android: use SAF for storing Taildropped files

Use Android Storage Access Framework for receiving Taildropped files.

-Add a picker to allow users to select where Taildropped files go
-If no directory is selected, internal app storage is used
-Provide SAF API for Go to use when writing and renaming files
-Provide Android FileOps implementation

Updates tailscale/tailscale#15263

Signed-off-by: kari-ts <kari@tailscale.com>

Author: kari-ts

android/src/main/java/com/tailscale/ipn/App.kt

@@ -14,8 +14,8 @@ import android.content.IntentFilter
 import android.content.SharedPreferences
 import android.content.pm.PackageManager
 import android.net.ConnectivityManager
+import android.net.Uri
 import android.os.Build
-import android.os.Environment
 import android.util.Log
 import androidx.core.app.ActivityCompat
 import androidx.core.app.NotificationCompat
@@ -35,6 +35,7 @@ import com.tailscale.ipn.ui.notifier.Notifier
 import com.tailscale.ipn.ui.viewModel.VpnViewModel
 import com.tailscale.ipn.ui.viewModel.VpnViewModelFactory
 import com.tailscale.ipn.util.FeatureFlags
+import com.tailscale.ipn.util.ShareFileHelper
 import com.tailscale.ipn.util.TSLog
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
@@ -46,7 +47,6 @@ import kotlinx.coroutines.launch
 import kotlinx.serialization.encodeToString
 import kotlinx.serialization.json.Json
 import libtailscale.Libtailscale
-import java.io.File
 import java.io.IOException
 import java.net.NetworkInterface
 import java.security.GeneralSecurityException
@@ -57,6 +57,8 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
 
   companion object {
     private const val FILE_CHANNEL_ID = "tailscale-files"
+    // Key to store the SAF URI in EncryptedSharedPreferences.
+    private val PREF_KEY_SAF_URI = "saf_directory_uri"
     private const val TAG = "App"
     private lateinit var appInstance: App
 
@@ -148,17 +150,13 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
   }
 
   private fun initializeApp() {
-    val dataDir = this.filesDir.absolutePath
-
-    // Set this to enable direct mode for taildrop whereby downloads will be saved directly
-    // to the given folder.  We will preferentially use <shared>/Downloads and fallback to
-    // an app local directory "Taildrop" if we cannot create that.  This mode does not support
-    // user notifications for incoming files.
-    val directFileDir = this.prepareDownloadsFolder()
-    app = Libtailscale.start(dataDir, directFileDir.absolutePath, this)
-    Request.setApp(app)
-    Notifier.setApp(app)
-    Notifier.start(applicationScope)
+    // Check if a directory URI has already been stored.
+    val storedUri = getStoredDirectoryUri()
+    if (storedUri != null && storedUri.toString().startsWith("content://")) {
+      startLibtailscale(storedUri.toString())
+    } else {
+      startLibtailscale(this.getFilesDir().absolutePath)
+    }
     healthNotifier = HealthNotifier(Notifier.health, Notifier.state, applicationScope)
     connectivityManager = this.getSystemService(Context.CONNECTIVITY_SERVICE) as ConnectivityManager
     NetworkChangeCallback.monitorDnsChanges(connectivityManager, dns)
@@ -195,6 +193,18 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
     FeatureFlags.initialize(mapOf("enable_new_search" to true))
   }
 
+  /**
+   * Called when a SAF directory URI is available (either already stored or chosen). We must restart
+   * Tailscale because directFileRoot must be set before LocalBackend starts being used.
+   */
+  fun startLibtailscale(directFileRoot: String) {
+    ShareFileHelper.init(this, directFileRoot)
+    app = Libtailscale.start(this.filesDir.absolutePath, directFileRoot, this)
+    Request.setApp(app)
+    Notifier.setApp(app)
+    Notifier.start(applicationScope)
+  }
+
   private fun initViewModels() {
     vpnViewModel = ViewModelProvider(this, VpnViewModelFactory(this)).get(VpnViewModel::class.java)
   }
@@ -237,6 +247,11 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
         EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM)
   }
 
