Fix two bugs with Location when not using ACCESS_FINE_LOCATION #10291
Conversation
|
By analyzing the blame information on this pull request, we identified @AaaChiuuu and @leeight to be potential reviewers. |
facebook-github-bot
added
GH Review: review-needed
CLA Signed
|
@satya164 If this PR was merged, can we change the default |
facebook-github-bot
added
the
CLA Signed
|
AFAIK targetSdkVersion=23 requires that apps use an dynamic approach to requesting permissions (a la iOS) instead of the old list-it-all-in-AndroidManifest.xml. Changing the default targetSdkVersion would force that on everyone, so would be a very major change on downstream users. Maybe I'm missing context, or maybe that's exactly the desired plan? But I'm not sure how that relates to my change here. |
|
@mikelambert updated the pull request - view changes |
facebook-github-bot
added
the
CLA Signed
|
@hramos has imported this pull request. If you are a Facebook employee, you can view this diff on Phabricator. |
|
This failed to pass some internal tests. Running them again, which is going to take a while... |
| // If it's an enabled provider, but we don't have permissions, ignore it | ||
| int finePermission = ContextCompat.checkSelfPermission(getReactApplicationContext(), android.Manifest.permission.ACCESS_FINE_LOCATION); | ||
| if (provider.equals(LocationManager.GPS_PROVIDER) && finePermission != PackageManager.PERMISSION_GRANTED) { | ||
| return null; |
There was a problem hiding this comment.
Should we call onError callback instead if ignoring it?
There was a problem hiding this comment.
The existing error cases above return null, so I was just following that example. I think that's all getValidProvider can do.
It's called from two places.
- When the
getCurrentPositioncall receives null, it will callerror.invoke("No available location provider."); - When the
startObservingcall receives null, it will emitgeolocationErrorand callwatchPosition()'s error function.
|
@leeight what @mikelambert said. |
|
Make sense. It's not good time to upgrade to 23. So this PR LGTM. |
|
@facebook-github-bot shipit |
facebook-github-bot
added
GH Review: accepted
Import Started
|
I tried to merge this pull request into the Facebook internal repo but some checks failed. To unblock yourself please check the following: Does this pull request pass all open source tests on GitHub? If not please fix those. Does the code still apply cleanly on top of GitHub master? If not can please rebase. In all other cases this means some internal test failed, for example a part of a fb app won't work with this pull request. I've added the Import Failed label to this pull request so it is easy for someone at fb to find the pull request and check what failed. If you don't see anyone comment in a few days feel free to comment mentioning one of the core contributors to the project so they get a notification. |
|
Hey @mikelambert, can you add a test plan as described here? https://github.com/facebook/react-native/blob/master/.github/PULL_REQUEST_TEMPLATE.md |
| return null; | ||
| } | ||
| } | ||
| // If it's an enabled provider, but we don't have permissions, ignore it | ||
| int finePermission = ContextCompat.checkSelfPermission(getReactApplicationContext(), android.Manifest.permission.ACCESS_FINE_LOCATION); |
There was a problem hiding this comment.
Why check ACCESS_FINE_LOCATION here?
There was a problem hiding this comment.
Not sure exactly what you're asking, but maybe this answers it?
My app was released prior to RN, and I used COARSE but not FINE permissions. I am not ready to block my app upgrades on "new FINE permission" that RN sometimes triggers accidentally, so wanted to avoid that.
This check is to say "If they are trying to use the GPS, but they don't have a FINE permission enabled, then pretend like we don't have a GPS so we don't trigger the permissions errors that crash the app" (These are not returned through onError, but propagate as a native Java exception).
There was a problem hiding this comment.
What do you mean by:
used COARSE but not FINE permissions
Does this mean declaring them in the manifest?
"new FINE permission" that RN sometimes triggers accidentally
Why does RN accidentally need a new permission? That seems like a bug.
