New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FR]: Mobile sandboxing #4885
Comments
Incidentally, based on a little chat on Telegram this would also be a good idea on UBports. |
With "open in place" in iOS, can you still create sdr folder next to the file? If so, wouldn't it mess up the directory structure for the original app? |
👍
I don't think so, AFAIK it is something like ParcelFileDescriptor on Android. ie. you can change the original document without acessing to 3rd party sandbox. Anyways, "open in place" in iOS context just means that documents inside KOReader sandbox are available from the Files app (and from the computer using itunes or libimobiledevice). We still need to add an import function to open documents stored on other applications. The same for android 4.4+ and Storage Acess Framework |
To start I would need some help @Frenzie @poire-z. Probably easy but I didn't dig in the code yet. I would need:
a runtime check to see if the device is sandboxed: +local function hasStorageAccessRestrictions()
+ -- storage access framework was introduced on Kitkat 4.4 (api 19)
+ -- see https://developer.android.com/guide/topics/providers/document-provider
+ return (android.app.activity.sdkVersion >= 19)
+end
+
local Device = Generic:new{
isAndroid = yes,
+ isSandboxed = hasStorageAccessRestrictions,
model = android.prop.product,
hasKeys = yes,
hasDPad = no,
diff --git a/frontend/device/generic/device.lua b/frontend/device/generic/device.lua
index f253ef9b..dea117d8 100644
--- a/frontend/device/generic/device.lua
+++ b/frontend/device/generic/device.lua
@@ -26,6 +26,7 @@ local Device = {
hasWifiToggle = yes,
hasWifiManager = no,
isTouchDevice = no,
+ isSandboxed = no,
hasFrontlight = no,
hasNaturalLight = no, -- FL warmth implementation specific to NTX boards (Kobo, Cervantes)
hasNaturalLightMixer = no, -- Same, but only found on newer boards to be able to build with target api > 23 we will need to request storage permission at runtime and display a message If the user denies that permission instead of crashing. Once our fake file sandboxing is in place, we can repurpose most of koreader/android-luajit-launcher#138 to add an import function which allows to use modern providers, like external storage(usb,sd) or network services (dropbox,gdrive,etc) |
I think the bases are probably mostly covered in between these two snippets. koreader/frontend/apps/filemanager/filemanagerutil.lua Lines 25 to 37 in 2b9694d
koreader/frontend/ui/widget/filechooser.lua Lines 220 to 226 in e869b40
But that's just some stuff I remembered otoh. :-) |
^ These snippets are more about the display of the current path, than going (or not) into the path, which must happen in these other snippets: koreader/frontend/apps/filemanager/filemanager.lua Lines 876 to 883 in 34e6f41
koreader/frontend/apps/filemanager/filemanager.lua Lines 505 to 515 in 34e6f41
koreader/frontend/ui/widget/filechooser.lua Lines 304 to 314 in 34e6f41
So, may be in these snippets, just do some generic readability checks, or use some callback funcs of the Device object, used like But:
I wonder if we should really add this sandbox directory thing, which would be android specific.
Cause it's just about unreadable directories, because of android permissions, right? I remember that on my android, there are intermediate paths that are not readable, but going further down (by entering the full path in the file explorer) is readable - don't remember exactly which right now.
If that requirement is because the current book is some imported content that has been saved with an ugly name in some koreader cache directory, why not just, if the current directory is that cache directory, just return to the home directory? Or just not add that cache directory to the FileManager paths stack, so we get back to the previous valid path, and if none, the home directory? |
I've never noticed any crashes due to unreadable directories. I think the program either displays an "empty" directory or the directory its run from instead. (Arguably it should revert to something else like the home directory but it's a niche edge case.) If there is any such crash it should indeed be fixed in platform-independent manner. But presumably this is just about dealing with asking for Android permissions? |
Thanks for the hints!
For now android specific, it also applies to iOS. Also Android < 4.4 can read dirs outside /sdcard. Newer android cannot (or some versions/vendors can read some dirs, which is the same :/)
It is, but there is no permission to read-only or read&write outside /sdcard, so we can't change this.
Between android 4.3 and android 7.1 your phone can open files outside /sdcard because we can guess its absolute path. In that case there is no cache dir involved, just some random path and we cannot guarantee that once in that path we can return to /sdcard. For content schemes I would suggest do not open them (and import them each time to a cache dir), but skip valid mimetypes entirely and implement an import function using a file picker, like this one:
That's exactly what I saw (unreadable dirs). If I go from /storage/emulated/0 to /storage/emulated I cannot return back to last folder unless I have a shortcut already available.
The only storage permission available is granted at install time. We might need to request it at runtime if we want to build with target api 23+, but even then, we are only able to grant read(&write) permissions on /sdcard. Permissions outside sdcard are inexistent (that's why we need to add support for file providers, to be able to import contents from them). |
The main issue (being unable to return home if we're outside /sdcard and home folder is not set) was fixed in #5163. Closing. We can re-open for other mobile OSes. For android things work fine now. |
Currently for Android(5.0+), but should be the same for iOS(11.0+).
You cannot explore the root filesystem on mobile OSes. This is enforced on iOS since the beggining. In Android the implementation suffered some stupid modifications which ended in the same situation.
In both OS they're ways to open or import stuff.
Import stuff is the classic behaviour on iOS (by storing a copy per app) and open stuff is the classic behaviour on Android (by requesting a view action and providing a file to open)
Things are different now, where apple implemented an "open in place" stub and android killed the possibility of sharing a file between two (random) activities on Oreo.
So, sandboxing, in the context of KOReader, would mean:
Probably a proper "Jailed" iOS app would require a few more steps but this is just the basic idea.
Related:
#4441
#4872
koreader/android-luajit-launcher#138 (comment)
The text was updated successfully, but these errors were encountered: