diff --git a/OpenPGP-Keychain-API-Demo/res/layout/crypto_provider_demo.xml b/OpenPGP-Keychain-API-Demo/res/layout/crypto_provider_demo.xml index e4c9e1441..af1e345d6 100644 --- a/OpenPGP-Keychain-API-Demo/res/layout/crypto_provider_demo.xml +++ b/OpenPGP-Keychain-API-Demo/res/layout/crypto_provider_demo.xml @@ -21,19 +21,6 @@ android:text="dominik@dominikschuermann.de" android:textAppearance="@android:style/TextAppearance.Small" /> - - - - diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/helper/OtherHelper.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/helper/OtherHelper.java index e38b1b726..5dc561923 100644 --- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/helper/OtherHelper.java +++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/helper/OtherHelper.java @@ -120,7 +120,7 @@ public class OtherHelper { public static void checkPackagePermissionForActions(Activity activity, String pkgName, String permName, String action, String[] restrictedActions) { if (action != null) { - PackageManager pkgManager = activity.getPackageManager(); +// PackageManager pkgManager = activity.getPackageManager(); // for (int i = 0; i < restrictedActions.length; i++) { // if (restrictedActions[i].equals(action)) { diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/provider/ProviderHelper.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/provider/ProviderHelper.java index c8f9baeff..60aa0542e 100644 --- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/provider/ProviderHelper.java +++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/provider/ProviderHelper.java @@ -718,9 +718,9 @@ public class ProviderHelper { return cursor; } - public static ArrayList getCryptoConsumers(Context context) { - Cursor cursor = context.getContentResolver().query(ApiApps.CONTENT_URI, null, null, - null, null); + public static ArrayList getRegisteredApiApps(Context context) { + Cursor cursor = context.getContentResolver().query(ApiApps.CONTENT_URI, null, null, null, + null); ArrayList packageNames = new ArrayList(); if (cursor != null) { @@ -739,9 +739,12 @@ public class ProviderHelper { return packageNames; } - public static void addCryptoConsumer(Context context, String packageName) { + public static void addCryptoConsumer(Context context, String packageName, long keyId, + boolean asciiArmor) { ContentValues values = new ContentValues(); values.put(ApiApps.PACKAGE_NAME, packageName); + values.put(ApiApps.KEY_ID, keyId); + values.put(ApiApps.ASCII_ARMOR, asciiArmor); context.getContentResolver().insert(ApiApps.CONTENT_URI, values); } } diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/CryptoService.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/CryptoService.java index 71b78ee01..2e6ab4263 100644 --- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/CryptoService.java +++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/CryptoService.java @@ -76,10 +76,9 @@ public class CryptoService extends Service { public IBinder onBind(Intent intent) { // return different binder for connections from internal service activity if (ACTION_SERVICE_ACTIVITY.equals(intent.getAction())) { - String callingPackageName = intent.getPackage(); // this binder can only be used from OpenPGP Keychain - if (callingPackageName.equals(Constants.PACKAGE_NAME)) { + if (isCallerAllowed(true)) { return mBinderServiceActivity; } else { Log.e(Constants.TAG, "This binder can only be used from " + Constants.PACKAGE_NAME); @@ -150,8 +149,8 @@ public class CryptoService extends Service { // start passphrase dialog Bundle extras = new Bundle(); - extras.putLong(ServiceActivity.EXTRA_SECRET_KEY_ID, secretKeyId); - pauseQueueAndStartServiceActivity(ServiceActivity.ACTION_CACHE_PASSPHRASE, extras); + extras.putLong(CryptoServiceActivity.EXTRA_SECRET_KEY_ID, secretKeyId); + pauseQueueAndStartServiceActivity(CryptoServiceActivity.ACTION_CACHE_PASSPHRASE, extras); } // if (signedOnly) { @@ -255,7 +254,7 @@ public class CryptoService extends Service { public void setup(boolean asciiArmor, boolean newKeyring, String newKeyringUserId) throws RemoteException { // TODO Auto-generated method stub - + } }; @@ -267,7 +266,7 @@ public class CryptoService extends Service { if (success) { // resume threads - if (isPackageAllowed(packageName)) { + if (isPackageAllowed(packageName, false)) { mThreadPool.resume(); } else { // TODO: should not happen? @@ -287,7 +286,7 @@ public class CryptoService extends Service { }; private void checkAndEnqueue(Runnable r) { - if (isCallerAllowed()) { + if (isCallerAllowed(false)) { mThreadPool.execute(r); Log.d(Constants.TAG, "Enqueued runnable…"); @@ -298,8 +297,8 @@ public class CryptoService extends Service { Log.e(Constants.TAG, "Not allowed to use service! Starting activity for registration!"); Bundle extras = new Bundle(); // TODO: currently simply uses first entry - extras.putString(ServiceActivity.EXTRA_PACKAGE_NAME, callingPackages[0]); - pauseQueueAndStartServiceActivity(ServiceActivity.ACTION_REGISTER, extras); + extras.putString(CryptoServiceActivity.EXTRA_PACKAGE_NAME, callingPackages[0]); + pauseQueueAndStartServiceActivity(CryptoServiceActivity.ACTION_REGISTER, extras); mThreadPool.execute(r); @@ -311,16 +310,18 @@ public class CryptoService extends Service { * Checks if process that binds to this service (i.e. the package name corresponding to the * process) is in the list of allowed package names. * + * @param allowOnlySelf + * allow only Keychain app itself * @return true if process is allowed to use this service */ - private boolean isCallerAllowed() { + private boolean isCallerAllowed(boolean allowOnlySelf) { String[] callingPackages = getPackageManager().getPackagesForUid(Binder.getCallingUid()); // is calling package allowed to use this service? for (int i = 0; i < callingPackages.length; i++) { String currentPkg = callingPackages[i]; - if (isPackageAllowed(currentPkg)) { + if (isPackageAllowed(currentPkg, allowOnlySelf)) { return true; } } @@ -329,14 +330,22 @@ public class CryptoService extends Service { return false; } - private boolean isPackageAllowed(String packageName) { + /** + * Checks if packageName is a registered app for the API. + * + * @param packageName + * @param allowOnlySelf + * allow only Keychain app itself + * @return + */ + private boolean isPackageAllowed(String packageName, boolean allowOnlySelf) { Log.d(Constants.TAG, "packageName: " + packageName); - ArrayList allowedPkgs = ProviderHelper.getCryptoConsumers(mContext); + ArrayList allowedPkgs = ProviderHelper.getRegisteredApiApps(mContext); Log.d(Constants.TAG, "allowed: " + allowedPkgs); // check if package is allowed to use our service - if (allowedPkgs.contains(packageName)) { + if (allowedPkgs.contains(packageName) && (!allowOnlySelf)) { Log.d(Constants.TAG, "Package is allowed! packageName: " + packageName); return true; @@ -353,7 +362,7 @@ public class CryptoService extends Service { mThreadPool.pause(); Log.d(Constants.TAG, "starting activity..."); - Intent intent = new Intent(getBaseContext(), ServiceActivity.class); + Intent intent = new Intent(getBaseContext(), CryptoServiceActivity.class); intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); intent.setAction(action); if (extras != null) { diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/ServiceActivity.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/CryptoServiceActivity.java similarity index 95% rename from OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/ServiceActivity.java rename to OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/CryptoServiceActivity.java index 422026a19..39ff79f16 100644 --- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/ServiceActivity.java +++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/CryptoServiceActivity.java @@ -43,7 +43,7 @@ import android.widget.Toast; import com.actionbarsherlock.app.ActionBar; import com.actionbarsherlock.app.SherlockFragmentActivity; -public class ServiceActivity extends SherlockFragmentActivity { +public class CryptoServiceActivity extends SherlockFragmentActivity { public static final String ACTION_REGISTER = "org.sufficientlysecure.keychain.remote_api.REGISTER"; public static final String ACTION_CACHE_PASSPHRASE = "org.sufficientlysecure.keychain.remote_api.CRYPTO_CACHE_PASSPHRASE"; @@ -82,7 +82,8 @@ public class ServiceActivity extends SherlockFragmentActivity { Log.d(Constants.TAG, "not bound yet"); Intent serviceIntent = new Intent(); - serviceIntent.setAction("org.openintents.crypto.ICryptoService"); + serviceIntent + .setAction("org.sufficientlysecure.keychain.crypto_provider.IServiceActivityCallback"); bindService(serviceIntent, mServiceActivityConnection, Context.BIND_AUTO_CREATE); return true; @@ -151,11 +152,13 @@ public class ServiceActivity extends SherlockFragmentActivity { // Allow if (settingsFragment.getSecretKeyId() == Id.key.none) { - Toast.makeText(ServiceActivity.this, + Toast.makeText(CryptoServiceActivity.this, R.string.api_register_error_select_key, Toast.LENGTH_LONG) .show(); } else { - ProviderHelper.addCryptoConsumer(ServiceActivity.this, packageName); + ProviderHelper.addCryptoConsumer(CryptoServiceActivity.this, + packageName, settingsFragment.getSecretKeyId(), + settingsFragment.isAsciiArmor()); // Intent data = new Intent(); try {