[Android] Reorganize trusted signatures initialization

Move runtime trusted signatures config initialization from ConduitService to ConduitStateService and rename methods to better reflect their purpose

android/app/src/main/java/ca/psiphon/conduit/nativemodule/ConduitService.java

@@ -315,9 +315,8 @@ private void processTrustedApps(JSONObject params) {
                 trustedSignatures.put(packageName, signatureSet);
             }
 
-            // Save the trusted signatures to storage and load them right away
-            PackageHelper.saveTrustedSignatures(getApplicationContext(), trustedSignatures);
-            PackageHelper.loadTrustedSignatures(trustedSignatures);
+            // Save the trusted signatures to file
+            PackageHelper.saveTrustedSignaturesToFile(getApplicationContext(), trustedSignatures);
         } catch (JSONException e) {
             MyLog.e(TAG, "Failed to parse trusted apps signatures: " + e);
         }
@@ -327,9 +326,6 @@ private void processTrustedApps(JSONObject params) {
     public void onCreate() {
         super.onCreate();
         MyLog.init(getApplicationContext());
-
-        // Load existing trusted signatures from storage
-        PackageHelper.loadTrustedSignatures(PackageHelper.getTrustedSignatures(getApplicationContext()));
     }
 
     @Override

android/app/src/main/java/ca/psiphon/conduit/nativemodule/ConduitStateService.java

@@ -125,6 +125,9 @@ public void unregisterClient(IConduitStateCallback client) {
     public void onCreate() {
         MyLog.init(getApplicationContext());
 
+        // Load runtime trusted signatures configuration from file
+        PackageHelper.configureRuntimeTrustedSignatures(PackageHelper.readTrustedSignaturesFromFile(getApplicationContext()));
+
         conduitServiceInteractor = new ConduitServiceInteractor(getApplicationContext());
         conduitServiceInteractor.onStart(getApplicationContext());
 

android/app/src/main/java/ca/psiphon/conduit/nativemodule/PackageHelper.java

@@ -127,7 +127,7 @@ public static boolean isPackageInstalled(PackageManager packageManager, String p
 
     // Save the map of package signatures to a file
     // Avoid calling this method from different processes simultaneously to ensure single-writer safety
-    public static synchronized void saveTrustedSignatures(Context context, Map<String, Set<String>> signatures) {
+    public static synchronized void saveTrustedSignaturesToFile(Context context, Map<String, Set<String>> signatures) {
         File tempFile = new File(context.getFilesDir(), "trusted_signatures_temp.json");
         File finalFile = new File(context.getFilesDir(), SIGNATURES_JSON_FILE);
         try (FileWriter writer = new FileWriter(tempFile)) {
@@ -147,7 +147,7 @@ public static synchronized void saveTrustedSignatures(Context context, Map<Strin
     }
 
     // Read the map of package signatures from a file, can be called from any process
-    public static Map<String, Set<String>> getTrustedSignatures(Context context) {
+    public static Map<String, Set<String>> readTrustedSignaturesFromFile(Context context) {
         File file = new File(context.getFilesDir(), SIGNATURES_JSON_FILE);
         Map<String, Set<String>> signatures = new HashMap<>();
 
@@ -179,7 +179,8 @@ public static Map<String, Set<String>> getTrustedSignatures(Context context) {
         return signatures;
     }
 
-    public static void loadTrustedSignatures(Map<String, Set<String>> signatures) {
+    // Load runtime trusted signatures configuration
+    public static void configureRuntimeTrustedSignatures(Map<String, Set<String>> signatures) {
         RUNTIME_TRUSTED_PACKAGES.clear();
         RUNTIME_TRUSTED_PACKAGES.putAll(signatures);
         MyLog.i(TAG, "Loaded runtime signatures for " + signatures.size() + " packages");