SET restricted='0' WHERE uid IN (10001,10002,10003) and method='connect';

This will turn on onDemand for Internet/Connect with a time out default to deny for apps listed in the IN ()

UPDATE restriction SET restricted='3' WHERE uid IN (10001,10002,10003) and method='open';

This will allow unrestricted access to Storage/Open for the listed apps

SELECT uid, restricted FROM restriction WHERE method='loadLibrary' and restricted IN (0,1,3) ORDER BY uid;

This will list all apps that can load native libraries, either permanently or onDemand

SELECT s.uid, s.name, r.restricted FROM setting s JOIN restriction r on s.uid=r.uid WHERE (r.method='inet' and r.restricted IN (0,1,3)) and (s.type='Library' and s.value='true') ORDER BY s.uid, s.name;

This will list UID, native library name and INET permission value for all apps that have INET access (onDemand or permanent) as well as white listed native libraries

UPDATE setting SET value='true' WHERE name='Log';

This will enabled debug logging

UPDATE setting SET value='false' WHERE name LIKE 'Dangerous%';

This will remove all 'dangerous restrictions' from the template

UPDATE setting SET value='false' WHERE name = 'RestrictSystem';

This will disable restricting of system components

usage.db

SELECT * FROM usage ORDER BY time DESC;

This will show all usage data ordered by TIME (newest entries first)

DELETE FROM usage where uid='1000';

This will delete all usage entries for UID 1000

DELETE FROM usage;

THIS WILL DELETE ALL USAGE DATA

This page was kindly contributed by an0n981