Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conduit state service #67

Merged
merged 22 commits into from
Nov 27, 2024
Merged

Conduit state service #67

merged 22 commits into from
Nov 27, 2024

Conversation

efryntov
Copy link
Collaborator

No description provided.

@efryntov
[Android] Use foreground activity detection for intent delivery decision
f737131 
Previously, we relied on client ping to decide whether to send an intent to an activity or show a notification if no activity was in the foreground. This worked because activities would unbind when backgrounded. With components like the 'Conduit state service' staying bound, pings can succeed even if all activities are backgrounded. To address this, we now use a method relying on ActivityManager.getRunningAppProcesses to reliably check if the app is in the foreground.
@efryntov
[Android] Add Conduit state service AIDLs
9b4151d
@efryntov
[Android] Add ConduitStateService to the manifest
c4cf982
@efryntov
[Android] Add ConduitStateService class for state updates and JSON se…
c4dc72e 
…rialization
@efryntov
[Android] Add signature based client verification to CondutiStateService
2437e0d
@efryntov
[Android] Refactor ConduitStateService
335c197 
- Move trusted packages to dedicated TrustedPackages class
- Introduce StateUpdate record for JSON serialization
- Add CompositeDisposable to manage all subscriptions
- Remove redundant methods
- Remove unnecessary super calls in lifecycle methods
@efryntov
[Android] refactor: Move TrustedPackages to PackageHelper for mod…
40b3e2a 
…ularity

- Centralize package verification logic in `PackageHelper`.
- Add multi-signature support and debug mode for runtime flexibility.
- Update `ConduitStateService` to use `PackageHelper` methods.

Note: A similar class exists in the Psiphon Android project:
https://github.com/Psiphon-Inc/psiphon-android/blob/0be68eb0db96a1b6aa8fb014a39ee933b6f46419/app/src/main/java/com/psiphon3/PackageHelper.java.
Both classes independently verify packages based on signatures and are designed to verify each other.
@efryntov
[Android] Update Conduit state service json response structure
071b736 
Add schema version and simplify reporting the running state as a boolean
@efryntov
[Android] ConduitStateService: throw SecurityException for untrusted …
dcdf8cd 
…clients

Replace silent return with SecurityException when untrusted client attempts to register. This helps clients distinguish trust failures from other binding issues.
@efryntov
Formatting
f0cc309
@efryntov
[Android] Load trusted app signatures from server application params
3b496e2 
Add functionality to load and store runtime-trusted app signatures from server application params, replacing debug-only signature validation. Signatures are stored on disk and loaded at service startup.
@efryntov
[Android] change application parameter key
29efb05
@efryntov
[Android] Reorganize trusted signatures initialization
e5b17b2 
Move runtime trusted signatures config initialization from ConduitService to ConduitStateService and rename methods to better reflect their purpose
@efryntov
[Android] fix: make package signatures immutable and thread-safe
81e04f9
@efryntov
[Android] modify package signature format to use continuous hex string
3ecd166
@efryntov
[Android] fix client registration issues in ConduitStateService
0cb37da 
- Replace clientSubscriptions map with clients map using IBinder as key
- Consolidate state update broadcasting into single subscription
- Add synchronization for client map access using clientsLock

The previous implementation used IConduitStateCallback objects directly as map keys, but since these are AIDL-generated proxy objects, they don't implement equals() properly. This meant identical clients appeared different to the map, leading to duplicate registrations. Using IBinder.asBinder() as the key ensures proper client identity tracking since Binder objects implement equals() correctly.
@efryntov
[Android] fix client registration in ConduitService using IBinder keys
581b16f 
Changes the client registration mechanism in ConduitService to use IBinder as the key for tracking registered clients instead of using the AIDL interfaces directly. This fixes an issue where clients were being registered multiple times due to AIDL-generated callback interfaces lacking proper equals/hashCode implementations.
@efryntov
[Android] PackageHelper: update signature format comment
9137416
@efryntov
[Android] update app signature validation to use continuous format
3875f37
@efryntov
[Android] remove obsolete method
047127e
@efryntov
[Android] remove obsolete AppSignatureVerifier
28e6f97
@efryntov
[Android] Fix client management and improve state handling
63e67b3 
- Fix using wrong key (callback vs binder) for client removal in unregisterClient
- Remove unnecessary iterator usage since locks protect modifications
- Add state caching to avoid RxJava subscription for new clients
- Make client error handling and logging consistent across services
@efryntov efryntov marked this pull request as ready for review November 26, 2024 23:28
@efryntov efryntov merged commit 8c61677 into main Nov 27, 2024
2 checks passed
@tmgrask tmgrask deleted the efryntov/conduit-state-service branch December 4, 2024 17:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tmgrask tmgrask tmgrask approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@efryntov @tmgrask