oxyroid
diff --git a/‎app/tv/src/main/AndroidManifest.xml‎
Lines changed: 17 additions & 0 deletions b/‎app/tv/src/main/AndroidManifest.xml‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎app/tv/src/main/java/com/m3u/tv/M3UApplication.kt‎
Lines changed: 97 additions & 0 deletions b/‎app/tv/src/main/java/com/m3u/tv/M3UApplication.kt‎
Lines changed: 97 additions & 0 deletions
diff --git a/‎app/tv/src/main/java/com/m3u/tv/MainActivity.kt‎
Lines changed: 209 additions & 6 deletions b/‎app/tv/src/main/java/com/m3u/tv/MainActivity.kt‎
Lines changed: 209 additions & 6 deletions
@@ -12,13 +12,30 @@
     <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
     <uses-permission android:name="android.permission.FOREGROUND_SERVICE_DATA_SYNC" />
 
+    <!-- USB Storage permissions for encryption and log export -->
+    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"
+        android:maxSdkVersion="32" />
+    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"
+        android:maxSdkVersion="32" />
+    <uses-permission android:name="android.permission.READ_LOGS"
+        tools:ignore="ProtectedPermissions" />
+
+    <!-- For Android 11+ (API 30+) manage all files access -->
+    <uses-permission android:name="android.permission.MANAGE_EXTERNAL_STORAGE"
+        tools:ignore="ScopedStorage" />
+
     <uses-feature
         android:name="android.software.leanback"
         android:required="true" />
     <uses-feature
         android:name="android.hardware.touchscreen"
         android:required="false" />
 
+    <!-- Enable mouse/pointer support for emulator development -->
+    <uses-feature
+        android:name="android.hardware.type.pc"
+        android:required="false" />
+
     <!-- USB Host permissions for encryption -->
     <uses-feature
         android:name="android.hardware.usb.host"
 
@@ -2,15 +2,33 @@ package com.m3u.tv
 
 import android.app.Application
 import androidx.hilt.work.HiltWorkerFactory
+import androidx.lifecycle.ProcessLifecycleOwner
+import androidx.lifecycle.lifecycleScope
 import androidx.work.Configuration
+import com.m3u.core.architecture.preferences.PreferencesKeys
+import com.m3u.core.architecture.preferences.get
+import com.m3u.core.architecture.preferences.set
+import com.m3u.core.architecture.preferences.settings
+import com.m3u.data.repository.usbkey.USBKeyRepository
+import com.m3u.data.security.KeyVerificationManager
 import dagger.hilt.android.HiltAndroidApp
+import kotlinx.coroutines.launch
+import timber.log.Timber
 import javax.inject.Inject
 
 @HiltAndroidApp
 class M3UApplication : Application(), Configuration.Provider {
     @Inject
     lateinit var workerFactory: HiltWorkerFactory
 
+    @Inject
+    lateinit var usbKeyRepository: USBKeyRepository
+
+    @Inject
+    lateinit var keyVerificationManager: KeyVerificationManager
+
+    private val timber = Timber.tag("M3UApplication")
+
     override val workManagerConfiguration: Configuration by lazy {
         Configuration.Builder()
             .setWorkerFactory(workerFactory)
@@ -19,5 +37,84 @@ class M3UApplication : Application(), Configuration.Provider {
 
