mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-12-23 23:48:51 -05:00
Disable parts of the old API
This commit is contained in:
parent
c97c57d34e
commit
dc6a709b7a
34
API.md
Normal file
34
API.md
Normal file
@ -0,0 +1,34 @@
|
||||
# Security Model
|
||||
|
||||
## Basic goals
|
||||
|
||||
* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)
|
||||
|
||||
Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL
|
||||
|
||||
## Without Permissions
|
||||
|
||||
### Intents
|
||||
All Intents start with ``org.sufficientlysecure.keychain.action.``
|
||||
|
||||
* ``android.intent.action.VIEW`` connected to .gpg and .asc files: Import Key and Decrypt
|
||||
* ``android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
|
||||
* ``IMPORT``
|
||||
* ``IMPORT_FROM_FILE``
|
||||
* ``IMPORT_FROM_QR_CODE``
|
||||
* ``IMPORT_FROM_NFC``
|
||||
* ``SHARE_KEYRING``
|
||||
* ``SHARE_KEYRING_WITH_QR_CODE``
|
||||
* ``SHARE_KEYRING_WITH_NFC``
|
||||
* ``EDIT_KEYRING``
|
||||
* ``SELECT_PUBLIC_KEYRINGS``
|
||||
* ``SELECT_SECRET_KEYRING``
|
||||
* ``ENCRYPT``
|
||||
* ``ENCRYPT_FILE``
|
||||
* ``DECRYPT``
|
||||
* ``DECRYPT_FILE``
|
||||
|
||||
TODO:
|
||||
- remove IMPORT, SHARE intents, simplify ENCRYPT and DECRYPT intents (include _FILE derivates like done in SEND based on file type)
|
||||
- EDIT_KEYRING and CREATE_KEYRING, should be available via for registered apps
|
||||
- new intent REGISTER_APP?
|
68
OLD_API.md
Normal file
68
OLD_API.md
Normal file
@ -0,0 +1,68 @@
|
||||
This is the old API. Currently disabled!
|
||||
|
||||
# Security Model
|
||||
|
||||
## Basic goals
|
||||
|
||||
* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)
|
||||
|
||||
Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL
|
||||
|
||||
## Possible Permissions
|
||||
|
||||
* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider)
|
||||
* ACCESS_KEYS: get and import actual public and secret keys (remote service)
|
||||
|
||||
|
||||
## Without Permissions
|
||||
|
||||
### Intents
|
||||
All Intents start with org.sufficientlysecure.keychain.action.
|
||||
|
||||
* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt
|
||||
* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
|
||||
* IMPORT
|
||||
* IMPORT_FROM_FILE
|
||||
* IMPORT_FROM_QR_CODE
|
||||
* IMPORT_FROM_NFC
|
||||
* SHARE_KEYRING
|
||||
* SHARE_KEYRING_WITH_QR_CODE
|
||||
* SHARE_KEYRING_WITH_NFC
|
||||
* EDIT_KEYRING
|
||||
* SELECT_PUBLIC_KEYRINGS
|
||||
* SELECT_SECRET_KEYRING
|
||||
* ENCRYPT
|
||||
* ENCRYPT_FILE
|
||||
* DECRYPT
|
||||
* DECRYPT_FILE
|
||||
|
||||
## With permission ACCESS_API
|
||||
|
||||
### Intents
|
||||
|
||||
* CREATE_KEYRING
|
||||
* ENCRYPT_AND_RETURN
|
||||
* ENCRYPT_STREAM_AND_RETURN
|
||||
* GENERATE_SIGNATURE_AND_RETURN
|
||||
* DECRYPT_AND_RETURN
|
||||
* DECRYPT_STREAM_AND_RETURN
|
||||
|
||||
### Broadcast Receiver
|
||||
On change of database the following broadcast is send.
|
||||
* DATABASE_CHANGE
|
||||
|
||||
### Content Provider
|
||||
|
||||
* The whole content provider requires a permission (only read)
|
||||
* Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service)
|
||||
* Make an internal and external content provider (or pathes with <path-permission>)
|
||||
* Look at android:grantUriPermissions especially for ApgServiceBlobProvider
|
||||
* Only give out android:readPermission
|
||||
|
||||
### ApgApiService (Remote Service)
|
||||
AIDL service
|
||||
|
||||
## With permission ACCESS_KEYS
|
||||
|
||||
### ApgKeyService (Remote Service)
|
||||
AIDL service to access actual private keyring objects
|
@ -67,24 +67,27 @@
|
||||
<uses-permission android:name="android.permission.NFC" />
|
||||
<uses-permission android:name="com.fsck.k9.permission.READ_ATTACHMENT" />
|
||||
|
||||
<permission-group
|
||||
android:name="org.sufficientlysecure.keychain.permission-group.keychain"
|
||||
android:description="@string/permission_group_description"
|
||||
android:icon="@drawable/icon"
|
||||
android:label="@string/permission_group_label" />
|
||||
<!-- TODO: disabled, old API -->
|
||||
<!-- <permission-group -->
|
||||
<!-- android:name="org.sufficientlysecure.keychain.permission-group.keychain" -->
|
||||
<!-- android:description="@string/permission_group_description" -->
|
||||
<!-- android:icon="@drawable/icon" -->
|
||||
<!-- android:label="@string/permission_group_label" /> -->
|
||||
|
||||
|
||||
<!-- <permission -->
|
||||
<!-- android:name="org.sufficientlysecure.keychain.permission.ACCESS_KEYS" -->
|
||||
<!-- android:description="@string/permission_access_keys_description" -->
|
||||
<!-- android:label="@string/permission_access_keys_label" -->
|
||||
<!-- android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain" -->
|
||||
<!-- android:protectionLevel="dangerous" /> -->
|
||||
<!-- <permission -->
|
||||
<!-- android:name="org.sufficientlysecure.keychain.permission.ACCESS_API" -->
|
||||
<!-- android:description="@string/permission_access_api_description" -->
|
||||
<!-- android:label="@string/permission_access_api_label" -->
|
||||
<!-- android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain" -->
|
||||
<!-- android:protectionLevel="dangerous" /> -->
|
||||
|
||||
<permission
|
||||
android:name="org.sufficientlysecure.keychain.permission.ACCESS_KEYS"
|
||||
android:description="@string/permission_access_keys_description"
|
||||
android:label="@string/permission_access_keys_label"
|
||||
android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain"
|
||||
android:protectionLevel="dangerous" />
|
||||
<permission
|
||||
android:name="org.sufficientlysecure.keychain.permission.ACCESS_API"
|
||||
android:description="@string/permission_access_api_description"
|
||||
android:label="@string/permission_access_api_label"
|
||||
android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain"
|
||||
android:protectionLevel="dangerous" />
|
||||
|
||||
<!-- android:allowBackup="false": Don't allow backup over adb backup or other apps! -->
|
||||
<application
|
||||
@ -412,50 +415,57 @@
|
||||
android:exported="false"
|
||||
android:process=":passphrase_cache" />
|
||||
<service android:name="org.sufficientlysecure.keychain.service.KeychainIntentService" />
|
||||
<service
|
||||
android:name="org.sufficientlysecure.keychain.service.KeychainApiService"
|
||||
android:enabled="true"
|
||||
android:exported="true"
|
||||
android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API"
|
||||
android:process=":remoteapi" >
|
||||
<intent-filter>
|
||||