If they are trying to use the GPS, but they don't have a FINE permission enabled, then pretend like we don't have a GPS
However, if we don't have the fine permission, we may still use Geolocation, correct?
There was a problem hiding this comment.
To reply to your comment directly (as opposed to the main thread, where it appears to have been lost):
Default RN apps request FINE permissions, and so RN apps declaring FINE do not have any issues. My app only declares COARSE, and so wanted to fix RN for my use case.
I am calling navigator.geolocation.getCurrentPosition(..., {enableHighAccuracy: false}) to avoid using the GPS and just rely on the NETWORK provider.
To your question: yes, by and large the Geolocation library works just fine. Unfortunately, if there is a problem with the NETWORK provider not being enabled, then the RN code attempts to fall back to using the GPS provider.
And if this GPS provider is enabled, my app will crash with an unhandled Java exception, because it only declares COARSE permission. I am merely checking for FINE permission before using the GPS provider, to avoid this crash.
|
And @mkonicek, just to clarify in what you want in a test plan, you're looking for an explanation of what I've specifically tested to verify that this change works? (The tests Travis/CI tests are failing, but that seems independent of my change, so I hope you're not talking about that.) |
|
Better than a test plan would just be a unit test that covers this. It seems like you should be able to put one in the Android unit tests. |
|
Any thoughts on adding a test? |
|
Sorry I'm so slow at reviewing but I realized I still don't fully understand why the fine location check is needed. I added some questions explaining (hopefully clearly?) why I don't understand it. |
react-native-bot
added
Missing Changelog
react-native-bot
added
Missing Test Plan
There was a problem hiding this comment.
@hramos has imported this pull request. If you are a Facebook employee, you can view this diff on Phabricator.
|
Hello everyone! @mikelambert, thank you for sending this pull requests almost 2.5 years ago (WHAT!?). I'm deeply sorry we never got around to merging it, even though you provided tests. I wanna make sure we implement your change, finally, so I took the liberty to rebase your PR but without the changes for Android Lollipop. The reasoning behind this is that so much time has passed that merging this now would just increase technical debt. I did however include the other fix, as well as the test you wrote. Now, let's see if I can get this landed :) |
|
…upport (That's outdated now).
…upport (That's outdated now).
facebook-github-bot
added
the
Import Started
There was a problem hiding this comment.
@cpojer is landing this pull request. If you are a Facebook employee, you can view this diff on Phabricator.
…upport (That's outdated now).
There was a problem hiding this comment.
@cpojer is landing this pull request. If you are a Facebook employee, you can view this diff on Phabricator.
|
@mikelambert merged commit f32dc63 into |
|
Note I removed the test from this PR to land the change. I couldn’t get our internal build system to work with it and it couldn’t locate the DummyLocationProvider. I also couldn’t find any documentation on how to make it work. If somebody knows how to do it, I’m happy to commit the test. |
hramos
removed
Import Failed
Import Started
Summary: Fix two bugs with Location when not using ACCESS_FINE_LOCATION: - If we request highAccuracy=false, because we don't have ACCESS_FINE_LOCATION, but we don't have access to the NETWORK_PROVIDER...then the code should not trigger a SecurityException because it fell-back to using GPS_PROVIDER (which we don't have permission for) - If the device is pre-lollipop, and doesn't have a provider, we should detect this properly instead of letting the pre-lollipop code raise a SecurityException. Unfortunately, SecurityExceptions cannot be caught by the calling JS code. But I am not fixing that one here, instead choosing to fix/obviate the SecurityExceptions altogether. Pull Request resolved: #10291 Differential Revision: D4163659 Pulled By: cpojer fbshipit-source-id: 18bb4ee7401bc4eac4fcc97341fc2b3a2a0957c9
Fix two bugs with Location when not using ACCESS_FINE_LOCATION:
Unfortunately, SecurityExceptions cannot be caught by the calling JS code. But I am not fixing that one here, instead choosing to fix/obviate the SecurityExceptions altogether.