Disable parts of the old API

This commit is contained in:
Dominik Schürmann 2013-09-06 11:24:28 +02:00
parent c97c57d34e
commit dc6a709b7a
7 changed files with 201 additions and 148 deletions

34
API.md Normal file
View File

@ -0,0 +1,34 @@
# Security Model
## Basic goals
* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)
Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL
## Without Permissions
### Intents
All Intents start with ``org.sufficientlysecure.keychain.action.``
* ``android.intent.action.VIEW`` connected to .gpg and .asc files: Import Key and Decrypt
* ``android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
* ``IMPORT``
* ``IMPORT_FROM_FILE``
* ``IMPORT_FROM_QR_CODE``
* ``IMPORT_FROM_NFC``
* ``SHARE_KEYRING``
* ``SHARE_KEYRING_WITH_QR_CODE``
* ``SHARE_KEYRING_WITH_NFC``
* ``EDIT_KEYRING``
* ``SELECT_PUBLIC_KEYRINGS``
* ``SELECT_SECRET_KEYRING``
* ``ENCRYPT``
* ``ENCRYPT_FILE``
* ``DECRYPT``
* ``DECRYPT_FILE``
TODO:
- remove IMPORT, SHARE intents, simplify ENCRYPT and DECRYPT intents (include _FILE derivates like done in SEND based on file type)
- EDIT_KEYRING and CREATE_KEYRING, should be available via for registered apps
- new intent REGISTER_APP?

68
OLD_API.md Normal file
View File

@ -0,0 +1,68 @@
This is the old API. Currently disabled!
# Security Model
## Basic goals
* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)
Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL
## Possible Permissions
* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider)
* ACCESS_KEYS: get and import actual public and secret keys (remote service)
## Without Permissions
### Intents
All Intents start with org.sufficientlysecure.keychain.action.
* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt
* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
* IMPORT
* IMPORT_FROM_FILE
* IMPORT_FROM_QR_CODE
* IMPORT_FROM_NFC
* SHARE_KEYRING
* SHARE_KEYRING_WITH_QR_CODE
* SHARE_KEYRING_WITH_NFC
* EDIT_KEYRING
* SELECT_PUBLIC_KEYRINGS
* SELECT_SECRET_KEYRING
* ENCRYPT
* ENCRYPT_FILE
* DECRYPT
* DECRYPT_FILE
## With permission ACCESS_API
### Intents
* CREATE_KEYRING
* ENCRYPT_AND_RETURN
* ENCRYPT_STREAM_AND_RETURN
* GENERATE_SIGNATURE_AND_RETURN
* DECRYPT_AND_RETURN
* DECRYPT_STREAM_AND_RETURN
### Broadcast Receiver
On change of database the following broadcast is send.
* DATABASE_CHANGE
### Content Provider
* The whole content provider requires a permission (only read)
* Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service)
* Make an internal and external content provider (or pathes with <path-permission>)
* Look at android:grantUriPermissions especially for ApgServiceBlobProvider
* Only give out android:readPermission
### ApgApiService (Remote Service)
AIDL service
## With permission ACCESS_KEYS
### ApgKeyService (Remote Service)
AIDL service to access actual private keyring objects

