android: use SAF for storing Taildropped files

Use Android Storage Access Framework for receiving Taildropped files.

-Add a picker to allow users to select where Taildropped files go
-If no directory is selected, internal app storage is used
-Provide SAF API for Go to use when writing and renaming files
-Provide Android FileOps implementation

Updates tailscale/tailscale#15263

Signed-off-by: kari-ts <[email protected]>

Author: kari-ts

android/src/main/java/com/tailscale/ipn/App.kt

@@ -14,8 +14,8 @@ import android.content.IntentFilter
 import android.content.SharedPreferences
 import android.content.pm.PackageManager
 import android.net.ConnectivityManager
+import android.net.Uri
 import android.os.Build
-import android.os.Environment
 import android.util.Log
 import androidx.core.app.ActivityCompat
 import androidx.core.app.NotificationCompat
@@ -36,12 +36,8 @@ import com.tailscale.ipn.ui.notifier.Notifier
 import com.tailscale.ipn.ui.viewModel.VpnViewModel
 import com.tailscale.ipn.ui.viewModel.VpnViewModelFactory
 import com.tailscale.ipn.util.FeatureFlags
+import com.tailscale.ipn.util.ShareFileHelper
 import com.tailscale.ipn.util.TSLog
-import java.io.File
-import java.io.IOException
-import java.net.NetworkInterface
-import java.security.GeneralSecurityException
-import java.util.Locale
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.SupervisorJob
@@ -53,12 +49,18 @@ import kotlinx.coroutines.launch
 import kotlinx.serialization.encodeToString
 import kotlinx.serialization.json.Json
 import libtailscale.Libtailscale
+import java.io.IOException
+import java.net.NetworkInterface
+import java.security.GeneralSecurityException
+import java.util.Locale
 
 class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
   val applicationScope = CoroutineScope(SupervisorJob() + Dispatchers.Default)
 
   companion object {
     private const val FILE_CHANNEL_ID = "tailscale-files"
+    // Key to store the SAF URI in EncryptedSharedPreferences.
+    private val PREF_KEY_SAF_URI = "saf_directory_uri"
     private const val TAG = "App"
     private lateinit var appInstance: App
 
@@ -150,17 +152,13 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
   }
 
   private fun initializeApp() {
-    val dataDir = this.filesDir.absolutePath
-
-    // Set this to enable direct mode for taildrop whereby downloads will be saved directly
-    // to the given folder.  We will preferentially use <shared>/Downloads and fallback to
-    // an app local directory "Taildrop" if we cannot create that.  This mode does not support
-    // user notifications for incoming files.
-    val directFileDir = this.prepareDownloadsFolder()
-    app = Libtailscale.start(dataDir, directFileDir.absolutePath, this)
-    Request.setApp(app)
-    Notifier.setApp(app)
-    Notifier.start(applicationScope)
+    // Check if a directory URI has already been stored.
+    val storedUri = getStoredDirectoryUri()
+    if (storedUri != null && storedUri.toString().startsWith("content://")) {
+      startLibtailscale(storedUri.toString())
+    } else {
+      startLibtailscale(this.getFilesDir().absolutePath)
+    }
     healthNotifier = HealthNotifier(Notifier.health, Notifier.state, applicationScope)
     connectivityManager = this.getSystemService(Context.CONNECTIVITY_SERVICE) as ConnectivityManager
     NetworkChangeCallback.monitorDnsChanges(connectivityManager, dns)
@@ -205,6 +203,18 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
     FeatureFlags.initialize(mapOf("enable_new_search" to true))
   }
 
+  /**
+   * Called when a SAF directory URI is available (either already stored or chosen). We must restart
+   * Tailscale because directFileRoot must be set before LocalBackend starts being used.
+   */
+  fun startLibtailscale(directFileRoot: String) {
+    ShareFileHelper.init(this, directFileRoot)
+    app = Libtailscale.start(this.filesDir.absolutePath, directFileRoot, this)
+    Request.setApp(app)
+    Notifier.setApp(app)
+    Notifier.start(applicationScope)
+  }
+
   private fun initViewModels() {
     vpnViewModel = ViewModelProvider(this, VpnViewModelFactory(this)).get(VpnViewModel::class.java)
   }
@@ -247,6 +257,11 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
         EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM)
   }
 
+  fun getStoredDirectoryUri(): Uri? {
+    val uriString = getEncryptedPrefs().getString(PREF_KEY_SAF_URI, null)
+    return uriString?.let { Uri.parse(it) }
+  }
+
   /*
    * setAbleToStartVPN remembers whether or not we're able to start the VPN
    * by storing this in a shared preference. This allows us to check this
@@ -310,29 +325,6 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
     return sb.toString()
   }
 
