mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-11-27 11:12:15 -05:00
Disable parts of the old API
This commit is contained in:
parent
c97c57d34e
commit
dc6a709b7a
34
API.md
Normal file
34
API.md
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
# Security Model
|
||||||
|
|
||||||
|
## Basic goals
|
||||||
|
|
||||||
|
* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)
|
||||||
|
|
||||||
|
Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL
|
||||||
|
|
||||||
|
## Without Permissions
|
||||||
|
|
||||||
|
### Intents
|
||||||
|
All Intents start with ``org.sufficientlysecure.keychain.action.``
|
||||||
|
|
||||||
|
* ``android.intent.action.VIEW`` connected to .gpg and .asc files: Import Key and Decrypt
|
||||||
|
* ``android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
|
||||||
|
* ``IMPORT``
|
||||||
|
* ``IMPORT_FROM_FILE``
|
||||||
|
* ``IMPORT_FROM_QR_CODE``
|
||||||
|
* ``IMPORT_FROM_NFC``
|
||||||
|
* ``SHARE_KEYRING``
|
||||||
|
* ``SHARE_KEYRING_WITH_QR_CODE``
|
||||||
|
* ``SHARE_KEYRING_WITH_NFC``
|
||||||
|
* ``EDIT_KEYRING``
|
||||||
|
* ``SELECT_PUBLIC_KEYRINGS``
|
||||||
|
* ``SELECT_SECRET_KEYRING``
|
||||||
|
* ``ENCRYPT``
|
||||||
|
* ``ENCRYPT_FILE``
|
||||||
|
* ``DECRYPT``
|
||||||
|
* ``DECRYPT_FILE``
|
||||||
|
|
||||||
|
TODO:
|
||||||
|
- remove IMPORT, SHARE intents, simplify ENCRYPT and DECRYPT intents (include _FILE derivates like done in SEND based on file type)
|
||||||
|
- EDIT_KEYRING and CREATE_KEYRING, should be available via for registered apps
|
||||||
|
- new intent REGISTER_APP?
|
68
OLD_API.md
Normal file
68
OLD_API.md
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
This is the old API. Currently disabled!
|
||||||
|
|
||||||
|
# Security Model
|
||||||
|
|
||||||
|
## Basic goals
|
||||||
|
|
||||||
|
* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)
|
||||||
|
|
||||||
|
Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL
|
||||||
|
|
||||||
|
## Possible Permissions
|
||||||
|
|
||||||
|
* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider)
|
||||||
|
* ACCESS_KEYS: get and import actual public and secret keys (remote service)
|
||||||
|
|
||||||
|
|
||||||
|
## Without Permissions
|
||||||
|
|
||||||
|
### Intents
|
||||||
|
All Intents start with org.sufficientlysecure.keychain.action.
|
||||||
|
|
||||||
|
* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt
|
||||||
|
* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
|
||||||
|
* IMPORT
|
||||||
|
* IMPORT_FROM_FILE
|
||||||
|
* IMPORT_FROM_QR_CODE
|
||||||
|
* IMPORT_FROM_NFC
|
||||||
|
* SHARE_KEYRING
|
||||||
|
* SHARE_KEYRING_WITH_QR_CODE
|
||||||
|
* SHARE_KEYRING_WITH_NFC
|
||||||
|
* EDIT_KEYRING
|
||||||
|
* SELECT_PUBLIC_KEYRINGS
|
||||||
|
* SELECT_SECRET_KEYRING
|
||||||
|
* ENCRYPT
|
||||||
|
* ENCRYPT_FILE
|
||||||
|
* DECRYPT
|
||||||
|
* DECRYPT_FILE
|
||||||
|
|
||||||
|
## With permission ACCESS_API
|
||||||
|
|
||||||
|
### Intents
|
||||||
|
|
||||||
|
* CREATE_KEYRING
|
||||||
|
* ENCRYPT_AND_RETURN
|
||||||
|
* ENCRYPT_STREAM_AND_RETURN
|
||||||
|
* GENERATE_SIGNATURE_AND_RETURN
|
||||||
|
* DECRYPT_AND_RETURN
|
||||||
|
* DECRYPT_STREAM_AND_RETURN
|
||||||
|
|
||||||
|
### Broadcast Receiver
|
||||||
|
On change of database the following broadcast is send.