View File

@ -67,24 +67,27 @@
<uses-permission android:name="android.permission.NFC" />
<uses-permission android:name="com.fsck.k9.permission.READ_ATTACHMENT" />
<permission-group
android:name="org.sufficientlysecure.keychain.permission-group.keychain"
android:description="@string/permission_group_description"
android:icon="@drawable/icon"
android:label="@string/permission_group_label" />
<!-- TODO: disabled, old API -->
<!-- <permission-group -->
<!-- android:name="org.sufficientlysecure.keychain.permission-group.keychain" -->
<!-- android:description="@string/permission_group_description" -->
<!-- android:icon="@drawable/icon" -->
<!-- android:label="@string/permission_group_label" /> -->
<!-- <permission -->
<!-- android:name="org.sufficientlysecure.keychain.permission.ACCESS_KEYS" -->
<!-- android:description="@string/permission_access_keys_description" -->
<!-- android:label="@string/permission_access_keys_label" -->
<!-- android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain" -->
<!-- android:protectionLevel="dangerous" /> -->
<!-- <permission -->
<!-- android:name="org.sufficientlysecure.keychain.permission.ACCESS_API" -->
<!-- android:description="@string/permission_access_api_description" -->
<!-- android:label="@string/permission_access_api_label" -->
<!-- android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain" -->
<!-- android:protectionLevel="dangerous" /> -->
<permission
android:name="org.sufficientlysecure.keychain.permission.ACCESS_KEYS"
android:description="@string/permission_access_keys_description"
android:label="@string/permission_access_keys_label"
android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain"
android:protectionLevel="dangerous" />
<permission
android:name="org.sufficientlysecure.keychain.permission.ACCESS_API"
android:description="@string/permission_access_api_description"
android:label="@string/permission_access_api_label"
android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain"
android:protectionLevel="dangerous" />
<!-- android:allowBackup="false": Don't allow backup over adb backup or other apps! -->
<application
@ -412,50 +415,57 @@
android:exported="false"
android:process=":passphrase_cache" />
<service android:name="org.sufficientlysecure.keychain.service.KeychainIntentService" />
<service
android:name="org.sufficientlysecure.keychain.service.KeychainApiService"
android:enabled="true"
android:exported="true"
android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API"
android:process=":remoteapi" >
<intent-filter>
<action android:name="org.sufficientlysecure.keychain.service.IKeychainApiService" />
</intent-filter>
<meta-data
android:name="api_version"
android:value="3" />
</service>
<service
android:name="org.sufficientlysecure.keychain.service.KeychainKeyService"
android:enabled="true"
android:exported="true"
android:permission="org.sufficientlysecure.keychain.permission.ACCESS_KEYS"
android:process=":remotekeys" >
<intent-filter>
<action android:name="org.sufficientlysecure.keychain.service.IKeychainKeyService" />
</intent-filter>
<!-- TODO: disabled, old API! -->
<!-- <service -->
<!-- android:name="org.sufficientlysecure.keychain.service.KeychainApiService" -->
<!-- android:enabled="true" -->
<!-- android:exported="true" -->
<!-- android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" -->
<!-- android:process=":remoteapi" > -->
<!-- <intent-filter> -->
<!-- <action android:name="org.sufficientlysecure.keychain.service.IKeychainApiService" /> -->
<!-- </intent-filter> -->
<meta-data
android:name="api_version"
android:value="3" />
</service>
<!-- <meta-data -->
<!-- android:name="api_version" -->
<!-- android:value="3" /> -->
<!-- </service> -->
<!-- <service -->
<!-- android:name="org.sufficientlysecure.keychain.service.KeychainKeyService" -->
<!-- android:enabled="true" -->
<!-- android:exported="true" -->
<!-- android:permission="org.sufficientlysecure.keychain.permission.ACCESS_KEYS" -->
<!-- android:process=":remotekeys" > -->
<!-- <intent-filter> -->
<!-- <action android:name="org.sufficientlysecure.keychain.service.IKeychainKeyService" /> -->
<!-- </intent-filter> -->
<!-- <meta-data -->
<!-- android:name="api_version" -->
<!-- android:value="3" /> -->
<!-- </service> -->
<provider
android:name="org.sufficientlysecure.keychain.provider.KeychainProviderInternal"
android:authorities="org.sufficientlysecure.keychain.internal"
android:exported="false" />
<provider
android:name="org.sufficientlysecure.keychain.provider.KeychainProviderExternal"
android:authorities="org.sufficientlysecure.keychain"
android:exported="true"
android:readPermission="org.sufficientlysecure.keychain.permission.ACCESS_API" />
<!-- TODO: disabled, old API -->
<!-- <provider -->
<!-- android:name="org.sufficientlysecure.keychain.provider.KeychainProviderExternal" -->
<!-- android:authorities="org.sufficientlysecure.keychain" -->
<!-- android:exported="true" -->
<!-- android:readPermission="org.sufficientlysecure.keychain.permission.ACCESS_API" /> -->
<!-- TODO: authority! -->
<provider
android:name="org.sufficientlysecure.keychain.provider.KeychainServiceBlobProvider"
android:authorities="org.sufficientlysecure.keychain.provider.apgserviceblobprovider"
android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" />
<!-- <provider -->
<!-- android:name="org.sufficientlysecure.keychain.provider.KeychainServiceBlobProvider" -->
<!-- android:authorities="org.sufficientlysecure.keychain.provider.apgserviceblobprovider" -->
<!-- android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" /> -->
<!-- Remote API internal intents -->
@ -486,6 +496,8 @@
android:process=":crypto" >
<intent-filter>
<action android:name="org.openintents.crypto.ICryptoService" />
</intent-filter>
<intent-filter>
<!-- Can only be used from OpenPGP Keychain (internal): -->
<action android:name="org.sufficientlysecure.keychain.crypto_provider.IServiceActivityCallback" />

View File

@ -122,28 +122,33 @@ public class OtherHelper {
if (action != null) {
PackageManager pkgManager = activity.getPackageManager();
for (int i = 0; i < restrictedActions.length; i++) {
if (restrictedActions[i].equals(action)) {
if (pkgName != null
&& (pkgManager.checkPermission(permName, pkgName) == PackageManager.PERMISSION_GRANTED || pkgName
.equals(Constants.PACKAGE_NAME))) {
Log.d(Constants.TAG, pkgName + " has permission " + permName + ". Action "
+ action + " was granted!");
} else {
String error = pkgName + " does NOT have permission " + permName
+ ". Action " + action + " was NOT granted!";
Log.e(Constants.TAG, error);
Toast.makeText(activity, activity.getString(R.string.errorMessage, error),
Toast.LENGTH_LONG).show();
// for (int i = 0; i < restrictedActions.length; i++) {
// if (restrictedActions[i].equals(action)) {
// if (pkgName != null
// && (pkgManager.checkPermission(permName, pkgName) == PackageManager.PERMISSION_GRANTED || pkgName
// .equals(Constants.PACKAGE_NAME))) {
// Log.d(Constants.TAG, pkgName + " has permission " + permName + ". Action "
// + action + " was granted!");
// } else {
// String error = pkgName + " does NOT have permission " + permName
// + ". Action " + action + " was NOT granted!";
// Log.e(Constants.TAG, error);
// Toast.makeText(activity, activity.getString(R.string.errorMessage, error),
// Toast.LENGTH_LONG).show();
//
// // end activity
// activity.setResult(Activity.RESULT_CANCELED, null);
// activity.finish();
// }
// }
// }
// TODO: currently always cancels! THis is the old API
// end activity
activity.setResult(Activity.RESULT_CANCELED, null);
activity.finish();
}
}
}
}
}
/**
* Splits userId string into naming part and email part

