refactor(android): use WebViewAssetLoader instead of file access

- Remove MANAGE_EXTERNAL_STORAGE permission and blocking UI
- Implement WebViewAssetLoader to serve assets from secure virtual domain
- Disable direct file access in WebView settings for better security
- Update loadUrl to use https://appassets.androidplatform.net

Author: risunCode

app/src/main/AndroidManifest.xml

@@ -5,7 +5,6 @@
     <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"
         tools:ignore="QueryAllPackagesPermission" />
     <uses-permission android:name="android.permission.INTERNET" />
-    <uses-permission android:name="android.permission.MANAGE_EXTERNAL_STORAGE" tools:ignore="ScopedStorage" />
     <uses-permission android:name="moe.shizuku.manager.permission.API_V23" />
 
     <application

app/src/main/java/com/appcontrolx/ui/MainActivity.kt

@@ -1,24 +1,19 @@
 package com.appcontrolx.ui
 
 import android.annotation.SuppressLint
-import android.content.Intent
 import android.graphics.Color
-import android.net.Uri
-import android.os.Build
 import android.os.Bundle
-import android.os.Environment
-import android.provider.Settings
 import android.view.View
 import android.webkit.WebChromeClient
+import android.webkit.WebResourceRequest
+import android.webkit.WebResourceResponse
 import android.webkit.WebSettings
 import android.webkit.WebView
 import android.webkit.WebViewClient
-import android.widget.Button
-import android.widget.LinearLayout
 import androidx.activity.OnBackPressedCallback
-import androidx.activity.result.contract.ActivityResultContracts
 import androidx.appcompat.app.AppCompatActivity
-import com.appcontrolx.R
+import androidx.webkit.WebViewAssetLoader
+import androidx.webkit.WebViewAssetLoader.AssetsPathHandler
 import com.appcontrolx.bridge.NativeBridge
 import com.appcontrolx.databinding.ActivityMainBinding
 import dagger.hilt.android.AndroidEntryPoint
@@ -32,83 +27,36 @@ class MainActivity : AppCompatActivity() {
     @Inject
     lateinit var nativeBridge: NativeBridge
 
-    private val storagePermissionLauncher = registerForActivityResult(
-        ActivityResultContracts.StartActivityForResult()
-    ) {
-        checkAndSetup()
-    }
-
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
         binding = ActivityMainBinding.inflate(layoutInflater)
         setContentView(binding.root)
 
-        setupPermissionButton()
-        checkAndSetup()
+        setupWebView()
         setupBackHandler()
     }
 
-    private fun setupPermissionButton() {
-        findViewById<Button>(R.id.btn_grant_permission).setOnClickListener {
-            requestStoragePermission()
-        }
-    }
-
-    private fun checkAndSetup() {
-        if (hasStoragePermission()) {
-            showWebView()
-            setupWebView()
-        } else {
-            showPermissionLayout()
-        }
-    }
-
-    private fun hasStoragePermission(): Boolean {
-        return if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
-            Environment.isExternalStorageManager()
-        } else {
-            true // For older versions, standard permissions flow applies, assuming granted for simplicity here or handled elsewhere if needed
-        }
-    }
-
-    private fun requestStoragePermission() {
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
-            try {
-                val intent = Intent(Settings.ACTION_MANAGE_APP_ALL_FILES_ACCESS_PERMISSION)
-                intent.addCategory("android.intent.category.DEFAULT")
-                intent.data = Uri.parse(String.format("package:%s", applicationContext.packageName))
-                storagePermissionLauncher.launch(intent)
-            } catch (e: Exception) {
-                val intent = Intent()
-                intent.action = Settings.ACTION_MANAGE_ALL_FILES_ACCESS_PERMISSION
-                storagePermissionLauncher.launch(intent)
-            }
-        }
-    }
-
-    private fun showWebView() {
-        binding.webView.visibility = View.VISIBLE
-        binding.progressBar.visibility = View.VISIBLE // Will be hidden by onPageFinished
-        findViewById<LinearLayout>(R.id.permission_layout).visibility = View.GONE
-    }
-
-    private fun showPermissionLayout() {
-        binding.webView.visibility = View.GONE
-        binding.progressBar.visibility = View.GONE
-        findViewById<LinearLayout>(R.id.permission_layout).visibility = View.VISIBLE
-    }
-
     @SuppressLint("SetJavaScriptEnabled")
     private fun setupWebView() {
+        // Create an AssetLoader to load assets from a virtual domain
+        // This avoids file:// protocol issues and CORS problems
+        val assetLoader = WebViewAssetLoader.Builder()
+            .setDomain("appassets.androidplatform.net")
+            .addPathHandler("/assets/", AssetsPathHandler(this))
+            .build()
+
         binding.webView.apply {
             setBackgroundColor(Color.TRANSPARENT)
 
