fix(tracker): harden foreground-service startup and handle FGS timeouts#221
Draft
adsamcik wants to merge 1 commit into
Draft
fix(tracker): harden foreground-service startup and handle FGS timeouts#221adsamcik wants to merge 1 commit into
adsamcik wants to merge 1 commit into
Conversation
- Select FGS type by held permission (LOCATION when granted, SPECIAL_USE fallback) so Wi-Fi/cell/activity-only sessions can run without location permission; declare specialUse + subtype for TrackerService in the manifest. - Catch SecurityException / ForegroundServiceStartNotAllowedException around startForeground; on failure post a user-visible notification and stop cleanly instead of crashing or silently no-oping. - Implement Service.onTimeout() (Android 15+) in TrackerService and ActivityWatcherService to stop gracefully and avoid fatal RemoteServiceException. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Hardens foreground-service startup and adds Android 15+ FGS-timeout handling for
TrackerServiceandActivityWatcherService. Part of the tracking-architecture review follow-ups (FGS robustness / platform compliance).On the current
dev/v10code,TrackerServicealways callsstartForeground(..., FOREGROUND_SERVICE_TYPE_LOCATION)with no permission gating and no exception handling. That means:SecurityExceptionon Android 14+ (uncaught crash), andForegroundServiceStartNotAllowedException(Android 12+) — also uncaught.Neither service implements
Service.onTimeout(), so a platform FGS time-out would surface as a fatalRemoteServiceException.Changes
Robust FGS startup (
TrackerService)ensureForegroundStarted()now returnsBooleanand selects the FGS type by held permission:LOCATIONwhen a location permission is granted, elseSPECIAL_USE. This lets Wi-Fi/cell/activity-only ("ambient") sessions run when location permission is absent — and is also more accurate per Play policy, since a no-GPS session shouldn't declare itself alocationFGS.startForegroundis wrapped (tryStartForeground) catchingSecurityExceptionandIllegalStateException(the supertype ofForegroundServiceStartNotAllowedException, avoiding an API-31 type reference). On total failure it posts a user-visible, dismissible notification ("Tracking couldn't start — open the app to resume") and stops cleanly instead of crashing or silently no-oping.onCreate/onStartCommandreact to the boolean (stop cleanly on failure).Manifest
TrackerServicenow declaresandroid:foregroundServiceType="location|specialUse"plusPROPERTY_SPECIAL_USE_FGS_SUBTYPE="SignalTracking"so the special-use fallback is legal.FOREGROUND_SERVICE_SPECIAL_USEwas already declared andActivityWatcherServicealready usesspecialUse.onTimeout()(Android 15+, API 35)TrackerServiceandActivityWatcherService: report +stopSelf(startId). The normalonDestroycleanup still flushes the durable signal buffer; auto-tracking is re-triggered byActivityWatcherService.ActivityWatcherServicestartForegroundCompatreturnsBoolean+ try/catch; stops cleanly on failure. Removed an unusedandroid.util.Logimport.Verification
./gradlew :tracker:engine:compileDebugKotlin— BUILD SUCCESSFUL.Reviewer decision point
Adding
specialUsetoTrackerService's declared types broadens the FGS-type surface. It's consistent with the existingActivityWatcherServicespecial-use usage and the app's already-declaredFOREGROUND_SERVICE_SPECIAL_USEpermission, and it fixes a latent policy mismatch (ambient sessions previously declaredlocation). Flagging it explicitly in case you'd prefer to keep this PR purely defensive (drop the type fallback + manifest change) and handle ambient-FGS-type separately.Notes
Draft — opened for review per the "extensive review before merge" workflow.