     override fun onCreate() {
         super.onCreate()
+
+        // TODO: REMOVE BEFORE PRODUCTION - Debug logging enabled
+        if (BuildConfig.DEBUG) {
+            Timber.plant(Timber.DebugTree())
+            Timber.d("============================================")
+            Timber.d("M3U TV APPLICATION STARTING (DEBUG MODE)")
+            Timber.d("============================================")
+        }
+
+        // Launch startup verification asynchronously
+        // Note: performStartupVerification() will check for pending encryption
+        // and perform it BEFORE any database access if needed
+        ProcessLifecycleOwner.get().lifecycleScope.launch {
+            performStartupVerification()
+        }
+    }
+
+    private suspend fun performStartupVerification() {
+        try {
+            timber.d("=== STARTUP VERIFICATION ===")
+
+            // Check if encryption is pending (app was killed to close database)
+            val inProgress = settings[PreferencesKeys.USB_ENCRYPTION_IN_PROGRESS]
+            val lastOperation = settings[PreferencesKeys.USB_ENCRYPTION_LAST_OPERATION] ?: ""
+
+            if (inProgress == true && lastOperation == "ENCRYPTION_PENDING") {
+                timber.d("!!! ENCRYPTION PENDING - Performing encryption with database closed !!!")
+
+                // Now the database is CLOSED because the app was killed
+                // We can safely perform the encryption
+                val result = usbKeyRepository.performPendingEncryption()
+
+                if (result.isSuccess) {
+                    timber.d("✓ Encryption completed successfully!")
+                    // Clear the pending flag
+                    settings[PreferencesKeys.USB_ENCRYPTION_IN_PROGRESS] = false
+                    settings[PreferencesKeys.USB_ENCRYPTION_LAST_OPERATION] = "ENCRYPTION_COMPLETED"
+                    settings[PreferencesKeys.USB_ENCRYPTION_ENABLED] = true
+
+                    timber.d("Restarting app to open encrypted database...")
+                    // Restart ONE MORE TIME to open the encrypted database
+                    android.os.Process.killProcess(android.os.Process.myPid())
+                } else {
+                    timber.e("✗ Encryption failed: ${result.exceptionOrNull()?.message}")
+                    // Clear the pending flag so we don't retry
+                    settings[PreferencesKeys.USB_ENCRYPTION_IN_PROGRESS] = false
+                    settings[PreferencesKeys.USB_ENCRYPTION_LAST_OPERATION] = "ENCRYPTION_FAILED"
+                }
+                return // Don't continue with normal startup
+            } else if (inProgress == true) {
+                // Some other operation was in progress - just clear the flag
+                timber.d("Clearing in-progress flag from previous operation: $lastOperation")
+                settings[PreferencesKeys.USB_ENCRYPTION_IN_PROGRESS] = false
+            }
+
+            // Verify USB key on startup if encryption is enabled
+            if (usbKeyRepository.isEncryptionEnabled()) {
+                timber.d("Encryption is enabled - verifying USB key on startup...")
+
+                usbKeyRepository.getEncryptionKey()?.let { key ->
+                    timber.d("Found encryption key - verifying fingerprint...")
+                    val verified = keyVerificationManager.verifyKey(key)
+
+                    if (verified) {
+                        timber.d("USB key verified successfully on startup")
+                    } else {
+                        timber.w("USB key verification failed on startup")
+                    }
+                } ?: run {
+                    timber.w("No encryption key found on startup - USB may be disconnected")
+                }
+            } else {
+                timber.d("Encryption is not enabled - skipping startup verification")
+            }
+
+            timber.d("=== STARTUP VERIFICATION COMPLETE ===")
+        } catch (e: Exception) {
+            timber.e(e, "Error during startup verification")
+        }
     }
 }
@@ -1,38 +1,241 @@
 package com.m3u.tv
 
+import android.Manifest
+import android.content.Intent
+import android.content.pm.PackageManager
+import android.net.Uri
+import android.os.Build
 import android.os.Bundle
+import android.os.Environment
+import android.provider.Settings
+import android.view.KeyEvent
 import androidx.activity.ComponentActivity
 import androidx.activity.compose.setContent
+import androidx.activity.result.contract.ActivityResultContracts
 import androidx.compose.foundation.background
 import androidx.compose.foundation.layout.Box
 import androidx.compose.runtime.CompositionLocalProvider
+import androidx.compose.runtime.getValue
+import androidx.compose.runtime.mutableStateOf
+import androidx.compose.runtime.remember
+import androidx.compose.runtime.setValue
 import androidx.compose.ui.Modifier
+import androidx.core.content.ContextCompat
+import androidx.lifecycle.compose.collectAsStateWithLifecycle
+import androidx.lifecycle.lifecycleScope
 import androidx.tv.material3.LocalContentColor
 import androidx.tv.material3.MaterialTheme
 import androidx.tv.material3.darkColorScheme
+import com.m3u.business.setting.UnlockManager
+import com.m3u.tv.screens.common.ErrorScreen
+import com.m3u.tv.screens.common.LoadingScreen
+import com.m3u.tv.screens.security.PINUnlockScreen
 import com.m3u.tv.utils.Helper
 import com.m3u.tv.utils.LocalHelper
 import dagger.hilt.android.AndroidEntryPoint
+import kotlinx.coroutines.launch
+import timber.log.Timber
+import javax.inject.Inject
 
