-
Notifications
You must be signed in to change notification settings - Fork 241
Expand file tree
/
Copy pathAndroidManifest.xml
More file actions
136 lines (126 loc) · 6.09 KB
/
AndroidManifest.xml
File metadata and controls
136 lines (126 loc) · 6.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools">
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
<uses-permission android:name="android.permission.FOREGROUND_SERVICE_SPECIAL_USE" />
<uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
<!--
Required so the App-splitting picker can enumerate user-visible
apps. Without this on API 30+ (targetSdk 34), PackageManager
returns an empty list for CATEGORY_LAUNCHER queries against other
apps' labels/icons — result: an empty picker dialog. Declaring
it makes Android show a "com.therealaleph.mhrv wants to see which
apps you have installed" note in Play Protect but no runtime
prompt.
-->
<uses-permission android:name="android.permission.QUERY_ALL_PACKAGES" />
<!--
App-launcher visibility filter. Complements QUERY_ALL_PACKAGES:
the system uses `<queries>` as the allowlist for metadata reads
(labels, icons) so we can render the picker rows with the app
name the user recognizes, rather than a bare package string.
-->
<queries>
<intent>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent>
</queries>
<application
android:name=".MhrvApp"
android:allowBackup="false"
android:dataExtractionRules="@xml/data_extraction_rules"
android:fullBackupContent="false"
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:localeConfig="@xml/locales_config"
android:networkSecurityConfig="@xml/network_security_config"
android:supportsRtl="true"
android:theme="@style/Theme.Mhrv"
tools:targetApi="34">
<activity
android:name=".MainActivity"
android:exported="true"
android:launchMode="singleTask"
android:theme="@style/Theme.Mhrv">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
<!-- Deep link: tapping mhrv-rs://... in any app opens
MainActivity and auto-imports the encoded config. -->
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="mhrv-rs" />
</intent-filter>
<!-- Drive setup deep link: tapping
mhrv-rs-setup://import/<base64> in WhatsApp / Telegram /
SMS opens the app and offers to import the bundled
credentials + refresh token. Distinct scheme + fixed
host="import" so a foreign URL like
`mhrv-rs-setup://attacker.example/...` doesn't trigger
the import flow; the trust prompt is the second line
of defence. -->
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="mhrv-rs-setup" android:host="import" />
</intent-filter>
</activity>
<!-- FileProvider for sharing QR code images via the share sheet. -->
<provider
android:name="androidx.core.content.FileProvider"
android:authorities="${applicationId}.fileprovider"
android:exported="false"
android:grantUriPermissions="true">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="@xml/file_paths" />
</provider>
<!-- Force ZXing scanner to portrait (matches app orientation). -->
<activity
android:name="com.journeyapps.barcodescanner.CaptureActivity"
android:screenOrientation="portrait"
tools:replace="android:screenOrientation" />
<!--
VpnService: Android captures all traffic at the IP layer and feeds
it to us via a TUN file descriptor. The android.net.VpnService action
is what lets the system show us in the "VPN" section of settings
and route through us.
-->
<service
android:name=".MhrvVpnService"
android:exported="false"
android:permission="android.permission.BIND_VPN_SERVICE"
android:foregroundServiceType="specialUse">
<intent-filter>
<action android:name="android.net.VpnService" />
</intent-filter>
<property
android:name="android.app.PROPERTY_SPECIAL_USE_FGS_SUBTYPE"
android:value="vpn_relay" />
</service>
<!--
AppCompat runtime-locale bootstrap. AppCompatDelegate.setApplicationLocales()
is a no-op on API < 33 without this service declaration — it's how
AppCompat signals to itself that the app opted into the per-app
language API and wants AppCompat to persist the preference across
cold starts. `autoStoreLocales=true` ON older Android makes it
survive process death without us doing our own file I/O.
https://developer.android.com/guide/topics/resources/app-languages
-->
<service
android:name="androidx.appcompat.app.AppLocalesMetadataHolderService"
android:enabled="false"
android:exported="false">
<meta-data
android:name="autoStoreLocales"
android:value="true" />
</service>
</application>
</manifest>