|
||||||
|
* DATABASE_CHANGE
|
||||||
|
|
||||||
|
### Content Provider
|
||||||
|
|
||||||
|
* The whole content provider requires a permission (only read)
|
||||||
|
* Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service)
|
||||||
|
* Make an internal and external content provider (or pathes with <path-permission>)
|
||||||
|
* Look at android:grantUriPermissions especially for ApgServiceBlobProvider
|
||||||
|
* Only give out android:readPermission
|
||||||
|
|
||||||
|
### ApgApiService (Remote Service)
|
||||||
|
AIDL service
|
||||||
|
|
||||||
|
## With permission ACCESS_KEYS
|
||||||
|
|
||||||
|
### ApgKeyService (Remote Service)
|
||||||
|
AIDL service to access actual private keyring objects
|
@ -67,24 +67,27 @@
|
|||||||
<uses-permission android:name="android.permission.NFC" />
|
<uses-permission android:name="android.permission.NFC" />
|
||||||
<uses-permission android:name="com.fsck.k9.permission.READ_ATTACHMENT" />
|
<uses-permission android:name="com.fsck.k9.permission.READ_ATTACHMENT" />
|
||||||
|
|
||||||
<permission-group
|
<!-- TODO: disabled, old API -->
|
||||||
android:name="org.sufficientlysecure.keychain.permission-group.keychain"
|
<!-- <permission-group -->
|
||||||
android:description="@string/permission_group_description"
|
<!-- android:name="org.sufficientlysecure.keychain.permission-group.keychain" -->
|
||||||
android:icon="@drawable/icon"
|
<!-- android:description="@string/permission_group_description" -->
|
||||||
android:label="@string/permission_group_label" />
|
<!-- android:icon="@drawable/icon" -->
|
||||||
|
<!-- android:label="@string/permission_group_label" /> -->
|
||||||
|
|
||||||
|
|
||||||
|
<!-- <permission -->
|
||||||
|
<!-- android:name="org.sufficientlysecure.keychain.permission.ACCESS_KEYS" -->
|
||||||
|
<!-- android:description="@string/permission_access_keys_description" -->
|
||||||
|
<!-- android:label="@string/permission_access_keys_label" -->
|
||||||
|
<!-- android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain" -->
|
||||||
|
<!-- android:protectionLevel="dangerous" /> -->
|
||||||
|
<!-- <permission -->
|
||||||
|
<!-- android:name="org.sufficientlysecure.keychain.permission.ACCESS_API" -->
|
||||||
|
<!-- android:description="@string/permission_access_api_description" -->
|
||||||
|
<!-- android:label="@string/permission_access_api_label" -->
|
||||||
|
<!-- android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain" -->
|
||||||
|
<!-- android:protectionLevel="dangerous" /> -->
|
||||||
|
|
||||||
<permission
|
|
||||||
android:name="org.sufficientlysecure.keychain.permission.ACCESS_KEYS"
|
|
||||||
android:description="@string/permission_access_keys_description"
|
|
||||||
android:label="@string/permission_access_keys_label"
|
|
||||||
android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain"
|
|
||||||
android:protectionLevel="dangerous" />
|
|
||||||
<permission
|
|
||||||
android:name="org.sufficientlysecure.keychain.permission.ACCESS_API"
|
|
||||||
android:description="@string/permission_access_api_description"
|
|
||||||
android:label="@string/permission_access_api_label"
|
|
||||||
android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain"
|
|
||||||
android:protectionLevel="dangerous" />
|
|
||||||
|
|
||||||
<!-- android:allowBackup="false": Don't allow backup over adb backup or other apps! -->
|
<!-- android:allowBackup="false": Don't allow backup over adb backup or other apps! -->
|
||||||
<application
|
<application
|
||||||
@ -412,50 +415,57 @@
|
|||||||
android:exported="false"
|
android:exported="false"
|
||||||
android:process=":passphrase_cache" />
