From 9d55978063947d5865bb3fa4e0c2ebef78f78812 Mon Sep 17 00:00:00 2001 From: Guillaume Jacquart Date: Mon, 6 Nov 2023 08:14:27 +0000 Subject: epic18: Manage VPN services for Tor or Tracker control --- permissionseos/.gitignore | 1 + permissionseos/build.gradle | 32 +++ permissionseos/consumer-rules.pro | 0 permissionseos/libs/hidden-apis-stub/.gitignore | 1 + permissionseos/libs/hidden-apis-stub/build.gradle | 35 +++ .../hidden-apis-stub/src/main/AndroidManifest.xml | 24 ++ .../src/main/java/android/app/AppOpsManager.java | 46 ++++ .../main/java/android/app/NotificationChannel.java | 34 +++ .../java/android/content/pm/PackageManager.java | 104 +++++++++ .../src/main/java/android/content/pm/UserInfo.java | 36 +++ .../java/android/net/IConnectivityManager.java | 65 ++++++ .../src/main/java/android/net/VpnManager.java | 64 +++++ .../src/main/java/android/os/ServiceManager.java | 24 ++ .../src/main/java/android/os/UserHandle.java | 24 ++ .../src/main/java/android/os/UserManager.java | 48 ++++ permissionseos/proguard-rules.pro | 21 ++ permissionseos/src/main/AndroidManifest.xml | 59 +++++ .../permissions/PermissionsPrivacyModuleImpl.kt | 258 +++++++++++++++++++++ 18 files changed, 876 insertions(+) create mode 100644 permissionseos/.gitignore create mode 100644 permissionseos/build.gradle create mode 100644 permissionseos/consumer-rules.pro create mode 100644 permissionseos/libs/hidden-apis-stub/.gitignore create mode 100644 permissionseos/libs/hidden-apis-stub/build.gradle create mode 100644 permissionseos/libs/hidden-apis-stub/src/main/AndroidManifest.xml create mode 100644 permissionseos/libs/hidden-apis-stub/src/main/java/android/app/AppOpsManager.java create mode 100644 permissionseos/libs/hidden-apis-stub/src/main/java/android/app/NotificationChannel.java create mode 100644 permissionseos/libs/hidden-apis-stub/src/main/java/android/content/pm/PackageManager.java create mode 100644 permissionseos/libs/hidden-apis-stub/src/main/java/android/content/pm/UserInfo.java create mode 100644 permissionseos/libs/hidden-apis-stub/src/main/java/android/net/IConnectivityManager.java create mode 100644 permissionseos/libs/hidden-apis-stub/src/main/java/android/net/VpnManager.java create mode 100644 permissionseos/libs/hidden-apis-stub/src/main/java/android/os/ServiceManager.java create mode 100644 permissionseos/libs/hidden-apis-stub/src/main/java/android/os/UserHandle.java create mode 100644 permissionseos/libs/hidden-apis-stub/src/main/java/android/os/UserManager.java create mode 100644 permissionseos/proguard-rules.pro create mode 100644 permissionseos/src/main/AndroidManifest.xml create mode 100644 permissionseos/src/main/java/foundation/e/advancedprivacy/externalinterfaces/permissions/PermissionsPrivacyModuleImpl.kt (limited to 'permissionseos') diff --git a/permissionseos/.gitignore b/permissionseos/.gitignore new file mode 100644 index 0000000..42afabf --- /dev/null +++ b/permissionseos/.gitignore @@ -0,0 +1 @@ +/build \ No newline at end of file diff --git a/permissionseos/build.gradle b/permissionseos/build.gradle new file mode 100644 index 0000000..d57ea9c --- /dev/null +++ b/permissionseos/build.gradle @@ -0,0 +1,32 @@ +apply plugin: 'com.android.library' +apply plugin: 'kotlin-android' + +android { + compileSdkVersion buildConfig.compileSdk + + defaultConfig { + minSdkVersion buildConfig.minSdk + targetSdkVersion buildConfig.targetSdk + + consumerProguardFiles "consumer-rules.pro" + } + + buildTypes { + release { + minifyEnabled false + proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' + } + } + compileOptions { + sourceCompatibility JavaVersion.VERSION_1_8 + targetCompatibility JavaVersion.VERSION_1_8 + } +} + +dependencies { + compileOnly project(':permissionseos:libs:hidden-apis-stub') + + implementation(libs.bundles.kotlin.android.coroutines) + implementation project(':core') + +} diff --git a/permissionseos/consumer-rules.pro b/permissionseos/consumer-rules.pro new file mode 100644 index 0000000..e69de29 diff --git a/permissionseos/libs/hidden-apis-stub/.gitignore b/permissionseos/libs/hidden-apis-stub/.gitignore new file mode 100644 index 0000000..42afabf --- /dev/null +++ b/permissionseos/libs/hidden-apis-stub/.gitignore @@ -0,0 +1 @@ +/build \ No newline at end of file diff --git a/permissionseos/libs/hidden-apis-stub/build.gradle b/permissionseos/libs/hidden-apis-stub/build.gradle new file mode 100644 index 0000000..2043edc --- /dev/null +++ b/permissionseos/libs/hidden-apis-stub/build.gradle @@ -0,0 +1,35 @@ +/* + * Copyright (C) 2022 E FOUNDATION + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +plugins { + id 'com.android.library' +} + +android { + compileSdkVersion buildConfig.compileSdk +} + + +java { + sourceCompatibility = JavaVersion.VERSION_1_7 + targetCompatibility = JavaVersion.VERSION_1_7 +} + +dependencies { + implementation 'org.jetbrains:annotations:15.0' + implementation 'androidx.annotation:annotation:1.5.0' +} diff --git a/permissionseos/libs/hidden-apis-stub/src/main/AndroidManifest.xml b/permissionseos/libs/hidden-apis-stub/src/main/AndroidManifest.xml new file mode 100644 index 0000000..61f315a --- /dev/null +++ b/permissionseos/libs/hidden-apis-stub/src/main/AndroidManifest.xml @@ -0,0 +1,24 @@ + + + + + + diff --git a/permissionseos/libs/hidden-apis-stub/src/main/java/android/app/AppOpsManager.java b/permissionseos/libs/hidden-apis-stub/src/main/java/android/app/AppOpsManager.java new file mode 100644 index 0000000..753b456 --- /dev/null +++ b/permissionseos/libs/hidden-apis-stub/src/main/java/android/app/AppOpsManager.java @@ -0,0 +1,46 @@ +/* + * Copyright (C) 2022 E FOUNDATION + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package android.app; + +import android.annotation.TargetApi; + +import androidx.annotation.DeprecatedSinceApi; +import androidx.annotation.NonNull; + +// Stub based on: +// https://gitlab.e.foundation/e/os/android_frameworks_base/-/blob/[SDK_VERSION]/core/java/android/app/AppOpsManager.java +public class AppOpsManager { + + public static final int OP_NONE = -1; + + @TargetApi(29) + @DeprecatedSinceApi( + api = 34, + message = "Check disponibility in SDK34" + ) + public static int strOpToOp(@NonNull String op) { + return 0; + } + + @TargetApi(29) + @DeprecatedSinceApi( + api = 34, + message = "Check disponibility in SDK34" + ) + public void setMode(int code, int uid, String packageName, int mode) {} +} diff --git a/permissionseos/libs/hidden-apis-stub/src/main/java/android/app/NotificationChannel.java b/permissionseos/libs/hidden-apis-stub/src/main/java/android/app/NotificationChannel.java new file mode 100644 index 0000000..9e8d65a --- /dev/null +++ b/permissionseos/libs/hidden-apis-stub/src/main/java/android/app/NotificationChannel.java @@ -0,0 +1,34 @@ +/* + * Copyright (C) 2022 MURENA SAS + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package android.app; + +import android.annotation.TargetApi; + +import androidx.annotation.DeprecatedSinceApi; + +public class NotificationChannel { + + @TargetApi(29) + @DeprecatedSinceApi(api = 30, message = "Use setBlockable() instead.") + public void setBlockableSystem(boolean blockableSystem) {} + + // Public in API 33. + @TargetApi(30) + public void setBlockable(boolean blockableSystem) {} + +} diff --git a/permissionseos/libs/hidden-apis-stub/src/main/java/android/content/pm/PackageManager.java b/permissionseos/libs/hidden-apis-stub/src/main/java/android/content/pm/PackageManager.java