commit 8d01ae9f9c4dce0593e2728ae9e8e54044761592 Author: Jerry Date: Wed Mar 13 18:19:48 2024 +0800 init diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..aa724b7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,15 @@ +*.iml +.gradle +/local.properties +/.idea/caches +/.idea/libraries +/.idea/modules.xml +/.idea/workspace.xml +/.idea/navEditor.xml +/.idea/assetWizardSettings.xml +.DS_Store +/build +/captures +.externalNativeBuild +.cxx +local.properties diff --git a/app/.gitignore b/app/.gitignore new file mode 100644 index 0000000..42afabf --- /dev/null +++ b/app/.gitignore @@ -0,0 +1 @@ +/build \ No newline at end of file diff --git a/app/build.gradle b/app/build.gradle new file mode 100644 index 0000000..677e6cf --- /dev/null +++ b/app/build.gradle @@ -0,0 +1,43 @@ +plugins { + alias(libs.plugins.androidApplication) +} + +android { + namespace 'org.fdroid.fdroid.privileged' + compileSdk 34 + + defaultConfig { + applicationId "org.fdroid.fdroid.privileged" + minSdk 16 + targetSdk 34 + versionCode 1 + versionName "1.0" + + testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner" + } + + buildTypes { + release { + minifyEnabled false + proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' + } + } + + buildFeatures { + aidl true + } + + compileOptions { + sourceCompatibility JavaVersion.VERSION_1_8 + targetCompatibility JavaVersion.VERSION_1_8 + } +} + +dependencies { + + implementation libs.appcompat + implementation libs.material + testImplementation libs.junit + androidTestImplementation libs.ext.junit + androidTestImplementation libs.espresso.core +} diff --git a/app/proguard-rules.pro b/app/proguard-rules.pro new file mode 100644 index 0000000..481bb43 --- /dev/null +++ b/app/proguard-rules.pro @@ -0,0 +1,21 @@ +# Add project specific ProGuard rules here. +# You can control the set of applied configuration files using the +# proguardFiles setting in build.gradle. +# +# For more details, see +# http://developer.android.com/guide/developing/tools/proguard.html + +# If your project uses WebView with JS, uncomment the following +# and specify the fully qualified class name to the JavaScript interface +# class: +#-keepclassmembers class fqcn.of.javascript.interface.for.webview { +# public *; +#} + +# Uncomment this to preserve the line number information for +# debugging stack traces. +#-keepattributes SourceFile,LineNumberTable + +# If you keep the line number information, uncomment this to +# hide the original source file name. +#-renamesourcefileattribute SourceFile \ No newline at end of file diff --git a/app/src/androidTest/java/org/fdroid/fdroid/privileged/ExampleInstrumentedTest.java b/app/src/androidTest/java/org/fdroid/fdroid/privileged/ExampleInstrumentedTest.java new file mode 100644 index 0000000..63704bd --- /dev/null +++ b/app/src/androidTest/java/org/fdroid/fdroid/privileged/ExampleInstrumentedTest.java @@ -0,0 +1,26 @@ +package org.fdroid.fdroid.privileged; + +import android.content.Context; + +import androidx.test.platform.app.InstrumentationRegistry; +import androidx.test.ext.junit.runners.AndroidJUnit4; + +import org.junit.Test; +import org.junit.runner.RunWith; + +import static org.junit.Assert.*; + +/** + * Instrumented test, which will execute on an Android device. + * + * @see Testing documentation + */ +@RunWith(AndroidJUnit4.class) +public class ExampleInstrumentedTest { + @Test + public void useAppContext() { + // Context of the app under test. + Context appContext = InstrumentationRegistry.getInstrumentation().getTargetContext(); + assertEquals("org.fdroid.fdroid.privileged", appContext.getPackageName()); + } +} \ No newline at end of file diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml new file mode 100644 index 0000000..483d0bd --- /dev/null +++ b/app/src/main/AndroidManifest.xml @@ -0,0 +1,31 @@ + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/app/src/main/aidl/org/fdroid/fdroid/privileged/IPrivilegedCallback.aidl b/app/src/main/aidl/org/fdroid/fdroid/privileged/IPrivilegedCallback.aidl