Remove mitm-addon permission

This created confusion among the users, with small security benefits. Fixes possible issues with permissions on GrapheneOS. Closes #335
2026-05-08 21:12:26 +00:00 · 2023-12-02 17:42:33 +01:00
parent a1b6ec38ab
commit c3a45bb3d6
18 changed files with 16 additions and 120 deletions
@@ -48,8 +48,8 @@ import java.io.IOException;
 import java.lang.ref.WeakReference;

 public class MitmAddon {
-    public static final long PACKAGE_VERSION_CODE = 15;
-    public static final String PACKAGE_VERSION_NAME = "v0.15";
+    public static final long PACKAGE_VERSION_CODE = 16;
+    public static final String PACKAGE_VERSION_NAME = "v0.16";
    public static final String REPOSITORY = "https://github.com/emanuele-f/PCAPdroid-mitm";
    private static final String TAG = "MitmAddon";
    private final Context mContext;
@@ -125,13 +125,6 @@ public class MitmAddon {
                PACKAGE_VERSION_NAME + "/PCAPdroid-mitm_" + PACKAGE_VERSION_NAME + "_" + Build.SUPPORTED_ABIS[0] + ".apk";
    }

-    public static boolean hasMitmPermission(Context ctx) {
-        if(Build.VERSION.SDK_INT >= Build.VERSION_CODES.M)
-            return ctx.checkSelfPermission(MitmAPI.MITM_PERMISSION) == PackageManager.PERMISSION_GRANTED;
-
-        return true;
-    }
-
    public static void setCAInstallationSkipped(Context ctx, boolean skipped) {
        SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(ctx);
        prefs.edit()
@@ -158,7 +151,7 @@ public class MitmAddon {
            return true;

        // Perform some other quick checks just in case the env has changed
-        if(!isInstalled(ctx) || !hasMitmPermission(ctx)) {
+        if(!isInstalled(ctx)) {
            setDecryptionSetupDone(ctx, false);
            return true;
        }
@@ -1,70 +0,0 @@
-/*
- * This file is part of PCAPdroid.
- *
- * PCAPdroid is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * PCAPdroid is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with PCAPdroid.  If not, see <http://www.gnu.org/licenses/>.
- *
- * Copyright 2022 - Emanuele Faranda
- */
-
-package com.emanuelef.remote_capture.fragments.mitmwizard;
-
-import android.content.ActivityNotFoundException;
-import android.os.Bundle;
-import android.view.View;
-
-import androidx.activity.result.ActivityResultLauncher;
-import androidx.activity.result.contract.ActivityResultContracts;
-import androidx.annotation.NonNull;
-import androidx.annotation.Nullable;
-
-import com.emanuelef.remote_capture.R;
-import com.emanuelef.remote_capture.Utils;
-import com.emanuelef.remote_capture.MitmAddon;
-import com.pcapdroid.mitm.MitmAPI;
-
-public class GrantPermission extends StepFragment {
-    private final ActivityResultLauncher<String> requestPermissionLauncher =
-            registerForActivityResult(new ActivityResultContracts.RequestPermission(), this::onPermissionGrant);
-
-    @Override
-    public void onViewCreated(@NonNull View view, @Nullable Bundle savedInstanceState) {
-        super.onViewCreated(view, savedInstanceState);
-        mStepLabel.setText(R.string.grant_mitm_permission);
-
-        if(!MitmAddon.hasMitmPermission(requireContext()))
-            requestPermission();
-        else
-            permOk();
-    }
-
-    private void permOk() {
-        nextStep(R.id.navto_install_cert);
-    }
-
-    private void onPermissionGrant(boolean isGranted) {
-        if(isGranted)
-            permOk();
-    }
-
-    private void requestPermission() {
-        mStepButton.setText(R.string.configure_action);
-        mStepButton.setOnClickListener(v -> {
