Fireproof entries in IndexedDB

app/src/androidTest/java/com/duckduckgo/app/browser/WebViewDataManagerTest.kt

@@ -23,6 +23,7 @@ import android.webkit.WebView
 import androidx.test.platform.app.InstrumentationRegistry
 import com.duckduckgo.anrs.api.CrashLogger
 import com.duckduckgo.app.browser.httpauth.WebViewHttpAuthStore
+import com.duckduckgo.app.browser.indexeddb.IndexedDBManager
 import com.duckduckgo.app.browser.session.WebViewSessionInMemoryStorage
 import com.duckduckgo.app.browser.weblocalstorage.WebLocalStorageManager
 import com.duckduckgo.app.global.file.FileDeleter
@@ -57,6 +58,7 @@ class WebViewDataManagerTest {
     private val mockFileDeleter: FileDeleter = mock()
     private val mockWebViewHttpAuthStore: WebViewHttpAuthStore = mock()
     private val mockWebLocalStorageManager: WebLocalStorageManager = mock()
+    private val mockIndexedDBManager: IndexedDBManager = mock()
     private val mockCrashLogger: CrashLogger = mock()
     private val mockAppBuildConfig: AppBuildConfig = mock()
     private val feature = FakeFeatureToggleFactory.create(AndroidBrowserConfigFeature::class.java)
@@ -69,6 +71,7 @@ class WebViewDataManagerTest {
         mockWebViewHttpAuthStore,
         feature,
         mockWebLocalStorageManager,
+        mockIndexedDBManager,
         mockCrashLogger,
         TestScope(),
         CoroutineTestRule().testDispatcherProvider,
@@ -221,6 +224,57 @@ class WebViewDataManagerTest {
         }
     }
 
+    @SuppressLint("DenyListedApi")
+    @Test
+    fun whenClearDataAndIndexedDBFeatureDisabledThenDefaultContentsDeletedExceptCookies() = runTest {
+        withContext(Dispatchers.Main) {
+            feature.indexedDB().setRawStoredState(State(enable = false))
+            val webView = TestWebView(context)
+
+            testee.clearData(webView, mockStorage)
+
+            verify(mockFileDeleter).deleteContents(
+                File(context.applicationInfo.dataDir, "app_webview/Default"),
+                listOf("Cookies"),
+            )
+            verifyNoInteractions(mockIndexedDBManager)
+        }
+    }
+
+    @SuppressLint("DenyListedApi")
+    @Test
+    fun whenClearDataAndIndexedDBFeatureEnabledThenDefaultContentsDeletedExceptCookiesAndIndexedDB() = runTest {
+        withContext(Dispatchers.Main) {
+            feature.indexedDB().setRawStoredState(State(enable = true))
+            val webView = TestWebView(context)
+
+            testee.clearData(webView, mockStorage)
+
+            verify(mockFileDeleter).deleteContents(
+                File(context.applicationInfo.dataDir, "app_webview/Default"),
+                listOf("Cookies", "IndexedDB"),
+            )
+            verify(mockIndexedDBManager).clearIndexedDB()
+        }
+    }
+
+    @SuppressLint("DenyListedApi")
+    @Test
+    fun whenClearDataAndIndexedDBThrowsExceptionThenDefaultContentsDeletedExceptCookies() = runTest {
+        whenever(mockIndexedDBManager.clearIndexedDB()).thenThrow(RuntimeException())
+        withContext(Dispatchers.Main) {
+            feature.indexedDB().setRawStoredState(State(enable = true))
+            val webView = TestWebView(context)
+
+            testee.clearData(webView, mockStorage)
+
+            verify(mockFileDeleter).deleteContents(
+                File(context.applicationInfo.dataDir, "app_webview/Default"),
+                listOf("Cookies"),
+            )
+        }
+    }
+
     private class TestWebView(context: Context) : WebView(context) {
 
