From 91f82b0732064ce212e8c7cfeb80aa32b72eaebe Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <brad@danga.com>
Date: Wed, 3 Sep 2025 14:58:21 -0700
Subject: [PATCH] libtailscale: use syspolicy RegisterStore rather than
 deprecated RegisterHandler

Updates tailscale/tailscale#17022

Signed-off-by: Brad Fitzpatrick <brad@danga.com>
---
 libtailscale/backend.go           |  2 +-
 libtailscale/syspolicy_handler.go | 23 ++++++++++++-----------
 libtailscale/tailscale.go         |  7 ++++---
 3 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/libtailscale/backend.go b/libtailscale/backend.go
index e7a592a..8503b77 100644
--- a/libtailscale/backend.go
+++ b/libtailscale/backend.go
@@ -51,7 +51,7 @@ type App struct {
 	appCtx AppContext
 
 	store             *stateStore
-	policyStore       *syspolicyHandler
+	policyStore       *syspolicyStore
 	logIDPublicAtomic atomic.Pointer[logid.PublicID]
 
 	localAPIHandler http.Handler
diff --git a/libtailscale/syspolicy_handler.go b/libtailscale/syspolicy_handler.go
index c7fc68c..086258a 100644
--- a/libtailscale/syspolicy_handler.go
+++ b/libtailscale/syspolicy_handler.go
@@ -10,33 +10,34 @@ import (
 
 	"tailscale.com/util/set"
 	"tailscale.com/util/syspolicy"
+	"tailscale.com/util/syspolicy/pkey"
 )
 
-// syspolicyHandler is a syspolicy handler for the Android version of the Tailscale client,
+// syspolicyStore is a syspolicy Store for the Android version of the Tailscale client,
 // which lets the main networking code read values set via the Android RestrictionsManager.
-type syspolicyHandler struct {
+type syspolicyStore struct {
 	a   *App
 	mu  sync.RWMutex
 	cbs set.HandleSet[func()]
 }
 
-func (h *syspolicyHandler) ReadString(key string) (string, error) {
+func (h *syspolicyStore) ReadString(key pkey.Key) (string, error) {
 	if key == "" {
 		return "", syspolicy.ErrNoSuchKey
 	}
-	retVal, err := h.a.appCtx.GetSyspolicyStringValue(key)
+	retVal, err := h.a.appCtx.GetSyspolicyStringValue(string(key))
 	return retVal, translateHandlerError(err)
 }
 
-func (h *syspolicyHandler) ReadBoolean(key string) (bool, error) {
+func (h *syspolicyStore) ReadBoolean(key pkey.Key) (bool, error) {
 	if key == "" {
 		return false, syspolicy.ErrNoSuchKey
 	}
-	retVal, err := h.a.appCtx.GetSyspolicyBooleanValue(key)
+	retVal, err := h.a.appCtx.GetSyspolicyBooleanValue(string(key))
 	return retVal, translateHandlerError(err)
 }
 
-func (h *syspolicyHandler) ReadUInt64(key string) (uint64, error) {
+func (h *syspolicyStore) ReadUInt64(key pkey.Key) (uint64, error) {
 	if key == "" {
 		return 0, syspolicy.ErrNoSuchKey
 	}
@@ -44,11 +45,11 @@ func (h *syspolicyHandler) ReadUInt64(key string) (uint64, error) {
 	return 0, errors.New("ReadUInt64 is not implemented on Android")
 }
 
-func (h *syspolicyHandler) ReadStringArray(key string) ([]string, error) {
+func (h *syspolicyStore) ReadStringArray(key pkey.Key) ([]string, error) {
 	if key == "" {
 		return nil, syspolicy.ErrNoSuchKey
 	}
-	retVal, err := h.a.appCtx.GetSyspolicyStringArrayJSONValue(key)
+	retVal, err := h.a.appCtx.GetSyspolicyStringArrayJSONValue(string(key))
 	if err := translateHandlerError(err); err != nil {
 		return nil, err
 	}
@@ -63,7 +64,7 @@ func (h *syspolicyHandler) ReadStringArray(key string) ([]string, error) {
 	return arr, err
 }
 
-func (h *syspolicyHandler) RegisterChangeCallback(cb func()) (unregister func(), err error) {
+func (h *syspolicyStore) RegisterChangeCallback(cb func()) (unregister func(), err error) {
 	h.mu.Lock()
 	handle := h.cbs.Add(cb)
 	h.mu.Unlock()
@@ -74,7 +75,7 @@ func (h *syspolicyHandler) RegisterChangeCallback(cb func()) (unregister func(),
 	}, nil
 }
 
-func (h *syspolicyHandler) notifyChanged() {
+func (h *syspolicyStore) notifyChanged() {
 	h.mu.RLock()
 	for _, cb := range h.cbs {
 		go cb()
diff --git a/libtailscale/tailscale.go b/libtailscale/tailscale.go
index ecbe0df..c03e6f5 100644
--- a/libtailscale/tailscale.go
+++ b/libtailscale/tailscale.go
@@ -19,7 +19,8 @@ import (
 	"tailscale.com/types/logger"
 	"tailscale.com/types/logid"
 	"tailscale.com/util/clientmetric"
-	"tailscale.com/util/syspolicy"
+	"tailscale.com/util/syspolicy/rsop"
+	"tailscale.com/util/syspolicy/setting"
 )
 
 const defaultMTU = 1280 // minimalMTU from wgengine/userspace.go
@@ -39,9 +40,9 @@ func newApp(dataDir, directFileRoot string, appCtx AppContext) Application {
 	a.ready.Add(2)
 
 	a.store = newStateStore(a.appCtx)
-	a.policyStore = &syspolicyHandler{a: a}
+	a.policyStore = &syspolicyStore{a: a}
 	netmon.RegisterInterfaceGetter(a.getInterfaces)
-	syspolicy.RegisterHandler(a.policyStore)
+	rsop.RegisterStore("DeviceHandler", setting.DeviceScope, a.policyStore)
 	go a.watchFileOpsChanges()
 
 	go func() {