moparisthebest/open-keychain
1
0
Fork 0
mirror of https://github.com/moparisthebest/open-keychain synced 2024-11-23 17:22:16 -05:00
Code Issues Releases Wiki Activity

Disable parts of the old API

Browse Source
This commit is contained in:
Dominik Schürmann 2013-09-06 11:24:28 +02:00
parent c97c57d34e
commit dc6a709b7a
7 changed files with 201 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
API.md Normal file
View File

@ -0,0 +1,34 @@
# Security Model
## Basic goals
* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)
Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL
## Without Permissions
### Intents
All Intents start with ``org.sufficientlysecure.keychain.action.``
* ``android.intent.action.VIEW`` connected to .gpg and .asc files: Import Key and Decrypt
* ``android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
* ``IMPORT``
* ``IMPORT_FROM_FILE``
* ``IMPORT_FROM_QR_CODE``
* ``IMPORT_FROM_NFC``
* ``SHARE_KEYRING``
* ``SHARE_KEYRING_WITH_QR_CODE``
* ``SHARE_KEYRING_WITH_NFC``
* ``EDIT_KEYRING``
* ``SELECT_PUBLIC_KEYRINGS``
* ``SELECT_SECRET_KEYRING``
* ``ENCRYPT``
* ``ENCRYPT_FILE``
* ``DECRYPT``
* ``DECRYPT_FILE``
TODO:
- remove IMPORT, SHARE intents, simplify ENCRYPT and DECRYPT intents (include _FILE derivates like done in SEND based on file type)
- EDIT_KEYRING and CREATE_KEYRING, should be available via for registered apps
- new intent REGISTER_APP?

68
OLD_API.md Normal file
View File

@ -0,0 +1,68 @@
This is the old API. Currently disabled!
# Security Model
## Basic goals
* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)
Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL
## Possible Permissions
* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider)
* ACCESS_KEYS: get and import actual public and secret keys (remote service)
## Without Permissions
### Intents
All Intents start with org.sufficientlysecure.keychain.action.
* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt
* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
* IMPORT
* IMPORT_FROM_FILE
* IMPORT_FROM_QR_CODE
* IMPORT_FROM_NFC
* SHARE_KEYRING
* SHARE_KEYRING_WITH_QR_CODE
* SHARE_KEYRING_WITH_NFC
* EDIT_KEYRING
* SELECT_PUBLIC_KEYRINGS
* SELECT_SECRET_KEYRING
* ENCRYPT
* ENCRYPT_FILE
* DECRYPT
* DECRYPT_FILE
## With permission ACCESS_API
### Intents
* CREATE_KEYRING
* ENCRYPT_AND_RETURN
* ENCRYPT_STREAM_AND_RETURN
* GENERATE_SIGNATURE_AND_RETURN
* DECRYPT_AND_RETURN
* DECRYPT_STREAM_AND_RETURN
### Broadcast Receiver
On change of database the following broadcast is send.
* DATABASE_CHANGE
### Content Provider
* The whole content provider requires a permission (only read)
* Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service)
* Make an internal and external content provider (or pathes with <path-permission>)
* Look at android:grantUriPermissions especially for ApgServiceBlobProvider
* Only give out android:readPermission
### ApgApiService (Remote Service)
AIDL service
## With permission ACCESS_KEYS
### ApgKeyService (Remote Service)
AIDL service to access actual private keyring objects

