Merge pull request #1632 from microsoft/fix/protected-context

Fix crash when direct boot

Author: DmitriyKirakosyan

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## Version 4.4.4 (Under active development)
 
+### App Center
+
+* **[Fix]** Fix crash when storage is encrypted during direct boot. Please note that settings and pending logs database are not shared between regular and device-protected storage.
+
 ### App Center Distribute
 
 * **[Improvement]** Remove optional `SYSTEM_ALERT_WINDOW` permission that was required to automatically restart the app after installing the update.

sdk/appcenter/src/main/java/com/microsoft/appcenter/AppCenter.java

@@ -52,6 +52,8 @@
 
 import static android.content.pm.ApplicationInfo.FLAG_DEBUGGABLE;
 import static android.util.Log.VERBOSE;
+import static com.microsoft.appcenter.ApplicationContextUtils.getApplicationContext;
+import static com.microsoft.appcenter.ApplicationContextUtils.isDeviceProtectedStorage;
 import static com.microsoft.appcenter.Constants.DEFAULT_TRIGGER_COUNT;
 import static com.microsoft.appcenter.Constants.DEFAULT_TRIGGER_INTERVAL;
 import static com.microsoft.appcenter.Constants.DEFAULT_TRIGGER_MAX_PARALLEL_REQUESTS;
@@ -135,10 +137,18 @@ public class AppCenter {
     private String mLogUrl;
 
     /**
-     * Application context.
+     * Android application object that was passed during configuration.
+     * It shouldn't be used directly, but only for getting right context.
+     * It's null until SDK is configured.
      */
     private Application mApplication;
 
+    /**
+     * Application context. Might be special context with device-protected storage.
+     * See {@link ApplicationContextUtils#getApplicationContext(Application)}.
+     */
+    private Context mContext;
+
     /**
      * Application lifecycle listener.
      */
@@ -710,8 +720,20 @@ public void run() {
             return true;
         }
 
-        /* Store state. */
+        /* Store application to use it later for registering services as lifecycle callbacks. */
         mApplication = application;
+        mContext = getApplicationContext(application);
+        if (isDeviceProtectedStorage(mContext)) {
+
+            /*
+             * In this mode storing sensitive is strongly discouraged, but App Center considers regular storage as
+             * not secure as well, so all tokens are encrypted separately anyway. Just warn about it.
+             */
+            AppCenterLog.warn(LOG_TAG,
+                    "A user is locked, credential-protected private app data storage is not available.\n" +
+                    "App Center will use device-protected data storage that available without user authentication.\n" +
+                    "Please note that it's a separate storage, all settings and pending logs won't be shared with regular storage.");
+        }
 
         /* Start looper. */
         mHandlerThread = new HandlerThread("AppCenter.Looper");
@@ -825,11 +847,11 @@ public void run() {
     private void finishConfiguration(boolean configureFromApp) {
 
         /* Load some global constants. */
-        Constants.loadFromContext(mApplication);
+        Constants.loadFromContext(mContext);
 
         /* If parameters are valid, init context related resources. */
-        FileManager.initialize(mApplication);
-        SharedPreferencesManager.initialize(mApplication);
+        FileManager.initialize(mContext);
+        SharedPreferencesManager.initialize(mContext);
 
         /* Set network requests allowed. */
         if (mAllowedNetworkRequests != null) {
@@ -845,13 +867,13 @@ private void finishConfiguration(boolean configureFromApp) {
         /* Instantiate HTTP client if it doesn't exist as a dependency. */
         HttpClient httpClient = DependencyConfiguration.getHttpClient();
         if (httpClient == null) {
-            httpClient = createHttpClient(mApplication);
+            httpClient = createHttpClient(mContext);
         }
 
         /* Init channel. */
         mLogSerializer = new DefaultLogSerializer();
         mLogSerializer.addLogFactory(StartServiceLog.TYPE, new StartServiceLogFactory());
-        mChannel = new DefaultChannel(mApplication, mAppSecret, mLogSerializer, httpClient, mHandler);
+        mChannel = new DefaultChannel(mContext, mAppSecret, mLogSerializer, httpClient, mHandler);
 
         /* Complete set maximum storage size future if starting from app. */
         if (configureFromApp) {
@@ -877,7 +899,7 @@ private void finishConfiguration(boolean configureFromApp) {
 
