Proper multi-user support #1349
Conversation
|
Looks like LSPosed uses a different approach https://github.com/LSPosed/LSPosed/blob/master/daemon/src/main/java/org/lsposed/lspd/service/PackageService.java#L142 by using the internal |
|
@ukanth This is ready. I've commented out the parts that test for |
infinity0
changed the title
infinity0
force-pushed
the
beta
branch
2 times, most recently
from
753cb0a
to
291a878
Compare
|
Thanks for the PR. I will review it since it has many changes (actually lot of them in strings.xml and hiddenapi) May I know the reason if using LSPosed related code here ? If we include that, I may not be able to publish on playstore. |
The first commit is the important one and it is not too big. The strings.xml stuff is just editing some translations.
Using LSPosed code (hiddenapi) is necessary to get the icons and labels (common names) of apps that are not installed on the current user. This is not easily available even if we use hiddenapi can be reduced in size, we're not using all of it. To keep things simple I just Not sure about the play store policy though, that would indeed be annoying... |
Example screenshot here, click to expand. The visual duplication is a bit ugly but I don't have any better ideas, and at least the functionality works...
|
|
Thank for the reference. Can we make LSPosed related code as lib rather than integrate directly into AFWall+ ? I may have to create separate flavor of the application for github/opensource version. Because I doubt it can be integrated and published on playstore. Also on the visual part, we can group each user applications as filters (same logic of separating user/system/core apps) and profiles. |
Most of the code is already external to the AFWall app:
The only thing that is inside the AFWall app is:
This file could in theory be moved into a separate library. However, whatever mechanism we use for conditional compilation ("separate flavour"), could just also ignore the whole
I'm not quite sure what you mean here, an example would be good. In any case I suggest this be done later in another PR. |
Are you able to check for sure? From what I understand the LSposed stuff I added is just ordinary java glue code that exposes some internal Android APIs, and doesn't modify the system. It doesn't break anything in terms of security policies or make the device more insecure - if you use those internal APIs without root you just get SecurityException thrown. (This is why in AFWall we also need The LSposed stuff that does modify your system in the low-level security sense, is not part of this PR, and we don't need that. |
I am talking about this code inside AFWall source |
|
Yes, that's already a separate private library. It's separate from the AFWall app. It's not a published library in the sense of a jar file that can be downloaded like the other dependencies, it can only be used if it's somewhere on your filesystem. The reason it's not a published library is because it's LSPosed's own subset snapshot of the internal Android APIs. It doesn't make sense to publish them, because they are hidden android APIs. In general this is just how private libraries work, you include them in your git repo but don't publish them. I'm not exactly sure specifically why you think this is bad, so I'm not sure what sort of alternatives to suggest to you to fix it. It is what LSposed themselves do. Could you explain why you think it's bad in more detail? One possible option is to instead include LSPosed as a git submodule and include it that way if you prefer, but then you will still have it as a path inside the working tree. Or we can put it into another repo under your username, and include that as a git submodule. |
|
I added another few commits:
|
|
Thanks for the explanation. I will go through it |
|
I tested this on OnePlus 8T and unfortunately it breaks due to I'll have to figure out some other way around this, or it might be impossible... |
This is fixed in 84eccdf, explanation in the comments. I also rebased on top of 3.6.0. I also fixed an existing bug in the filter logic 76c66a1. Now you can search "user 11" in the search box for a basic way to make it look a bit nicer, as we discussed above. |
|
I just realised, import / export functionality doesn't combine well with this, since it doesn't export the UIDs but only the package names. I'll have a go at fixing that in a few days. |
|
@ukanth any chance to take a look? Would be good to get some feedback before I continue to sink more time into this. |
|
Not yet. I will check when I get some time. Please go ahead and update it. I will merge it. |
