remove debugging code throwing a runtime exception when INTERNET is revoked for compatibility with GrapheneOS Network toggle
thestinger opened this issue · 1 comments
On GrapheneOS, users can revoke the INTERNET permission at runtime. This isn't officially compliant with the Android compatibility requirements but is very useful. GrapheneOS changes the errors for sockets, DownloadManager, etc. to throw an IOException or another error the app already has to handle rather than giving SecurityException.
Please replace the runtime exceptions you're throwing with logging or simply remove them completely because it's not actually useful in practice. It's easy for developers to see INTERNET isn't declared because Android throws SecurityException for the socket API and all the other APIs like DownloadManager which require it.
We've added a workaround for com.microsoft namespace apps since this library is used by many of them. It will still be a problem for apps in different namespaces unless you remove the unnecessary runtime exceptions.
These are the two checks with runtime exceptions:
https://github.com/AzureAD/microsoft-authentication-library-for-android/blob/699e4ec60673f6d86d09b9866a01cf8f7586a5e7/msal/src/main/java/com/microsoft/identity/client/PublicClientApplication.java#L1811
You could also change the check so that it only throws an exception when INTERNET isn't requested by the app rather than checking for it being revoked. This is the workaround we've added for this behavior which we intend to be temporary:
GrapheneOS/platform_frameworks_base@b230452
You could simply delete the checks and you'll still get clear SecurityExceptions from the OS APIs about it on Android. For sockets it mentions that the cause is likely that INTERNET is broken.
If you still want to do these checks, you could modify them to use requested permissions instead of granted permissions:
PackageInfo pi = ctx.getPackageManager().getPackageInfo(ctx.getPackageName(), PackageManager.GET_PERMISSIONS);
// check that pi.requestedPermissions contains the INTERNET permissionThis would be compatible with supporting revoking the INTERNET permission on GrapheneOS and other operating systems incorporating our feature such as ProtonAOSP.