Added foreground service support

Signed-off-by: ddeviatilov <[email protected]>

Author: 9tilov

tunnel/build.gradle.kts

@@ -68,6 +68,7 @@ android {
 dependencies {
     implementation(libs.androidx.annotation)
     implementation(libs.androidx.collection)
+    implementation(libs.androidx.core.ktx)
     compileOnly(libs.jsr305)
     testImplementation(libs.junit)
 }

tunnel/src/main/AndroidManifest.xml

@@ -5,11 +5,15 @@
 
 <manifest xmlns:android="http://schemas.android.com/apk/res/android">
 
+    <uses-permission android:name="android.permission.FOREGROUND_SERVICE_SYSTEM_EXEMPTED" />
+
     <application>
         <service
             android:name="com.wireguard.android.backend.GoBackend$VpnService"
             android:permission="android.permission.BIND_VPN_SERVICE"
-            android:exported="false">
+            android:exported="false"
+            android:persistent="true"
+            android:foregroundServiceType="systemExempted">
             <intent-filter>
                 <action android:name="android.net.VpnService" />
             </intent-filter>

tunnel/src/main/java/com/wireguard/android/backend/GoBackend.java

@@ -5,8 +5,12 @@
 
 package com.wireguard.android.backend;
 
+import android.app.ForegroundServiceStartNotAllowedException;
+import android.app.Notification;
+import android.app.Service;
 import android.content.Context;
 import android.content.Intent;
+import android.content.pm.ServiceInfo;
 import android.os.Build;
 import android.os.ParcelFileDescriptor;
 import android.system.OsConstants;
@@ -24,7 +28,6 @@
 import com.wireguard.util.NonNullForAll;
 
 import java.net.InetAddress;
-import java.time.Instant;
 import java.util.Collections;
 import java.util.Set;
 import java.util.concurrent.ExecutionException;
@@ -35,6 +38,11 @@
 
 import androidx.annotation.Nullable;
 import androidx.collection.ArraySet;
+import androidx.core.app.NotificationCompat;
+import androidx.core.app.ServiceCompat;
+
+import static android.content.pm.ServiceInfo.FOREGROUND_SERVICE_TYPE_NONE;
+import static android.content.pm.ServiceInfo.FOREGROUND_SERVICE_TYPE_SYSTEM_EXEMPTED;
 
 /**
  * Implementation of {@link Backend} that uses the wireguard-go userspace implementation to provide
@@ -256,7 +264,8 @@ private void setStateInternal(final Tunnel tunnel, @Nullable final Config config
             }
 
 
-            dnsRetry: for (int i = 0; i < DNS_RESOLUTION_RETRIES; ++i) {
+            dnsRetry:
+            for (int i = 0; i < DNS_RESOLUTION_RETRIES; ++i) {
                 // Pre-resolve IPs so they're cached when building the userspace string
                 for (final Peer peer : config.getPeers()) {
                     final InetEndpoint ep = peer.getEndpoint().orElse(null);
@@ -345,7 +354,8 @@ private void setStateInternal(final Tunnel tunnel, @Nullable final Config config
             wgTurnOff(handleToClose);
             try {
                 vpnService.get(0, TimeUnit.NANOSECONDS).stopSelf();
-            } catch (final TimeoutException ignored) { }
+            } catch (final TimeoutException ignored) {
+            }
         }
 
         tunnel.onStateChange(state);
@@ -392,6 +402,9 @@ public GhettoCompletableFuture<V> newIncompleteFuture() {
      * {@link android.net.VpnService} implementation for {@link GoBackend}
      */
     public static class VpnService extends android.net.VpnService {
+
+        private static final int NOTIFICATION_ID = 999;
+        private static final String CHANNEL_ID = "VPN_CHANNEL";
         @Nullable private GoBackend owner;
 
         public Builder getBuilder() {
@@ -423,6 +436,7 @@ public void onDestroy() {
 
         @Override
         public int onStartCommand(@Nullable final Intent intent, final int flags, final int startId) {
+            startForeground();
             vpnService.complete(this);
             if (intent == null || intent.getComponent() == null || !intent.getComponent().getPackageName().equals(getPackageName())) {
                 Log.d(TAG, "Service started by Always-on VPN feature");
@@ -435,5 +449,20 @@ public int onStartCommand(@Nullable final Intent intent, final int flags, final
         public void setOwner(final GoBackend owner) {
             this.owner = owner;
         }
+
+        private void startForeground() {
+            try {
+                final Notification notification = new NotificationCompat
+                        .Builder(this, CHANNEL_ID)
+                        .build();
+                ServiceCompat.startForeground(this, NOTIFICATION_ID, notification, FOREGROUND_SERVICE_TYPE_SYSTEM_EXEMPTED);
+            } catch (final Exception ex) {
+                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S &&
+                        ex instanceof ForegroundServiceStartNotAllowedException
+                ) {
+                    Log.d(TAG, "App not in a valid state to start foreground service");
+                }
+            }
+        }
     }
 }

wireguard-android

@@ -0,0 +1 @@
+Subproject commit f0b45d50f332cd532ee9f62cd51582da6fea7e49