2013-09-15 08:16:29 -04:00
|
|
|
/*
|
2014-02-17 13:50:07 -05:00
|
|
|
* Copyright (C) 2013-2014 Dominik Schürmann <dominik@dominikschuermann.de>
|
2013-09-15 08:16:29 -04:00
|
|
|
*
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
package org.sufficientlysecure.keychain.service.remote;
|
|
|
|
|
|
|
|
import java.util.ArrayList;
|
2013-12-30 13:16:21 -05:00
|
|
|
import java.util.Arrays;
|
2013-09-15 08:16:29 -04:00
|
|
|
|
2014-02-17 12:37:01 -05:00
|
|
|
import org.openintents.openpgp.OpenPgpError;
|
|
|
|
import org.openintents.openpgp.util.OpenPgpConstants;
|
2013-09-15 08:16:29 -04:00
|
|
|
import org.sufficientlysecure.keychain.Constants;
|
2013-12-30 14:57:49 -05:00
|
|
|
import org.sufficientlysecure.keychain.R;
|
2013-09-15 08:16:29 -04:00
|
|
|
import org.sufficientlysecure.keychain.provider.KeychainContract;
|
|
|
|
import org.sufficientlysecure.keychain.provider.ProviderHelper;
|
|
|
|
import org.sufficientlysecure.keychain.util.Log;
|
|
|
|
|
2014-02-17 12:37:01 -05:00
|
|
|
import android.app.PendingIntent;
|
2013-09-15 08:16:29 -04:00
|
|
|
import android.app.Service;
|
|
|
|
import android.content.Context;
|
|
|
|
import android.content.Intent;
|
2013-12-30 13:16:21 -05:00
|
|
|
import android.content.pm.PackageInfo;
|
|
|
|
import android.content.pm.PackageManager;
|
|
|
|
import android.content.pm.PackageManager.NameNotFoundException;
|
|
|
|
import android.content.pm.Signature;
|
2013-09-15 08:16:29 -04:00
|
|
|
import android.net.Uri;
|
|
|
|
import android.os.Binder;
|
|
|
|
import android.os.Bundle;
|
|
|
|
import android.os.Handler;
|
|
|
|
import android.os.Message;
|
|
|
|
import android.os.Messenger;
|
|
|
|
|
|
|
|
/**
|
2013-12-30 13:16:21 -05:00
|
|
|
* Abstract service class for remote APIs that handle app registration and user input.
|
2013-09-15 08:16:29 -04:00
|
|
|
*/
|
2013-09-15 09:20:15 -04:00
|
|
|
public abstract class RemoteService extends Service {
|
2013-09-15 08:16:29 -04:00
|
|
|
Context mContext;
|
|
|
|
|
2014-02-17 12:37:01 -05:00
|
|
|
private static final int PRIVATE_REQUEST_CODE_REGISTER = 651;
|
|
|
|
private static final int PRIVATE_REQUEST_CODE_ERROR = 652;
|
2013-09-15 08:16:29 -04:00
|
|
|
|
|
|
|
|
2013-09-15 09:20:15 -04:00
|
|
|
public Context getContext() {
|
|
|
|
return mContext;
|
|
|
|
}
|
|
|
|
|
2014-02-17 12:37:01 -05:00
|
|
|
protected Bundle isAllowed(Bundle params) {
|
2013-12-30 13:16:21 -05:00
|
|
|
try {
|
|
|
|
if (isCallerAllowed(false)) {
|
|
|
|
|
2014-02-17 12:37:01 -05:00
|
|
|
return null;
|
2013-09-15 08:16:29 -04:00
|
|
|
} else {
|
2013-12-30 13:16:21 -05:00
|
|
|
String[] callingPackages = getPackageManager().getPackagesForUid(
|
|
|
|
Binder.getCallingUid());
|
|
|
|
// TODO: currently simply uses first entry
|
|
|
|
String packageName = callingPackages[0];
|
|
|
|
|
|
|
|
byte[] packageSignature;
|
|
|
|
try {
|
|
|
|
packageSignature = getPackageSignature(packageName);
|
|
|
|
} catch (NameNotFoundException e) {
|
|
|
|
Log.e(Constants.TAG, "Should not happen, returning!", e);
|
2014-02-17 12:37:01 -05:00
|
|
|
// return error
|
|
|
|
Bundle result = new Bundle();
|
|
|
|
result.putInt(OpenPgpConstants.RESULT_CODE, OpenPgpConstants.RESULT_CODE_ERROR);
|
|
|
|
result.putParcelable(OpenPgpConstants.RESULT_ERRORS,
|
|
|
|
new OpenPgpError(OpenPgpError.GENERIC_ERROR, e.getMessage()));
|
|
|
|
return result;
|
2013-12-30 13:16:21 -05:00
|
|
|
}
|
2014-02-17 12:37:01 -05:00
