refactor: remove token auth, use mTLS-only, stop using /data/local/tmp

- Remove TokenAuth and NoAuth (only ACLAuth with mTLS remains)
- Remove --token flag from jnicli
- Change all file paths from /data/local/tmp/ to /data/adb/jniservice/
- Magisk module stores config/logs/data in its own module directory
- JNIService.java uses System.loadLibrary instead of hardcoded path
- Default listen address is 127.0.0.1
- Update README to show on-device usage as primary

Author: xaionaro@dx.center

Makefile

@@ -56,7 +56,7 @@ endif
 ADB ?= $(ANDROID_SDK)/platform-tools/adb
 PORT ?= 50051
 HOST_PORT ?= $(PORT)
-REMOTE_DIR := /data/local/tmp
+REMOTE_DIR := /data/adb/jniservice
 
 deploy: push start-server forward
 
@@ -68,11 +68,15 @@ push:
 	esac; \
 	echo "Device arch: $$ARCH -> GOARCH=$$GOARCH ABI=$$ABI"; \
 	$(MAKE) dist-jniservice dist-dex DIST_GOARCH=$$GOARCH && \
+	$(ADB) shell "mkdir -p $(REMOTE_DIR)" && \
 	$(ADB) push build/libjniservice-$$ABI.so $(REMOTE_DIR)/libjniservice.so && \
 	$(ADB) push build/classes.dex $(REMOTE_DIR)/jniservice.dex
 
 start-server: stop-server
-	$(ADB) shell "JNISERVICE_PORT=$(PORT) app_process \
+	$(ADB) shell "JNISERVICE_PORT=$(PORT) \
+		JNISERVICE_DATA_DIR=$(REMOTE_DIR)/data \
+		LD_LIBRARY_PATH=$(REMOTE_DIR) \
+		app_process \
 		-Djava.class.path=$(REMOTE_DIR)/jniservice.dex \
 		$(REMOTE_DIR) JNIService" &
 	@echo "Waiting for jniservice to start..."

README.md

@@ -90,10 +90,10 @@ adb shell su -c "magisk --install-module /sdcard/jniservice-magisk-arm64-v8a.zip
 adb reboot                                             # starts on next boot
 ```
 
-Configuration: create `/data/local/tmp/jniservice.env` on the device:
+Configuration (optional): create `jniservice.env` in the Magisk module directory:
 ```bash
 JNISERVICE_PORT=50051
-JNISERVICE_TOKEN=my-secret-token
+JNISERVICE_LISTEN=0.0.0.0
 ```
 
 ### Non-rooted devices (APK)
@@ -109,6 +109,12 @@ Open "jniservice" from the launcher once to start the service and register the b
 
 ### Connecting
 
+On the device itself:
+```bash
+jnicli --addr localhost:50051 --insecure jni get-version
+```
+
+From another machine (via adb port forwarding):
 ```bash
 adb forward tcp:50051 tcp:50051
 jnicli --addr localhost:50051 --insecure jni get-version

cmd/jnicli/root.go

@@ -15,7 +15,6 @@ import (
 
 var (
 	flagAddr     string
-	flagToken    string
 	flagInsecure bool
 	flagTimeout  time.Duration
 	flagFormat   string
@@ -57,10 +56,6 @@ var rootCmd = &cobra.Command{
 				&tls.Config{InsecureSkipVerify: true})))
 		}
 
-		if flagToken != "" {
-			opts = append(opts, grpc.WithPerRPCCredentials(tokenCredentials{token: flagToken}))
-		}
-
 		conn, err := grpc.NewClient(flagAddr, opts...)
 		if err != nil {
 			return fmt.Errorf("connect to %s: %w", flagAddr, err)
@@ -78,7 +73,6 @@ var rootCmd = &cobra.Command{
 