         /* Disable listening network if we start while being disabled. */
         if (!enabled) {
-            NetworkStateHelper.getSharedInstance(mApplication).close();
+            NetworkStateHelper.getSharedInstance(mContext).close();
         }
 
         /* Init uncaught exception handler. */
@@ -902,7 +924,7 @@ private final synchronized void startServices(final boolean startFromApp, Class<
             AppCenterLog.error(LOG_TAG, "Cannot start services, services array is null. Failed to start services.");
             return;
         }
-        if (mApplication == null) {
+        if (!isInstanceConfigured()) {
             StringBuilder serviceNames = new StringBuilder();
             for (Class<? extends AppCenterService> service : services) {
                 serviceNames.append("\t").append(service.getName()).append("\n");
@@ -1011,10 +1033,10 @@ private void finishStartServices(Iterable<AppCenterService> updatedServices, Ite
                 service.setInstanceEnabled(false);
             }
             if (startFromApp) {
-                service.onStarted(mApplication, mChannel, mAppSecret, mTransmissionTargetToken, true);
+                service.onStarted(mContext, mChannel, mAppSecret, mTransmissionTargetToken, true);
                 AppCenterLog.info(LOG_TAG, service.getClass().getSimpleName() + " service started from application.");
             } else {
-                service.onStarted(mApplication, mChannel, null, null, false);
+                service.onStarted(mContext, mChannel, null, null, false);
                 AppCenterLog.info(LOG_TAG, service.getClass().getSimpleName() + " service started from library.");
             }
         }
@@ -1118,10 +1140,10 @@ private void setInstanceEnabled(boolean enabled) {
         /* Update uncaught exception subscription. */
         if (switchToEnabled) {
             mUncaughtExceptionHandler.register();
-            NetworkStateHelper.getSharedInstance(mApplication).reopen();
+            NetworkStateHelper.getSharedInstance(mContext).reopen();
         } else if (switchToDisabled) {
             mUncaughtExceptionHandler.unregister();
-            NetworkStateHelper.getSharedInstance(mApplication).close();
+            NetworkStateHelper.getSharedInstance(mContext).close();
         }
 
         /* Update state now if true, services are checking this. */

sdk/appcenter/src/main/java/com/microsoft/appcenter/ApplicationContextUtils.java

@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+
+package com.microsoft.appcenter;
+
+import android.app.Application;
+import android.content.Context;
+import android.os.Build;
+import android.os.UserManager;
+
+/**
+ * Helper application context utility class to deal with direct boot where regular storage is not available.
+ */
+class ApplicationContextUtils {
+
+    /**
+     * Get application context with device-protected storage if needed.
+     * Note that this method might return a new instance of device-protected storage context object each call.
+     * See {@link Context#createDeviceProtectedStorageContext()}.
+     *
+     * @param application android application.
+     * @return application context with device-protected storage if needed.
+     */
+    static Context getApplicationContext(Application application) {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
+            UserManager userManager = (UserManager) application.getSystemService(Context.USER_SERVICE);
+
+            /*
+             * On devices with direct boot, a user is unlocked only after they've entered
+             * their credentials (such as a lock pattern or PIN).
+             */
+            if (!userManager.isUserUnlocked()) {
+                return application.createDeviceProtectedStorageContext();
+            }
+        }
+        return application.getApplicationContext();
+    }
+
+    /**
+     * Indicates if the storage APIs of this Context are backed by device-protected storage.
+     *
+     * @param context context to check.
+     * @return true if the storage APIs of this Context are backed by device-protected storage.
+     */
+    static boolean isDeviceProtectedStorage(Context context) {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
+            return context.isDeviceProtectedStorage();
+        }
+        return false;
+    }
+}

sdk/appcenter/src/test/java/com/microsoft/appcenter/AbstractAppCenterTest.java

@@ -5,6 +5,19 @@
 
 package com.microsoft.appcenter;
 
