From 7bc7f9e1466995ec1d7ab4df0517795e85f1b948 Mon Sep 17 00:00:00 2001 From: Ravi Date: Wed, 6 Sep 2023 12:26:48 +1000 Subject: [PATCH 1/4] Audit access to data Update AppInitializer to log access to private data https://developer.android.com/guide/topics/data/audit-access --- .../org/wordpress/android/AppInitializer.kt | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/WordPress/src/main/java/org/wordpress/android/AppInitializer.kt b/WordPress/src/main/java/org/wordpress/android/AppInitializer.kt index f564aeef5c98..0fc0c828eaab 100644 --- a/WordPress/src/main/java/org/wordpress/android/AppInitializer.kt +++ b/WordPress/src/main/java/org/wordpress/android/AppInitializer.kt @@ -3,9 +3,12 @@ package org.wordpress.android import android.annotation.SuppressLint +import android.app.AppOpsManager import android.app.Application +import android.app.AsyncNotedAppOp import android.app.NotificationChannel import android.app.NotificationManager +import android.app.SyncNotedAppOp import android.content.ComponentCallbacks2 import android.content.Context import android.content.Intent @@ -24,6 +27,7 @@ import android.util.AndroidRuntimeException import android.util.Log import android.webkit.WebSettings import android.webkit.WebView +import androidx.annotation.RequiresApi import androidx.appcompat.app.AppCompatDelegate import androidx.lifecycle.DefaultLifecycleObserver import androidx.lifecycle.LifecycleOwner @@ -267,6 +271,30 @@ class AppInitializer @Inject constructor( } } + /** + * Data access auditing + * @link https://developer.android.com/guide/topics/data/audit-access + */ + @RequiresApi(VERSION_CODES.R) + val appOpsCallback = object : AppOpsManager.OnOpNotedCallback() { + private fun logPrivateDataAccess(opCode: String, trace: String) { + AppLog.i(T.MAIN, "Private data accessed. Operation: $opCode\nStack Trace:\n$trace") + } + + override fun onNoted(syncNotedAppOp: SyncNotedAppOp) { + logPrivateDataAccess(syncNotedAppOp.op, Throwable("Stack Trace: ").stackTrace.toString()) + } + + override fun onSelfNoted(syncNotedAppOp: SyncNotedAppOp) { + logPrivateDataAccess(syncNotedAppOp.op, Throwable("Stack Trace: ").stackTrace.toString()) + } + + @RequiresApi(VERSION_CODES.R) + override fun onAsyncNoted(asyncNotedAppOp: AsyncNotedAppOp) { + logPrivateDataAccess(asyncNotedAppOp.op, asyncNotedAppOp.message) + } + } + init { context = application startDate = SystemClock.elapsedRealtime() @@ -370,9 +398,19 @@ class AppInitializer @Inject constructor( debugCookieManager.sync() + if (BuildConfig.DEBUG && Build.VERSION.SDK_INT >= VERSION_CODES.R) { + initAppOpsManager() + } + initialized = true } + @RequiresApi(VERSION_CODES.R) + private fun initAppOpsManager() { + val appOpsManager = context?.getSystemService(AppOpsManager::class.java) as AppOpsManager + appOpsManager.setOnOpNotedCallback(context?.mainExecutor, appOpsCallback) + } + private fun initWorkManager() { val configBuilder = androidx.work.Configuration.Builder().setWorkerFactory(wordPressWorkerFactory) if (BuildConfig.DEBUG) { From e38ec3149cebd14c9619be20060266d8d2e8e6e0 Mon Sep 17 00:00:00 2001 From: Ravi Date: Wed, 6 Sep 2023 14:06:19 +1000 Subject: [PATCH 2/4] Update AppInitializer.kt --- .../src/main/java/org/wordpress/android/AppInitializer.kt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/WordPress/src/main/java/org/wordpress/android/AppInitializer.kt b/WordPress/src/main/java/org/wordpress/android/AppInitializer.kt index 0fc0c828eaab..9ddb0c9e33f9 100644 --- a/WordPress/src/main/java/org/wordpress/android/AppInitializer.kt +++ b/WordPress/src/main/java/org/wordpress/android/AppInitializer.kt @@ -399,7 +399,9 @@ class AppInitializer @Inject constructor( debugCookieManager.sync() if (BuildConfig.DEBUG && Build.VERSION.SDK_INT >= VERSION_CODES.R) { - initAppOpsManager() + if (!initialized) { + initAppOpsManager() + } } initialized = true From 44eb0518da71c505a3e628420d9796df2a694c32 Mon Sep 17 00:00:00 2001 From: Ravi Date: Wed, 6 Sep 2023 14:21:22 +1000 Subject: [PATCH 3/4] Update AppInitializer.kt Fix Detekt issue --- .../src/main/java/org/wordpress/android/AppInitializer.kt | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/WordPress/src/main/java/org/wordpress/android/AppInitializer.kt b/WordPress/src/main/java/org/wordpress/android/AppInitializer.kt index 9ddb0c9e33f9..770460632de2 100644 --- a/WordPress/src/main/java/org/wordpress/android/AppInitializer.kt +++ b/WordPress/src/main/java/org/wordpress/android/AppInitializer.kt @@ -398,10 +398,8 @@ class AppInitializer @Inject constructor( debugCookieManager.sync() - if (BuildConfig.DEBUG && Build.VERSION.SDK_INT >= VERSION_CODES.R) { - if (!initialized) { - initAppOpsManager() - } + if (!initialized && BuildConfig.DEBUG && Build.VERSION.SDK_INT >= VERSION_CODES.R) { + initAppOpsManager() } initialized = true From 8a9a6b168d7dffb79791137c4b29b1efbdd3758a Mon Sep 17 00:00:00 2001 From: Ravi Date: Thu, 7 Sep 2023 09:52:41 +1000 Subject: [PATCH 4/4] Update AppInitializer.kt remove redundant annotation --- WordPress/src/main/java/org/wordpress/android/AppInitializer.kt | 1 - 1 file changed, 1 deletion(-) diff --git a/WordPress/src/main/java/org/wordpress/android/AppInitializer.kt b/WordPress/src/main/java/org/wordpress/android/AppInitializer.kt index 770460632de2..7ecc14f9b310 100644 --- a/WordPress/src/main/java/org/wordpress/android/AppInitializer.kt +++ b/WordPress/src/main/java/org/wordpress/android/AppInitializer.kt @@ -289,7 +289,6 @@ class AppInitializer @Inject constructor( logPrivateDataAccess(syncNotedAppOp.op, Throwable("Stack Trace: ").stackTrace.toString()) } - @RequiresApi(VERSION_CODES.R) override fun onAsyncNoted(asyncNotedAppOp: AsyncNotedAppOp) { logPrivateDataAccess(asyncNotedAppOp.op, asyncNotedAppOp.message) }