-  private fun prepareDownloadsFolder(): File {
-    var downloads = Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_DOWNLOADS)
-
-    try {
-      if (!downloads.exists()) {
-        downloads.mkdirs()
-      }
-    } catch (e: Exception) {
-      TSLog.e(TAG, "Failed to create downloads folder: $e")
-      downloads = File(this.filesDir, "Taildrop")
-      try {
-        if (!downloads.exists()) {
-          downloads.mkdirs()
-        }
-      } catch (e: Exception) {
-        TSLog.e(TAG, "Failed to create Taildrop folder: $e")
-        downloads = File("")
-      }
-    }
-
-    return downloads
-  }
-
   @Throws(
       IOException::class, GeneralSecurityException::class, MDMSettings.NoSuchKeyException::class)
   override fun getSyspolicyBooleanValue(key: String): Boolean {

android/src/main/java/com/tailscale/ipn/MainActivity.kt

@@ -10,17 +10,21 @@ import android.content.Context
 import android.content.Intent
 import android.content.RestrictionsManager
 import android.content.pm.ActivityInfo
+import android.content.pm.PackageManager
 import android.content.res.Configuration.SCREENLAYOUT_SIZE_LARGE
 import android.content.res.Configuration.SCREENLAYOUT_SIZE_MASK
 import android.net.ConnectivityManager
 import android.net.NetworkCapabilities
+import android.net.Uri
 import android.os.Build
 import android.os.Bundle
+import android.os.Process
 import android.provider.Settings
 import androidx.activity.ComponentActivity
 import androidx.activity.compose.setContent
 import androidx.activity.result.ActivityResultLauncher
 import androidx.activity.result.contract.ActivityResultContract
+import androidx.activity.result.contract.ActivityResultContracts
 import androidx.annotation.RequiresApi
 import androidx.browser.customtabs.CustomTabsIntent
 import androidx.compose.animation.core.LinearOutSlowInEasing
@@ -88,8 +92,13 @@ import kotlinx.coroutines.cancel
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.StateFlow
 import kotlinx.coroutines.launch
+import libtailscale.Libtailscale
+import java.io.IOException
+import java.security.GeneralSecurityException
 
 class MainActivity : ComponentActivity() {
+  // Key to store the SAF URI in EncryptedSharedPreferences.
+  val PREF_KEY_SAF_URI = "saf_directory_uri"
   private lateinit var navController: NavHostController
   private lateinit var vpnPermissionLauncher: ActivityResultLauncher<Intent>
   private val viewModel: MainViewModel by lazy {
@@ -149,6 +158,41 @@ class MainActivity : ComponentActivity() {
         }
     viewModel.setVpnPermissionLauncher(vpnPermissionLauncher)
 
+    val directoryPickerLauncher =
+        registerForActivityResult(ActivityResultContracts.OpenDocumentTree()) { uri: Uri? ->
+          if (uri != null) {
+            try {
+              // Try to take persistable permissions for both read and write.
+              contentResolver.takePersistableUriPermission(
+                  uri,
+                  Intent.FLAG_GRANT_READ_URI_PERMISSION or Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
+            } catch (e: SecurityException) {
+              TSLog.e("MainActivity", "Failed to persist permissions: $e")
+            }
+
+            // Check if write permission is actually granted.
+            val writePermission =
+                this.checkUriPermission(
+                    uri, Process.myPid(), Process.myUid(), Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
+            if (writePermission == PackageManager.PERMISSION_GRANTED) {
+              TSLog.d("MainActivity", "Write permission granted for $uri")
+              Libtailscale.setDirectFileRoot(uri.toString())
+              saveFileDirectory(uri)
+            } else {
+              TSLog.d(
+                  "MainActivity",
+                  "Write access not granted for $uri. Falling back to internal storage.")
+              // Don't save directory URI and fall back to internal storage.
+            }
+          } else {
+            TSLog.d(
+                "MainActivity", "Taildrop directory not saved. Will fall back to internal storage.")
+            // Fall back to internal storage.
+          }
+        }
+
+    viewModel.setDirectoryPickerLauncher(directoryPickerLauncher)
+
     setContent {
       navController = rememberNavController()
 
@@ -366,19 +410,37 @@ class MainActivity : ComponentActivity() {
       if (this::navController.isInitialized) {
         val previousEntry = navController.previousBackStackEntry
         TSLog.d("MainActivity", "onNewIntent: previousBackStackEntry = $previousEntry")
+        if (this::navController.isInitialized) {
+          val previousEntry = navController.previousBackStackEntry
+          TSLog.d("MainActivity", "onNewIntent: previousBackStackEntry = $previousEntry")
 