+  fun getStoredDirectoryUri(): Uri? {
+    val uriString = getEncryptedPrefs().getString(PREF_KEY_SAF_URI, null)
+    return uriString?.let { Uri.parse(it) }
+  }
+
   /*
    * setAbleToStartVPN remembers whether or not we're able to start the VPN
    * by storing this in a shared preference. This allows us to check this
@@ -300,29 +315,6 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
     return sb.toString()
   }
 
-  private fun prepareDownloadsFolder(): File {
-    var downloads = Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_DOWNLOADS)
-
-    try {
-      if (!downloads.exists()) {
-        downloads.mkdirs()
-      }
-    } catch (e: Exception) {
-      TSLog.e(TAG, "Failed to create downloads folder: $e")
-      downloads = File(this.filesDir, "Taildrop")
-      try {
-        if (!downloads.exists()) {
-          downloads.mkdirs()
-        }
-      } catch (e: Exception) {
-        TSLog.e(TAG, "Failed to create Taildrop folder: $e")
-        downloads = File("")
-      }
-    }
-
-    return downloads
-  }
-
   @Throws(
       IOException::class, GeneralSecurityException::class, MDMSettings.NoSuchKeyException::class)
   override fun getSyspolicyBooleanValue(key: String): Boolean {

android/src/main/java/com/tailscale/ipn/MainActivity.kt

@@ -6,6 +6,7 @@ package com.tailscale.ipn
 import android.annotation.SuppressLint
 import android.app.Activity
 import android.app.AlertDialog
+import android.content.BroadcastReceiver
 import android.content.Context
 import android.content.Intent
 import android.content.RestrictionsManager
@@ -14,14 +15,15 @@ import android.content.res.Configuration.SCREENLAYOUT_SIZE_LARGE
 import android.content.res.Configuration.SCREENLAYOUT_SIZE_MASK
 import android.net.ConnectivityManager
 import android.net.NetworkCapabilities
+import android.net.Uri
 import android.os.Build
 import android.os.Bundle
 import android.provider.Settings
-import android.util.Log
 import androidx.activity.ComponentActivity
 import androidx.activity.compose.setContent
 import androidx.activity.result.ActivityResultLauncher
 import androidx.activity.result.contract.ActivityResultContract
+import androidx.activity.result.contract.ActivityResultContracts
 import androidx.annotation.RequiresApi
 import androidx.browser.customtabs.CustomTabsIntent
 import androidx.compose.animation.core.LinearOutSlowInEasing
@@ -89,8 +91,14 @@ import kotlinx.coroutines.cancel
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.StateFlow
 import kotlinx.coroutines.launch
+import libtailscale.Libtailscale
+import java.io.IOException
+import java.security.GeneralSecurityException
 
 class MainActivity : ComponentActivity() {
+  // Key to store the SAF URI in EncryptedSharedPreferences.
+  private val PREF_KEY_SAF_URI = "saf_directory_uri"
+  lateinit var safUriReceiver: BroadcastReceiver
   private lateinit var navController: NavHostController
   private lateinit var vpnPermissionLauncher: ActivityResultLauncher<Intent>
   private val viewModel: MainViewModel by lazy {
@@ -150,6 +158,24 @@ class MainActivity : ComponentActivity() {
         }
     viewModel.setVpnPermissionLauncher(vpnPermissionLauncher)
 
+    val directoryPickerLauncher =
+        registerForActivityResult(ActivityResultContracts.OpenDocumentTree()) { uri: Uri? ->
+          if (uri != null) {
+            // Persist permissions for future access.
+            contentResolver.takePersistableUriPermission(
+                uri,
+                Intent.FLAG_GRANT_READ_URI_PERMISSION or Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
+            // Set the directory to download files to directly.
+            Libtailscale.setDirectFileRoot(uri.toString())
+            saveFileDirectory(uri)
+          } else {
+            TSLog.d(
+                "MainActivity", "Taildrop directory not saved. Will fall back to internal storage.")
+          }
+        }
+
+    viewModel.setDirectoryPickerLauncher(directoryPickerLauncher)
+
     setContent {
       navController = rememberNavController()
 