new file mode 100644 index 0000000..4ebd274 --- /dev/null +++ b/app/src/main/aidl/org/fdroid/fdroid/privileged/IPrivilegedCallback.aidl @@ -0,0 +1,5 @@ +package org.fdroid.fdroid.privileged; + +interface IPrivilegedCallback { + void handleResult(in String packageName, in int returnCode); +} diff --git a/app/src/main/aidl/org/fdroid/fdroid/privileged/IPrivilegedService.aidl b/app/src/main/aidl/org/fdroid/fdroid/privileged/IPrivilegedService.aidl new file mode 100644 index 0000000..d280e1a --- /dev/null +++ b/app/src/main/aidl/org/fdroid/fdroid/privileged/IPrivilegedService.aidl @@ -0,0 +1,11 @@ +package org.fdroid.fdroid.privileged; + +import org.fdroid.fdroid.privileged.IPrivilegedCallback; + +interface IPrivilegedService { + boolean hasPrivilegedPermissions(); + oneway void installPackage(in Uri packageURI, in int flags, in String installerPackageName, + in IPrivilegedCallback callback); + oneway void deletePackage(in String packageName, in int flags, in IPrivilegedCallback callback); + List getInstalledPackages(in int flags); +} diff --git a/app/src/main/ic_launcher-playstore.png b/app/src/main/ic_launcher-playstore.png new file mode 100644 index 0000000..e3910f1 Binary files /dev/null and b/app/src/main/ic_launcher-playstore.png differ diff --git a/app/src/main/java/org/fdroid/fdroid/privileged/AccessProtectionHelper.java b/app/src/main/java/org/fdroid/fdroid/privileged/AccessProtectionHelper.java new file mode 100644 index 0000000..75d02e3 --- /dev/null +++ b/app/src/main/java/org/fdroid/fdroid/privileged/AccessProtectionHelper.java @@ -0,0 +1,142 @@ +/* + * Copyright (C) 2016 Dominik Schürmann + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.fdroid.fdroid.privileged; + +import android.annotation.SuppressLint; +import android.content.Context; +import android.content.pm.PackageInfo; +import android.content.pm.PackageManager; +import android.content.pm.Signature; +import android.os.Binder; +import android.util.Log; +import android.util.Pair; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Arrays; +import java.util.HashSet; + +public class AccessProtectionHelper { + + Context context; + PackageManager pm; + HashSet> whitelist; + + AccessProtectionHelper(Context context) { + this(context, ClientWhitelist.whitelist); + } + + AccessProtectionHelper(Context context, HashSet> whitelist) { + this.context = context; + this.pm = context.getPackageManager(); + this.whitelist = whitelist; + } + + /** + * Checks if process that binds to this service (i.e. the package name corresponding to the + * process) is in the whitelist. + * + * @return true if process is allowed to use this service + */ + public boolean isCallerAllowed() { + return isUidAllowed(Binder.getCallingUid()); + } + + private boolean isUidAllowed(int uid) { + String[] callingPackages = pm.getPackagesForUid(uid); + if (callingPackages == null) { + throw new RuntimeException("Should not happen. No packages associated to caller UID!"); + } + + // is calling package allowed to use this service? + // NOTE: No support for sharedUserIds + // callingPackages contains more than one entry when sharedUserId has been used + // No plans to support sharedUserIds due to many bugs connected to them: + // http://java-hamster.blogspot.de/2010/05/androids-shareduserid.html + String currentPkg = callingPackages[0]; + return isPackageAllowed(currentPkg); + } + + public boolean isPackageAllowed(String packageName) { + Log.d(PrivilegedService.TAG, "Checking if package is allowed to access privileged extension: " + packageName); + + try { + byte[] currentPackageCert = getPackageCertificate(packageName); + + for (Pair whitelistEntry : whitelist) { + String whitelistPackageName = (String) whitelistEntry.first; + String whitelistHashString = (String) whitelistEntry.second; + byte[] whitelistHash = hexStringToByteArray(whitelistHashString); + + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] packageHash = digest.digest(currentPackageCert); + + String packageHashString = new