|
|
|
Log.e(Constants.TAG, "Not allowed to use service! return PendingIntent for registration!");
|
|
|
|
|
|
|
|
Intent intent = new Intent(getBaseContext(), RemoteServiceActivity.class);
|
|
|
|
intent.setAction(RemoteServiceActivity.ACTION_REGISTER);
|
|
|
|
intent.putExtra(RemoteServiceActivity.EXTRA_PACKAGE_NAME, packageName);
|
|
|
|
intent.putExtra(RemoteServiceActivity.EXTRA_PACKAGE_SIGNATURE, packageSignature);
|
|
|
|
intent.putExtra(OpenPgpConstants.PI_RESULT_PARAMS, params);
|
|
|
|
|
|
|
|
PendingIntent pi = PendingIntent.getActivity(getBaseContext(), PRIVATE_REQUEST_CODE_REGISTER, intent, 0);
|
|
|
|
|
|
|
|
// return PendingIntent to be executed by client
|
|
|
|
Bundle result = new Bundle();
|
|
|
|
result.putInt(OpenPgpConstants.RESULT_CODE, OpenPgpConstants.RESULT_CODE_USER_INTERACTION_REQUIRED);
|
|
|
|
result.putParcelable(OpenPgpConstants.RESULT_INTENT, pi);
|
|
|
|
|
|
|
|
return result;
|
2013-09-15 08:16:29 -04:00
|
|
|
}
|
2013-12-30 13:16:21 -05:00
|
|
|
} catch (WrongPackageSignatureException e) {
|
2014-02-17 12:37:01 -05:00
|
|
|
Log.e(Constants.TAG, "wrong signature!", e);
|
|
|
|
|
|
|
|
Intent intent = new Intent(getBaseContext(), RemoteServiceActivity.class);
|
|
|
|
intent.setAction(RemoteServiceActivity.ACTION_ERROR_MESSAGE);
|
|
|
|
intent.putExtra(RemoteServiceActivity.EXTRA_ERROR_MESSAGE, getString(R.string.api_error_wrong_signature));
|
|
|
|
intent.putExtra(OpenPgpConstants.PI_RESULT_PARAMS, params);
|
|
|
|
|
|
|
|
PendingIntent pi = PendingIntent.getActivity(getBaseContext(), PRIVATE_REQUEST_CODE_ERROR, intent, 0);
|
|
|
|
|
|
|
|
// return PendingIntent to be executed by client
|
|
|
|
Bundle result = new Bundle();
|
|
|
|
result.putInt(OpenPgpConstants.RESULT_CODE, OpenPgpConstants.RESULT_CODE_USER_INTERACTION_REQUIRED);
|
|
|
|
result.putParcelable(OpenPgpConstants.RESULT_INTENT, pi);
|
|
|
|
|
|
|
|
return result;
|
2013-09-15 08:16:29 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-12-30 13:16:21 -05:00
|
|
|
private byte[] getPackageSignature(String packageName) throws NameNotFoundException {
|
|
|
|
PackageInfo pkgInfo = getPackageManager().getPackageInfo(packageName,
|
|
|
|
PackageManager.GET_SIGNATURES);
|
|
|
|
Signature[] signatures = pkgInfo.signatures;
|
|
|
|
// TODO: Only first signature?!
|
|
|
|
byte[] packageSignature = signatures[0].toByteArray();
|
|
|
|
|
|
|
|
return packageSignature;
|
|
|
|
}
|
|
|
|
|
2013-09-15 08:16:29 -04:00
|
|
|
/**
|
|
|
|
* Retrieves AppSettings from database for the application calling this remote service
|
2014-02-17 12:37:01 -05:00
|
|
|
*
|
2013-09-15 08:16:29 -04:00
|
|
|
* @return
|
|
|
|
*/
|
|
|
|
protected AppSettings getAppSettings() {
|
|
|
|
String[] callingPackages = getPackageManager().getPackagesForUid(Binder.getCallingUid());
|
|
|
|
|
|
|
|
// get app settings for this package
|
|
|
|
for (int i = 0; i < callingPackages.length; i++) {
|
|
|
|
String currentPkg = callingPackages[i];
|
|
|
|
|
|
|
|
Uri uri = KeychainContract.ApiApps.buildByPackageNameUri(currentPkg);
|
|
|
|
|
|
|
|
AppSettings settings = ProviderHelper.getApiAppSettings(this, uri);
|
|
|
|
|
|
|
|
if (settings != null)
|
|
|
|
return settings;
|
|
|
|
}
|
|
|
|
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Checks if process that binds to this service (i.e. the package name corresponding to the
|
|
|
|
* process) is in the list of allowed package names.
