diff options
| author | Vincent Breitmoser <valodim@mugenguild.com> | 2015-06-26 02:44:34 +0200 |
|---|---|---|
| committer | Vincent Breitmoser <valodim@mugenguild.com> | 2015-06-26 15:40:12 +0200 |
| commit | 56ef0f320b24f1a40017bd8d0cb8f80c611f2abd (patch) | |
| tree | fe166cc1841fd8aac2de7536aa4ad43614de36bf /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote | |
| parent | 080d1c747acd32311b8582ae33ad5972148a6e49 (diff) | |
| download | open-keychain-56ef0f320b24f1a40017bd8d0cb8f80c611f2abd.tar.gz open-keychain-56ef0f320b24f1a40017bd8d0cb8f80c611f2abd.tar.bz2 open-keychain-56ef0f320b24f1a40017bd8d0cb8f80c611f2abd.zip | |
disable automatic accept for own uid in RemoteService, and fix some warnings
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote')
| -rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/RemoteService.java | 23 |
1 files changed, 8 insertions, 15 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/RemoteService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/RemoteService.java index e4d4ac49a..792a4d253 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/RemoteService.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/RemoteService.java @@ -17,6 +17,7 @@ package org.sufficientlysecure.keychain.remote; +import android.annotation.SuppressLint; import android.app.PendingIntent; import android.app.Service; import android.content.Context; @@ -65,12 +66,11 @@ public abstract class RemoteService extends Service { /** * Checks if caller is allowed to access the API * - * @param data * @return null if caller is allowed, or a Bundle with a PendingIntent */ protected Intent isAllowed(Intent data) { try { - if (isCallerAllowed(false)) { + if (isCallerAllowed()) { return null; } else { String packageName = getCurrentCallingPackage(); @@ -130,8 +130,8 @@ public abstract class RemoteService extends Service { } private byte[] getPackageCertificate(String packageName) throws NameNotFoundException { - PackageInfo pkgInfo = getPackageManager().getPackageInfo(packageName, - PackageManager.GET_SIGNATURES); + @SuppressLint("PackageManagerGetSignatures") // we do check the byte array of *all* signatures + PackageInfo pkgInfo = getPackageManager().getPackageInfo(packageName, PackageManager.GET_SIGNATURES); // NOTE: Silly Android API naming: Signatures are actually certificates Signature[] certificates = pkgInfo.signatures; ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); @@ -211,22 +211,15 @@ public abstract class RemoteService extends Service { * Checks if process that binds to this service (i.e. the package name corresponding to the * process) is in the list of allowed package names. * - * @param allowOnlySelf allow only Keychain app itself * @return true if process is allowed to use this service * @throws WrongPackageCertificateException */ - private boolean isCallerAllowed(boolean allowOnlySelf) throws WrongPackageCertificateException { - return isUidAllowed(Binder.getCallingUid(), allowOnlySelf); + private boolean isCallerAllowed() throws WrongPackageCertificateException { + return isUidAllowed(Binder.getCallingUid()); } - private boolean isUidAllowed(int uid, boolean allowOnlySelf) + private boolean isUidAllowed(int uid) throws WrongPackageCertificateException { - if (android.os.Process.myUid() == uid) { - return true; - } - if (allowOnlySelf) { // barrier - return false; - } String[] callingPackages = getPackageManager().getPackagesForUid(uid); @@ -237,7 +230,7 @@ public abstract class RemoteService extends Service { } } - Log.d(Constants.TAG, "Uid is NOT allowed!"); + Log.e(Constants.TAG, "Uid is NOT allowed!"); return false; } |