-        if (previousEntry != null) {
-          navController.popBackStack(route = "main", inclusive = false)
-        } else {
-          TSLog.e(
-              "MainActivity",
-              "onNewIntent: No previous back stack entry, navigating directly to 'main'")
-          navController.navigate("main") { popUpTo("main") { inclusive = true } }
+          if (previousEntry != null) {
+            navController.popBackStack(route = "main", inclusive = false)
+          } else {
+            TSLog.e(
+                "MainActivity",
+                "onNewIntent: No previous back stack entry, navigating directly to 'main'")
+            navController.navigate("main") { popUpTo("main") { inclusive = true } }
+          }
         }
       }
     }
   }
 
+  @Throws(IOException::class, GeneralSecurityException::class)
+  fun saveFileDirectory(directoryUri: Uri) {
+    val prefs = App.get().getEncryptedPrefs()
+    prefs.edit().putString(PREF_KEY_SAF_URI, directoryUri.toString()).apply()
+    try {
+      // Must restart Tailscale because a new LocalBackend with the new directory must be created.
+      App.get().startLibtailscale(directoryUri.toString())
+    } catch (e: Exception) {
+      TSLog.d(
+          "MainActivity",
+          "saveFileDirectory: Failed to restart Libtailscale with the new directory: $e")
+    }
+  }
+
   private fun login(urlString: String) {
     // Launch coroutine to listen for state changes. When the user completes login, relaunch
     // MainActivity to bring the app back to focus.

android/src/main/java/com/tailscale/ipn/ui/util/OutputStreamAdapter.kt

@@ -0,0 +1,26 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+package com.tailscale.ipn.ui.util
+
+import com.tailscale.ipn.util.TSLog
+import java.io.OutputStream
+
+// This class adapts a Java OutputStream to the libtailscale.OutputStream interface.
+class OutputStreamAdapter(private val outputStream: OutputStream) : libtailscale.OutputStream {
+  // writes data to the outputStream in its entirety. Returns -1 on error.
+  override fun write(data: ByteArray): Long {
+    return try {
+      outputStream.write(data)
+      outputStream.flush()
+      data.size.toLong()
+    } catch (e: Exception) {
+      TSLog.d("OutputStreamAdapter", "write exception: $e")
+      -1L
+    }
+  }
+
+  override fun close() {
+    outputStream.close()
+  }
+}

android/src/main/java/com/tailscale/ipn/ui/view/MainView.kt

@@ -98,6 +98,7 @@ import com.tailscale.ipn.ui.theme.surfaceContainerListItem
 import com.tailscale.ipn.ui.theme.warningButton
 import com.tailscale.ipn.ui.theme.warningListItem
 import com.tailscale.ipn.ui.util.AndroidTVUtil.isAndroidTV
+import com.tailscale.ipn.ui.util.AndroidTVUtil
 import com.tailscale.ipn.ui.util.AutoResizingText
 import com.tailscale.ipn.ui.util.Lists
 import com.tailscale.ipn.ui.util.LoadingIndicator
@@ -212,6 +213,9 @@ fun MainView(
                 PromptPermissionsIfNecessary()
                 viewModel.maybeRequestVpnPermission()
                 LaunchVpnPermissionIfNeeded(viewModel)
+                if (AndroidTVUtil.isAndroidTV()){
+                  viewModel.showDirectoryPickerLauncher()
+                }
 
                 if (showKeyExpiry) {
                   ExpiryNotification(netmap = netmap, action = { viewModel.login() })
@@ -242,7 +246,11 @@ fun MainView(
                     { viewModel.login() },
                     loginAtUrl,
                     netmap?.SelfNode,
-                    { viewModel.showVPNPermissionLauncherIfUnauthorized() })
+                    { viewModel.showVPNPermissionLauncherIfUnauthorized()
+                      if (!AndroidTVUtil.isAndroidTV()){
+                        viewModel.showDirectoryPickerLauncher()
+                      }
+                    } )
               }
             }
           }
@@ -433,11 +441,11 @@ fun ConnectView(
     loginAction: () -> Unit,
     loginAtUrlAction: (String) -> Unit,
     selfNode: Tailcfg.Node?,
-    showVPNPermissionLauncherIfUnauthorized: () -> Unit
+    showVPNPermissionAndDirectoryPickerLaunchers: () -> Unit
 ) {
   LaunchedEffect(isPrepared) {
     if (!isPrepared && shouldStartAutomatically) {
-      showVPNPermissionLauncherIfUnauthorized()
+      showVPNPermissionAndDirectoryPickerLaunchers()
     }
   }
   Row(horizontalArrangement = Arrangement.Center, modifier = Modifier.fillMaxWidth()) {