BigInteger(1, packageHash).toString(16); + Log.d(PrivilegedService.TAG, "Allowed cert hash: " + whitelistHashString); + Log.d(PrivilegedService.TAG, "Package cert hash: " + packageHashString); + + boolean packageNameMatches = packageName.equals(whitelistPackageName); + boolean packageCertMatches = Arrays.equals(whitelistHash, packageHash); + if (packageNameMatches && packageCertMatches) { + Log.d(PrivilegedService.TAG, "Package is allowed to access the privileged extension!"); + return true; + } + } + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e.getMessage()); + } + + Log.e(PrivilegedService.TAG, "Package is NOT allowed to access the privileged extension!"); + return false; + } + + private byte[] getPackageCertificate(String packageName) { + try { + // we do check the byte array of *all* signatures + @SuppressLint("PackageManagerGetSignatures") + PackageInfo pkgInfo = pm.getPackageInfo(packageName, PackageManager.GET_SIGNATURES); + + // NOTE: Silly Android API naming: Signatures are actually certificates + Signature[] certificates = pkgInfo.signatures; + ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); + for (Signature cert : certificates) { + outputStream.write(cert.toByteArray()); + } + + // Even if an apk has several certificates, these certificates should never change + // Google Play does not allow the introduction of new certificates into an existing apk + // Also see this attack: http://stackoverflow.com/a/10567852 + return outputStream.toByteArray(); + } catch (PackageManager.NameNotFoundException | IOException e) { + throw new RuntimeException(e.getMessage()); + } + } + + private static byte[] hexStringToByteArray(String s) { + int len = s.length(); + byte[] data = new byte[len / 2]; + for (int i = 0; i < len; i += 2) { + data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + + Character.digit(s.charAt(i + 1), 16)); + } + return data; + } + +} diff --git a/app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java b/app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java new file mode 100644 index 0000000..993fadb --- /dev/null +++ b/app/src/main/java/org/fdroid/fdroid/privileged/ClientWhitelist.java @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2016 Dominik Schürmann + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http//www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.fdroid.fdroid.privileged; + +import android.util.Pair; + +import java.util.Arrays; +import java.util.HashSet; + +/** + * Only apps signed using a certificate with a SHA-256 hash listed here + * can access the Privileged Extension! + *
    + *
  1. Get SHA-256 of certificate as lowercase without colons with + * keytool -printcert -jarfile com.example.apk | sed -n 's,SHA256:\s*\([A-F0-9:]*\),\1,p' | sed 's,:,,g' + * | tr A-f a-f
    2. + *
  2. Add here with Application ID
    3. + *
+ */ +public class ClientWhitelist { + + public static HashSet> whitelist = new HashSet<>(Arrays.asList( + // certificate SHA-256 of https//f-droid.org/F-Droid.apk + new Pair<>("org.fdroid.fdroid", "43238d512c1e5eb2d6569f4a3afbf5523418b82e0a3ed1552770abb9a9c9ccab") + )); + +} diff --git a/app/src/main/java/org/fdroid/fdroid/privileged/PrivilegedService.java b/app/src/main/java/org/fdroid/fdroid/privileged/PrivilegedService.java new file mode 100644 index 0000000..7700ad3 --- /dev/null +++ b/app/src/main/java/org/fdroid/fdroid/privileged/PrivilegedService.java @@ -0,0 +1,213 @@ +package org.fdroid.fdroid.privileged; + +import android.annotation.SuppressLint; +import android.app.Service; +import android.content.Intent; +import android.content.pm.PackageInfo; +import android.net.Uri; +import android.os.IBinder; +import android.os.RemoteException; +import android.util.Log; + +import java.io.InputStream; +import java.io.OutputStream; +import java.math.BigInteger; +import java.security.MessageDigest; +import java.util.Arrays; +import java.util.List; + +public class PrivilegedService extends Service { + + public static final String TAG = "PrivilegedExtension"; + private AccessProtectionHelper accessProtectionHelper; + private int uid; + + @Override + public void onCreate() { + super.onCreate(); + + accessProtectionHelper = new AccessProtectionHelper(this); + uid = getApplicationContext().getApplicationInfo().uid; + Log.i(TAG, String.format("uid: %d, name: u%d_a%d", uid, uid/100000, uid % 1000)); + } + + protected boolean hasPrivilegedPermissionsImpl() { + try { + @SuppressLint("DefaultLocale") + String[] cmd = android.os.Build.VERSION.SDK_INT < android.os.Build.VERSION_CODES.O || getApplicationContext().getPackageManager().canRequestPackageInstalls() + ? new String[]{"su", "-c", "true"} + : new String[]{"su", "-c", String.format("appops set --user %d %d REQUEST_INSTALL_PACKAGES allow", uid/100000, uid)}; + Log.d(TAG, String.format("check root cmd: %s", Arrays.toString(cmd))); + Process p = Runtime.getRuntime().exec(cmd); + if (p.waitFor() == 0) { + Log.i(TAG, "Has Privileged Permissions"); + return true; + } + } + catch (Exception e) { + Log.e(TAG, "hasPrivilegedPermissionsImpl", e); + } + Log.i(TAG, "No Privileged Permissions"); + return false; + } + + protected void clearCache(byte[] sha1Bin) { + String sha1sum = new BigInteger(1, sha1Bin).toString(16); + Log.d(TAG, String.format("sha1sum of apk: %s", sha1sum)); + String[] cmd = new String[]{"su", "-M", "-c", "sh"}; + @SuppressLint("DefaultLocale") + byte[] stdin = String.format("for i in /data/user/%d/org.fdroid.fdroid/cache/apks/*/*.apk /data/user/%d/org.fdroid.fdroid/files/*.apk;do [ -e \"$i\" ] || continue;[ \"$(sha1sum -b \"$i\")\" == \"%s\" ] && rm -fv \"$i\";done\n", uid/100000, uid/100000, sha1sum).getBytes(); + try { + Process p = Runtime.getRuntime().exec(cmd); + p.getOutputStream().write(stdin); + p.getOutputStream().flush(); + p.getOutputStream().close(); + int _b; + StringBuilder stdoutStringBuilder = new StringBuilder(); + while ((_b = p.getInputStream().read()) >= 0) { + stdoutStringBuilder.append((char)_b); + } + StringBuilder stderrStringBuilder = new StringBuilder(); + while ((_b = p.getErrorStream().read()) >= 0) { + stderrStringBuilder.append((char)_b); + } + Log.i(TAG, String.format("clearCache stdout=%s stderr=%s", stdoutStringBuilder, stderrStringBuilder)); + if (p.waitFor() != 0) { + Log.e(TAG, "clearCache failed"); + } + } + catch (Exception e) { + Log.e(TAG, "clear cache", e); + } + } + + protected void installPackageImpl(Uri packageURI, int flags, String installerPackageName, IPrivilegedCallback callback) { + Log.i(TAG, String.format("install uri=%s flags=%d installer=%s", packageURI, flags, installerPackageName)); + + String packageInstalled = null; + int installationReturnCode = 0; + + try { + InputStream inputStream; + inputStream = getContentResolver().openInputStream(packageURI); + if (inputStream == null) throw new RuntimeException("inputStream is null"); + int size = inputStream.available(); + @SuppressLint("DefaultLocale") + String[] cmd = new String[]{"su", "-c", String.format("pm install --user %d -S %d -i %s -- -", uid/100000, size, installerPackageName)}; + Log.d(TAG, String.format("cmd: %s", Arrays.toString(cmd))); + Process p = Runtime.getRuntime().exec(cmd); + MessageDigest sha1Digest = MessageDigest.getInstance("SHA-1"); + byte[] buf = new byte[1048576]; + OutputStream outputStream = p.getOutputStream(); + while (true) { + int got = inputStream.read(buf, 0, 1048576); + if (got > 0) { + sha1Digest.update(buf, 0, got); + outputStream.write(buf, 0, got); + } + else break; + } + outputStream.flush(); + outputStream.close(); + int retCode = p.waitFor(); + if (retCode != 0) { + throw new RuntimeException(String.format("return code %d", retCode)); + } + /* todo: it seems that f-droid does not care about packageInstalled + String[] _uri_sp = packageURI.toString().split("/"); + packageInstalled = _uri_sp[_uri_sp.length - 1].split("-")[0]; + */ + installationReturnCode = 1; + clearCache(sha1Digest.digest()); + } + catch (Exception e) { + Log.e(TAG, "installPackageImpl", e); + } + try { + Log.i(TAG, String.format("install uri=%s return %d", packageURI, installationReturnCode)); + callback.handleResult(packageInstalled, installationReturnCode); + } catch (RemoteException e1) { + Log.e(TAG, "RemoteException", e1); + } + } + + protected void deletePackageImpl(String packageName, int flags, IPrivilegedCallback callback) { + Log.i(TAG, String.format("delete name=%s flags=%d", packageName, flags)); + int installationReturnCode = 0; + try { + @SuppressLint("DefaultLocale") + String[] cmd = new String[]{"su", "-c", String.format("pm uninstall --user %d %s", uid/100000, packageName)}; + Process p = Runtime.getRuntime().exec(cmd); + int retCode = p.waitFor(); + if (retCode != 0) { + throw new RuntimeException(String.format("return code %d", retCode)); + } + installationReturnCode = 1; + } + catch (Exception e) { + Log.e(TAG, "deletePackageImpl", e); + } + try { + Log.i(TAG, String.format("delete package=%s return %d", packageName, installationReturnCode)); + callback.handleResult(null, installationReturnCode); + } catch (RemoteException e1) { + Log.e(TAG, "RemoteException", e1); + } + } + + private final IPrivilegedService.Stub binder = new IPrivilegedService.Stub() { + @Override + public boolean hasPrivilegedPermissions() { + boolean callerIsAllowed = accessProtectionHelper.isCallerAllowed(); + return callerIsAllowed && hasPrivilegedPermissionsImpl(); + } + + @Override + public void installPackage(Uri packageURI, int flags, String installerPackageName, + IPrivilegedCallback callback) { + if (!accessProtectionHelper.isCallerAllowed()) { + return; + } + + installPackageImpl(packageURI, flags, installerPackageName, callback); + } + + @Override + public void deletePackage(String packageName, int flags, IPrivilegedCallback callback) { + if (!accessProtectionHelper.isCallerAllowed()) { + return; + } + + deletePackageImpl(packageName, flags, callback); + } + + @Override + public List getInstalledPackages(int flags) { + Integer matchStaticSharedLibraries = getMatchStaticSharedLibraries(); + if (matchStaticSharedLibraries != null) { + flags |= matchStaticSharedLibraries; + } + @SuppressLint("QueryPermissionsNeeded") + List ret = getPackageManager().getInstalledPackages(flags); + return ret; + } + }; + + @Override + public IBinder onBind(Intent intent) { + return binder; + } + + protected static Integer getMatchStaticSharedLibraries() { + /* todo: use AndroidHiddenApiBypass + try { + java.lang.reflect.Field field = PackageManager.class.getDeclaredField("MATCH_STATIC_SHARED_LIBRARIES"); + return (Integer) field.get(null); + } catch (NoSuchFieldException | IllegalAccessException | ClassCastException e) { + e.printStackTrace(); + } + */ + return null; + } + +} \ No newline at end of file diff --git a/app/src/main/res/drawable-v24/ic_launcher_foreground.xml b/app/src/main/res/drawable-v24/ic_launcher_foreground.xml new file mode 100644 index 0000000..d5cc038 --- /dev/null +++ b/app/src/main/res/drawable-v24/ic_launcher_foreground.xml @@ -0,0 +1,55 @@ + + > + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/app/src/main/res/drawable/fdroid_logo_privileged.xml b/app/src/main/res/drawable/fdroid_logo_privileged.xml new file mode 100644 index 0000000..787fe14 --- /dev/null +++ b/app/src/main/res/drawable/fdroid_logo_privileged.xml @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/app/src/main/res/drawable/ic_launcher_background.xml b/app/src/main/res/drawable/ic_launcher_background.xml new file mode 100644 index 0000000..7ba6410 --- /dev/null +++ b/app/src/main/res/drawable/ic_launcher_background.xml @@ -0,0 +1,26 @@ + + + + + + + + + + + diff --git a/app/src/main/res/mipmap-anydpi-v26/ic_launcher.xml b/app/src/main/res/mipmap-anydpi-v26/ic_launcher.xml new file mode 100644 index 0000000..bbd3e02 --- /dev/null +++ b/app/src/main/res/mipmap-anydpi-v26/ic_launcher.