-            try {
-                requestPermissionLauncher.launch(MitmAPI.MITM_PERMISSION);
-            } catch (ActivityNotFoundException e) {
-                Utils.showToastLong(requireContext(), R.string.no_intent_handler_found);
-            }
-        });
-    }
-}
@@ -52,7 +52,7 @@ public class InstallAddon extends StepFragment {
    }

    private void addonOk() {
-        nextStep(R.id.navto_grant_permission);
+        nextStep(R.id.navto_install_cert);
    }

    private void installAddon() {
@@ -24,7 +24,6 @@ import java.io.Serializable;
 /* API to integrate MitmAddon */
 public class MitmAPI {
    public static final String PACKAGE_NAME = "com.pcapdroid.mitm";
-    public static final String MITM_PERMISSION = "com.pcapdroid.permission.MITM";

    public static final String MITM_SERVICE = PACKAGE_NAME + ".MitmService";
    public static final int MSG_ERROR = -1;
@@ -22,19 +22,6 @@
        android:id="@+id/installMitmApp"
        android:name="com.emanuelef.remote_capture.fragments.mitmwizard.InstallAddon"
        tools:layout="@layout/fragment_mitm_wizard" >
-        <action
-            android:id="@+id/navto_grant_permission"
-            app:enterAnim="@anim/slide_in_left"
-            app:exitAnim="@anim/slide_out_left"
-            app:popEnterAnim="@anim/slide_in_right"
-            app:popExitAnim="@anim/slide_out_right"
-            app:destination="@id/grantMitmPermission" />
-    </fragment>
-
-    <fragment
-        android:id="@+id/grantMitmPermission"
-        android:name="com.emanuelef.remote_capture.fragments.mitmwizard.GrantPermission"
-        tools:layout="@layout/fragment_mitm_wizard" >
        <action
            android:id="@+id/navto_install_cert"
            app:enterAnim="@anim/slide_in_left"
@@ -250,7 +250,6 @@
    <string name="install_action">ثَبَّتَ</string>
    <string name="export_action">تصدير</string>
    <string name="configure_action">تَهيئة</string>
-    <string name="grant_mitm_permission">امنح PCAPdroid الإذن للتحكم في إضافة mitm</string>
    <string name="sort_by">الترتيب حسب</string>
    <string name="username">أسم المستخدم</string>
    <string name="write_ext_storage_failed">فشلت الكتابة إلى وحدة التخزين الخارجية. تحقق من سجل التطبيق للحصول على التفاصيل</string>
@@ -487,4 +486,4 @@
    <string name="cleartext_connection">نص غير مشفر</string>
    <string name="rx_direction">RX</string>
    <string name="root_capture_pcapd_start_failure">بدء لالتقاط فشل . تأكد من منح حق الوصول إلى الجذر (root) لPCAPdroid</string>
-</resources>
+</resources>
@@ -256,7 +256,6 @@
    <string name="app_log">Protokoll</string>
    <string name="no_data">Keine Daten</string>
    <string name="malware_whitelist_action">Whitelist (Malware)…</string>
-    <string name="grant_mitm_permission">Geben Sie PCAPdroid die Berechtigung, das mitm-Addon zu steuern</string>
    <string name="ca_cert_export_failed">Beim Exportieren des CA-Zertifikats ist ein Fehler aufgetreten
 \n
 \nWenn Ihr Gerät Autostart oder ähnliche Software implementiert, um die Ausführung von Hintergrunddiensten einzuschränken, stellen Sie sicher, dass Sie <a href="%1$s">PCAPdroid</a> auf die weiße Liste setzen</string>
@@ -466,4 +465,4 @@
    <string name="mitm_addon_running">Mitm addon läuft</string>
    <string name="decryption_rules_help">Diese Regeln geben an, welche Verbindungen zu entschlüsseln sind. Host-basierte Regeln funktionieren nur, wenn eine vorherige DNS-Antwort angezeigt wird</string>
    <string name="activate_via_qr_code">Aktivier mit QR-Code</string>