Hi infinity0. I've also had a go at fixing the pkg manager issues. Currently my changes are kept on a branch of my fork only. I think there's some useful changes there which could be integrated together with this, in particular regarding the application icons code... |
Hi. You're right, I just noticed that a bunch of those changes have already been merged with the pull #1338. My original title to that was "Bug in the implementation of Api.getpackagesForUser() leading to empty package list". The main changes related to that where to use the packageManager.getInstalledApplications API instead of executing 'pm list packages' on the shell (huge speed difference, plus other compatibility issues) and inconsistencies on the setting of the icon bitmaps in various places (I've created the p.s. Many of those changes are centered on the onBindViewHolder() methods... Additionally to it I've got an open pull request #1337 which fixes the crashes on various Android versions due to the (pretty) date/time format there. |
p.s. At least on some (rooted) devices the default user has the ID 0 (zero). This leads to that user to not get added to the list of users: and respectively the packages for that user won't get listed: This seemed to lead to empty app lists on some of my tests. Have you observed anything similar? |
|
@amaa-99 What you are talking about is nothing to do with this PR. We grab the list of users via a different method. All the code inside the |
|
@infinity0, What is the current status of this PR ? Shall I start going through it ? |
| @@ -176,6 +177,7 @@ public void setDirty(boolean dirty) { | |||
| @Override | |||
| public void onCreate(Bundle savedInstanceState) { | |||
| super.onCreate(savedInstanceState); | |||
| MultiUser.setup(); | |||
There was a problem hiding this comment.
This should be called after the root check is done ?
There was a problem hiding this comment.
Fixed in c75f211 hopefully, lemme know if I did it wrong.
| @@ -293,7 +293,7 @@ | |||
| <string name="multi_apply_rules">تطبيق القواعد على تبديل الأوضاع</string> | |||
| <string name="multi_apply_rules_info">تحميل وتطبيق القواعد عند التبديل بين ملفات التعريف</string> | |||
| <string name="multi_user_title">تفعيل دعم تعدد المستخدمين</string> | |||
| <string name="multi_user_summary">دعم تعدد المستخدمين للنظام (يعمل فقط في الوضع حيث يتم حظر العناصر المحددة)</string> | |||
There was a problem hiding this comment.
Could you please remove all the language related changes from this PR ? This is managed separately using external service ?
There was a problem hiding this comment.
OK, but shall I keep the change to app/src/main/res/values/strings.xml since this is the "main" string?
There was a problem hiding this comment.
Based on other changes to that file I'll assume yes for now. I've squashed this change to app/src/main/res/values/strings.xml into c75f211 and moved the other language-specific changes into dbe1d3e temporarily for the record. I can delete the latter commit once you're happy with the rest of this PR.
Yes please. I think I also need to rebase and fix some merge conflicts. |
|
Oh, I still need to fix the import/export functionality to deal with the new uids. I'll get around to that soon. |
|
Working on this again now. |
|
@ukanth the beta branch is broken atm, both the NDK build and the gradle build fail, so I'll rebase this against the main branch instead, is that OK? |
|
@ukanth should be good to go. Import/export works by saving the package name of non-owner users as "${pkgName}/${user_id}" so e.g. "dev.ukanth.ufirewall/10" in the JSON. I don't think this clashes with anything else. |
|
@ukanth BTW lemme know if I should uncomment the |
|
The current CI build failure is due to something already existing on the main branch, not an issue with my PR. |
You may have to resync base with beta branch. some other pull request has been merged. |
I intentionally did not resync with the beta branch because it is currently already failing: beta files, beta CI failing. But in fact the CI above forced merged my commits in this PR with the beta branch anyway, it's testing f1a234d the merge commit rather than my branch tip dbe1d3e. Anyway the problem is pre-existing on the current beta branch, it has nothing to do with this PR, you'll need to ask the previous committer to unbreak it. Something to do with 68ed4d0, and native-built artifacts: |
|
Ping @ukanth - any luck fixing the issues on the beta branch? |
Fixes #1192.
We copy some code from LSPosed to expose the IPackageManager hidden android API, which in combination with
pm grant $pkg INTERACT_ACROSS_USERSallows us to directly query all packages of all users through the Android API, which unlikepm list packagesalso allows us to get the icons and the application labels (common names) as well.(previous draft description deleted in favour of this up-to-date description)