<action android:name="org.sufficientlysecure.keychain.service.IKeychainApiService" />
|
||||
</intent-filter>
|
||||
|
||||
<meta-data
|
||||
android:name="api_version"
|
||||
android:value="3" />
|
||||
</service>
|
||||
<service
|
||||
android:name="org.sufficientlysecure.keychain.service.KeychainKeyService"
|
||||
android:enabled="true"
|
||||
android:exported="true"
|
||||
android:permission="org.sufficientlysecure.keychain.permission.ACCESS_KEYS"
|
||||
android:process=":remotekeys" >
|
||||
<intent-filter>
|
||||
<action android:name="org.sufficientlysecure.keychain.service.IKeychainKeyService" />
|
||||
</intent-filter>
|
||||
<!-- TODO: disabled, old API! -->
|
||||
<!-- <service -->
|
||||
<!-- android:name="org.sufficientlysecure.keychain.service.KeychainApiService" -->
|
||||
<!-- android:enabled="true" -->
|
||||
<!-- android:exported="true" -->
|
||||
<!-- android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" -->
|
||||
<!-- android:process=":remoteapi" > -->
|
||||
<!-- <intent-filter> -->
|
||||
<!-- <action android:name="org.sufficientlysecure.keychain.service.IKeychainApiService" /> -->
|
||||
<!-- </intent-filter> -->
|
||||
|
||||
<meta-data
|
||||
android:name="api_version"
|
||||
android:value="3" />
|
||||
</service>
|
||||
|
||||
<!-- <meta-data -->
|
||||
<!-- android:name="api_version" -->
|
||||
<!-- android:value="3" /> -->
|
||||
<!-- </service> -->
|
||||
<!-- <service -->
|
||||
<!-- android:name="org.sufficientlysecure.keychain.service.KeychainKeyService" -->
|
||||
<!-- android:enabled="true" -->
|
||||
<!-- android:exported="true" -->
|
||||
<!-- android:permission="org.sufficientlysecure.keychain.permission.ACCESS_KEYS" -->
|
||||
<!-- android:process=":remotekeys" > -->
|
||||
<!-- <intent-filter> -->
|
||||
<!-- <action android:name="org.sufficientlysecure.keychain.service.IKeychainKeyService" /> -->
|
||||
<!-- </intent-filter> -->
|
||||
|
||||
|
||||
<!-- <meta-data -->
|
||||
<!-- android:name="api_version" -->
|
||||
<!-- android:value="3" /> -->
|
||||
<!-- </service> -->
|
||||
|
||||
<provider
|
||||
android:name="org.sufficientlysecure.keychain.provider.KeychainProviderInternal"
|
||||
android:authorities="org.sufficientlysecure.keychain.internal"
|
||||
android:exported="false" />
|
||||
<provider
|
||||
android:name="org.sufficientlysecure.keychain.provider.KeychainProviderExternal"
|
||||
android:authorities="org.sufficientlysecure.keychain"
|
||||
android:exported="true"
|
||||
android:readPermission="org.sufficientlysecure.keychain.permission.ACCESS_API" />
|
||||
<!-- TODO: disabled, old API -->
|
||||
<!-- <provider -->
|
||||
<!-- android:name="org.sufficientlysecure.keychain.provider.KeychainProviderExternal" -->
|
||||
<!-- android:authorities="org.sufficientlysecure.keychain" -->
|
||||
<!-- android:exported="true" -->
|
||||
<!-- android:readPermission="org.sufficientlysecure.keychain.permission.ACCESS_API" /> -->
|
||||
|
||||
|
||||
<!-- TODO: authority! -->
|
||||
<provider
|
||||
android:name="org.sufficientlysecure.keychain.provider.KeychainServiceBlobProvider"
|
||||
android:authorities="org.sufficientlysecure.keychain.provider.apgserviceblobprovider"
|
||||
android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" />
|
||||
<!-- <provider -->
|
||||
<!-- android:name="org.sufficientlysecure.keychain.provider.KeychainServiceBlobProvider" -->
|
||||
<!-- android:authorities="org.sufficientlysecure.keychain.provider.apgserviceblobprovider" -->
|
||||
<!-- android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" /> -->
|
||||
|
||||
|
||||
<!-- Remote API internal intents -->
|
||||
|
||||
