fix(permissions): proactively request ACCESS_LOCAL_NETWORK to suppress NSD picker

On Android 17 (API 37) with targetSdk=37, the platform falls back to the
system 'Choose a device to connect' picker on every NsdManager.discoverServices()
call when ACCESS_LOCAL_NETWORK isn't granted. Removing the manifest entry in
the previous commit only suppressed the runtime grant flavor of the prompt —
the picker still fired as the platform's mediated fallback.

This restores the manifest declaration and wires a runtime permission request
into ConnectionsScreen so users get a proper one-time grant prompt instead of
a per-scan picker. Because ACCESS_LOCAL_NETWORK is in the NEARBY_DEVICES
permission group, users who have already granted Bluetooth permissions are
silently auto-granted with no UI shown.

- Re-add ACCESS_LOCAL_NETWORK to AndroidManifest.xml with comment explaining
  the Android 17 LNP enforcement and dual TAK/NSD use case.
- Add isLocalNetworkPermissionGranted() expect/actual helper to core/ui.
- Gate ConnectionsScreen network auto-start on the runtime grant so a
  previously-persisted networkAutoScan=true does not surface the picker for
  users who haven't granted the permission.
- Manual scan toggle now requests the permission before starting and persists
  the user's intent so the launcher's onGranted callback can start the scan.
- Add ScannerViewModel.persistNetworkAutoScanIntent for the deferred-start path.
- Update TakPermissionUtil comment — pre-existing comment claimed the
  permission was 'NOT required for NSD', which was true on Android 16 but
  false on Android 17 with targetSdk=37.

Verified on Pixel 6a / Android 17 / API 37: NSD discovery now runs without
the picker, and the permission is silently auto-granted via the NEARBY_DEVICES
group when Bluetooth perms are already held.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: jamesarich

app/src/main/AndroidManifest.xml

@@ -52,6 +52,15 @@
 
     <uses-permission android:name="android.permission.WAKE_LOCK" />
 
+    <!--
+      Android 17 (API 37) Local Network Protection: targetSdk=37 apps are blocked
+      from local-network access by default. Required for both NSD/mDNS device
+      discovery on the Connections screen and the built-in TAK Server's localhost
+      loopback binding. Requested at runtime via rememberRequestLocalNetworkPermission.
+      See: https://developer.android.com/privacy-and-security/local-network-permission
+    -->
+    <uses-permission android:name="android.permission.ACCESS_LOCAL_NETWORK" />
+
     <!--
       This permission is optional but recommended so we can be smart
       about when to send data.

core/ui/src/androidMain/kotlin/org/meshtastic/core/ui/util/PlatformUtils.kt

@@ -271,6 +271,21 @@ actual fun rememberRequestLocalNetworkPermission(onGranted: () -> Unit, onDenied
     return remember(launcher) { { launcher.launch(android.Manifest.permission.ACCESS_LOCAL_NETWORK) } }
 }
 
+@Composable
+actual fun isLocalNetworkPermissionGranted(): Boolean {
+    if (android.os.Build.VERSION.SDK_INT < android.os.Build.VERSION_CODES.S) {
+        // Pre-Android 12, no runtime local-network permission exists; access is implicit via INTERNET.
+        return true
+    }
+    val context = LocalContext.current
+    return rememberOnResumeState {
+        androidx.core.content.ContextCompat.checkSelfPermission(
+            context,
+            android.Manifest.permission.ACCESS_LOCAL_NETWORK,
+        ) == android.content.pm.PackageManager.PERMISSION_GRANTED
+    }
+}
+
 @Composable
 actual fun isLocationPermissionGranted(): Boolean {
     val context = LocalContext.current

core/ui/src/commonMain/kotlin/org/meshtastic/core/ui/util/PlatformUtils.kt

@@ -71,6 +71,12 @@ expect fun rememberSaveFileLauncher(
 @Composable
 expect fun rememberRequestLocalNetworkPermission(onGranted: () -> Unit, onDenied: () -> Unit = {}): () -> Unit
 