new file mode 100644 index 0000000..c6232ce --- /dev/null +++ b/permissionseos/libs/hidden-apis-stub/src/main/java/android/content/pm/PackageManager.java @@ -0,0 +1,104 @@ +/* + * Copyright (C) 2022 MURENA SAS + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package android.content.pm; + +import android.annotation.TargetApi; +import android.graphics.drawable.Drawable; +import android.os.UserHandle; + +import androidx.annotation.DeprecatedSinceApi; +import androidx.annotation.NonNull; +import androidx.annotation.RequiresPermission; + +import java.util.List; +import android.util.AndroidException; + +// Stub based on: +// https://gitlab.e.foundation/e/os/android_frameworks_base/-/blob/[SDK_VERSION]/core/java/android/content/pm/PackageManager.java +public abstract class PackageManager { + + @TargetApi(29) + @DeprecatedSinceApi( + api = 34, + message = "Check availability in SDK34" + ) + public static class NameNotFoundException extends AndroidException { + public NameNotFoundException() { + } + + public NameNotFoundException(String name) { + super(name); + } + } + + + @TargetApi(29) + @DeprecatedSinceApi( + api = 34, + message = "Check disponibility in SDK34" + ) + @RequiresPermission("android.permission.GRANT_RUNTIME_PERMISSIONS") + public abstract void grantRuntimePermission( + @NonNull String packageName, + @NonNull String permissionName, + @NonNull UserHandle user + ); + + @TargetApi(29) + @DeprecatedSinceApi( + api = 34, + message = "Check disponibility in SDK34" + ) + @RequiresPermission("android.permission.REVOKE_RUNTIME_PERMISSIONS") + public abstract void revokeRuntimePermission( + @NonNull String packageName, + @NonNull String permissionName, + @NonNull UserHandle user + ); + + @TargetApi(29) + @DeprecatedSinceApi( + api = 33, + message = "@deprecated Use {@link #getApplicationInfoAsUser(String, ApplicationInfoFlags, int)} instead." + ) + public abstract ApplicationInfo getApplicationInfoAsUser( + @NonNull String packageName, + int flags, + int userId + ) throws NameNotFoundException; + + + @TargetApi(29) + @DeprecatedSinceApi( + api = 34, + message = "Check disponibility in SDK34" + ) + @RequiresPermission("android.permission.INTERACT_ACROSS_USERS_FULL") + public abstract List getInstalledPackagesAsUser(int flags, int userId); + + // Public + public abstract List getInstalledPackages(int flags); + + @NonNull + public abstract Drawable getUserBadgedIcon( + @NonNull Drawable drawable, + @NonNull UserHandle user + ); + + public static final int GET_PERMISSIONS = 0x00001000; +} diff --git a/permissionseos/libs/hidden-apis-stub/src/main/java/android/content/pm/UserInfo.java b/permissionseos/libs/hidden-apis-stub/src/main/java/android/content/pm/UserInfo.java new file mode 100644 index 0000000..28a3732 --- /dev/null +++ b/permissionseos/libs/hidden-apis-stub/src/main/java/android/content/pm/UserInfo.java @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2022 MURENA SAS + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package android.content.pm; + +import android.annotation.TargetApi; +import android.os.UserHandle; + +import androidx.annotation.DeprecatedSinceApi; + +public class UserInfo { + public int id; + + @TargetApi(29) + @DeprecatedSinceApi( + api = 34, + message = "Check availability in SDK34" + ) + public UserHandle getUserHandle() { + return null; + } +} diff --git a/permissionseos/libs/hidden-apis-stub/src/main/java/android/net/IConnectivityManager.java b/permissionseos/libs/hidden-apis-stub/src/main/java/android/net/IConnectivityManager.java new file mode 100644 index 0000000..53440e0 --- /dev/null +++ b/permissionseos/libs/hidden-apis-stub/src/main/java/android/net/IConnectivityManager.java @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2022 E FOUNDATION + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package android.net; + +import android.annotation.TargetApi; + +import android.os.Binder; +import android.os.IBinder; +import android.os.RemoteException; + +import androidx.annotation.DeprecatedSinceApi; + +// Stub based on: +// https://gitlab.e.foundation/e/os/android_frameworks_base/-/blob/[SDK_VERSION]/core/java/android/net/IConnectivityManager.java +public interface IConnectivityManager { + + @TargetApi(29) + @DeprecatedSinceApi( + api = 31, + message = "Moved to android.net.VpnManager" + ) + boolean prepareVpn(String oldPackage, String newPackage, int userId) throws RemoteException; + + @TargetApi(29) + @DeprecatedSinceApi( + api = 30, + message = "Use instead setVpnPackageAuthorization(String packageName, int userId, int vpnType)" + ) + void setVpnPackageAuthorization(String packageName, int userId, boolean authorized) throws RemoteException; + + @TargetApi(30) + @DeprecatedSinceApi( + api = 31, + message = "Moved to android.net.VpnManager" + ) + void setVpnPackageAuthorization(String packageName, int userId, int vpnType) throws RemoteException; + + @TargetApi(29) + @DeprecatedSinceApi( + api = 31, + message = "Moved to android.net.VpnManager" + ) + public String getAlwaysOnVpnPackage(int userId) throws RemoteException; + + public abstract static class Stub extends Binder implements IConnectivityManager { + public static IConnectivityManager asInterface(IBinder obj) { + return null; + } + } +} diff --git a/permissionseos/libs/hidden-apis-stub/src/main/java/android/net/VpnManager.java b/permissionseos/libs/hidden-apis-stub/src/main/java/android/net/VpnManager.java new file mode 100644 index 0000000..dab2173 --- /dev/null +++ b/permissionseos/libs/hidden-apis-stub/src/main/java/android/net/VpnManager.java @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2022 E FOUNDATION + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package android.net; + +import android.annotation.TargetApi; + +import androidx.annotation.DeprecatedSinceApi; +import androidx.annotation.Nullable; +import androidx.annotation.RequiresPermission; + +// Stub based on: +// https://gitlab.e.foundation/e/os/android_frameworks_base/-/blob/[SDK_VERSION]/core/java/android/net/VpnManager.java +public class VpnManager { + public static final int TYPE_VPN_SERVICE = 1; + + @TargetApi(31) + @DeprecatedSinceApi( + api = 34, + message = "Check disponibility in SDK34" + ) + public boolean prepareVpn( + @Nullable String oldPackage, + @Nullable String newPackage, + int userId + ) { + return true; + } + + @TargetApi(31) + @DeprecatedSinceApi( + api = 34, + message = "Check disponibility in SDK34" + ) + public void setVpnPackageAuthorization( + String packageName, + int userId, + int vpnType + ) {} + + @TargetApi(31) + @DeprecatedSinceApi( + api = 34, + message = "Check disponibility in SDK34" + ) + @RequiresPermission("android.permission.CONTROL_ALWAYS_ON_VPN") + public String getAlwaysOnVpnPackageForUser(int userId) { + return null; + } +} diff --git a/permissionseos/libs/hidden-apis-stub/src/main/java/android/os/ServiceManager.java b/permissionseos/libs/hidden-apis-stub/src/main/java/android/os/ServiceManager.java new file mode 100644 index 0000000..4696b79 --- /dev/null +++ b/permissionseos/libs/hidden-apis-stub/src/main/java/android/os/ServiceManager.java @@ -0,0 +1,24 @@ +/* + * Copyright (C) 2022 E FOUNDATION + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package android.os; + +public class ServiceManager { + public static IBinder getService(String name) { + return null; + } +} diff --git a/permissionseos/libs/hidden-apis-stub/src/main/java/android/os/UserHandle.java