c1dd7e7320
- with-rebreak-protection-android plugin now copies the source accessibility_service_config.xml via withDangerousMod instead of generating it from a string. Eliminates the silent regression where prebuild wrote flagReportViewIds + missing packageNames, leaving Samsung's content scan unable to read OEM dialogs. - ProtectionOnboardingSheet refresh() now calls activateFamilyControls() once a11y is detected as enabled, so armTamperLock() actually runs. Previously the sheet auto-completed on getDeviceState() alone, leaving tamper_armed=false and the service permanently passive. - RebreakProtectionModule.isAccessibilityServiceEnabled() now trusts the AccessibilityManager list as authoritative when AM is available (even when empty). Settings.Secure fallback only kicks in if AM is null/exception. Fixes the banner falsely showing "Schutz aktiv" when the system has unbound the service but ENABLED_ACCESSIBILITY_SERVICES still holds the id. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
193 lines
6.7 KiB
JavaScript
193 lines
6.7 KiB
JavaScript
/* eslint-disable @typescript-eslint/no-var-requires */
|
|
/**
|
|
* Expo Config-Plugin — wires the Android VpnService (DNS-Filter) +
|
|
* AccessibilityService (URL filter Layer 2) into AndroidManifest.xml at
|
|
* prebuild time.
|
|
*
|
|
* Was es macht:
|
|
* 1) Sorgt für `xmlns:tools` auf <manifest>.
|
|
* 2) Registriert <service .RebreakVpnService> mit
|
|
* foregroundServiceType="systemExempted" + intent-filter
|
|
* android.net.VpnService + permission BIND_VPN_SERVICE.
|
|
* (`systemExempted` ist seit Android 14 der korrekte Type für
|
|
* VPN-/Filter-Foreground-Services — vorher war `specialUse`+content_filter
|
|
* angedacht aber bringt mehr Probleme als Nutzen.)
|
|
* 3) Registriert <service .RebreakAccessibilityService> mit
|
|
* android:permission=BIND_ACCESSIBILITY_SERVICE + intent-filter
|
|
* android.accessibilityservice.AccessibilityService + meta-data
|
|
* android.accessibilityservice → @xml/accessibility_service_config.
|
|
*
|
|
* Wird aus app.config.ts via `plugins: ['./plugins/with-rebreak-protection-android']`
|
|
* registriert. Idempotent — kann beliebig oft via `expo prebuild` laufen.
|
|
*
|
|
* Native Source: `modules/rebreak-protection/android/src/main/java/expo/modules/rebreakprotection/`
|
|
* - VpnService: expo.modules.rebreakprotection.vpn.RebreakVpnService
|
|
* - AccessibilityService: expo.modules.rebreakprotection.accessibility.RebreakAccessibilityService
|
|
*/
|
|
|
|
const {
|
|
withAndroidManifest,
|
|
withStringsXml,
|
|
withDangerousMod,
|
|
AndroidConfig,
|
|
} = require('@expo/config-plugins');
|
|
const fs = require('fs');
|
|
const path = require('path');
|
|
|
|
const VPN_SERVICE_CLASS =
|
|
'expo.modules.rebreakprotection.vpn.RebreakVpnService';
|
|
const A11Y_SERVICE_CLASS =
|
|
'expo.modules.rebreakprotection.accessibility.RebreakAccessibilityService';
|
|
|
|
// ─── 1) tools-Namespace auf <manifest> ──────────────────────────────────────
|
|
|
|
function ensureToolsNamespace(manifest) {
|
|
if (!manifest.manifest.$) manifest.manifest.$ = {};
|
|
if (!manifest.manifest.$['xmlns:tools']) {
|
|
manifest.manifest.$['xmlns:tools'] = 'http://schemas.android.com/tools';
|
|
}
|
|
}
|
|
|
|
// ─── 2) <service>-Tag für RebreakVpnService ─────────────────────────────────
|
|
|
|
function ensureVpnService(manifest) {
|
|
const application = AndroidConfig.Manifest.getMainApplicationOrThrow(manifest);
|
|
|
|
if (!application.service) application.service = [];
|
|
|
|
const alreadyDeclared = application.service.some(
|
|
(svc) => svc.$ && svc.$['android:name'] === VPN_SERVICE_CLASS,
|
|
);
|
|
if (alreadyDeclared) return;
|
|
|
|
application.service.push({
|
|
$: {
|
|
'android:name': VPN_SERVICE_CLASS,
|
|