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/app/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml b/app/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml new file mode 100644 index 0000000..bbd3e02 --- /dev/null +++ b/app/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/app/src/main/res/mipmap-hdpi/ic_launcher.webp b/app/src/main/res/mipmap-hdpi/ic_launcher.webp new file mode 100644 index 0000000..a4f0dfb Binary files /dev/null and b/app/src/main/res/mipmap-hdpi/ic_launcher.webp differ diff --git a/app/src/main/res/mipmap-hdpi/ic_launcher_round.webp b/app/src/main/res/mipmap-hdpi/ic_launcher_round.webp new file mode 100644 index 0000000..f338523 Binary files /dev/null and b/app/src/main/res/mipmap-hdpi/ic_launcher_round.webp differ diff --git a/app/src/main/res/mipmap-mdpi/ic_launcher.webp b/app/src/main/res/mipmap-mdpi/ic_launcher.webp new file mode 100644 index 0000000..372c226 Binary files /dev/null and b/app/src/main/res/mipmap-mdpi/ic_launcher.webp differ diff --git a/app/src/main/res/mipmap-mdpi/ic_launcher_round.webp b/app/src/main/res/mipmap-mdpi/ic_launcher_round.webp new file mode 100644 index 0000000..65c0500 Binary files /dev/null and b/app/src/main/res/mipmap-mdpi/ic_launcher_round.webp differ diff --git a/app/src/main/res/mipmap-xhdpi/ic_launcher.webp b/app/src/main/res/mipmap-xhdpi/ic_launcher.webp new file mode 100644 index 0000000..4ab1d93 Binary files /dev/null and b/app/src/main/res/mipmap-xhdpi/ic_launcher.webp differ diff --git a/app/src/main/res/mipmap-xhdpi/ic_launcher_round.webp b/app/src/main/res/mipmap-xhdpi/ic_launcher_round.webp new file mode 100644 index 0000000..eb45c5b Binary files /dev/null and b/app/src/main/res/mipmap-xhdpi/ic_launcher_round.webp differ diff --git a/app/src/main/res/mipmap-xxhdpi/ic_launcher.webp b/app/src/main/res/mipmap-xxhdpi/ic_launcher.webp new file mode 100644 index 0000000..72efd24 Binary files /dev/null and b/app/src/main/res/mipmap-xxhdpi/ic_launcher.webp differ diff --git a/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.webp b/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.webp new file mode 100644 index 0000000..c2ad338 Binary files /dev/null and b/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.webp differ diff --git a/app/src/main/res/mipmap-xxxhdpi/ic_launcher.webp b/app/src/main/res/mipmap-xxxhdpi/ic_launcher.webp new file mode 100644 index 0000000..9adec43 Binary files /dev/null and b/app/src/main/res/mipmap-xxxhdpi/ic_launcher.webp differ diff --git a/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.webp b/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.webp new file mode 100644 index 0000000..d92c2c2 Binary files /dev/null and b/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.webp differ diff --git a/app/src/main/res/values-night/themes.xml b/app/src/main/res/values-night/themes.xml new file mode 100644 index 0000000..292dd36 --- /dev/null +++ b/app/src/main/res/values-night/themes.xml @@ -0,0 +1,16 @@ + + + + \ No newline at end of file diff --git a/app/src/main/res/values/colors.xml b/app/src/main/res/values/colors.xml new file mode 100644 index 0000000..f8c6127 --- /dev/null +++ b/app/src/main/res/values/colors.xml @@ -0,0 +1,10 @@ + + + #FFBB86FC + #FF6200EE + #FF3700B3 + #FF03DAC5 + #FF018786 + #FF000000 + #FFFFFFFF + \ No newline at end of file diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml new file mode 100644 index 0000000..4511dea --- /dev/null +++ b/app/src/main/res/values/strings.xml @@ -0,0 +1,3 @@ + + F-Droid Root Privileged Extension + diff --git a/app/src/main/res/values/themes.xml b/app/src/main/res/values/themes.xml new file mode 100644 index 0000000..bf5e33d --- /dev/null +++ b/app/src/main/res/values/themes.xml @@ -0,0 +1,16 @@ + + + + \ No newline at end of file diff --git a/app/src/main/res/xml/backup_rules.xml b/app/src/main/res/xml/backup_rules.xml new file mode 100644 index 0000000..fa0f996 --- /dev/null +++ b/app/src/main/res/xml/backup_rules.xml @@ -0,0 +1,13 @@ + + + + \ No newline at end of file diff --git a/app/src/main/res/xml/data_extraction_rules.xml b/app/src/main/res/xml/data_extraction_rules.xml new file mode 100644 index 0000000..9ee9997 --- /dev/null +++ b/app/src/main/res/xml/data_extraction_rules.xml @@ -0,0 +1,19 @@ + + + + + + + \ No newline at end of file diff --git a/app/src/test/java/org/fdroid/fdroid/privileged/ExampleUnitTest.java b/app/src/test/java/org/fdroid/fdroid/privileged/ExampleUnitTest.java new file mode 100644 index 0000000..8974b70 --- /dev/null +++ b/app/src/test/java/org/fdroid/fdroid/privileged/ExampleUnitTest.java @@ -0,0 +1,17 @@ +package org.fdroid.fdroid.privileged; + +import org.junit.Test; + +import static org.junit.Assert.