View File

@ -973,10 +973,12 @@ public class KeychainProvider extends ContentProvider {
* updated, or deleted
*/
private void sendBroadcastDatabaseChange(int keyType, String contentItemType) {
Intent intent = new Intent();
intent.setAction(ACTION_BROADCAST_DATABASE_CHANGE);
intent.putExtra(EXTRA_BROADCAST_KEY_TYPE, keyType);
intent.putExtra(EXTRA_BROADCAST_CONTENT_ITEM_TYPE, contentItemType);
getContext().sendBroadcast(intent, Constants.PERMISSION_ACCESS_API);
// TODO: Disabled, old API
// Intent intent = new Intent();
// intent.setAction(ACTION_BROADCAST_DATABASE_CHANGE);
// intent.putExtra(EXTRA_BROADCAST_KEY_TYPE, keyType);
// intent.putExtra(EXTRA_BROADCAST_CONTENT_ITEM_TYPE, contentItemType);
//
// getContext().sendBroadcast(intent, Constants.PERMISSION_ACCESS_API);
}
}

View File

@ -4,8 +4,6 @@ import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.provider.KeychainContract;
import org.sufficientlysecure.keychain.provider.KeychainContract.ApiApps;
import com.actionbarsherlock.app.SherlockListFragment;
import android.content.ContentUris;
import android.content.Intent;
import android.database.Cursor;
@ -17,7 +15,8 @@ import android.support.v4.content.Loader;
import android.view.View;
import android.widget.AdapterView;
import android.widget.AdapterView.OnItemClickListener;
import android.widget.ListView;
import com.actionbarsherlock.app.SherlockListFragment;
public class RegisteredAppsListFragment extends SherlockListFragment implements
LoaderManager.LoaderCallbacks<Cursor> {
@ -37,8 +36,7 @@ public class RegisteredAppsListFragment extends SherlockListFragment implements
public void onItemClick(AdapterView<?> adapterView, View view, int position, long id) {
// edit app settings
Intent intent = new Intent(getActivity(), AppSettingsActivity.class);
intent.setData(ContentUris.withAppendedId(
KeychainContract.ApiApps.CONTENT_URI, id));
intent.setData(ContentUris.withAppendedId(KeychainContract.ApiApps.CONTENT_URI, id));
startActivity(intent);
}
});

View File

@ -68,72 +68,6 @@ See http://docs.oseems.com/general/application/eclipse/fix-gc-overhead-limit-exc
1. Open svg file in Inkscape
2. Extensions -> Color -> darker (2 times!)
# Security Model
## Basic goals
* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)
Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL
## Possible Permissions
* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider)
* ACCESS_KEYS: get and import actual public and secret keys (remote service)
## Without Permissions
### Intents
All Intents start with org.sufficientlysecure.keychain.action.
* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt
* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
* IMPORT
* IMPORT_FROM_FILE
* IMPORT_FROM_QR_CODE
* IMPORT_FROM_NFC
* SHARE_KEYRING
* SHARE_KEYRING_WITH_QR_CODE
* SHARE_KEYRING_WITH_NFC
* EDIT_KEYRING
* SELECT_PUBLIC_KEYRINGS
* SELECT_SECRET_KEYRING
* ENCRYPT
* ENCRYPT_FILE
* DECRYPT
* DECRYPT_FILE
## With permission ACCESS_API
### Intents
* CREATE_KEYRING
* ENCRYPT_AND_RETURN
* ENCRYPT_STREAM_AND_RETURN
* GENERATE_SIGNATURE_AND_RETURN
* DECRYPT_AND_RETURN
* DECRYPT_STREAM_AND_RETURN
### Broadcast Receiver
On change of database the following broadcast is send.
* DATABASE_CHANGE
### Content Provider
* The whole content provider requires a permission (only read)
* Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service)
* Make an internal and external content provider (or pathes with <path-permission>)
* Look at android:grantUriPermissions especially for ApgServiceBlobProvider
* Only give out android:readPermission
### ApgApiService (Remote Service)
AIDL service
## With permission ACCESS_KEYS
### ApgKeyService (Remote Service)
AIDL service to access actual private keyring objects
# Licenses
OpenPGP Kechain is licensed under Apache License v2.