|
2014-02-17 12:37:01 -05:00
|
|
|
*
|
|
|
|
* @param allowOnlySelf allow only Keychain app itself
|
2013-09-15 08:16:29 -04:00
|
|
|
* @return true if process is allowed to use this service
|
2013-12-30 13:16:21 -05:00
|
|
|
* @throws WrongPackageSignatureException
|
2013-09-15 08:16:29 -04:00
|
|
|
*/
|
2013-12-30 13:16:21 -05:00
|
|
|
private boolean isCallerAllowed(boolean allowOnlySelf) throws WrongPackageSignatureException {
|
|
|
|
return isUidAllowed(Binder.getCallingUid(), allowOnlySelf);
|
|
|
|
}
|
|
|
|
|
|
|
|
private boolean isUidAllowed(int uid, boolean allowOnlySelf)
|
|
|
|
throws WrongPackageSignatureException {
|
|
|
|
if (android.os.Process.myUid() == uid) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
if (allowOnlySelf) { // barrier
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
String[] callingPackages = getPackageManager().getPackagesForUid(uid);
|
2013-09-15 08:16:29 -04:00
|
|
|
|
|
|
|
// is calling package allowed to use this service?
|
|
|
|
for (int i = 0; i < callingPackages.length; i++) {
|
|
|
|
String currentPkg = callingPackages[i];
|
|
|
|
|
2013-12-30 13:16:21 -05:00
|
|
|
if (isPackageAllowed(currentPkg)) {
|
2013-09-15 08:16:29 -04:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
Log.d(Constants.TAG, "Caller is NOT allowed!");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2013-12-30 13:16:21 -05:00
|
|
|
* Checks if packageName is a registered app for the API. Does not return true for own package!
|
2014-02-17 12:37:01 -05:00
|
|
|
*
|
2013-09-15 08:16:29 -04:00
|
|
|
* @param packageName
|
|
|
|
* @return
|
2013-12-30 13:16:21 -05:00
|
|
|
* @throws WrongPackageSignatureException
|
2013-09-15 08:16:29 -04:00
|
|
|
*/
|
2013-12-30 13:16:21 -05:00
|
|
|
private boolean isPackageAllowed(String packageName) throws WrongPackageSignatureException {
|
2013-09-15 08:16:29 -04:00
|
|
|
Log.d(Constants.TAG, "packageName: " + packageName);
|
|
|
|
|
2013-12-30 13:16:21 -05:00
|
|
|
ArrayList<String> allowedPkgs = ProviderHelper.getRegisteredApiApps(this);
|
2013-09-15 08:16:29 -04:00
|
|
|
Log.d(Constants.TAG, "allowed: " + allowedPkgs);
|
|
|
|
|
|
|
|
// check if package is allowed to use our service
|
2013-12-30 13:16:21 -05:00
|
|
|
if (allowedPkgs.contains(packageName)) {
|
2013-09-15 08:16:29 -04:00
|
|
|
Log.d(Constants.TAG, "Package is allowed! packageName: " + packageName);
|
|
|
|
|
2013-12-30 13:16:21 -05:00
|
|
|
// check package signature
|
|
|
|
byte[] currentSig;
|
|
|
|
try {
|
|
|
|
currentSig = getPackageSignature(packageName);
|
|
|
|
} catch (NameNotFoundException e) {
|
|
|
|
throw new WrongPackageSignatureException(e.getMessage());
|
|
|
|
}
|
2013-09-15 08:16:29 -04:00
|
|
|
|
2013-12-30 13:16:21 -05:00
|
|
|
byte[] storedSig = ProviderHelper.getApiAppSignature(this, packageName);
|
|
|
|
if (Arrays.equals(currentSig, storedSig)) {
|
|
|
|
Log.d(Constants.TAG,
|
|
|
|
"Package signature is correct! (equals signature from database)");
|
|
|
|
return true;
|
|
|
|
} else {
|
|
|
|
throw new WrongPackageSignatureException(
|
|
|
|
"PACKAGE NOT ALLOWED! Signature wrong! (Signature not equals signature from database)");
|
|
|
|
}
|
2013-09-15 08:16:29 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public void onCreate() {
|
|
|
|
super.onCreate();
|
|
|
|
mContext = this;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|