*; + +/** + * Example local unit test, which will execute on the development machine (host). + * + * @see Testing documentation + */ +public class ExampleUnitTest { + @Test + public void addition_isCorrect() { + assertEquals(4, 2 + 2); + } +} \ No newline at end of file diff --git a/build.gradle b/build.gradle new file mode 100644 index 0000000..e61198d --- /dev/null +++ b/build.gradle @@ -0,0 +1,4 @@ +// Top-level build file where you can add configuration options common to all sub-projects/modules. +plugins { +alias(libs.plugins.androidApplication) apply false +} \ No newline at end of file diff --git a/gradle.properties b/gradle.properties new file mode 100644 index 0000000..4387edc --- /dev/null +++ b/gradle.properties @@ -0,0 +1,21 @@ +# Project-wide Gradle settings. +# IDE (e.g. Android Studio) users: +# Gradle settings configured through the IDE *will override* +# any settings specified in this file. +# For more details on how to configure your build environment visit +# http://www.gradle.org/docs/current/userguide/build_environment.html +# Specifies the JVM arguments used for the daemon process. +# The setting is particularly useful for tweaking memory settings. +org.gradle.jvmargs=-Xmx2048m -Dfile.encoding=UTF-8 +# When configured, Gradle will run in incubating parallel mode. +# This option should only be used with decoupled projects. For more details, visit +# https://developer.android.com/r/tools/gradle-multi-project-decoupled-projects +# org.gradle.parallel=true +# AndroidX package structure to make it clearer which packages are bundled with the +# Android operating system, and which are packaged with your app's APK +# https://developer.android.com/topic/libraries/support-library/androidx-rn +android.useAndroidX=true +# Enables namespacing of each library's R class so that its R class includes only the +# resources declared in the library itself and none from the library's dependencies, +# thereby reducing the size of the R class for that library +android.nonTransitiveRClass=true \ No newline at end of file diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml new file mode 100644 index 0000000..f1ff4cf --- /dev/null +++ b/gradle/libs.versions.toml @@ -0,0 +1,18 @@ +[versions] +agp = "8.3.0" +junit = "4.13.2" +junitVersion = "1.1.5" +espressoCore = "3.5.1" +appcompat = "1.6.1" +material = "1.11.0" + +[libraries] +junit = { group = "junit", name = "junit", version.ref = "junit" } +ext-junit = { group = "androidx.test.ext", name = "junit", version.ref = "junitVersion" } +espresso-core = { group = "androidx.test.espresso", name = "espresso-core", version.ref = "espressoCore" } +appcompat = { group = "androidx.appcompat", name = "appcompat", version.ref = "appcompat" } +material = { group = "com.google.android.material", name = "material", version.ref = "material" } + +[plugins] +androidApplication = { id = "com.android.application", version.ref = "agp" } + diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000..e708b1c Binary files /dev/null and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 0000000..db10ed5 --- /dev/null +++ b/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,6 @@ +#Mon Mar 11 17:55:49 CST 2024 +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew new file mode 100755 index 0000000..4f906e0 --- /dev/null +++ b/gradlew @@ -0,0 +1,185 @@ +#!