116
OpenPGP-Keychain/AndroidManifest.xml
View File

@ -67,24 +67,27 @@
<uses-permission android:name="android.permission.NFC" /> <uses-permission android:name="android.permission.NFC" />
<uses-permission android:name="com.fsck.k9.permission.READ_ATTACHMENT" /> <uses-permission android:name="com.fsck.k9.permission.READ_ATTACHMENT" />
<permission-group <!-- TODO: disabled, old API -->
android:name="org.sufficientlysecure.keychain.permission-group.keychain" <!-- <permission-group -->
android:description="@string/permission_group_description" <!-- android:name="org.sufficientlysecure.keychain.permission-group.keychain" -->
android:icon="@drawable/icon" <!-- android:description="@string/permission_group_description" -->
android:label="@string/permission_group_label" /> <!-- android:icon="@drawable/icon" -->
<!-- android:label="@string/permission_group_label" /> -->
<!-- <permission -->
<!-- android:name="org.sufficientlysecure.keychain.permission.ACCESS_KEYS" -->
<!-- android:description="@string/permission_access_keys_description" -->
<!-- android:label="@string/permission_access_keys_label" -->
<!-- android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain" -->
<!-- android:protectionLevel="dangerous" /> -->
<!-- <permission -->
<!-- android:name="org.sufficientlysecure.keychain.permission.ACCESS_API" -->
<!-- android:description="@string/permission_access_api_description" -->
<!-- android:label="@string/permission_access_api_label" -->
<!-- android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain" -->
<!-- android:protectionLevel="dangerous" /> -->
<permission
android:name="org.sufficientlysecure.keychain.permission.ACCESS_KEYS"
android:description="@string/permission_access_keys_description"
android:label="@string/permission_access_keys_label"
android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain"
android:protectionLevel="dangerous" />
<permission
android:name="org.sufficientlysecure.keychain.permission.ACCESS_API"
android:description="@string/permission_access_api_description"
android:label="@string/permission_access_api_label"
android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain"
android:protectionLevel="dangerous" />
<!-- android:allowBackup="false": Don't allow backup over adb backup or other apps! --> <!-- android:allowBackup="false": Don't allow backup over adb backup or other apps! -->
<application <application
@ -412,50 +415,57 @@
android:exported="false" android:exported="false"
android:process=":passphrase_cache" /> android:process=":passphrase_cache" />
<service android:name="org.sufficientlysecure.keychain.service.KeychainIntentService" /> <service android:name="org.sufficientlysecure.keychain.service.KeychainIntentService" />
<service
android:name="org.sufficientlysecure.keychain.service.KeychainApiService"
android:enabled="true"
android:exported="true"
android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API"
android:process=":remoteapi" >
<intent-filter>
<action android:name="org.sufficientlysecure.keychain.service.IKeychainApiService" />
</intent-filter>
<meta-data <!-- TODO: disabled, old API! -->
android:name="api_version" <!-- <service -->
android:value="3" /> <!-- android:name="org.sufficientlysecure.keychain.service.KeychainApiService" -->
</service> <!-- android:enabled="true" -->
<service <!-- android:exported="true" -->
android:name="org.sufficientlysecure.keychain.service.KeychainKeyService" <!-- android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" -->
android:enabled="true" <!-- android:process=":remoteapi" > -->
android:exported="true" <!-- <intent-filter> -->
android:permission="org.sufficientlysecure.keychain.permission.ACCESS_KEYS" <!-- <action android:name="org.sufficientlysecure.keychain.service.IKeychainApiService" /> -->
android:process=":remotekeys" > <!-- </intent-filter> -->
<intent-filter>
<action android:name="org.sufficientlysecure.keychain.service.IKeychainKeyService" />
</intent-filter>
<meta-data
android:name="api_version" <!-- <meta-data -->
android:value="3" /> <!-- android:name="api_version" -->
</service> <!-- android:value="3" /> -->
<!-- </service> -->
<!-- <service -->
<!-- android:name="org.sufficientlysecure.keychain.service.KeychainKeyService" -->
<!-- android:enabled="true" -->
<!-- android:exported="true" -->
<!-- android:permission="org.sufficientlysecure.keychain.permission.ACCESS_KEYS" -->
<!-- android:process=":remotekeys" > -->
<!-- <intent-filter> -->
<!-- <action android:name="org.sufficientlysecure.keychain.service.IKeychainKeyService" /> -->
<!-- </intent-filter> -->
<!-- <meta-data -->
<!-- android:name="api_version" -->
<!-- android:value="3" /> -->
<!-- </service> -->
<provider <provider
android:name="org.sufficientlysecure.keychain.provider.KeychainProviderInternal" android:name="org.sufficientlysecure.keychain.provider.KeychainProviderInternal"
android:authorities="org.sufficientlysecure.keychain.internal" android:authorities="org.sufficientlysecure.keychain.internal"
android:exported="false" /> android:exported="false" />
<provider <!-- TODO: disabled, old API -->
android:name="org.sufficientlysecure.keychain.provider.KeychainProviderExternal" <!-- <provider -->
android:authorities="org.sufficientlysecure.keychain" <!-- android:name="org.sufficientlysecure.keychain.provider.KeychainProviderExternal" -->
android:exported="true" <!-- android:authorities="org.sufficientlysecure.keychain" -->
android:readPermission="org.sufficientlysecure.keychain.permission.ACCESS_API" /> <!-- android:exported="true" -->
<!-- android:readPermission="org.sufficientlysecure.keychain.permission.ACCESS_API" /> -->
<!-- TODO: authority! --> <!-- TODO: authority! -->
<provider <!-- <provider -->
android:name="org.sufficientlysecure.keychain.provider.KeychainServiceBlobProvider" <!-- android:name="org.sufficientlysecure.keychain.provider.KeychainServiceBlobProvider" -->
android:authorities="org.sufficientlysecure.keychain.provider.apgserviceblobprovider" <!-- android:authorities="org.sufficientlysecure.keychain.provider.apgserviceblobprovider" -->
android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" /> <!-- android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" /> -->
<!-- Remote API internal intents --> <!-- Remote API internal intents -->
@ -486,6 +496,8 @@
android:process=":crypto" > android:process=":crypto" >
<intent-filter> <intent-filter>
<action android:name="org.openintents.crypto.ICryptoService" /> <action android:name="org.openintents.crypto.ICryptoService" />
</intent-filter>
<intent-filter>
<!-- Can only be used from OpenPGP Keychain (internal): --> <!-- Can only be used from OpenPGP Keychain (internal): -->
<action android:name="org.sufficientlysecure.keychain.crypto_provider.IServiceActivityCallback" /> <action android:name="org.sufficientlysecure.keychain.crypto_provider.IServiceActivityCallback" />