-</resources>
+</resources>
@@ -228,7 +228,6 @@
    <string name="install_action">Instalar</string>
    <string name="export_action">Exportar</string>
    <string name="configure_action">Configurar</string>
-    <string name="grant_mitm_permission">Otorgar a PCAPdroid el permiso de controlar el complemento mitm</string>
    <string name="checking_the_certificate">Verificando el certificado…</string>
    <string name="cert_exported_now_installed">Certificado exportado, ahora instálalo en los ajustes de Android</string>
    <string name="ca_cert_export_failed">Un error ha ocurrido mientras se exportaba el certificado CA
@@ -487,4 +486,4 @@
    <string name="active_vpn_detected">Se ha detectado una VPN activa</string>
    <string name="pcap_load_in_progress">Carga del fichero PCAP en curso, por favor espera</string>
    <string name="root_capture_pcapd_start_failure">Fallo al realizar la captura. Asegúrate de conceder acceso root a PCAPdroid</string>
-</resources>
+</resources>
@@ -268,7 +268,6 @@
    <string name="install_action">Instal</string>
    <string name="export_action">Ekspor</string>
    <string name="configure_action">Konfigurasikan</string>
-    <string name="grant_mitm_permission">Berikan PCAPdroid izin untuk mengontrol mitm addon</string>
    <string name="export_ca_certificate">Ekspor sertifikat CA PCAPdroid, lalu buka pengaturan \"Enkripsi &amp; Kredensial\" Android dan pilih instal sebagai \"sertifikat CA\"</string>
    <string name="export_failed">Ekspor gagal</string>
    <string name="not_encrypted">Tidak dienkripsi</string>
@@ -395,4 +394,4 @@
    <string name="paid_features_unlocked">Fitur berbayar tidak terkunci. Mulai ulang penangkapan jika berjalan</string>
    <string name="build_info">Info build</string>
    <string name="paid_feature">Fitur berbayar</string>
-</resources>
+</resources>
@@ -285,7 +285,6 @@
    <string name="export_action">Esporta</string>
    <string name="configure_action">Configura</string>
    <string name="export_ca_certificate">Esporta il certificato CA di PCAPdroid, poi importalo dalle impostazioni Android di \"Crittografia e Credenziali\", installandolo come \"Certificato CA\"</string>
-    <string name="grant_mitm_permission">Dai a PCAPdroid il permesso di controllare l\'addon di mitm</string>
    <string name="ca_cert_export_failed">Errore durante l\'esportazione del certificato CA
 \n
 \nSe il tuo dispositivo utilizza Autostart o software simile per limitare l\'esecuzione di processi in background, assicurati di <a href="%1$s">escludere PCAPdroid</a></string>
@@ -486,4 +485,4 @@
    <string name="decryption_info_no_rule">La connessione non sarà decrittata. Per decrittarla, crea una regola di decrittazione</string>
    <string name="tls_decryption_no_rules_notice">La decrittazione TLS è applicata soltanto alle connessioni che matchano le regole configurate. Vuoi creare ora delle regole di decrittazione\?</string>
    <string name="root_capture_pcapd_start_failure">Avvio della cattura fallito. Assicurati di concedere l\'accesso root a PCAPdroid</string>
-</resources>
+</resources>
@@ -299,7 +299,6 @@
    <string name="export_action">Eksporter</string>
    <string name="tls_decryption">TLS-dekryptering</string>
    <string name="tls_decryption_summary">Dekrypter SSL/TLS-trafikk ved å utføre MITM. Dette kan fungere med noen programmer nå. Sjekk brukerveiledningen.</string>
-    <string name="grant_mitm_permission">Gi PCAPdroid tilgang til å kontrollere MITM-tillegget</string>
