Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 32c5b699 authored by Unpublished's avatar Unpublished
Browse files

Add consumer proguard rules 



Signed-off-by: default avatarUnpublished <unpublished@gmx.net>
parent 3bb6efb5

README.md

+25 −0
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ This library allows you to use accounts as well as the network stack provided by 
    - [5.2) Without Retrofit](#52-without-retrofit)

    - [5.3) WebDAV](#53-webdav)

- [Additional info](#additional-info)

- [R8/ProGuard](#r8proguard)

- [Security](#security)

- [Media](#media)

  - [Talks at the Nextcloud Conference](#talks-at-the-nextcloud-conference)
@@ -272,6 +273,30 @@ if (VersionCheckHelper.verifyMinVersion(context, MIN_NEXTCLOUD_FILES_APP_VERSION 
}

```



## R8/ProGuard



R8 and ProGuard rules are bundled into [SSO](lib/consumer-proguard-rules.pro).

The bundled rules do **not** cover enabled obfuscation.

Therefore it is **recommended** to add `-dontobfuscate` to your app-specific proguard rules.



With [R8 full mode](https://r8.googlesource.com/r8/+/refs/heads/master/compatibility-faq.md#r8-full-mode) being enabled by default since [AGP 8.0](https://developer.android.com/build/releases/gradle-plugin#default-changes), you will probably need to handle following app-specific rules yourself (or disable full mode):



### gson

According to [gson's sample rules](https://github.com/google/gson/blob/master/examples/android-proguard-example/proguard.cfg#L14), you still need to configure rules for your gson-handled classes.

> ```

> # Application classes that will be serialized/deserialized over Gson

> -keep class com.google.gson.examples.android.model.** { <fields>; }

> ```



### Retrofit

The same applies to classes which you're using in the api from step [5.1.1](#511-before-using-this-single-sign-on-library-your-interface-for-your-retrofit-api-might-look-like-this) 

```

# Application classes that will be serialized/deserialized by retrofit

-keep class com.google.gson.examples.android.model.**

```



If you find working less broad rules, contributions to these rules are welcome!



## Security



Once the user clicks on "Allow" in the login dialog, the Nextcloud Files App will generate a token for your app. Only your app is allowed to use that token. Even if another app will get a hold of that token, it won't be able to make any requests to the nextcloud server as the nextcloud files app matches that token against the namespace of your app.

lib/build.gradle

+1 −0
Original line number Diff line number Diff line
@@ -31,6 +31,7 @@ android { 
    defaultConfig {

        minSdkVersion 21

        targetSdkVersion 31

        consumerProguardFiles 'consumer-proguard-rules.pro'

    }



    buildTypes {

lib/consumer-proguard-rules.pro

0 → 100644
+71 −0
Original line number Diff line number Diff line 
# from https://www.guardsquare.com/manual/configuration/examples#serializable

-keepnames class * implements java.io.Serializable



-keepclassmembers class * implements java.io.Serializable {

    static final long serialVersionUID;

    private static final java.io.ObjectStreamField[] serialPersistentFields;

    !static !transient <fields>;

    private void writeObject(java.io.ObjectOutputStream);

    private void readObject(java.io.ObjectInputStream);

    java.lang.Object writeReplace();

    java.lang.Object readResolve();

}



##---------------Begin: proguard configuration for Gson  ----------

# Gson uses generic type information stored in a class file when working with fields. Proguard

# removes such information by default, so configure it to keep all of it.

-keepattributes Signature



# For using GSON @Expose annotation

-keepattributes *Annotation*



# Gson specific classes

-dontwarn sun.misc.**

#-keep class com.google.gson.stream.** { *; }



# Application classes that will be serialized/deserialized over Gson

-keep class com.nextcloud.android.sso.model.** { <fields>; }



# Prevent proguard from stripping interface information from TypeAdapter, TypeAdapterFactory,

# JsonSerializer, JsonDeserializer instances (so they can be used in @JsonAdapter)

-keep class * extends com.google.gson.TypeAdapter

-keep class * implements com.google.gson.TypeAdapterFactory

-keep class * implements com.google.gson.JsonSerializer

-keep class * implements com.google.gson.JsonDeserializer



# Prevent R8 from leaving Data object members always null

-keepclassmembers,allowobfuscation class * {

  @com.google.gson.annotations.SerializedName <fields>;

}



# Retain generic signatures of TypeToken and its subclasses with R8 version 3.0 and higher.

-keep,allowobfuscation,allowshrinking class com.google.gson.reflect.TypeToken

-keep,allowobfuscation,allowshrinking class * extends com.google.gson.reflect.TypeToken



##---------------End: proguard configuration for Gson  ----------



# Retrofit rules, remove once upgraded to 2.10.0

# Keep generic signature of RxJava2 (R8 full mode strips signatures from non-kept items).

-keep,allowobfuscation,allowshrinking class io.reactivex.Single

-keep,allowobfuscation,allowshrinking class io.reactivex.Flowable

-keep,allowobfuscation,allowshrinking class io.reactivex.Observable

-keep,allowobfuscation,allowshrinking class io.reactivex.Completable



# Keep inherited services.

-if interface * { @retrofit2.http.* <methods>; }

-keep,allowobfuscation interface * extends <1>



# Keep generic signature of Call, Response (R8 full mode strips signatures from non-kept items).

-keep,allowobfuscation,allowshrinking interface retrofit2.Call

-keep,allowobfuscation,allowshrinking class retrofit2.Response



# With R8 full mode generic signatures are stripped for classes that are not

# kept. Suspend functions are wrapped in continuations where the type argument

# is used.

-keep,allowobfuscation,allowshrinking class kotlin.coroutines.Continuation



# Keep generic signature of RxJava3 (R8 full mode strips signatures from non-kept items).

-keep,allowobfuscation,allowshrinking class io.reactivex.rxjava3.core.Flowable

-keep,allowobfuscation,allowshrinking class io.reactivex.rxjava3.core.Maybe

-keep,allowobfuscation,allowshrinking class io.reactivex.rxjava3.core.Observable

-keep,allowobfuscation,allowshrinking class io.reactivex.rxjava3.core.Single

proguard-rules.pro

deleted100644 → 0
+0 −17
Original line number Diff line number Diff line 
# Add project specific ProGuard rules here.

# By default, the flags in this file are appended to flags specified

# in C:/Program Files/Android/android-studio/sdk/tools/proguard/proguard-android.txt

# You can edit the include path and order by changing the proguardFiles

# directive in build.gradle.

#

# For more details, see

#   http://developer.android.com/guide/developing/tools/proguard.html



# Add any project specific keep options here:



# If your project uses WebView with JS, uncomment the following

# and specify the fully qualified class name to the JavaScript interface

# class:

#-keepclassmembers class fqcn.of.javascript.interface.for.webview {

#   public *;

#}