45
OpenPGP-Keychain/src/org/sufficientlysecure/keychain/helper/OtherHelper.java
View File

@ -122,26 +122,31 @@ public class OtherHelper {
if (action != null) { if (action != null) {
PackageManager pkgManager = activity.getPackageManager(); PackageManager pkgManager = activity.getPackageManager();
for (int i = 0; i < restrictedActions.length; i++) { // for (int i = 0; i < restrictedActions.length; i++) {
if (restrictedActions[i].equals(action)) { // if (restrictedActions[i].equals(action)) {
if (pkgName != null // if (pkgName != null
&& (pkgManager.checkPermission(permName, pkgName) == PackageManager.PERMISSION_GRANTED || pkgName // && (pkgManager.checkPermission(permName, pkgName) == PackageManager.PERMISSION_GRANTED || pkgName
.equals(Constants.PACKAGE_NAME))) { // .equals(Constants.PACKAGE_NAME))) {
Log.d(Constants.TAG, pkgName + " has permission " + permName + ". Action " // Log.d(Constants.TAG, pkgName + " has permission " + permName + ". Action "
+ action + " was granted!"); // + action + " was granted!");
} else { // } else {
String error = pkgName + " does NOT have permission " + permName // String error = pkgName + " does NOT have permission " + permName
+ ". Action " + action + " was NOT granted!"; // + ". Action " + action + " was NOT granted!";
Log.e(Constants.TAG, error); // Log.e(Constants.TAG, error);
Toast.makeText(activity, activity.getString(R.string.errorMessage, error), // Toast.makeText(activity, activity.getString(R.string.errorMessage, error),
Toast.LENGTH_LONG).show(); // Toast.LENGTH_LONG).show();
//
// end activity // // end activity
activity.setResult(Activity.RESULT_CANCELED, null); // activity.setResult(Activity.RESULT_CANCELED, null);
activity.finish(); // activity.finish();
} // }
} // }
} // }
// TODO: currently always cancels! THis is the old API
// end activity
activity.setResult(Activity.RESULT_CANCELED, null);
activity.finish();
} }
} }

12
OpenPGP-Keychain/src/org/sufficientlysecure/keychain/provider/KeychainProvider.java
View File

@ -973,10 +973,12 @@ public class KeychainProvider extends ContentProvider {
* updated, or deleted * updated, or deleted
*/ */
private void sendBroadcastDatabaseChange(int keyType, String contentItemType) { private void sendBroadcastDatabaseChange(int keyType, String contentItemType) {
Intent intent = new Intent(); // TODO: Disabled, old API
intent.setAction(ACTION_BROADCAST_DATABASE_CHANGE); // Intent intent = new Intent();
intent.putExtra(EXTRA_BROADCAST_KEY_TYPE, keyType); // intent.setAction(ACTION_BROADCAST_DATABASE_CHANGE);
intent.putExtra(EXTRA_BROADCAST_CONTENT_ITEM_TYPE, contentItemType); // intent.putExtra(EXTRA_BROADCAST_KEY_TYPE, keyType);
getContext().sendBroadcast(intent, Constants.PERMISSION_ACCESS_API); // intent.putExtra(EXTRA_BROADCAST_CONTENT_ITEM_TYPE, contentItemType);
//
// getContext().sendBroadcast(intent, Constants.PERMISSION_ACCESS_API);
} }
} }