b/permissionseos/libs/hidden-apis-stub/src/main/java/android/os/UserHandle.java new file mode 100644 index 0000000..df56daf --- /dev/null +++ b/permissionseos/libs/hidden-apis-stub/src/main/java/android/os/UserHandle.java @@ -0,0 +1,24 @@ +/* + * Copyright (C) 2022 E FOUNDATION + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package android.os; + +public class UserHandle { + public static /*@UserIdInt*/ int myUserId() { + return 0; + } +} diff --git a/permissionseos/libs/hidden-apis-stub/src/main/java/android/os/UserManager.java b/permissionseos/libs/hidden-apis-stub/src/main/java/android/os/UserManager.java new file mode 100644 index 0000000..be6797e --- /dev/null +++ b/permissionseos/libs/hidden-apis-stub/src/main/java/android/os/UserManager.java @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2022 MURENA SAS + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package android.os; + +import android.annotation.TargetApi; +import android.content.pm.UserInfo; + +import androidx.annotation.DeprecatedSinceApi; +import androidx.annotation.RequiresPermission; +import java.util.List; + +public class UserManager { + + @TargetApi(29) + @DeprecatedSinceApi( + api = 34, + message = "Check availability in SDK34" + ) + @RequiresPermission("android.permission.MANAGE_USERS") + public List getProfiles(int userHandle) { + return null; + } + + @TargetApi(29) + @DeprecatedSinceApi( + api = 34, + message = "Check availability in SDK34" + ) + @RequiresPermission("android.permission.MANAGE_USERS") + public boolean isManagedProfile(int userId) { + return false; + } +} diff --git a/permissionseos/proguard-rules.pro b/permissionseos/proguard-rules.pro new file mode 100644 index 0000000..481bb43 --- /dev/null +++ b/permissionseos/proguard-rules.pro @@ -0,0 +1,21 @@ +# Add project specific ProGuard rules here. +# You can control the set of applied configuration files using the +# proguardFiles setting in build.gradle. +# +# For more details, see +# http://developer.android.com/guide/developing/tools/proguard.html + +# If your project uses WebView with JS, uncomment the following +# and specify the fully qualified class name to the JavaScript interface +# class: +#-keepclassmembers class fqcn.of.javascript.interface.for.webview { +# public *; +#} + +# Uncomment this to preserve the line number information for +# debugging stack traces. +#-keepattributes SourceFile,LineNumberTable + +# If you keep the line number information, uncomment this to +# hide the original source file name. +#-renamesourcefileattribute SourceFile \ No newline at end of file diff --git a/permissionseos/src/main/AndroidManifest.xml b/permissionseos/src/main/AndroidManifest.xml new file mode 100644 index 0000000..ed25c1c --- /dev/null +++ b/permissionseos/src/main/AndroidManifest.xml @@ -0,0 +1,59 @@ + + + + + + + + + + + + + + + + + diff --git a/permissionseos/src/main/java/foundation/e/advancedprivacy/externalinterfaces/permissions/PermissionsPrivacyModuleImpl.kt b/permissionseos/src/main/java/foundation/e/advancedprivacy/externalinterfaces/permissions/PermissionsPrivacyModuleImpl.kt new file mode 100644 index 0000000..0d32bce --- /dev/null +++ b/permissionseos/src/main/java/foundation/e/advancedprivacy/externalinterfaces/permissions/PermissionsPrivacyModuleImpl.kt @@ -0,0 +1,258 @@ +/* + * Copyright (C) 2021 E FOUNDATION, 2022 MURENA SAS + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package foundation.e.advancedprivacy.permissions.externalinterfaces + +import android.annotation.TargetApi +import android.app.AppOpsManager +import android.app.AppOpsManager.OP_NONE +import android.app.AppOpsManager.strOpToOp +import android.app.NotificationChannel +import android.content.Context +import android.content.pm.PackageInfo +import android.content.pm.PackageManager +import android.content.pm.UserInfo +import android.graphics.drawable.Drawable +import android.net.IConnectivityManager +import android.net.VpnManager +import android.net.VpnManager.TYPE_VPN_SERVICE +import android.os.Build +import android.os.ServiceManager +import android.os.UserHandle +import android.os.UserManager +import android.util.Log +import foundation.e.advancedprivacy.domain.entities.AppOpModes +import foundation.e.advancedprivacy.domain.entities.ApplicationDescription +import foundation.e.advancedprivacy.domain.entities.ProfileType.MAIN +import foundation.e.advancedprivacy.domain.entities.ProfileType.WORK +import foundation.e.advancedprivacy.externalinterfaces.permissions.PermissionsPrivacyModuleBase + +/** + * Implements [IPermissionsPrivacyModule] with all privileges of a system app. + */ +class PermissionsPrivacyModuleImpl(context: Context) : PermissionsPrivacyModuleBase(context) { + + private val appOpsManager: AppOpsManager + get() = context.getSystemService(Context.APP_OPS_SERVICE) as AppOpsManager + + /** + * @see IPermissionsPrivacyModule.toggleDangerousPermission + * Always return true, permission is set using privileged capacities. + */ + override fun toggleDangerousPermission( + appDesc: ApplicationDescription, + permissionName: String, + grant: Boolean + ): Boolean { + try { + if (grant) { + context.packageManager.grantRuntimePermission( + appDesc.packageName, + permissionName, + android.os.Process.myUserHandle() + ) + } else { + context.packageManager.revokeRuntimePermission( + appDesc.packageName, + permissionName, + android.os.Process.myUserHandle() + ) + } + } catch (e: Exception) { + Log.e("Permissions-e", "Exception while setting permission", e) + return false + } + + return true + } + + override fun setAppOpMode( + appDesc: ApplicationDescription, + appOpPermissionName: String, + status: AppOpModes + ): Boolean { + val op = strOpToOp(appOpPermissionName) + if (op != OP_NONE) { + appOpsManager.setMode(op, appDesc.uid, appDesc.packageName, status.modeValue) + } + return true + } + + override fun getApplications( + filter: ((PackageInfo) -> Boolean)? + ): List { + val pm = context.packageManager + val mainUserId = UserHandle.myUserId() + val workProfileId = getWorkProfile()?.id + + val userIds = listOf(mainUserId, workProfileId).filterNotNull() + return userIds.map { profileId -> + pm.getInstalledPackagesAsUser(PackageManager.GET_PERMISSIONS, profileId) + .filter { filter?.invoke(it) ?: true } + .map { + buildApplicationDescription( + appInfo = it.applicationInfo, + profileId = profileId, + profileType = if (profileId == mainUserId) MAIN else WORK + ) + } + }.flatten() + } + + override fun getApplicationIcon(app: ApplicationDescription): Drawable? { + return if (app.profileType == WORK) { + getWorkProfile()?.let { workProfile -> + val pm = context.packageManager + getApplicationIcon( + pm.getApplicationInfoAsUser(app.packageName, 0, workProfile.id) + )?.let { + pm.getUserBadgedIcon(it, workProfile.getUserHandle()) + } + } + } else getApplicationIcon(app.packageName) + } + + override fun setBlockable(notificationChannel: NotificationChannel) { + when (Build.VERSION.SDK_INT) { + 29 -> notificationChannel.setBlockableSystem(true) + 30, 31, 32, 33 -> notificationChannel.setBlockable(true) + else -> { + Log.e("Permissions-e", "Bad android sdk version") + } + } + } + + override fun setVpnPackageAuthorization(packageName: String): Boolean { + return when (Build.VERSION.SDK_INT) { + 29 -> setVpnPackageAuthorizationSDK29(packageName) + 30 -> setVpnPackageAuthorizationSDK30(packageName) + 31, 32, 33 -> setVpnPackageAuthorizationSDK32(packageName) + else -> { + Log.e("Permissions-e", "Bad android sdk version") + false + } + } + } + + @TargetApi(29) + private fun setVpnPackageAuthorizationSDK29(packageName: String): Boolean { + val service: IConnectivityManager = IConnectivityManager.Stub.asInterface( + ServiceManager.getService(Context.CONNECTIVITY_SERVICE) + ) + + try { + if (service.prepareVpn(null, packageName, UserHandle.myUserId())) { + // Authorize this app to initiate VPN connections in the future without user + // intervention. + service.setVpnPackageAuthorization(packageName, UserHandle.myUserId(), true) + return true + } + } catch (e: java.lang.Exception) { + Log.e("Permissions-e", "Exception while setting VpnPackageAuthorization", e) + } catch (e: NoSuchMethodError) { + Log.e("Permissions-e", "Bad android sdk version", e) + } + return false + } + + @TargetApi(30) + private fun setVpnPackageAuthorizationSDK30(packageName: String): Boolean { + val service: IConnectivityManager = IConnectivityManager.Stub.asInterface( + ServiceManager.getService(Context.CONNECTIVITY_SERVICE) + ) + + try { + if (service.prepareVpn(null, packageName, UserHandle.myUserId())) { + // Authorize this app to initiate VPN connections in the future without user + // intervention. + service.setVpnPackageAuthorization(packageName, UserHandle.myUserId(), TYPE_VPN_SERVICE) + return true + } + } catch (e: java.lang.Exception) { + Log.e("Permissions-e", "Exception while setting VpnPackageAuthorization", e) + } catch (e: NoSuchMethodError) { + Log.e("Permissions-e", "Bad android sdk version", e) + } + return false + } + + @TargetApi(31) + private fun setVpnPackageAuthorizationSDK32(packageName: String): Boolean { + val vpnManager = context.getSystemService(Context.VPN_MANAGEMENT_SERVICE) as VpnManager + + try { + if (vpnManager.prepareVpn(null, packageName, UserHandle.myUserId())) { + // Authorize this app to initiate VPN connections in the future without user + // intervention. + vpnManager.setVpnPackageAuthorization(packageName, UserHandle.myUserId(), TYPE_VPN_SERVICE) + return true + } + } catch (e: java.lang.Exception) { + Log.e("Permissions-e", "Exception while setting VpnPackageAuthorization", e) + } catch (e: NoSuchMethodError) { + Log.e("Permissions-e", "Bad android sdk version", e) + } + return false + } + + override fun getAlwaysOnVpnPackage(): String? { + return when (Build.VERSION.SDK_INT) { + 29, 30 -> getAlwaysOnVpnPackageSDK29() + 31, 32, 33 -> getAlwaysOnVpnPackageSDK32() + else -> { + Log.e("Permissions-e", "Bad android sdk version") + null + } + } + } + + @TargetApi(29) + private fun getAlwaysOnVpnPackageSDK29(): String? { + val service: IConnectivityManager = IConnectivityManager.Stub.asInterface( + ServiceManager.getService(Context.CONNECTIVITY_SERVICE) + ) + + return try { + service.getAlwaysOnVpnPackage(UserHandle.myUserId()) + } catch (e: java.lang.Exception) { + Log.e("Permissions-e", "Bad android sdk version ", e) + return null + } + } + + @TargetApi(31) + private fun getAlwaysOnVpnPackageSDK32(): String? { + val vpnManager = context.getSystemService(Context.VPN_MANAGEMENT_SERVICE) as VpnManager + return try { + vpnManager.getAlwaysOnVpnPackageForUser(UserHandle.myUserId()) + } catch (e: java.lang.Exception) { + Log.e("Permissions-e", "Bad android sdk version ", e) + return null + } + } + + private fun getWorkProfile(): UserInfo? { + val userManager: UserManager = context.getSystemService(UserManager::class.java) + val userId = UserHandle.myUserId() + for (user in userManager.getProfiles(UserHandle.myUserId())) { + if (user.id != userId && userManager.isManagedProfile(user.id)) { + return user + } + } + return null + } +} -- cgit v1.2.1