|
android:process=":passphrase_cache" />
|
||||||
<service android:name="org.sufficientlysecure.keychain.service.KeychainIntentService" />
|
<service android:name="org.sufficientlysecure.keychain.service.KeychainIntentService" />
|
||||||
<service
|
|
||||||
android:name="org.sufficientlysecure.keychain.service.KeychainApiService"
|
|
||||||
android:enabled="true"
|
|
||||||
android:exported="true"
|
|
||||||
android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API"
|
|
||||||
android:process=":remoteapi" >
|
|
||||||
<intent-filter>
|
|
||||||
<action android:name="org.sufficientlysecure.keychain.service.IKeychainApiService" />
|
|
||||||
</intent-filter>
|
|
||||||
|
|
||||||
<meta-data
|
<!-- TODO: disabled, old API! -->
|
||||||
android:name="api_version"
|
<!-- <service -->
|
||||||
android:value="3" />
|
<!-- android:name="org.sufficientlysecure.keychain.service.KeychainApiService" -->
|
||||||
</service>
|
<!-- android:enabled="true" -->
|
||||||
<service
|
<!-- android:exported="true" -->
|
||||||
android:name="org.sufficientlysecure.keychain.service.KeychainKeyService"
|
<!-- android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" -->
|
||||||
android:enabled="true"
|
<!-- android:process=":remoteapi" > -->
|
||||||
android:exported="true"
|
<!-- <intent-filter> -->
|
||||||
android:permission="org.sufficientlysecure.keychain.permission.ACCESS_KEYS"
|
<!-- <action android:name="org.sufficientlysecure.keychain.service.IKeychainApiService" /> -->
|
||||||
android:process=":remotekeys" >
|
<!-- </intent-filter> -->
|
||||||
<intent-filter>
|
|
||||||
<action android:name="org.sufficientlysecure.keychain.service.IKeychainKeyService" />
|
|
||||||
</intent-filter>
|
|
||||||
|
|
||||||
<meta-data
|
|
||||||
android:name="api_version"
|
<!-- <meta-data -->
|
||||||
android:value="3" />
|
<!-- android:name="api_version" -->
|
||||||
</service>
|
<!-- android:value="3" /> -->
|
||||||
|
<!-- </service> -->
|
||||||
|
<!-- <service -->
|
||||||
|
<!-- android:name="org.sufficientlysecure.keychain.service.KeychainKeyService" -->
|
||||||
|
<!-- android:enabled="true" -->
|
||||||
|
<!-- android:exported="true" -->
|
||||||
|
<!-- android:permission="org.sufficientlysecure.keychain.permission.ACCESS_KEYS" -->
|
||||||
|
<!-- android:process=":remotekeys" > -->
|
||||||
|
<!-- <intent-filter> -->
|
||||||
|
<!-- <action android:name="org.sufficientlysecure.keychain.service.IKeychainKeyService" /> -->
|
||||||
|
<!-- </intent-filter> -->
|
||||||
|
|
||||||
|
|
||||||
|
<!-- <meta-data -->
|
||||||
|
<!-- android:name="api_version" -->
|
||||||
|
<!-- android:value="3" /> -->
|
||||||
|
<!-- </service> -->
|
||||||
|
|
||||||
<provider
|
<provider
|
||||||
android:name="org.sufficientlysecure.keychain.provider.KeychainProviderInternal"
|
android:name="org.sufficientlysecure.keychain.provider.KeychainProviderInternal"
|
||||||
android:authorities="org.sufficientlysecure.keychain.internal"
|
android:authorities="org.sufficientlysecure.keychain.internal"
|
||||||
android:exported="false" />
|
android:exported="false" />
|
||||||
<provider
|
<!-- TODO: disabled, old API -->
|
||||||
android:name="org.sufficientlysecure.keychain.provider.KeychainProviderExternal"
|
<!-- <provider -->
|
||||||
android:authorities="org.sufficientlysecure.keychain"
|
<!-- android:name="org.sufficientlysecure.keychain.provider.KeychainProviderExternal" -->
|
||||||
android:exported="true"
|
<!-- android:authorities="org.sufficientlysecure.keychain" -->
|
||||||
android:readPermission="org.sufficientlysecure.keychain.permission.ACCESS_API" />
|