8
OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/RegisteredAppsListFragment.java
View File

@ -4,8 +4,6 @@ import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.provider.KeychainContract; import org.sufficientlysecure.keychain.provider.KeychainContract;
import org.sufficientlysecure.keychain.provider.KeychainContract.ApiApps; import org.sufficientlysecure.keychain.provider.KeychainContract.ApiApps;
import com.actionbarsherlock.app.SherlockListFragment;
import android.content.ContentUris; import android.content.ContentUris;
import android.content.Intent; import android.content.Intent;
import android.database.Cursor; import android.database.Cursor;
@ -17,7 +15,8 @@ import android.support.v4.content.Loader;
import android.view.View; import android.view.View;
import android.widget.AdapterView; import android.widget.AdapterView;
import android.widget.AdapterView.OnItemClickListener; import android.widget.AdapterView.OnItemClickListener;
import android.widget.ListView;
import com.actionbarsherlock.app.SherlockListFragment;
public class RegisteredAppsListFragment extends SherlockListFragment implements public class RegisteredAppsListFragment extends SherlockListFragment implements
LoaderManager.LoaderCallbacks<Cursor> { LoaderManager.LoaderCallbacks<Cursor> {
@ -37,8 +36,7 @@ public class RegisteredAppsListFragment extends SherlockListFragment implements
public void onItemClick(AdapterView<?> adapterView, View view, int position, long id) { public void onItemClick(AdapterView<?> adapterView, View view, int position, long id) {
// edit app settings // edit app settings
Intent intent = new Intent(getActivity(), AppSettingsActivity.class); Intent intent = new Intent(getActivity(), AppSettingsActivity.class);
intent.setData(ContentUris.withAppendedId( intent.setData(ContentUris.withAppendedId(KeychainContract.ApiApps.CONTENT_URI, id));
KeychainContract.ApiApps.CONTENT_URI, id));
startActivity(intent); startActivity(intent);
} }
}); });

66
README.md
View File

@ -68,72 +68,6 @@ See http://docs.oseems.com/general/application/eclipse/fix-gc-overhead-limit-exc
1. Open svg file in Inkscape 1. Open svg file in Inkscape
2. Extensions -> Color -> darker (2 times!) 2. Extensions -> Color -> darker (2 times!)
# Security Model
## Basic goals
* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)
Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL
## Possible Permissions
* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider)
* ACCESS_KEYS: get and import actual public and secret keys (remote service)
## Without Permissions
### Intents
All Intents start with org.sufficientlysecure.keychain.action.
* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt
* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
* IMPORT
* IMPORT_FROM_FILE
* IMPORT_FROM_QR_CODE
* IMPORT_FROM_NFC
* SHARE_KEYRING
* SHARE_KEYRING_WITH_QR_CODE
* SHARE_KEYRING_WITH_NFC
* EDIT_KEYRING
* SELECT_PUBLIC_KEYRINGS
* SELECT_SECRET_KEYRING
* ENCRYPT
* ENCRYPT_FILE
* DECRYPT
* DECRYPT_FILE
## With permission ACCESS_API
### Intents
* CREATE_KEYRING
* ENCRYPT_AND_RETURN
* ENCRYPT_STREAM_AND_RETURN
* GENERATE_SIGNATURE_AND_RETURN
* DECRYPT_AND_RETURN
* DECRYPT_STREAM_AND_RETURN
### Broadcast Receiver
On change of database the following broadcast is send.
* DATABASE_CHANGE
### Content Provider
* The whole content provider requires a permission (only read)
* Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service)
* Make an internal and external content provider (or pathes with <path-permission>)
* Look at android:grantUriPermissions especially for ApgServiceBlobProvider
* Only give out android:readPermission
### ApgApiService (Remote Service)
AIDL service
## With permission ACCESS_KEYS
### ApgKeyService (Remote Service)
AIDL service to access actual private keyring objects
# Licenses # Licenses
OpenPGP Kechain is licensed under Apache License v2. OpenPGP Kechain is licensed under Apache License v2.