/usr/bin/env sh + +# +# Copyright 2015 the original author or authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +############################################################################## +## +## Gradle start up script for UN*X +## +############################################################################## + +# Attempt to set APP_HOME +# Resolve links: $0 may be a link +PRG="$0" +# Need this for relative symlinks. +while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`"/$link" + fi +done +SAVED="`pwd`" +cd "`dirname \"$PRG\"`/" >/dev/null +APP_HOME="`pwd -P`" +cd "$SAVED" >/dev/null + +APP_NAME="Gradle" +APP_BASE_NAME=`basename "$0"` + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD="maximum" + +warn () { + echo "$*" +} + +die () { + echo + echo "$*" + echo + exit 1 +} + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "`uname`" in + CYGWIN* ) + cygwin=true + ;; + Darwin* ) + darwin=true + ;; + MINGW* ) + msys=true + ;; + NONSTOP* ) + nonstop=true + ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD="java" + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then + MAX_FD_LIMIT=`ulimit -H -n` + if [ $? -eq 0 ] ; then + if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then + MAX_FD="$MAX_FD_LIMIT" + fi + ulimit -n $MAX_FD + if [ $? -ne 0 ] ; then + warn "Could not set maximum file descriptor limit: $MAX_FD" + fi + else + warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" + fi +fi + +# For Darwin, add options to specify how the application appears in the dock +if $darwin; then + GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" +fi + +# For Cygwin or MSYS, switch paths to Windows format before running java +if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then + APP_HOME=`cygpath --path --mixed "$APP_HOME"` + CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + + JAVACMD=`cygpath --unix "$JAVACMD"` + + # We build the pattern for arguments to be converted via cygpath + ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` + SEP="" + for dir in $ROOTDIRSRAW ; do + ROOTDIRS="$ROOTDIRS$SEP$dir" + SEP="|" + done + OURCYGPATTERN="(^($ROOTDIRS))" + # Add a user-defined pattern to the cygpath arguments + if [ "$GRADLE_CYGPATTERN" != "" ] ; then + OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" + fi + # Now convert the arguments - kludge to limit ourselves to /bin/sh + i=0 + for arg in "$@" ; do + CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` + CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option + + if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition + eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` + else + eval `echo args$i`="\"$arg\"" + fi + i=`expr $i + 1` + done + case $i in + 0) set -- ;; + 1) set -- "$args0" ;; + 2) set -- "$args0" "$args1" ;; + 3) set -- "$args0" "$args1" "$args2" ;; + 4) set -- "$args0" "$args1" "$args2" "$args3" ;; + 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + esac +fi + +# Escape application args +save () { + for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done + echo " " +} +APP_ARGS=`save "$@"` + +# Collect all arguments for the java command, following the shell quoting and substitution rules +eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" + +exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat new file mode 100644 index 0000000..ac1b06f --- /dev/null +++ b/gradlew.bat @@ -0,0 +1,89 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto execute + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto execute + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/settings.gradle b/settings.gradle new file mode 100644 index 0000000..89c0ed4 --- /dev/null +++ b/settings.gradle @@ -0,0 +1,23 @@ +pluginManagement { + repositories { + google { + content { + includeGroupByRegex("com\\.android.*") + includeGroupByRegex("com\\.google.*") + includeGroupByRegex("androidx.*") + } + } + mavenCentral() + gradlePluginPortal() + } +} +dependencyResolutionManagement { + repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS) + repositories { + google() + mavenCentral() + } +} + +rootProject.name = "F-DroidRootPrivilegedExtension" +include ':app'