@@ -198,7 +224,7 @@ class MainActivity : ComponentActivity() {
                           onNavigateToSearch = {
                             viewModel.enableSearchAutoFocus()
                             navController.navigate("search")
-                        })
+                          })
 
                   val settingsNav =
                       SettingsNav(
@@ -245,9 +271,8 @@ class MainActivity : ComponentActivity() {
                         viewModel = viewModel,
                         navController = navController,
                         onNavigateBack = { navController.popBackStack() },
-                        autoFocus = autoFocus
-                    )
-                }
+                        autoFocus = autoFocus)
+                  }
                   composable("settings") { SettingsView(settingsNav) }
                   composable("exitNodes") { ExitNodePicker(exitNodePickerNav) }
                   composable("health") { HealthView(backTo("main")) }
@@ -365,23 +390,28 @@ class MainActivity : ComponentActivity() {
   override fun onNewIntent(intent: Intent) {
     super.onNewIntent(intent)
     if (intent.getBooleanExtra(START_AT_ROOT, false)) {
-        if (this::navController.isInitialized) {
-            val previousEntry = navController.previousBackStackEntry
-            TSLog.d("MainActivity", "onNewIntent: previousBackStackEntry = $previousEntry")
-
-            if (previousEntry != null) {
-                navController.popBackStack(route = "main", inclusive = false)
-            } else {
-                TSLog.e("MainActivity", "onNewIntent: No previous back stack entry, navigating directly to 'main'")
-                navController.navigate("main") {
-                    popUpTo("main") { inclusive = true }
-                }
-            }
+      if (this::navController.isInitialized) {
+        val previousEntry = navController.previousBackStackEntry
+        TSLog.d("MainActivity", "onNewIntent: previousBackStackEntry = $previousEntry")
+
+        if (previousEntry != null) {
+          navController.popBackStack(route = "main", inclusive = false)
+        } else {
+          TSLog.e(
+              "MainActivity",
+              "onNewIntent: No previous back stack entry, navigating directly to 'main'")
+          navController.navigate("main") { popUpTo("main") { inclusive = true } }
         }
+      }
     }
-}
-
+  }
 
+  @Throws(IOException::class, GeneralSecurityException::class)
+  fun saveFileDirectory(directoryUri: Uri) {
+    val prefs = App.get().getEncryptedPrefs()
+    prefs.edit().putString(PREF_KEY_SAF_URI, directoryUri.toString()).apply()
+    App.get().startLibtailscale(directoryUri.toString())
+  }
 
   private fun login(urlString: String) {
     // Launch coroutine to listen for state changes. When the user completes login, relaunch

android/src/main/java/com/tailscale/ipn/ui/view/MainView.kt

@@ -209,6 +209,7 @@ fun MainView(
                 PromptPermissionsIfNecessary()
 
                 viewModel.showVPNPermissionLauncherIfUnauthorized()
+                viewModel.showDirectoryPickerLauncher()
 
                 if (showKeyExpiry) {
                   ExpiryNotification(netmap = netmap, action = { viewModel.login() })
@@ -239,7 +240,9 @@ fun MainView(
                     { viewModel.login() },
                     loginAtUrl,
                     netmap?.SelfNode,
-                    { viewModel.showVPNPermissionLauncherIfUnauthorized() })
+                    { viewModel.showVPNPermissionLauncherIfUnauthorized()
+                      viewModel.showDirectoryPickerLauncher()
+                    } )
               }
             }
           }
@@ -415,11 +418,11 @@ fun ConnectView(
     loginAction: () -> Unit,
     loginAtUrlAction: (String) -> Unit,
     selfNode: Tailcfg.Node?,
-    showVPNPermissionLauncherIfUnauthorized: () -> Unit
+    showVPNPermissionAndDirectoryPickerLaunchers: () -> Unit
 ) {
   LaunchedEffect(isPrepared) {
     if (!isPrepared && shouldStartAutomatically) {
-      showVPNPermissionLauncherIfUnauthorized()
+      showVPNPermissionAndDirectoryPickerLaunchers()
     }
   }
   Row(horizontalArrangement = Arrangement.Center, modifier = Modifier.fillMaxWidth()) {

