rcx icon indicating copy to clipboard operation
rcx copied to clipboard

Published 20 hours ago verified publisher icon x0b

Error retrieving directory content for crypt with local-saf

Open Shihabus-Sakib-Rad opened this issue 3 years ago • 3 comments

What version of RCX are you using (About -> App version)?

1.12.1

What is your Android version, phone model and manufacturer?

Bliss Rom, Android 10, Samsung A30

Which steps are required to reproduce this issue?

  1. add local-saf remote (external sdcard) using Storage Access Framework in settings -> File Access -> Enable SAF Client preview
  2. Click on add remote [plus button]
  3. Select Crypt
  4. click "click to select remote or path to encrypt" and select local-saf and choose a path/folder. Note: choosing "SanDisk SD card" selects internal sdcard path instead of external sdcard. Suppose i browsed and selected "my_folder" on ext sdcard, the path becomes /storage/emulated/0/my_folder in the field. Indeed i can see a new "my_folder" was created on my internal sdcard.
  5. Enter name, password and configure other options. [ my choice if that matters -> filename encrypt: standard, Directory encrypt: No
  6. After adding the remote, it should be working fine. The app title should say crypt (webdav) while browsing the remote. you may upload test folders and files. you will find encrypted files in that path on ext sdcard
  7. Come back later or Force stop the app to reproduce immediately.
  8. Try to Access the crypt remote again. it will show an popup "Error retrieving directory content"

What is your configuration (rclone.conf)?

[5d44cd8d-397c-4107-b79b-17f2b6a071e8] type = alias remote = /storage/emulated/0

[8082-3BA9] type = alias remote = /storage/8082-3BA9

[local-saf] type = webdav url = http://localhost:40404/ user = dav pass = ***

[Rclone] type = crypt password2 = *** filename_encryption = Standard directory_name_encryption = false remote = local-saf:8082-3BA9/Rclone password = ***

Does the same issue also occur when using the same configuration on a PC or in Termux?

local-saf doesn't applicable to PC, I guess. Not sure about termux {guide me how i can do this}

What are the contents of Android/data/io.github.x0b.rcx/files/logs/log.txt?

The folder seems to be empty. I have enabled logging in settings and reproduced the bug but couldn't find the log.txt

log.txt (click to expand)

Shihabus-Sakib-Rad avatar Jun 05 '21 17:06 Shihabus-Sakib-Rad

Yeah, that's not going to work. Basically, the SAF bridge is only initialized when browsing the files, since we didn't think anyone would be crazy enough to layer a remote on top of that. I'm not sure If we want to support that, tbh.

I have to think about this. I'm not sure if the system interface is stable enough for this.

x0b avatar Jun 05 '21 19:06 x0b

I'm not sure If we want to support that, tbh

As I have mentioned in my other issue, being a root user, I do not really need this bug to be fixed. But having root access has some downside too. Unencrypted config file can be accessed via other apps (of course, if i make the mistake of giving root permission to bad apps) or TWRP recovery. I am eagerly waiting for Issue #12 to be fixed. I think, encrypted config should be a top priority. Thank you for that you have already made progress on it.

To better understand my use case: As i regularly mess with root stuffs, I need to be always prepared to re-flash rom if anything goes wrong. Thus storing all my stuff in ext SDcard without encryption is dangerous. There is cryptomator but I don't like the idea that encrypted files should be dependent on a single master key file. That's why i am looking into Rclone as i can recreate config file anytime if know the password and corrupting one file doesn't affect other files. [correct me if i am wrong. I am new to these stuffs]

Shihabus-Sakib-Rad avatar Jun 05 '21 20:06 Shihabus-Sakib-Rad

After thinking about this a bit more, we could allow layering/stacking of SAF remotes, if we restrict that to the built-in providers, i.e. for SD cards and USB drives only. They seem to have deterministic URI path algorithms and the source code is available.

Concerning the second point: encryption can only ever protect a device at rest, i.e. against someone who has a disk image of a device. As soon as some code is run as root, it can hook into crypto APIs, access the keychain, read keys from memory, among other things. RCX can only slightly slow down a malicious root app, but never stop it. Of course, users can run whatever they want on their devices.

If malicious code manages to run as root, it is game over, there is nothing that any app can do at that point.

x0b avatar Jun 15 '21 10:06 x0b