+/**
+ * Returns whether ACCESS_LOCAL_NETWORK is currently granted. Always `true` on platforms / API levels that don't gate
+ * local-network access behind a runtime permission.
+ */
+@Composable expect fun isLocalNetworkPermissionGranted(): Boolean
+
 /** Returns a launcher to request the POST_NOTIFICATIONS permission. No-op on platforms that don't require it. */
 @Composable
 expect fun rememberRequestNotificationPermission(onGranted: () -> Unit, onDenied: () -> Unit = {}): () -> Unit

core/ui/src/iosMain/kotlin/org/meshtastic/core/ui/util/NoopStubs.kt

@@ -61,6 +61,8 @@ actual fun rememberOpenFileLauncher(onUriReceived: (CommonUri?) -> Unit): (mimeT
 @Composable
 actual fun rememberRequestLocalNetworkPermission(onGranted: () -> Unit, onDenied: () -> Unit): () -> Unit = {}
 
+@Composable actual fun isLocalNetworkPermissionGranted(): Boolean = true
+
 @Composable
 actual fun rememberRequestNotificationPermission(onGranted: () -> Unit, onDenied: () -> Unit): () -> Unit = {}
 

core/ui/src/jvmMain/kotlin/org/meshtastic/core/ui/util/PlatformUtils.kt

@@ -140,6 +140,9 @@ actual fun rememberRequestLocalNetworkPermission(onGranted: () -> Unit, onDenied
     onGranted()
 }
 
+/** JVM — local network permission is always considered granted on Desktop. */
+@Composable actual fun isLocalNetworkPermissionGranted(): Boolean = true
+
 /** JVM no-op — Desktop does not require runtime notification permissions. */
 @Composable
 actual fun rememberRequestNotificationPermission(onGranted: () -> Unit, onDenied: () -> Unit): () -> Unit = {

feature/connections/src/commonMain/kotlin/org/meshtastic/feature/connections/ScannerViewModel.kt

@@ -265,6 +265,15 @@ open class ScannerViewModel(
         uiPrefs.setNetworkAutoScan(_isNetworkScanning.value)
     }
 
+    /**
+     * Persist the user's intent to auto-scan the network on next screen entry without flipping the active scan flag.
+     * Used by the Connections screen when it must defer the actual scan start until after the system permission grant
+     * dialog resolves — the persisted intent ensures auto-start fires once permission is granted.
+     */
+    fun persistNetworkAutoScanIntent(enabled: Boolean) {
+        uiPrefs.setNetworkAutoScan(enabled)
+    }
+
     // ── Device selection / disconnect ───────────────────────────────────────────────────────
 
     fun changeDeviceAddress(address: String) {

feature/connections/src/commonMain/kotlin/org/meshtastic/feature/connections/ui/ConnectionsScreen.kt

@@ -64,6 +64,8 @@ import org.meshtastic.core.ui.component.MainAppBar
 import org.meshtastic.core.ui.icon.Language
 import org.meshtastic.core.ui.icon.MeshtasticIcons
 import org.meshtastic.core.ui.icon.NoDevice
+import org.meshtastic.core.ui.util.isLocalNetworkPermissionGranted
+import org.meshtastic.core.ui.util.rememberRequestLocalNetworkPermission
 import org.meshtastic.core.ui.viewmodel.ConnectionStatus
 import org.meshtastic.core.ui.viewmodel.ConnectionsViewModel
 import org.meshtastic.feature.connections.MOCK_DEVICE_PREFIX
@@ -118,12 +120,23 @@ fun ConnectionsScreen(
 