android/src/main/java/com/tailscale/ipn/ui/viewModel/MainViewModel.kt

@@ -4,13 +4,15 @@
 package com.tailscale.ipn.ui.viewModel
 
 import android.content.Intent
+import android.net.Uri
 import android.net.VpnService
 import androidx.activity.result.ActivityResultLauncher
 import androidx.compose.runtime.getValue
 import androidx.compose.runtime.mutableStateOf
 import androidx.compose.runtime.setValue
 import androidx.compose.ui.platform.ClipboardManager
 import androidx.compose.ui.text.AnnotatedString
+import androidx.documentfile.provider.DocumentFile
 import androidx.lifecycle.ViewModel
 import androidx.lifecycle.ViewModelProvider
 import androidx.lifecycle.viewModelScope
@@ -25,6 +27,7 @@ import com.tailscale.ipn.ui.util.PeerCategorizer
 import com.tailscale.ipn.ui.util.PeerSet
 import com.tailscale.ipn.ui.util.TimeUtil
 import com.tailscale.ipn.ui.util.set
+import com.tailscale.ipn.util.TSLog
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.FlowPreview
 import kotlinx.coroutines.Job
@@ -61,6 +64,9 @@ class MainViewModel(private val vpnViewModel: VpnViewModel) : IpnViewModel() {
   // Permission to prepare VPN
   private var vpnPermissionLauncher: ActivityResultLauncher<Intent>? = null
 
+  // Select Taildrop directory
+  private var directoryPickerLauncher: ActivityResultLauncher<Uri?>? = null
+
   // The list of peers
   private val _peers = MutableStateFlow<List<PeerSet>>(emptyList())
   val peers: StateFlow<List<PeerSet>> = _peers
@@ -197,13 +203,34 @@ class MainViewModel(private val vpnViewModel: VpnViewModel) : IpnViewModel() {
     }
   }
 
+  fun showDirectoryPickerLauncher() {
+    val app = App.get() // Get the application instance
+    val storedUri = app.getStoredDirectoryUri()
+    if (storedUri == null) {
+      // No stored URI, so launch the directory picker.
+      directoryPickerLauncher?.launch(null)
+      return
+    }
+
+    val documentFile = DocumentFile.fromTreeUri(app, storedUri)
+    if (documentFile == null || !documentFile.exists() || !documentFile.canWrite()) {
+      TSLog.d(
+          "MainViewModel",
+          "Stored directory URI is invalid or inaccessible; launching directory picker.")
+      directoryPickerLauncher?.launch(null)
+    } else {
+      TSLog.d("MainViewModel", "Using stored directory URI: $storedUri")
+    }
+  }
+
   fun toggleVpn(desiredState: Boolean) {
     if (isToggleInProgress.value) {
       // Prevent toggling while a previous toggle is in progress
       return
     }
 
     viewModelScope.launch {
+      showDirectoryPickerLauncher()
       isToggleInProgress.value = true
       try {
         val currentState = Notifier.state.value
@@ -243,6 +270,10 @@ class MainViewModel(private val vpnViewModel: VpnViewModel) : IpnViewModel() {
     // No intent means we're already authorized
     vpnPermissionLauncher = launcher
   }
+
+  fun setDirectoryPickerLauncher(launcher: ActivityResultLauncher<Uri?>) {
+    directoryPickerLauncher = launcher
+  }
 }
 
 private fun userStringRes(currentState: State?, previousState: State?, vpnActive: Boolean): Int {