diff --git a/OpenPGP-Keychain-API-Demo/res/layout/crypto_provider_demo.xml b/OpenPGP-Keychain-API-Demo/res/layout/crypto_provider_demo.xml
index e4c9e1441..af1e345d6 100644
--- a/OpenPGP-Keychain-API-Demo/res/layout/crypto_provider_demo.xml
+++ b/OpenPGP-Keychain-API-Demo/res/layout/crypto_provider_demo.xml
@@ -21,19 +21,6 @@
android:text="dominik@dominikschuermann.de"
android:textAppearance="@android:style/TextAppearance.Small" />
-
-
-
-
diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/helper/OtherHelper.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/helper/OtherHelper.java
index e38b1b726..5dc561923 100644
--- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/helper/OtherHelper.java
+++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/helper/OtherHelper.java
@@ -120,7 +120,7 @@ public class OtherHelper {
public static void checkPackagePermissionForActions(Activity activity, String pkgName,
String permName, String action, String[] restrictedActions) {
if (action != null) {
- PackageManager pkgManager = activity.getPackageManager();
+// PackageManager pkgManager = activity.getPackageManager();
// for (int i = 0; i < restrictedActions.length; i++) {
// if (restrictedActions[i].equals(action)) {
diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/provider/ProviderHelper.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/provider/ProviderHelper.java
index c8f9baeff..60aa0542e 100644
--- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/provider/ProviderHelper.java
+++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/provider/ProviderHelper.java
@@ -718,9 +718,9 @@ public class ProviderHelper {
return cursor;
}
- public static ArrayList getCryptoConsumers(Context context) {
- Cursor cursor = context.getContentResolver().query(ApiApps.CONTENT_URI, null, null,
- null, null);
+ public static ArrayList getRegisteredApiApps(Context context) {
+ Cursor cursor = context.getContentResolver().query(ApiApps.CONTENT_URI, null, null, null,
+ null);
ArrayList packageNames = new ArrayList();
if (cursor != null) {
@@ -739,9 +739,12 @@ public class ProviderHelper {
return packageNames;
}
- public static void addCryptoConsumer(Context context, String packageName) {
+ public static void addCryptoConsumer(Context context, String packageName, long keyId,
+ boolean asciiArmor) {
ContentValues values = new ContentValues();
values.put(ApiApps.PACKAGE_NAME, packageName);
+ values.put(ApiApps.KEY_ID, keyId);
+ values.put(ApiApps.ASCII_ARMOR, asciiArmor);
context.getContentResolver().insert(ApiApps.CONTENT_URI, values);
}
}
diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/CryptoService.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/CryptoService.java
index 71b78ee01..2e6ab4263 100644
--- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/CryptoService.java
+++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/CryptoService.java
@@ -76,10 +76,9 @@ public class CryptoService extends Service {
public IBinder onBind(Intent intent) {
// return different binder for connections from internal service activity
if (ACTION_SERVICE_ACTIVITY.equals(intent.getAction())) {
- String callingPackageName = intent.getPackage();
// this binder can only be used from OpenPGP Keychain
- if (callingPackageName.equals(Constants.PACKAGE_NAME)) {
+ if (isCallerAllowed(true)) {
return mBinderServiceActivity;
} else {
Log.e(Constants.TAG, "This binder can only be used from " + Constants.PACKAGE_NAME);
@@ -150,8 +149,8 @@ public class CryptoService extends Service {
// start passphrase dialog
Bundle extras = new Bundle();
- extras.putLong(ServiceActivity.EXTRA_SECRET_KEY_ID, secretKeyId);
- pauseQueueAndStartServiceActivity(ServiceActivity.ACTION_CACHE_PASSPHRASE, extras);
+ extras.putLong(CryptoServiceActivity.EXTRA_SECRET_KEY_ID, secretKeyId);
+ pauseQueueAndStartServiceActivity(CryptoServiceActivity.ACTION_CACHE_PASSPHRASE, extras);
}
// if (signedOnly) {
@@ -255,7 +254,7 @@ public class CryptoService extends Service {
public void setup(boolean asciiArmor, boolean newKeyring, String newKeyringUserId)
throws RemoteException {
// TODO Auto-generated method stub
-
+
}
};
@@ -267,7 +266,7 @@ public class CryptoService extends Service {
if (success) {
// resume threads
- if (isPackageAllowed(packageName)) {
+ if (isPackageAllowed(packageName, false)) {
mThreadPool.resume();
} else {
// TODO: should not happen?
