config: make all generated files accessible to the user

Permissions mode 0600 was preventing even the user from accessing the
configuration files. This makes the permissions more open.

The private key files should nevertheless be protected from other apps
by the permissions on the parent directory. Password protection for the
private key is also recommended in general.

GitHub: fixes #122

5 files changed, 60 insertions, 10 deletions

diff --git a/app/src/main/java/org/pacien/tincapp/activities/configure/tools/GenerateConfigToolDialogFragment.kt b/app/src/main/java/org/pacien/tincapp/activities/configure/tools/GenerateConfigToolDialogFragment.kt
index 96e39ba..c152d54 100644
--- a/app/src/main/java/org/pacien/tincapp/activities/configure/tools/GenerateConfigToolDialogFragment.kt
+++ b/app/src/main/java/org/pacien/tincapp/activities/configure/tools/GenerateConfigToolDialogFragment.kt
@@ -1,6 +1,6 @@
 /*
  * Tinc App, an Android binding and user interface for the tinc mesh VPN daemon
- * Copyright (C) 2017-2018 Pacien TRAN-GIRARD
+ * Copyright (C) 2017-2024 Pacien TRAN-GIRARD
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -23,6 +23,8 @@ import kotlinx.android.synthetic.main.configure_tools_dialog_network_generate.vi
 import org.pacien.tincapp.R
 import org.pacien.tincapp.commands.Tinc
 import org.pacien.tincapp.commands.TincApp
+import org.pacien.tincapp.context.AppPaths
+import org.pacien.tincapp.utils.makePublic
 
 /**
  * @author pacien
@@ -47,5 +49,6 @@ class GenerateConfigToolDialogFragment : ConfigurationToolDialogFragment() {
       .thenCompose { Tinc.init(netName, nodeName) }
       .thenCompose { TincApp.removeScripts(netName) }
       .thenCompose { TincApp.generateIfaceCfgTemplate(netName) }
-      .thenCompose { TincApp.setPassphrase(netName, newPassphrase = passphrase) })
+      .thenCompose { TincApp.setPassphrase(netName, newPassphrase = passphrase) }
+      .thenApply { AppPaths.confDir(netName).makePublic() })
 }
diff --git a/app/src/main/java/org/pacien/tincapp/activities/configure/tools/JoinNetworkToolDialogFragment.kt b/app/src/main/java/org/pacien/tincapp/activities/configure/tools/JoinNetworkToolDialogFragment.kt
index 25bdb15..f00b961 100644
--- a/app/src/main/java/org/pacien/tincapp/activities/configure/tools/JoinNetworkToolDialogFragment.kt
+++ b/app/src/main/java/org/pacien/tincapp/activities/configure/tools/JoinNetworkToolDialogFragment.kt
@@ -1,6 +1,6 @@
 /*
  * Tinc App, an Android binding and user interface for the tinc mesh VPN daemon
- * Copyright (C) 2017-2018 Pacien TRAN-GIRARD
+ * Copyright (C) 2017-2024 Pacien TRAN-GIRARD
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,7 +27,9 @@ import kotlinx.android.synthetic.main.configure_tools_dialog_network_join.view.*
 import org.pacien.tincapp.R
 import org.pacien.tincapp.commands.Tinc
 import org.pacien.tincapp.commands.TincApp
+import org.pacien.tincapp.context.AppPaths
 import org.pacien.tincapp.databinding.ConfigureToolsDialogNetworkJoinBinding
+import org.pacien.tincapp.utils.makePublic
 
 /**
  * @author pacien
@@ -78,5 +80,6 @@ class JoinNetworkToolDialogFragment : ConfigurationToolDialogFragment() {
         .thenCompose { TincApp.removeScripts(netName) }
         .thenCompose { TincApp.generateIfaceCfg(netName) }
         .thenCompose { TincApp.setPassphrase(netName, newPassphrase = passphrase) }
+        .thenApply { AppPaths.confDir(netName).makePublic() }
     )
 }
diff --git a/app/src/main/java/org/pacien/tincapp/utils/Files.kt b/app/src/main/java/org/pacien/tincapp/utils/Files.kt
new file mode 100644
index 0000000..95653b3
--- /dev/null
+++ b/app/src/main/java/org/pacien/tincapp/utils/Files.kt
@@ -0,0 +1,47 @@
+/*
+ * Tinc App, an Android binding and user interface for the tinc mesh VPN daemon
+ * Copyright (C) 2017-2024 Pacien TRAN-GIRARD
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package org.pacien.tincapp.utils
+
+import android.annotation.SuppressLint
+import java.io.File
+
+/**
+ * @author pacien
+ */
+
+fun File.makePrivate() {
+  this.setExecutable(this.isDirectory, false)
+  this.setReadable(true, true)
+  this.setWritable(true, true)
+
+  if (this.isDirectory)
+    for (file in this.listFiles()!!)
+      file.makePrivate()
+}
+
+@SuppressLint("SetWorldReadable", "SetWorldWritable")
+fun File.makePublic() {
+  this.setExecutable(this.isDirectory, false)
+  this.setReadable(true, false)
+  this.setWritable(true, false)
+
+  if (this.isDirectory)
+    for (file in this.listFiles()!!)
+      file.makePublic()
+}
\ No newline at end of file
diff --git a/app/src/main/java/org/pacien/tincapp/utils/TincKeyring.kt b/app/src/main/java/org/pacien/tincapp/utils/TincKeyring.kt
index 7d534e6..e8d9ad6 100644
--- a/app/src/main/java/org/pacien/tincapp/utils/TincKeyring.kt
+++ b/app/src/main/java/org/pacien/tincapp/utils/TincKeyring.kt
@@ -1,6 +1,6 @@
 /*
  * Tinc App, an Android binding and user interface for the tinc mesh VPN daemon
- * Copyright (C) 2017-2020 Pacien TRAN-GIRARD
+ * Copyright (C) 2017-2024 Pacien TRAN-GIRARD
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -49,10 +49,4 @@ object TincKeyring {
     file.makePrivate()
     return file
   }
-
-  private fun File.makePrivate() {
-    this.setExecutable(false, false)
-    this.setReadable(true, true)
-    this.setWritable(true, true)
-  }
 }
diff --git a/changelog.md b/changelog.md
index dfc455b..8b17f91 100644
--- a/changelog.md
+++ b/changelog.md
@@ -3,6 +3,9 @@
 This file lists notable changes that have been made to the application on each release.
 Releases are tracked and referred to using git tags.
 
+## v0.39 -- (next release)
+- fix permissions for newly created or joined network host and key files
+
 ## v0.38 -- 2023-07-30
 - make configuration files and logs accessible in the user-accessible storage
   (in USB storage mode). The embedded FTP server has been removed