 func init() {
 	rootCmd.PersistentFlags().StringVarP(&flagAddr, "addr", "a", "localhost:50051", "gRPC server address")
-	rootCmd.PersistentFlags().StringVarP(&flagToken, "token", "t", "", "authentication token")
 	rootCmd.PersistentFlags().BoolVar(&flagInsecure, "insecure", false, "use insecure connection (no TLS)")
 	rootCmd.PersistentFlags().DurationVar(&flagTimeout, "timeout", 10*time.Second, "request timeout")
 	rootCmd.PersistentFlags().StringVarP(&flagFormat, "format", "f", "json", "output format (json|text)")
@@ -91,22 +85,6 @@ func requestContext(cmd *cobra.Command) (context.Context, context.CancelFunc) {
 	return context.WithTimeout(cmd.Context(), flagTimeout)
 }
 
-// tokenCredentials implements grpc.PerRPCCredentials for bearer token auth.
-type tokenCredentials struct {
-	token string
-}
-
-func (t tokenCredentials) GetRequestMetadata(
-	_ context.Context,
-	_ ...string,
-) (map[string]string, error) {
-	return map[string]string{"authorization": "Bearer " + t.token}, nil
-}
-
-func (t tokenCredentials) RequireTransportSecurity() bool {
-	return false
-}
-
 func buildMTLSCredentials() (credentials.TransportCredentials, error) {
 	cert, err := tls.LoadX509KeyPair(flagCert, flagKey)
 	if err != nil {

cmd/jniservice/JNIService.java

@@ -2,19 +2,19 @@
 //
 // Run via app_process on an Android device:
 //
-//   app_process -Djava.class.path=/data/local/tmp/jniservice.dex \
-//       /data/local/tmp JNIService
+//   LD_LIBRARY_PATH=/path/to/dir app_process \
+//       -Djava.class.path=/path/to/dir/jniservice.dex /path/to/dir JNIService
 //
 // Configuration is via environment variables (set before invoking app_process):
 //
-//   JNISERVICE_PORT   — TCP port (default 50051)
-//   JNISERVICE_LISTEN — listen address (default 0.0.0.0)
-//   JNISERVICE_TOKEN  — bearer token for auth (empty = no auth)
+//   JNISERVICE_PORT     — TCP port (default 50051)
+//   JNISERVICE_LISTEN   — listen address (default 127.0.0.1)
+//   JNISERVICE_DATA_DIR — writable directory for CA, ACL db, etc.
 public class JNIService {
     public static void main(String[] args) {
         System.err.println("jniservice: loading shared library");
         try {
-            System.load("/data/local/tmp/libjniservice.so");
+            System.loadLibrary("jniservice");
         } catch (Throwable t) {
             System.err.println("jniservice: load failed: " + t);
             System.exit(1);

cmd/jniservice/magisk/customize.sh

@@ -4,8 +4,9 @@
 
 ui_print "Installing jniservice..."
 ui_print "  gRPC server will start on next boot"
-ui_print "  Config: /data/local/tmp/jniservice.env"
-ui_print "  Logs:   /data/local/tmp/jniservice.log"
+ui_print "  Config: <module_dir>/jniservice.env"
+ui_print "  Logs:   <module_dir>/jniservice.log"
+ui_print "  Data:   <module_dir>/data/"
 
 # Set permissions on service.sh.
 set_perm "$MODPATH/service.sh" 0 0 0755

cmd/jniservice/magisk/service.sh

@@ -4,20 +4,19 @@
 
 MODDIR="${0%/*}"
 JNISERVICE_DIR="$MODDIR/jniservice"
-LOG="/data/local/tmp/jniservice.log"
+LOG="$MODDIR/jniservice.log"
 
 # Wait for boot to fully complete.
 while [ "$(getprop sys.boot_completed)" != "1" ]; do
     sleep 1
 done
 sleep 5
 
-# Read config from /data/local/tmp/jniservice.env if it exists.
+# Read config from module directory if it exists.
 PORT="${JNISERVICE_PORT:-50051}"
-LISTEN="${JNISERVICE_LISTEN:-0.0.0.0}"
-TOKEN="${JNISERVICE_TOKEN:-}"
-if [ -f /data/local/tmp/jniservice.env ]; then
-    . /data/local/tmp/jniservice.env
+LISTEN="${JNISERVICE_LISTEN:-127.0.0.1}"
+if [ -f "$MODDIR/jniservice.env" ]; then
+    . "$MODDIR/jniservice.env"
 fi
 