         var historyCleared: Boolean = false

app/src/main/java/com/duckduckgo/app/browser/WebDataManager.kt

@@ -21,6 +21,7 @@ import android.webkit.WebStorage
 import android.webkit.WebView
 import com.duckduckgo.anrs.api.CrashLogger
 import com.duckduckgo.app.browser.httpauth.WebViewHttpAuthStore
+import com.duckduckgo.app.browser.indexeddb.IndexedDBManager
 import com.duckduckgo.app.browser.session.WebViewSessionStorage
 import com.duckduckgo.app.browser.weblocalstorage.WebLocalStorageManager
 import com.duckduckgo.app.di.AppCoroutineScope
@@ -60,6 +61,7 @@ class WebViewDataManager @Inject constructor(
     private val webViewHttpAuthStore: WebViewHttpAuthStore,
     private val androidBrowserConfigFeature: AndroidBrowserConfigFeature,
     private val webLocalStorageManager: WebLocalStorageManager,
+    private val indexedDBManager: IndexedDBManager,
     private val crashLogger: CrashLogger,
     @AppCoroutineScope private val appCoroutineScope: CoroutineScope,
     private val dispatcherProvider: DispatcherProvider,
@@ -123,7 +125,8 @@ class WebViewDataManager @Inject constructor(
      * Deletes web view directory content except the following directories
      *  app_webview/Cookies
      *  app_webview/Default/Cookies
-     *  app_webview/Default/Local Storage
+     *  app_webview/Default/Local Storage (when flag enabled)
+     *  app_webview/Default/IndexedDB (when flag enabled)
      *
      *  the excluded directories above are to avoid clearing unnecessary cookies and because localStorage is cleared using clearWebStorage
      */
@@ -132,11 +135,21 @@ class WebViewDataManager @Inject constructor(
         fileDeleter.deleteContents(File(dataDir, "app_webview"), listOf("Default", "Cookies"))
 
         // We don't delete the Default dir as Cookies may be inside however we do clear any other content
+        val excludedDirectories = mutableListOf("Cookies")
+
         if (androidBrowserConfigFeature.webLocalStorage().isEnabled()) {
-            fileDeleter.deleteContents(File(dataDir, "app_webview/Default"), listOf("Cookies", "Local Storage"))
-        } else {
-            fileDeleter.deleteContents(File(dataDir, "app_webview/Default"), listOf("Cookies"))
+            excludedDirectories.add("Local Storage")
+        }
+        if (androidBrowserConfigFeature.indexedDB().isEnabled()) {
+            runCatching {
+                indexedDBManager.clearIndexedDB()
+            }.onSuccess {
+                excludedDirectories.add("IndexedDB")
+            }.onFailure { t ->
+                Timber.w(t, "Failed to clear IndexedDB, will delete it instead")
+            }
         }
+        fileDeleter.deleteContents(File(dataDir, "app_webview/Default"), excludedDirectories)
     }
 