             settings.apply {
                 javaScriptEnabled = true
                 domStorageEnabled = true
                 databaseEnabled = true
-                allowFileAccess = true
-                allowContentAccess = true
+
+                // Security: Disable direct file access as we are using AssetLoader
+                allowFileAccess = false
+                allowContentAccess = false
+
                 cacheMode = WebSettings.LOAD_DEFAULT
                 mixedContentMode = WebSettings.MIXED_CONTENT_NEVER_ALLOW
                 setSupportZoom(false)
@@ -120,6 +68,14 @@ class MainActivity : AppCompatActivity() {
             }
 
             webViewClient = object : WebViewClient() {
+                override fun shouldInterceptRequest(
+                    view: WebView,
+                    request: WebResourceRequest
+                ): WebResourceResponse? {
+                    // Intercept requests and forward them to AssetLoader
+                    return assetLoader.shouldInterceptRequest(request.url)
+                }
+
                 override fun onPageFinished(view: WebView?, url: String?) {
                     super.onPageFinished(view, url)
                     binding.progressBar.visibility = View.GONE
@@ -137,7 +93,8 @@ class MainActivity : AppCompatActivity() {
             addJavascriptInterface(nativeBridge, "NativeBridge")
             nativeBridge.setWebView(this)
 
-            loadUrl("file:///android_asset/www/index.html")
+            // Load the app from the virtual secure origin
+            loadUrl("https://appassets.androidplatform.net/assets/www/index.html")
         }
     }
 

app/src/main/res/layout/activity_main.xml

@@ -17,40 +17,4 @@
         android:indeterminateTint="@color/primary"
         android:visibility="gone" />
 
-    <LinearLayout
-        android:id="@+id/permission_layout"
-        android:layout_width="match_parent"
-        android:layout_height="match_parent"
-        android:orientation="vertical"
-        android:gravity="center"
-        android:padding="24dp"
-        android:background="@color/background"
-        android:visibility="gone">
-
-        <TextView
-            android:layout_width="wrap_content"
-            android:layout_height="wrap_content"
-            android:text="Storage Permission Required"
-            android:textSize="24sp"
-            android:textStyle="bold"
-            android:textColor="@color/on_background"
-            android:layout_marginBottom="16dp" />
-
-        <TextView
-            android:layout_width="wrap_content"
-            android:layout_height="wrap_content"
-            android:text="This app is built on web technologies and requires full file access to load local resources and function correctly.\n\nWithout this permission, the app cannot access its core files due to Android's storage restrictions."
-            android:textSize="16sp"
-            android:textColor="@color/on_surface_secondary"
-            android:textAlignment="center"
-            android:layout_marginBottom="32dp" />
-
-        <Button
-            android:id="@+id/btn_grant_permission"
-            android:layout_width="wrap_content"
-            android:layout_height="wrap_content"
-            android:text="Grant Permission" />
-
-    </LinearLayout>
-
 </FrameLayout>