'android:permission': 'android.permission.BIND_VPN_SERVICE',
|
|
'android:foregroundServiceType': 'systemExempted',
|
|
'android:exported': 'false',
|
|
},
|
|
'intent-filter': [
|
|
{
|
|
action: [{ $: { 'android:name': 'android.net.VpnService' } }],
|
|
},
|
|
],
|
|
});
|
|
}
|
|
|
|
// ─── 3) <service>-Tag für RebreakAccessibilityService ───────────────────────
|
|
|
|
function ensureAccessibilityService(manifest) {
|
|
const application = AndroidConfig.Manifest.getMainApplicationOrThrow(manifest);
|
|
|
|
if (!application.service) application.service = [];
|
|
|
|
const alreadyDeclared = application.service.some(
|
|
(svc) => svc.$ && svc.$['android:name'] === A11Y_SERVICE_CLASS,
|
|
);
|
|
if (alreadyDeclared) return;
|
|
|
|
application.service.push({
|
|
$: {
|
|
'android:name': A11Y_SERVICE_CLASS,
|
|
'android:permission': 'android.permission.BIND_ACCESSIBILITY_SERVICE',
|
|
'android:label': '@string/accessibility_service_summary',
|
|
'android:exported': 'true',
|
|
},
|
|
'intent-filter': [
|
|
{
|
|
action: [
|
|
{
|
|
$: {
|
|
'android:name':
|
|
'android.accessibilityservice.AccessibilityService',
|
|
},
|
|
},
|
|
],
|
|
},
|
|
],
|
|
'meta-data': [
|
|
{
|
|
$: {
|
|
'android:name': 'android.accessibilityservice',
|
|
'android:resource': '@xml/accessibility_service_config',
|
|
},
|
|
},
|
|
],
|
|
});
|
|
}
|
|
|
|
// ─── 4) String resources für a11y-service ───────────────────────────────────
|
|
|
|
const A11Y_DESCRIPTION_TEXT =
|
|
'Sichert deinen Schutz gegen impulsives Abschalten ab: Solange App-Lock aktiv ist, kann das ReBreak-VPN nicht in den Einstellungen deaktiviert und die App nicht deinstalliert werden. Das Blockieren von Glücksspielseiten selbst übernimmt das VPN — diese Berechtigung sichert es nur. Du kannst den Schutz jederzeit über die Abkühlphase in der App beenden.';
|
|
const A11Y_SUMMARY_TEXT =
|
|
'Sichert den Schutz gegen Abschalten ab';
|
|
|
|
function withA11yStringResource(config) {
|
|
return withStringsXml(config, (cfg) => {
|
|
cfg.modResults = AndroidConfig.Strings.setStringItem(
|
|
[
|
|
{
|
|
$: { name: 'accessibility_service_description', translatable: 'false' },
|
|
_: A11Y_DESCRIPTION_TEXT,
|
|
},
|
|
],
|
|
cfg.modResults,
|
|
);
|
|
cfg.modResults = AndroidConfig.Strings.setStringItem(
|
|
[
|
|
{
|
|
$: { name: 'accessibility_service_summary', translatable: 'false' },
|
|
_: A11Y_SUMMARY_TEXT,
|
|
},
|
|
],
|
|
cfg.modResults,
|
|
);
|
|
return cfg;
|
|
});
|
|
}
|
|
|
|
// ─── 5) XML-config für AccessibilityService ─────────────────────────────────
|
|
// Kopiert die Source-of-Truth aus dem Modul-Verzeichnis statt einen
|
|
// hardcoded String zu pflegen — so bleibt Plugin + Service-Config immer sync.
|
|
|
|
const MODULE_A11Y_XML = path.resolve(
|
|
__dirname,
|
|
'../modules/rebreak-protection/android/src/main/res/xml/accessibility_service_config.xml',
|
|
);
|
|
|
|
function withA11yConfigXml(config) {
|
|
return withDangerousMod(config, [
|
|
'android',
|
|
async (cfg) => {
|
|
const xmlDir = path.join(
|
|
cfg.modRequest.platformProjectRoot,
|
|
'app/src/main/res/xml',
|
|
);
|
|
fs.mkdirSync(xmlDir, { recursive: true });
|
|
fs.copyFileSync(
|
|
MODULE_A11Y_XML,
|
|
path.join(xmlDir, 'accessibility_service_config.xml'),
|
|
);
|
|
return cfg;
|
|
},
|
|
]);
|
|
}
|
|
|
|
// ─── Composition ────────────────────────────────────────────────────────────
|
|
|
|
function withRebreakProtectionAndroid(config) {
|
|
config = withAndroidManifest(config, (cfg) => {
|
|
ensureToolsNamespace(cfg.modResults);
|
|
ensureVpnService(cfg.modResults);
|
|
ensureAccessibilityService(cfg.modResults);
|
|
return cfg;
|
|
});
|
|
config = withA11yStringResource(config);
|
|
config = withA11yConfigXml(config);
|
|
return config;
|
|
}
|
|
|
|
module.exports = withRebreakProtectionAndroid;
|