     private suspend fun clearAuthentication(webView: WebView) {

app/src/main/java/com/duckduckgo/app/browser/indexeddb/IndexedDBManager.kt

@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2025 DuckDuckGo
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.duckduckgo.app.browser.indexeddb
+
+import android.content.Context
+import com.duckduckgo.app.browser.UriString.Companion.sameOrSubdomain
+import com.duckduckgo.app.fire.fireproofwebsite.data.FireproofWebsiteRepository
+import com.duckduckgo.app.global.file.FileDeleter
+import com.duckduckgo.app.pixels.remoteconfig.AndroidBrowserConfigFeature
+import com.duckduckgo.common.utils.DispatcherProvider
+import com.duckduckgo.di.scopes.AppScope
+import com.squareup.anvil.annotations.ContributesBinding
+import com.squareup.moshi.JsonAdapter
+import com.squareup.moshi.Moshi
+import java.io.File
+import javax.inject.Inject
+import kotlinx.coroutines.withContext
+import timber.log.Timber
+
+interface IndexedDBManager {
+    suspend fun clearIndexedDB()
+}
+
+data class IndexedDBSettings(
+    val domains: List<String>?,
+)
+
+@ContributesBinding(AppScope::class)
+class DuckDuckGoIndexedDBManager @Inject constructor(
+    private val context: Context,
+    private val androidBrowserConfigFeature: AndroidBrowserConfigFeature,
+    private val fireproofWebsiteRepository: FireproofWebsiteRepository,
+    private val fileDeleter: FileDeleter,
+    private val moshi: Moshi,
+    private val dispatcherProvider: DispatcherProvider,
+) : IndexedDBManager {
+
+    private val jsonAdapter: JsonAdapter<IndexedDBSettings> by lazy {
+        moshi.adapter(IndexedDBSettings::class.java)
+    }
+
+    override suspend fun clearIndexedDB() = withContext(dispatcherProvider.io()) {
+        val allowedDomains = getAllowedDomains()
+        Timber.d("IndexedDBManager: Allowed domains: $allowedDomains")
+
+        val rootFolder = File(context.applicationInfo.dataDir, "app_webview/Default/IndexedDB")
+        val excludedFolders = getExcludedFolders(rootFolder, allowedDomains)
+
+        fileDeleter.deleteContents(rootFolder, excludedFolders)
+    }
+
+    private fun getAllowedDomains(): List<String> {
+        val settings = androidBrowserConfigFeature.indexedDB().getSettings()?.let {
+            runCatching { jsonAdapter.fromJson(it) }.getOrNull()
+        }
+        return settings?.domains?.plus(getFireproofedDomains()) ?: emptyList()
+    }
+
+    private fun getFireproofedDomains(): List<String> {
+        return if (androidBrowserConfigFeature.fireproofedIndexedDB().isEnabled()) {
+            fireproofWebsiteRepository.fireproofWebsitesSync().map { it.domain }
+        } else {
+            emptyList()
+        }
+    }
+
+    private fun getExcludedFolders(
+        rootFolder: File,
+        allowedDomains: List<String>,
+    ): List<String> {
+        return (rootFolder.listFiles() ?: emptyArray())
+            .filter {
+                // IndexedDB folders have this format: <scheme>_<host>_<port>.indexeddb.leveldb
+                val host = it.name.split("_").getOrNull(1) ?: return@filter false
+                allowedDomains.any { domain -> sameOrSubdomain(host, domain) }
+            }
+            .map { it.name }
+    }
+}

app/src/main/java/com/duckduckgo/app/pixels/remoteconfig/AndroidBrowserConfigFeature.kt

@@ -85,6 +85,14 @@ interface AndroidBrowserConfigFeature {
     @Toggle.DefaultValue(DefaultFeatureValue.FALSE)
     fun webLocalStorage(): Toggle
 
+    /**
+     * @return `true` when the remote config has the global "indexedDB" androidBrowserConfig
+     * sub-feature flag enabled
+     * If the remote feature is not present defaults to `false`
+     */
+    @Toggle.DefaultValue(DefaultFeatureValue.FALSE)
+    fun indexedDB(): Toggle
+
     /**
      * @return `true` when the remote config has the global "enableMaliciousSiteProtection" androidBrowserConfig
      * sub-feature flag enabled
@@ -101,6 +109,14 @@ interface AndroidBrowserConfigFeature {
     @Toggle.DefaultValue(DefaultFeatureValue.FALSE)
     fun fireproofedWebLocalStorage(): Toggle
 
+    /**
+     * @return `true` when the remote config has the global "fireproofedIndexedDB" androidBrowserConfig
+     * sub-feature flag enabled
+     * If the remote feature is not present defaults to `false`
+     */
+    @Toggle.DefaultValue(DefaultFeatureValue.TRUE)
+    fun fireproofedIndexedDB(): Toggle
+
     /**
      * @return `true` when the remote config has the global "httpError5xxPixel" androidBrowserConfig
      * sub-feature flag enabled