@@ -287,7 +286,7 @@ public class CryptoService extends Service {
};
private void checkAndEnqueue(Runnable r) {
- if (isCallerAllowed()) {
+ if (isCallerAllowed(false)) {
mThreadPool.execute(r);
Log.d(Constants.TAG, "Enqueued runnable…");
@@ -298,8 +297,8 @@ public class CryptoService extends Service {
Log.e(Constants.TAG, "Not allowed to use service! Starting activity for registration!");
Bundle extras = new Bundle();
// TODO: currently simply uses first entry
- extras.putString(ServiceActivity.EXTRA_PACKAGE_NAME, callingPackages[0]);
- pauseQueueAndStartServiceActivity(ServiceActivity.ACTION_REGISTER, extras);
+ extras.putString(CryptoServiceActivity.EXTRA_PACKAGE_NAME, callingPackages[0]);
+ pauseQueueAndStartServiceActivity(CryptoServiceActivity.ACTION_REGISTER, extras);
mThreadPool.execute(r);
@@ -311,16 +310,18 @@ public class CryptoService extends Service {
* Checks if process that binds to this service (i.e. the package name corresponding to the
* process) is in the list of allowed package names.
*
+ * @param allowOnlySelf
+ * allow only Keychain app itself
* @return true if process is allowed to use this service
*/
- private boolean isCallerAllowed() {
+ private boolean isCallerAllowed(boolean allowOnlySelf) {
String[] callingPackages = getPackageManager().getPackagesForUid(Binder.getCallingUid());
// is calling package allowed to use this service?
for (int i = 0; i < callingPackages.length; i++) {
String currentPkg = callingPackages[i];
- if (isPackageAllowed(currentPkg)) {
+ if (isPackageAllowed(currentPkg, allowOnlySelf)) {
return true;
}
}
@@ -329,14 +330,22 @@ public class CryptoService extends Service {
return false;
}
- private boolean isPackageAllowed(String packageName) {
+ /**
+ * Checks if packageName is a registered app for the API.
+ *
+ * @param packageName
+ * @param allowOnlySelf
+ * allow only Keychain app itself
+ * @return
+ */
+ private boolean isPackageAllowed(String packageName, boolean allowOnlySelf) {
Log.d(Constants.TAG, "packageName: " + packageName);
- ArrayList allowedPkgs = ProviderHelper.getCryptoConsumers(mContext);
+ ArrayList allowedPkgs = ProviderHelper.getRegisteredApiApps(mContext);
Log.d(Constants.TAG, "allowed: " + allowedPkgs);
// check if package is allowed to use our service
- if (allowedPkgs.contains(packageName)) {
+ if (allowedPkgs.contains(packageName) && (!allowOnlySelf)) {
Log.d(Constants.TAG, "Package is allowed! packageName: " + packageName);
return true;
@@ -353,7 +362,7 @@ public class CryptoService extends Service {
mThreadPool.pause();
Log.d(Constants.TAG, "starting activity...");
- Intent intent = new Intent(getBaseContext(), ServiceActivity.class);
+ Intent intent = new Intent(getBaseContext(), CryptoServiceActivity.class);
intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
intent.setAction(action);
if (extras != null) {
diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/ServiceActivity.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/CryptoServiceActivity.java
similarity index 95%
rename from OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/ServiceActivity.java
rename to OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/CryptoServiceActivity.java
index 422026a19..39ff79f16 100644
--- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/ServiceActivity.java
+++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/CryptoServiceActivity.java
@@ -43,7 +43,7 @@ import android.widget.Toast;
import com.actionbarsherlock.app.ActionBar;
import com.actionbarsherlock.app.SherlockFragmentActivity;
-public class ServiceActivity extends SherlockFragmentActivity {
+public class CryptoServiceActivity extends SherlockFragmentActivity {
public static final String ACTION_REGISTER = "org.sufficientlysecure.keychain.remote_api.REGISTER";
public static final String ACTION_CACHE_PASSPHRASE = "org.sufficientlysecure.keychain.remote_api.CRYPTO_CACHE_PASSPHRASE";
@@ -82,7 +82,8 @@ public class ServiceActivity extends SherlockFragmentActivity {
Log.d(Constants.TAG, "not bound yet");
Intent serviceIntent = new Intent();
- serviceIntent.setAction("org.openintents.crypto.ICryptoService");
+ serviceIntent
+ .setAction("org.sufficientlysecure.keychain.crypto_provider.IServiceActivityCallback");
bindService(serviceIntent, mServiceActivityConnection, Context.BIND_AUTO_CREATE);
return true;
@@ -151,11 +152,13 @@ public class ServiceActivity extends SherlockFragmentActivity {
// Allow
if (settingsFragment.getSecretKeyId() == Id.key.none) {
- Toast.makeText(ServiceActivity.this,
+ Toast.makeText(CryptoServiceActivity.this,
R.string.api_register_error_select_key, Toast.LENGTH_LONG)
.show();
} else {
- ProviderHelper.addCryptoConsumer(ServiceActivity.this, packageName);
+ ProviderHelper.addCryptoConsumer(CryptoServiceActivity.this,
+ packageName, settingsFragment.getSecretKeyId(),
+ settingsFragment.isAsciiArmor());
// Intent data = new Intent();
try {