     val bleAutoScan by scanModel.bleAutoScan.collectAsStateWithLifecycle()
     val networkAutoScan by scanModel.networkAutoScan.collectAsStateWithLifecycle()
+    val localNetworkPermissionGranted = isLocalNetworkPermissionGranted()
+
+    // Android 17 (API 37) gates NSD/mDNS behind ACCESS_LOCAL_NETWORK. Without this prompt the platform
+    // falls back to the system "Choose a device to connect" picker on every discoverServices() call.
+    // Granting the permission upfront lets discovery run silently in-app.
+    val requestLocalNetworkPermission =
+        rememberRequestLocalNetworkPermission(
+            onGranted = { scanModel.startNetworkScan() },
+            onDenied = { scanModel.stopNetworkScan() },
+        )
 
     // Auto-start scans on screen entry when the user has previously opted in via the toggle. Stop on exit so we don't
-    // drain battery in the background.
-    DisposableEffect(Unit) {
+    // drain battery in the background. Network auto-start is additionally gated on the runtime local-network grant so
+    // we don't trigger the system picker for users who declined the permission.
+    DisposableEffect(localNetworkPermissionGranted) {
         if (bleAutoScan) scanModel.startBleScan()
-        if (networkAutoScan) scanModel.startNetworkScan()
+        if (networkAutoScan && localNetworkPermissionGranted) scanModel.startNetworkScan()
         onDispose {
             scanModel.stopBleScan()
             scanModel.stopNetworkScan()
@@ -263,7 +276,18 @@ fun ConnectionsScreen(
                                 isNetworkScanning = isNetworkScanning,
                                 onSelectDevice = { scanModel.onSelected(it) },
                                 onToggleBleScan = { scanModel.toggleBleScan() },
-                                onToggleNetworkScan = { scanModel.toggleNetworkScan() },
+                                onToggleNetworkScan = {
+                                    if (isNetworkScanning || localNetworkPermissionGranted) {
+                                        scanModel.toggleNetworkScan()
+                                    } else {
+                                        // Prefer requesting the runtime grant over letting the platform fall
+                                        // back to the system NSD picker. Persist the user's intent so that if
+                                        // they grant after the prompt, the scan starts via the launcher's
+                                        // onGranted callback and stays on for next session.
+                                        scanModel.persistNetworkAutoScanIntent(true)
+                                        requestLocalNetworkPermission()
+                                    }
+                                },
                                 onAddManualAddress = { _, fullAddress ->
                                     val displayAddress = fullAddress.removePrefix(TCP_DEVICE_PREFIX)
                                     scanModel.addRecentAddress(fullAddress, displayAddress)

feature/settings/src/androidMain/kotlin/org/meshtastic/feature/settings/tak/TakPermissionUtil.kt

@@ -21,11 +21,11 @@ import org.meshtastic.core.ui.util.rememberRequestLocalNetworkPermission
 
 @Composable
 actual fun TakPermissionHandler(isTakServerEnabled: Boolean, onPermissionResult: (Boolean) -> Unit) {
-    // ACCESS_LOCAL_NETWORK permission (Android 12+) is only required for TAK Server's localhost
-    // socket binding (127.0.0.1:8087). It is NOT required for NSD mDNS service discovery
-    // (which uses CHANGE_WIFI_MULTICAST_STATE). By gating the permission request to only when
-    // TAK Server is explicitly enabled, casual users avoid the system dialog and the app works
-    // without the permission if TAK is disabled.
+    // ACCESS_LOCAL_NETWORK runtime permission (Android 17 / API 37+) is required for the TAK Server's
+    // localhost socket binding (127.0.0.1:8087). It is also required globally for NSD/mDNS device discovery
+    // when targetSdk >= 37, and is requested up-front from the Connections screen, so it will usually
+    // already be granted by the time the user enables TAK. This composable handles the standalone case
+    // (e.g. user opens TAK settings before ever tapping the network-scan toggle).
     val requestPermission =
         rememberRequestLocalNetworkPermission(
             onGranted = { onPermissionResult(true) },