@ -486,6 +496,8 @@
|
||||
android:process=":crypto" >
|
||||
<intent-filter>
|
||||
<action android:name="org.openintents.crypto.ICryptoService" />
|
||||
</intent-filter>
|
||||
<intent-filter>
|
||||
|
||||
<!-- Can only be used from OpenPGP Keychain (internal): -->
|
||||
<action android:name="org.sufficientlysecure.keychain.crypto_provider.IServiceActivityCallback" />
|
||||
|
@ -122,26 +122,31 @@ public class OtherHelper {
|
||||
if (action != null) {
|
||||
PackageManager pkgManager = activity.getPackageManager();
|
||||
|
||||
for (int i = 0; i < restrictedActions.length; i++) {
|
||||
if (restrictedActions[i].equals(action)) {
|
||||
if (pkgName != null
|
||||
&& (pkgManager.checkPermission(permName, pkgName) == PackageManager.PERMISSION_GRANTED || pkgName
|
||||
.equals(Constants.PACKAGE_NAME))) {
|
||||
Log.d(Constants.TAG, pkgName + " has permission " + permName + ". Action "
|
||||
+ action + " was granted!");
|
||||
} else {
|
||||
String error = pkgName + " does NOT have permission " + permName
|
||||
+ ". Action " + action + " was NOT granted!";
|
||||
Log.e(Constants.TAG, error);
|
||||
Toast.makeText(activity, activity.getString(R.string.errorMessage, error),
|
||||
Toast.LENGTH_LONG).show();
|
||||
|
||||
// end activity
|
||||
activity.setResult(Activity.RESULT_CANCELED, null);
|
||||
activity.finish();
|
||||
}
|
||||
}
|
||||
}
|
||||
// for (int i = 0; i < restrictedActions.length; i++) {
|
||||
// if (restrictedActions[i].equals(action)) {
|
||||
// if (pkgName != null
|
||||
// && (pkgManager.checkPermission(permName, pkgName) == PackageManager.PERMISSION_GRANTED || pkgName
|
||||
// .equals(Constants.PACKAGE_NAME))) {
|
||||
// Log.d(Constants.TAG, pkgName + " has permission " + permName + ". Action "
|
||||
// + action + " was granted!");
|
||||
// } else {
|
||||
// String error = pkgName + " does NOT have permission " + permName
|
||||
// + ". Action " + action + " was NOT granted!";
|
||||
// Log.e(Constants.TAG, error);
|
||||
// Toast.makeText(activity, activity.getString(R.string.errorMessage, error),
|
||||
// Toast.LENGTH_LONG).show();
|
||||
//
|
||||
// // end activity
|
||||
// activity.setResult(Activity.RESULT_CANCELED, null);
|
||||
// activity.finish();
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
|
||||
// TODO: currently always cancels! THis is the old API
|
||||
// end activity
|
||||
activity.setResult(Activity.RESULT_CANCELED, null);
|
||||
activity.finish();
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -973,10 +973,12 @@ public class KeychainProvider extends ContentProvider {
|
||||
* updated, or deleted
|
||||
*/
|
||||
private void sendBroadcastDatabaseChange(int keyType, String contentItemType) {
|
||||
Intent intent = new Intent();
|
||||
intent.setAction(ACTION_BROADCAST_DATABASE_CHANGE);
|
||||
intent.putExtra(EXTRA_BROADCAST_KEY_TYPE, keyType);
|
||||
intent.putExtra(EXTRA_BROADCAST_CONTENT_ITEM_TYPE, contentItemType);
|
||||
getContext().sendBroadcast(intent, Constants.PERMISSION_ACCESS_API);
|
||||
// TODO: Disabled, old API
|
||||
// Intent intent = new Intent();
|
||||
// intent.setAction(ACTION_BROADCAST_DATABASE_CHANGE);
|
||||
// intent.putExtra(EXTRA_BROADCAST_KEY_TYPE, keyType);
|
||||
// intent.putExtra(EXTRA_BROADCAST_CONTENT_ITEM_TYPE, contentItemType);
|
||||
//
|
||||
// getContext().sendBroadcast(intent, Constants.PERMISSION_ACCESS_API);
|
||||
}
|
||||
}
|
||||
|
@ -4,8 +4,6 @@ import org.sufficientlysecure.keychain.R;
|
||||
import org.sufficientlysecure.keychain.provider.KeychainContract;
|
||||
import org.sufficientlysecure.keychain.provider.KeychainContract.ApiApps;
