From c424801a51aa8056b4fdc28a6209c68e7d0d18fb Mon Sep 17 00:00:00 2001
From: Ankur Jain <ankur.jain@solana.com>
Date: Tue, 23 Apr 2024 11:39:46 -0700
Subject: [PATCH] show warning for sensitive app permissions. (#262)

---
 packages/cli/src/config/PublishDetails.ts | 28 +++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/packages/cli/src/config/PublishDetails.ts b/packages/cli/src/config/PublishDetails.ts
index 78b1639..cdecb03 100644
--- a/packages/cli/src/config/PublishDetails.ts
+++ b/packages/cli/src/config/PublishDetails.ts
@@ -229,7 +229,7 @@ const getAndroidDetails = async (
     const minSdk = new RegExp(
       AaptPrefixes.sdkPrefix + AaptPrefixes.quoteRegex
     ).exec(stdout);
-    const permissions = [...stdout.matchAll(/uses-permission: name='(.*)'/g)];
+    const permissions = [...stdout.matchAll(/uses-permission: name='(.*)'/g)].flatMap(permission => permission[1]);
     const locales = new RegExp(
       AaptPrefixes.localePrefix + AaptPrefixes.quoteNonLazyRegex
     ).exec(stdout);
@@ -247,6 +247,30 @@ const getAndroidDetails = async (
       localeArray = ["en-US"].concat(localesSrc.split("' '").slice(1));
     }
 
+    if (permissions.includes("android.permission.INSTALL_PACKAGES") || permissions.includes("android.permission.DELETE_PACKAGES")) {
+      showMessage(
+        "App requests system app install/delete permission",
+        "Your app requests system install/delete permission which is managed by Solana dApp Store.\nThis app will be not approved for listing on Solana dApp Store.",
+        "error"
+      );
+    }
+
+    if (permissions.includes("android.permission.REQUEST_INSTALL_PACKAGES") || permissions.includes("android.permission.REQUEST_DELETE_PACKAGES")) {
+      showMessage(
+        "App requests install or delete permission",
+        "App will be subject to additional security reviews for listing on Solana dApp Store and processing time may be beyond regular review time",
+        "warning"
+      );
+    }
+
+    if (permissions.includes("com.solanamobile.seedvault.ACCESS_SEED_VAULT")) {
+      showMessage(
+        "App requests Seed Vault permission",
+        "If this is not a wallet application, your app maybe rejected from listing on Solana dApp Store.",
+        "warning"
+      );
+    }
+
     if (localeArray.length >= 60) {
       showMessage(
         "The bundle apk claims supports for following locales",
@@ -264,7 +288,7 @@ const getAndroidDetails = async (
       version_code: parseInt(versionCode?.[1] ?? "0", 10),
       version: versionName?.[1] ?? "0",
       cert_fingerprint: await extractCertFingerprint(aaptDir, apkPath),
-      permissions: permissions.flatMap(permission => permission[1]),
+      permissions: permissions,
       locales: localeArray
     };
   } catch (e) {