    <string name="export_ca_certificate">Eksporter sertifikatmyndighetssertifikatet tilhørende PCAPdroid, åpne så «Kryptering og identitetsdetaljer» i Android og veld å installere det som et «CA-sertifikat».</string>
    <string name="checking_the_certificate">Sjekker sertifikatet …</string>
    <string name="cert_exported_now_installed">Sertifikat eksporter. Installer det nå fra Android-innstillingene.</string>
@@ -354,4 +353,4 @@
 \n
 \nVia <a href="%2$s">trailer-alternativet</a>, kan du legge til programnavn i pakkene og vise dem i Wireshark.</string>
    <string name="mitm_addon_new_version">MITM-tillegget for PCAPdroid må oppgraderes.</string>
-</resources>
+</resources>
@@ -273,7 +273,6 @@
    <string name="export_action">Eksport</string>
    <string name="install_the_mitm_addon">Zainstaluj PCAPdroid <a href="%1$s">dodatek mitm</a></string>
    <string name="configure_action">Skonfiguruj</string>
-    <string name="grant_mitm_permission">Zezwól PCAPdroidowi na kontrolowanie dodatku mitm</string>
    <string name="export_ca_certificate">Wyeksportuj certyfikat PCAPdroid CA, a następnie otwórz ustawienia Androida \"Szyfrowanie i poświadczenia\" i wybierz zainstaluj go jako \"Certyfikat CA\""</string>
    <string name="install_ca_certificate">Zainstaluj certyfikat PCAPdroid CA, wybierając \"VPN i aplikacje\". Android poprosi o ekran blokady lub hasło</string>
    <string name="checking_the_certificate">Sprawdzanie certyfikatu…</string>
@@ -468,4 +467,4 @@
    <string name="license_activation_ok">Aktywacja licencji zakończona</string>
    <string name="mitm_addon_running">Dodatek Mitm jest uruchomiony</string>
    <string name="mitm_addon_starting">Dodatek Mitm jest uruchamiany…</string>
-</resources>
+</resources>
@@ -228,7 +228,6 @@
    <string name="heap_usage">Uso do heap</string>
    <string name="ipv6_only">Somente IPv6</string>
    <string name="firewall_filter">Firewall: %1$s</string>
-    <string name="grant_mitm_permission">Conceda ao PCAPdroid uma permissão para controlar a extensão de mitm</string>
    <string name="mitm_addon_new_version">A extensão de mitm do PCAPdroid precisa ser atualizada</string>
    <string name="app_intro_traffic_dump">PCAPdroid fornece <a href="%1$s">múltiplas formas</a> para fazer o dump do tráfego no formato PCAP padrão para análise posterior
 \n
@@ -403,4 +402,4 @@
    <string name="requesting_unlock_token">Solicitando um token de desbloqueio, aguarde</string>
    <string name="show_action">Mostrar</string>
    <string name="unlock_token_msg1">Este é seu token de desbloqueio. Anote-o, porque será preciso <a href="%1$s">para gerar seus códigos de licença</a></string>
-</resources>
+</resources>
@@ -223,7 +223,6 @@
    <string name="mitm_setup_wizard">Мастер настройки mitm</string>
    <string name="install_action">Установить</string>
    <string name="export_action">Экспорт</string>
-    <string name="grant_mitm_permission">Дать PCAPdroid разрешение контролировать mitm дополнение</string>
    <string name="configure_action">Настроить</string>
    <string name="cert_exported_now_installed">Сертификат экспортирован, теперь установите его из настроек Android</string>
    <string name="cert_reinstall_required">Корневой сертификат не установлен, запустите мастер настройки mitm</string>
@@ -465,4 +464,4 @@
    <string name="dont_decrypt_action">Не расшифровывать…</string>
    <string name="status_encrypted">Зашифровано</string>
    <string name="injected">Инжектировано</string>
-</resources>
+</resources>
@@ -263,7 +263,6 @@