<!-- android:exported="true" -->
|
||||||
|
<!-- android:readPermission="org.sufficientlysecure.keychain.permission.ACCESS_API" /> -->
|
||||||
|
|
||||||
|
|
||||||
<!-- TODO: authority! -->
|
<!-- TODO: authority! -->
|
||||||
<provider
|
<!-- <provider -->
|
||||||
android:name="org.sufficientlysecure.keychain.provider.KeychainServiceBlobProvider"
|
<!-- android:name="org.sufficientlysecure.keychain.provider.KeychainServiceBlobProvider" -->
|
||||||
android:authorities="org.sufficientlysecure.keychain.provider.apgserviceblobprovider"
|
<!-- android:authorities="org.sufficientlysecure.keychain.provider.apgserviceblobprovider" -->
|
||||||
android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" />
|
<!-- android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" /> -->
|
||||||
|
|
||||||
|
|
||||||
<!-- Remote API internal intents -->
|
<!-- Remote API internal intents -->
|
||||||
|
|
||||||
@ -486,6 +496,8 @@
|
|||||||
android:process=":crypto" >
|
android:process=":crypto" >
|
||||||
<intent-filter>
|
<intent-filter>
|
||||||
<action android:name="org.openintents.crypto.ICryptoService" />
|
<action android:name="org.openintents.crypto.ICryptoService" />
|
||||||
|
</intent-filter>
|
||||||
|
<intent-filter>
|
||||||
|
|
||||||
<!-- Can only be used from OpenPGP Keychain (internal): -->
|
<!-- Can only be used from OpenPGP Keychain (internal): -->
|
||||||
<action android:name="org.sufficientlysecure.keychain.crypto_provider.IServiceActivityCallback" />
|
<action android:name="org.sufficientlysecure.keychain.crypto_provider.IServiceActivityCallback" />
|
||||||
|
@ -122,28 +122,33 @@ public class OtherHelper {
|
|||||||
if (action != null) {
|
if (action != null) {
|
||||||
PackageManager pkgManager = activity.getPackageManager();
|
PackageManager pkgManager = activity.getPackageManager();
|
||||||
|
|
||||||
for (int i = 0; i < restrictedActions.length; i++) {
|
// for (int i = 0; i < restrictedActions.length; i++) {
|
||||||
if (restrictedActions[i].equals(action)) {
|
// if (restrictedActions[i].equals(action)) {
|
||||||
if (pkgName != null
|
// if (pkgName != null
|
||||||
&& (pkgManager.checkPermission(permName, pkgName) == PackageManager.PERMISSION_GRANTED || pkgName
|
// && (pkgManager.checkPermission(permName, pkgName) == PackageManager.PERMISSION_GRANTED || pkgName
|
||||||
.equals(Constants.PACKAGE_NAME))) {
|
// .equals(Constants.PACKAGE_NAME))) {
|
||||||
Log.d(Constants.TAG, pkgName + " has permission " + permName + ". Action "
|
// Log.d(Constants.TAG, pkgName + " has permission " + permName + ". Action "
|
||||||
+ action + " was granted!");
|
// + action + " was granted!");
|
||||||
} else {
|
// } else {
|
||||||
String error = pkgName + " does NOT have permission " + permName
|
// String error = pkgName + " does NOT have permission " + permName
|
||||||
+ ". Action " + action + " was NOT granted!";
|
// + ". Action " + action + " was NOT granted!";
|
||||||
Log.e(Constants.TAG, error);
|
// Log.e(Constants.TAG, error);
|
||||||
Toast.makeText(activity, activity.getString(R.string.errorMessage, error),
|
// Toast.makeText(activity, activity.getString(R.string.errorMessage, error),
|
||||||
Toast.LENGTH_LONG).show();
|
// Toast.LENGTH_LONG).show();
|
||||||
|
//
|
||||||
|
// // end activity
|
||||||
|
// activity.setResult(Activity.RESULT_CANCELED, null);
|
||||||
|
// activity.finish();
|
||||||
|
// }
|
||||||
|
// }
|
||||||
|
// }
|
||||||
|
|
||||||
|
// TODO: currently always cancels! THis is the old API
|
||||||
// end activity
|
// end activity
|
||||||
activity.setResult(Activity.RESULT_CANCELED, null);
|