 # Kill any existing instance.
@@ -27,7 +26,7 @@ sleep 1
 # Start jniservice.
 export JNISERVICE_PORT="$PORT"
 export JNISERVICE_LISTEN="$LISTEN"
-export JNISERVICE_TOKEN="$TOKEN"
+export JNISERVICE_DATA_DIR="$MODDIR/data"
 export LD_LIBRARY_PATH="$JNISERVICE_DIR:$LD_LIBRARY_PATH"
 
 app_process \

cmd/jniservice/server.go

@@ -11,7 +11,7 @@
 // Configuration is via environment variables:
 //
 //	JNISERVICE_PORT   TCP port (default "50051")
-//	JNISERVICE_LISTEN Listen address (default "0.0.0.0")
+//	JNISERVICE_LISTEN Listen address (default "127.0.0.1")
 package main
 
 /*
@@ -144,13 +144,13 @@ func runServer(cvm *C.JavaVM) {
 	appContextHandle := initAndroidContext(vm, handles)
 
 	// Determine data directory. Try the APK's files dir first (writable by the
-	// app process), fall back to /data/local/tmp (writable by shell user in
-	// app_process mode).
+	// app process), fall back to /data/adb/jniservice (writable by root in
+	// app_process/Magisk mode). JNISERVICE_DATA_DIR env var overrides both.
 	dataDir := os.Getenv("JNISERVICE_DATA_DIR")
 	if dataDir == "" {
 		candidates := []string{
 			"/data/data/center.dx.jni.jniservice/files/jniservice",
-			"/data/local/tmp/jniservice",
+			"/data/adb/jniservice",
 		}
 		for _, dir := range candidates {
 			if err := os.MkdirAll(dir, 0700); err == nil {

cmd/jniserviceadmin/main.go

@@ -199,7 +199,7 @@ var requestsDenyCmd = &cobra.Command{
 }
 
 func init() {
-	rootCmd.PersistentFlags().StringVar(&flagDB, "db", "/data/local/tmp/jniservice/acl.db", "path to SQLite database")
+	rootCmd.PersistentFlags().StringVar(&flagDB, "db", "/data/adb/jniservice/data/acl.db", "path to SQLite database")
 
 	grantsListCmd.Flags().StringVar(&flagGrantsClient, "client", "", "filter grants by client ID")
 

grpc/server/auth.go

@@ -8,7 +8,6 @@ import (
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
-	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/peer"
 	"google.golang.org/grpc/status"
 )
@@ -18,33 +17,6 @@ type Authorizer interface {
 	Authorize(ctx context.Context, fullMethod string) error
 }
 
-// NoAuth allows all requests.
-type NoAuth struct{}
-
-// Authorize always returns nil (all requests are allowed).
-func (NoAuth) Authorize(context.Context, string) error { return nil }
-
-// TokenAuth checks for a bearer token in gRPC metadata.
-type TokenAuth struct {
-	Token string
-}
-
-// Authorize validates that the incoming context carries a matching bearer token.
-func (a TokenAuth) Authorize(ctx context.Context, _ string) error {
-	md, ok := metadata.FromIncomingContext(ctx)
-	if !ok {
-		return status.Error(codes.Unauthenticated, "missing metadata")
-	}
-	tokens := md.Get("authorization")
-	if len(tokens) == 0 {
-		return status.Error(codes.Unauthenticated, "missing authorization")
-	}
-	if tokens[0] != "Bearer "+a.Token {
-		return status.Error(codes.PermissionDenied, "invalid token")
-	}
-	return nil
-}
-
 // ACLAuth checks client identity from mTLS peer cert and verifies
 // method permissions against the ACL store.
 type ACLAuth struct {