    <string name="tls_decryption_summary">Ortadaki adam gerçekleştirerek SSL/TLS trafiğinin şifresini çöz. Bu artık bazı uygulamalarla çalışabilir, kullanım kılavuzuna bakın</string>
    <string name="traffic_inspection">Trafik denetimi</string>
    <string name="export_action">Dışa aktar</string>
-    <string name="grant_mitm_permission">PCAPdroid\'e ortadaki adam eklentisini denetleme izni verin</string>
    <string name="mitm_start_failed">Ortadaki adam hizmeti başlatılamadı. Ortadaki adam eklentisini elle açmaya çalışın ve yeniden deneyin</string>
    <string name="not_encrypted">Şifrelenmedi</string>
    <string name="cert_reinstall_required">CA sertifikası kurulmadı, ortadaki adam kurulum sihirbazını çalıştırın</string>
@@ -466,4 +465,4 @@
    <string name="decryption_rules_help">Bu kurallar hangi bağlantıların şifresinin çözüleceğini belirtir. Ana makine tabanlı kurallar yalnızca önceden bir DNS yanıtı görülürse çalışır</string>
    <string name="decrypt_action">Şifresini çöz…</string>
    <string name="status_encrypted">Şifreli</string>
-</resources>
+</resources>
@@ -405,7 +405,6 @@
    <string name="install_action">Встановити</string>
    <string name="export_action">Експортувати</string>
    <string name="install_the_mitm_addon">Встановити <a href="%1$s">доповнення mitm</a> PCAPdroid</string>
-    <string name="grant_mitm_permission">Надати дозвіл PCAPdroid для керування доповненням mitm</string>
    <string name="export_ca_certificate">Експортуйте сертифікат PCAPdroid CA. потім відкрийте налаштування Android \"Шифрування й облікові дані\" та виберіть встановити його як \"Сертифікат ЦС\"</string>
    <string name="install_ca_certificate">Встановіть сертифікат PCAPdroid CA, обираючи \"VPN та додатки\". Android запитає ваше блокування екрану або пароль</string>
    <string name="ca_cert_export_failed">Трапилася помилка при експортуванні сертифікату ЦС
@@ -486,4 +485,4 @@
    <string name="installed_on">Встановлено</string>
    <string name="control_permissions">Керування дозволами</string>
    <string name="blacklist_type_domain">Домен чорного списку</string>
-</resources>
+</resources>
@@ -250,7 +250,6 @@
    <string name="mitm_setup_wizard">Mitm 设置向导</string>
    <string name="install_action">安装</string>
    <string name="configure_action">配置</string>
-    <string name="grant_mitm_permission">给予 PCAPdroid 控制 mitm 附加组件的权限</string>
    <string name="checking_the_certificate">检查证书…</string>
    <string name="cert_exported_now_installed">证书已导出，从 Android 系统设置安装它</string>
    <string name="cert_installed_correctly">CA 证书已安装</string>
@@ -512,4 +511,4 @@
    <string name="decryption_info_no_rule">此连接不会被解密。创建解密规则来解密它</string>
    <string name="active_vpn_detected">检测到活动 VPN</string>
    <string name="root_capture_pcapd_start_failure">流量捕获启动失败。请确保你授予了 PCAPdroid 根权限</string>
-</resources>
+</resources>
@@ -276,7 +276,6 @@
    <string name="export_action">Export</string>
    <string name="install_the_mitm_addon">Install the PCAPdroid <a href='%1$s'>mitm addon</a></string>
    <string name="configure_action">Configure</string>
-    <string name="grant_mitm_permission">Give PCAPdroid the permission to control the mitm addon</string>
    <string name="export_ca_certificate">Export the PCAPdroid CA certificate, then open the Android \"Encryption &amp; Credentials\" settings and choose install it as a \"CA certificate\"</string>
    <string name="install_ca_certificate">Install the PCAPdroid CA certificate, choosing \"VPN and apps\". Android will ask for your lockscreen or password</string>
    <string name="checking_the_certificate">Checking the certificate…</string>