activity.setResult(Activity.RESULT_CANCELED, null);
|
||||||
activity.finish();
|
activity.finish();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Splits userId string into naming part and email part
|
* Splits userId string into naming part and email part
|
||||||
|
@ -973,10 +973,12 @@ public class KeychainProvider extends ContentProvider {
|
|||||||
* updated, or deleted
|
* updated, or deleted
|
||||||
*/
|
*/
|
||||||
private void sendBroadcastDatabaseChange(int keyType, String contentItemType) {
|
private void sendBroadcastDatabaseChange(int keyType, String contentItemType) {
|
||||||
Intent intent = new Intent();
|
// TODO: Disabled, old API
|
||||||
intent.setAction(ACTION_BROADCAST_DATABASE_CHANGE);
|
// Intent intent = new Intent();
|
||||||
intent.putExtra(EXTRA_BROADCAST_KEY_TYPE, keyType);
|
// intent.setAction(ACTION_BROADCAST_DATABASE_CHANGE);
|
||||||
intent.putExtra(EXTRA_BROADCAST_CONTENT_ITEM_TYPE, contentItemType);
|
// intent.putExtra(EXTRA_BROADCAST_KEY_TYPE, keyType);
|
||||||
getContext().sendBroadcast(intent, Constants.PERMISSION_ACCESS_API);
|
// intent.putExtra(EXTRA_BROADCAST_CONTENT_ITEM_TYPE, contentItemType);
|
||||||
|
//
|
||||||
|
// getContext().sendBroadcast(intent, Constants.PERMISSION_ACCESS_API);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -4,8 +4,6 @@ import org.sufficientlysecure.keychain.R;
|
|||||||
import org.sufficientlysecure.keychain.provider.KeychainContract;
|
import org.sufficientlysecure.keychain.provider.KeychainContract;
|
||||||
import org.sufficientlysecure.keychain.provider.KeychainContract.ApiApps;
|
import org.sufficientlysecure.keychain.provider.KeychainContract.ApiApps;
|
||||||
|
|
||||||
import com.actionbarsherlock.app.SherlockListFragment;
|
|
||||||
|
|
||||||
import android.content.ContentUris;
|
import android.content.ContentUris;
|
||||||
import android.content.Intent;
|
import android.content.Intent;
|
||||||
import android.database.Cursor;
|
import android.database.Cursor;
|
||||||
@ -17,7 +15,8 @@ import android.support.v4.content.Loader;
|
|||||||
import android.view.View;
|
import android.view.View;
|
||||||
import android.widget.AdapterView;
|
import android.widget.AdapterView;
|
||||||
import android.widget.AdapterView.OnItemClickListener;
|
import android.widget.AdapterView.OnItemClickListener;
|
||||||
import android.widget.ListView;
|
|
||||||
|
import com.actionbarsherlock.app.SherlockListFragment;
|
||||||
|
|
||||||
public class RegisteredAppsListFragment extends SherlockListFragment implements
|
public class RegisteredAppsListFragment extends SherlockListFragment implements
|
||||||
LoaderManager.LoaderCallbacks<Cursor> {
|
LoaderManager.LoaderCallbacks<Cursor> {
|
||||||
@ -37,8 +36,7 @@ public class RegisteredAppsListFragment extends SherlockListFragment implements
|
|||||||
public void onItemClick(AdapterView<?> adapterView, View view, int position, long id) {
|
public void onItemClick(AdapterView<?> adapterView, View view, int position, long id) {
|
||||||
// edit app settings
|
// edit app settings
|
||||||
Intent intent = new Intent(getActivity(), AppSettingsActivity.class);
|
Intent intent = new Intent(getActivity(), AppSettingsActivity.class);
|
||||||
intent.setData(ContentUris.withAppendedId(
|
intent.setData(ContentUris.withAppendedId(KeychainContract.ApiApps.CONTENT_URI, id));
|
||||||
KeychainContract.ApiApps.CONTENT_URI, id));
|
|
||||||
startActivity(intent);
|
startActivity(intent);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
66
README.md
66
README.md
@ -68,72 +68,6 @@ See http://docs.oseems.com/general/application/eclipse/fix-gc-overhead-limit-exc