|
||||
|
||||
import com.actionbarsherlock.app.SherlockListFragment;
|
||||
|
||||
import android.content.ContentUris;
|
||||
import android.content.Intent;
|
||||
import android.database.Cursor;
|
||||
@ -17,7 +15,8 @@ import android.support.v4.content.Loader;
|
||||
import android.view.View;
|
||||
import android.widget.AdapterView;
|
||||
import android.widget.AdapterView.OnItemClickListener;
|
||||
import android.widget.ListView;
|
||||
|
||||
import com.actionbarsherlock.app.SherlockListFragment;
|
||||
|
||||
public class RegisteredAppsListFragment extends SherlockListFragment implements
|
||||
LoaderManager.LoaderCallbacks<Cursor> {
|
||||
@ -37,8 +36,7 @@ public class RegisteredAppsListFragment extends SherlockListFragment implements
|
||||
public void onItemClick(AdapterView<?> adapterView, View view, int position, long id) {
|
||||
// edit app settings
|
||||
Intent intent = new Intent(getActivity(), AppSettingsActivity.class);
|
||||
intent.setData(ContentUris.withAppendedId(
|
||||
KeychainContract.ApiApps.CONTENT_URI, id));
|
||||
intent.setData(ContentUris.withAppendedId(KeychainContract.ApiApps.CONTENT_URI, id));
|
||||
startActivity(intent);
|
||||
}
|
||||
});
|
||||
|
66
README.md
66
README.md
@ -68,72 +68,6 @@ See http://docs.oseems.com/general/application/eclipse/fix-gc-overhead-limit-exc
|
||||
1. Open svg file in Inkscape
|
||||
2. Extensions -> Color -> darker (2 times!)
|
||||
|
||||
# Security Model
|
||||
|
||||
## Basic goals
|
||||
|
||||
* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)
|
||||
|
||||
Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL
|
||||
|
||||
## Possible Permissions
|
||||
|
||||
* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider)
|
||||
* ACCESS_KEYS: get and import actual public and secret keys (remote service)
|
||||
|
||||
## Without Permissions
|
||||
|
||||
### Intents
|
||||
All Intents start with org.sufficientlysecure.keychain.action.
|
||||
|
||||
* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt
|
||||
* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
|
||||
* IMPORT
|
||||
* IMPORT_FROM_FILE
|
||||
* IMPORT_FROM_QR_CODE
|
||||
* IMPORT_FROM_NFC
|
||||
* SHARE_KEYRING
|
||||
* SHARE_KEYRING_WITH_QR_CODE
|
||||
* SHARE_KEYRING_WITH_NFC
|
||||
* EDIT_KEYRING
|
||||
* SELECT_PUBLIC_KEYRINGS
|
||||
* SELECT_SECRET_KEYRING
|
||||
* ENCRYPT
|
||||
* ENCRYPT_FILE
|
||||
* DECRYPT
|
||||
* DECRYPT_FILE
|
||||
|
||||
## With permission ACCESS_API
|
||||
|
||||
### Intents
|
||||
|
||||
* CREATE_KEYRING
|
||||
* ENCRYPT_AND_RETURN
|
||||
* ENCRYPT_STREAM_AND_RETURN
|
||||
* GENERATE_SIGNATURE_AND_RETURN
|
||||
* DECRYPT_AND_RETURN
|
||||
* DECRYPT_STREAM_AND_RETURN
|
||||
|
||||
### Broadcast Receiver
|
||||
On change of database the following broadcast is send.
|
||||
* DATABASE_CHANGE
|
||||
|
||||
### Content Provider
|
||||
|
||||
* The whole content provider requires a permission (only read)
|
||||
* Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service)
|
||||
* Make an internal and external content provider (or pathes with <path-permission>)
|
||||
* Look at android:grantUriPermissions especially for ApgServiceBlobProvider
|
||||
* Only give out android:readPermission
|
||||
|
||||
### ApgApiService (Remote Service)
|
||||
AIDL service
|
||||
|
||||
## With permission ACCESS_KEYS
|
||||
|
||||
### ApgKeyService (Remote Service)
|
||||
AIDL service to access actual private keyring objects
|
||||
|
||||
# Licenses
|
||||
OpenPGP Kechain is licensed under Apache License v2.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user