 @AndroidEntryPoint
 class MainActivity : ComponentActivity() {
+    @Inject
+    lateinit var unlockManager: UnlockManager
+
     private val helper = Helper(this)
+
+    private val timber = Timber.tag("MainActivity")
+
+    // Storage permission request launcher
+    private val storagePermissionLauncher = registerForActivityResult(
+        ActivityResultContracts.RequestMultiplePermissions()
+    ) { permissions ->
+        timber.d("Storage permissions result: $permissions")
+        val allGranted = permissions.values.all { it }
+        if (allGranted) {
+            timber.d("✓ All storage permissions granted")
+        } else {
+            timber.w("⚠ Some storage permissions denied: ${permissions.filter { !it.value }}")
+        }
+    }
+
+    // Manage all files permission launcher for Android 11+
+    private val manageStorageLauncher = registerForActivityResult(
+        ActivityResultContracts.StartActivityForResult()
+    ) { result ->
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
+            if (Environment.isExternalStorageManager()) {
+                timber.d("✓ All files access granted")
+            } else {
+                timber.w("⚠ All files access denied")
+            }
+        }
+    }
+
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
+
+        timber.d("=== MAIN ACTIVITY ONCREATE ===")
+
+        // Request storage permissions on first launch
+        requestStoragePermissions()
+
+        // Initialize unlock manager BEFORE setContent
+        // This checks if PIN encryption is enabled and sets initial lock state
+        lifecycleScope.launch {
+            timber.d("Initializing unlock manager...")
+            unlockManager.initialize()
+            timber.d("Unlock manager initialized")
+        }
+
         setContent {
             MaterialTheme(
                 colorScheme = darkColorScheme()
             ) {
                 Box(Modifier.background(MaterialTheme.colorScheme.background)) {
-                    CompositionLocalProvider(
-                        LocalHelper provides helper,
-                        LocalContentColor provides MaterialTheme.colorScheme.onBackground
-                    ) {
-                        App {
-                            onBackPressedDispatcher.onBackPressed()
+                    // ========================================
+                    // AUTHENTICATION GATE
+                    // ========================================
+                    // Observe the lock state and show different screens based on it
+                    val lockState by unlockManager.lockState.collectAsStateWithLifecycle()
+
+                    timber.d("Current lock state: $lockState")
+
+                    when (lockState) {
+                        is UnlockManager.LockState.Initializing -> {
+                            // Show loading while checking encryption status
+                            timber.d("Showing loading screen")
+                            LoadingScreen(message = "Initializing...")
+                        }
+
+                        is UnlockManager.LockState.Locked -> {
+                            // Database is encrypted - show PIN unlock screen
+                            // This BLOCKS access to the main app
+                            timber.d("Showing PIN unlock screen")
+
+                            var errorMessage by remember { mutableStateOf<String?>(null) }
+
+                            PINUnlockScreen(
+                                onPINEntered = { pin ->
+                                    timber.d("PIN entered in unlock screen, attempting unlock...")
+                                    lifecycleScope.launch {
+                                        val result = unlockManager.attemptUnlock(pin)
+                                        if (result.isFailure) {
+                                            timber.w("Unlock failed: ${result.exceptionOrNull()?.message}")
+                                            errorMessage = "Incorrect PIN. Please try again."
+                                        } else {
+                                            timber.d("✓ Unlock successful!")
+                                            errorMessage = null
+                                            // State will automatically change to Unlocked
+                                        }
+                                    }
+                                },
+                                errorMessage = errorMessage
+                            )
+                        }
+
+                        is UnlockManager.LockState.NoEncryption,
+                        is UnlockManager.LockState.Unlocked -> {
+                            // No encryption OR successfully unlocked - proceed to main app