|
|||||||
1. Open svg file in Inkscape
|
1. Open svg file in Inkscape
|
||||||
2. Extensions -> Color -> darker (2 times!)
|
2. Extensions -> Color -> darker (2 times!)
|
||||||
|
|
||||||
# Security Model
|
|
||||||
|
|
||||||
## Basic goals
|
|
||||||
|
|
||||||
* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)
|
|
||||||
|
|
||||||
Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL
|
|
||||||
|
|
||||||
## Possible Permissions
|
|
||||||
|
|
||||||
* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider)
|
|
||||||
* ACCESS_KEYS: get and import actual public and secret keys (remote service)
|
|
||||||
|
|
||||||
## Without Permissions
|
|
||||||
|
|
||||||
### Intents
|
|
||||||
All Intents start with org.sufficientlysecure.keychain.action.
|
|
||||||
|
|
||||||
* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt
|
|
||||||
* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
|
|
||||||
* IMPORT
|
|
||||||
* IMPORT_FROM_FILE
|
|
||||||
* IMPORT_FROM_QR_CODE
|
|
||||||
* IMPORT_FROM_NFC
|
|
||||||
* SHARE_KEYRING
|
|
||||||
* SHARE_KEYRING_WITH_QR_CODE
|
|
||||||
* SHARE_KEYRING_WITH_NFC
|
|
||||||
* EDIT_KEYRING
|
|
||||||
* SELECT_PUBLIC_KEYRINGS
|
|
||||||
* SELECT_SECRET_KEYRING
|
|
||||||
* ENCRYPT
|
|
||||||
* ENCRYPT_FILE
|
|
||||||
* DECRYPT
|
|
||||||
* DECRYPT_FILE
|
|
||||||
|
|
||||||
## With permission ACCESS_API
|
|
||||||
|
|
||||||
### Intents
|
|
||||||
|
|
||||||
* CREATE_KEYRING
|
|
||||||
* ENCRYPT_AND_RETURN
|
|
||||||
* ENCRYPT_STREAM_AND_RETURN
|
|
||||||
* GENERATE_SIGNATURE_AND_RETURN
|
|
||||||
* DECRYPT_AND_RETURN
|
|
||||||
* DECRYPT_STREAM_AND_RETURN
|
|
||||||
|
|
||||||
### Broadcast Receiver
|
|
||||||
On change of database the following broadcast is send.
|
|
||||||
* DATABASE_CHANGE
|
|
||||||
|
|
||||||
### Content Provider
|
|
||||||
|
|
||||||
* The whole content provider requires a permission (only read)
|
|
||||||
* Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service)
|
|
||||||
* Make an internal and external content provider (or pathes with <path-permission>)
|
|
||||||
* Look at android:grantUriPermissions especially for ApgServiceBlobProvider
|
|
||||||
* Only give out android:readPermission
|
|
||||||
|
|
||||||
### ApgApiService (Remote Service)
|
|
||||||
AIDL service
|
|
||||||
|
|
||||||
## With permission ACCESS_KEYS
|
|
||||||
|
|
||||||
### ApgKeyService (Remote Service)
|
|
||||||
AIDL service to access actual private keyring objects
|
|
||||||
|
|
||||||
# Licenses
|
# Licenses
|
||||||
OpenPGP Kechain is licensed under Apache License v2.
|
OpenPGP Kechain is licensed under Apache License v2.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user