+import static com.microsoft.appcenter.AppCenter.KEY_VALUE_DELIMITER;
+import static com.microsoft.appcenter.AppCenter.TRANSMISSION_TARGET_TOKEN_KEY;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.when;
+import static org.powermock.api.mockito.PowerMockito.doAnswer;
+import static org.powermock.api.mockito.PowerMockito.mockStatic;
+import static org.powermock.api.mockito.PowerMockito.whenNew;
+
 import android.app.Application;
 import android.content.Context;
 import android.content.pm.ApplicationInfo;
@@ -43,35 +56,23 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import static com.microsoft.appcenter.AppCenter.KEY_VALUE_DELIMITER;
-import static com.microsoft.appcenter.AppCenter.TRANSMISSION_TARGET_TOKEN_KEY;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyBoolean;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.spy;
-import static org.mockito.Mockito.when;
-import static org.powermock.api.mockito.PowerMockito.doAnswer;
-import static org.powermock.api.mockito.PowerMockito.mockStatic;
-import static org.powermock.api.mockito.PowerMockito.whenNew;
-
 @PrepareForTest({
         AppCenter.class,
-        UncaughtExceptionHandler.class,
-        DefaultChannel.class,
-        Constants.class,
         AppCenterLog.class,
-        StartServiceLog.class,
+        ApplicationContextUtils.class,
+        Constants.class,
+        DefaultChannel.class,
+        DeviceInfoHelper.class,
         FileManager.class,
-        SharedPreferencesManager.class,
         IdHelper.class,
-        DeviceInfoHelper.class,
-        Thread.class,
-        ShutdownHelper.class,
         InstrumentationRegistryHelper.class,
+        JSONUtils.class,
         NetworkStateHelper.class,
-        JSONUtils.class
+        SharedPreferencesManager.class,
+        ShutdownHelper.class,
+        StartServiceLog.class,
+        Thread.class,
+        UncaughtExceptionHandler.class
 })
 public class AbstractAppCenterTest {
 
@@ -84,6 +85,9 @@ public class AbstractAppCenterTest {
     @Rule
     public PowerMockRule mPowerMockRule = new PowerMockRule();
 
+    @Mock
+    Context mContext;
+
     @Mock
     DefaultChannel mChannel;
 
@@ -124,6 +128,12 @@ public void setUp() throws Exception {
         mApplicationInfo.flags = ApplicationInfo.FLAG_DEBUGGABLE;
         when(mApplication.getApplicationInfo()).thenReturn(mApplicationInfo);
 
+        /* Mock ApplicationContextUtils. */
+        mockStatic(ApplicationContextUtils.class);
+        when(ApplicationContextUtils.getApplicationContext(mApplication)).thenReturn(mContext);
+        when(ApplicationContextUtils.isDeviceProtectedStorage(mContext)).thenReturn(false);
+
+        /* Mock static classes. */
         mockStatic(Constants.class);
         mockStatic(AppCenterLog.class);
         mockStatic(FileManager.class);

sdk/appcenter/src/test/java/com/microsoft/appcenter/AppCenterLibraryTest.java

@@ -5,17 +5,6 @@
 
 package com.microsoft.appcenter;
 
-import android.content.Context;
-
-import com.microsoft.appcenter.channel.Channel;
-import com.microsoft.appcenter.channel.OneCollectorChannelListener;
-import com.microsoft.appcenter.utils.AppCenterLog;
-
-import org.junit.Test;
-
-import java.util.ArrayList;
-import java.util.List;
-
 import static com.microsoft.appcenter.AppCenter.CORE_GROUP;
 import static com.microsoft.appcenter.AppCenter.LOG_TAG;
 import static com.microsoft.appcenter.AppCenter.PAIR_DELIMITER;
@@ -35,6 +24,17 @@
 import static org.powermock.api.mockito.PowerMockito.verifyStatic;
 import static org.powermock.api.mockito.PowerMockito.whenNew;
 
+import android.content.Context;
+
+import com.microsoft.appcenter.channel.Channel;
+import com.microsoft.appcenter.channel.OneCollectorChannelListener;
+import com.microsoft.appcenter.utils.AppCenterLog;
+
+import org.junit.Test;
+
+import java.util.ArrayList;
+import java.util.List;
+
 public class AppCenterLibraryTest extends AbstractAppCenterTest {
 
     @Test
@@ -347,7 +347,7 @@ public void startFromLibraryDoesNotStartFromApp() {
         AppCenter.startFromLibrary(mApplication, DummyService.class);
 
         /* Verify second service started without secrets with library flag. */
-        verify(DummyService.getInstance()).onStarted(mApplication, mChannel, null, null, false);
+        verify(DummyService.getInstance()).onStarted(mContext, mChannel, null, null, false);
 
         /* Now start from app. */
         AppCenter.start(DummyService.class);