+                            timber.d("Proceeding to main app (unlocked or no encryption)")
+
+                            CompositionLocalProvider(
+                                LocalHelper provides helper,
+                                LocalContentColor provides MaterialTheme.colorScheme.onBackground
+                            ) {
+                                App {
+                                    onBackPressedDispatcher.onBackPressed()
+                                }
+                            }
                         }
+
+                        is UnlockManager.LockState.Error -> {
+                            // Error during initialization
+                            val error = lockState as UnlockManager.LockState.Error
+                            timber.e("Error state: ${error.message}")
+
+                            ErrorScreen(
+                                message = error.message,
+                                onRetry = {
+                                    lifecycleScope.launch {
+                                        unlockManager.initialize()
+                                    }
+                                }
+                            )
+                        }
+                    }
+                }
+            }
+        }
+
+        timber.d("=== MAIN ACTIVITY SETUP COMPLETE ===")
+    }
+
+    override fun onKeyDown(keyCode: Int, event: KeyEvent?): Boolean {
+        // Handle DELETE and PAGE_DOWN as back navigation
+        return when (keyCode) {
+            KeyEvent.KEYCODE_DEL,
+            KeyEvent.KEYCODE_PAGE_DOWN -> {
+                timber.d("Back navigation triggered by key: $keyCode")
+                onBackPressedDispatcher.onBackPressed()
+                true
+            }
+            else -> super.onKeyDown(keyCode, event)
+        }
+    }
+
+    private fun requestStoragePermissions() {
+        timber.d("=== STORAGE PERMISSION CHECK ===")
+        timber.d("Android SDK Version: ${Build.VERSION.SDK_INT}")
+
+        when {
+            // Android 11+ (API 30+) requires special "All files access" permission
+            Build.VERSION.SDK_INT >= Build.VERSION_CODES.R -> {
+                timber.d("Android 11+ detected - checking All Files Access")
+                if (!Environment.isExternalStorageManager()) {
+                    timber.d("All Files Access not granted - attempting to open settings")
+                    try {
+                        val intent = Intent(Settings.ACTION_MANAGE_APP_ALL_FILES_ACCESS_PERMISSION).apply {
+                            data = Uri.parse("package:$packageName")
+                        }
+                        manageStorageLauncher.launch(intent)
+                        timber.d("✓ Launched settings for All Files Access")
+                    } catch (e: Exception) {
+                        timber.w(e, "Unable to request All Files Access on this device (TV doesn't support this)")
+                        // On Android TV, this permission doesn't exist - just skip it
+                        // The app can still access its own cache/data directories without this permission
                     }
+                } else {
+                    timber.d("✓ All Files Access already granted")
+                }
+            }
+            // Android 6-10 (API 23-29) requires runtime permissions
+            Build.VERSION.SDK_INT >= Build.VERSION_CODES.M -> {
+                timber.d("Android 6-10 detected - checking storage permissions")
+                val permissionsToRequest = mutableListOf<String>()
+
+                if (ContextCompat.checkSelfPermission(this, Manifest.permission.WRITE_EXTERNAL_STORAGE)
+                    != PackageManager.PERMISSION_GRANTED) {
+                    permissionsToRequest.add(Manifest.permission.WRITE_EXTERNAL_STORAGE)
+                    timber.d("WRITE_EXTERNAL_STORAGE not granted")
+                }
+
+                if (ContextCompat.checkSelfPermission(this, Manifest.permission.READ_EXTERNAL_STORAGE)
+                    != PackageManager.PERMISSION_GRANTED) {
+                    permissionsToRequest.add(Manifest.permission.READ_EXTERNAL_STORAGE)
+                    timber.d("READ_EXTERNAL_STORAGE not granted")
                 }
+
+                if (permissionsToRequest.isNotEmpty()) {
+                    timber.d("Requesting ${permissionsToRequest.size} storage permissions")
+                    storagePermissionLauncher.launch(permissionsToRequest.toTypedArray())
+                } else {
+                    timber.d("✓ All storage permissions already granted")
+                }
+            }
+            // Android 5 and below (API <23) - permissions granted at install time
+            else -> {
+                timber.d("Android 5 or below - permissions granted at install time")
             }
         }
     }