New feature: install self-signed CA cert into trust store

[claui]

Rationale

For analysis and reverse engineering, it can be helpful to insert a custom CA certificate into Waydroid’s system-wide trust store. Users used to be able to do that via Android’s settings but not anymore.

Feature

The install mitm command accepts a path to a file that contains a – typically self-signed – CA certificate in PEM format.
It then renames and copies the file into the overlay file system, placing it into Waydroid’s trust store.

Example

As a usage example, the following command lines enable your host to use mitmproxy to act as a proxy and to intercept HTTP(S) connections that come from the Waydroid container:

$ timeout --preserve-status 2 mitmdump -n                           # creates a CA cert in ~/.mitmproxy
$ sudo venv/bin/python3 main.py install mitm --ca-cert ~/.mitmproxy/mitmproxy-ca-cert.pem
INFO: Creating directory: /system/etc/security/cacerts
INFO: Copying /home/yourname/.mitmproxy/mitmproxy-ca-cert.pem to system trust store
INFO: Target file: /system/etc/security/cacerts/6320a7db.0
INFO: mitm installation finished
$ sudo waydroid shell -- ls -l /system/etc/security/cacerts         # double-check that it worked
[…]
-rw-r--r-- 1 root root 1191 2024-01-01 00:00 6320a7db.0
[…]
$ adb shell settings put global http_proxy ${YOUR_IP_HERE?}:3128    # tell Waydroid to use the proxy
                                                                    #     for all connections
$ mitmproxy -p 3128                                                 # start proxy and display a TUI
                                                                    #     with HTTP(S) connections
                                                                    #     coming from Waydroid

[casualsnek]

There seems to be some, merge conflict, can you clear them up ? Also this looks like a nice feature addition to the script !

[claui]

There seems to be some, merge conflict, can you clear them up ?

Sure! Rebased.

[casualsnek]

Thanks for your work ! :)