diff options
| -rw-r--r-- | API.md | 34 | ||||
| -rw-r--r-- | OLD_API.md | 68 | ||||
| -rw-r--r-- | OpenPGP-Keychain/AndroidManifest.xml | 120 | ||||
| -rw-r--r-- | OpenPGP-Keychain/src/org/sufficientlysecure/keychain/helper/OtherHelper.java | 45 | ||||
| -rw-r--r-- | OpenPGP-Keychain/src/org/sufficientlysecure/keychain/provider/KeychainProvider.java | 12 | ||||
| -rw-r--r-- | OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/RegisteredAppsListFragment.java | 8 | ||||
| -rw-r--r-- | README.md | 66 |
7 files changed, 203 insertions, 150 deletions
@@ -0,0 +1,34 @@ +# Security Model + +## Basic goals + +* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog) + +Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL + +## Without Permissions + +### Intents +All Intents start with ``org.sufficientlysecure.keychain.action.`` + +* ``android.intent.action.VIEW`` connected to .gpg and .asc files: Import Key and Decrypt +* ``android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt +* ``IMPORT`` +* ``IMPORT_FROM_FILE`` +* ``IMPORT_FROM_QR_CODE`` +* ``IMPORT_FROM_NFC`` +* ``SHARE_KEYRING`` +* ``SHARE_KEYRING_WITH_QR_CODE`` +* ``SHARE_KEYRING_WITH_NFC`` +* ``EDIT_KEYRING`` +* ``SELECT_PUBLIC_KEYRINGS`` +* ``SELECT_SECRET_KEYRING`` +* ``ENCRYPT`` +* ``ENCRYPT_FILE`` +* ``DECRYPT`` +* ``DECRYPT_FILE`` + +TODO: +- remove IMPORT, SHARE intents, simplify ENCRYPT and DECRYPT intents (include _FILE derivates like done in SEND based on file type) +- EDIT_KEYRING and CREATE_KEYRING, should be available via for registered apps +- new intent REGISTER_APP?
\ No newline at end of file diff --git a/OLD_API.md b/OLD_API.md new file mode 100644 index 000000000..1a9bab0a7 --- /dev/null +++ b/OLD_API.md @@ -0,0 +1,68 @@ +This is the old API. Currently disabled! + +# Security Model + +## Basic goals + +* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog) + +Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL + +## Possible Permissions + +* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider) +* ACCESS_KEYS: get and import actual public and secret keys (remote service) + + +## Without Permissions + +### Intents +All Intents start with org.sufficientlysecure.keychain.action. + +* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt +* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt +* IMPORT +* IMPORT_FROM_FILE +* IMPORT_FROM_QR_CODE +* IMPORT_FROM_NFC +* SHARE_KEYRING +* SHARE_KEYRING_WITH_QR_CODE +* SHARE_KEYRING_WITH_NFC +* EDIT_KEYRING +* SELECT_PUBLIC_KEYRINGS +* SELECT_SECRET_KEYRING +* ENCRYPT +* ENCRYPT_FILE +* DECRYPT +* DECRYPT_FILE + +## With permission ACCESS_API + +### Intents + +* CREATE_KEYRING +* ENCRYPT_AND_RETURN +* ENCRYPT_STREAM_AND_RETURN +* GENERATE_SIGNATURE_AND_RETURN +* DECRYPT_AND_RETURN +* DECRYPT_STREAM_AND_RETURN + +### Broadcast Receiver +On change of database the following broadcast is send. +* DATABASE_CHANGE + +### Content Provider + +* The whole content provider requires a permission (only read) +* Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service) +* Make an internal and external content provider (or pathes with <path-permission>) +* Look at android:grantUriPermissions especially for ApgServiceBlobProvider +* Only give out android:readPermission + +### ApgApiService (Remote Service) +AIDL service + +## With permission ACCESS_KEYS + +### ApgKeyService (Remote Service) +AIDL service to access actual private keyring objects
\ No newline at end of file diff --git a/OpenPGP-Keychain/AndroidManifest.xml b/OpenPGP-Keychain/AndroidManifest.xml index b5aeb2091..c975d0357 100644 --- a/OpenPGP-Keychain/AndroidManifest.xml +++ b/OpenPGP-Keychain/AndroidManifest.xml @@ -67,24 +67,27 @@ <uses-permission android:name="android.permission.NFC" /> <uses-permission android:name="com.fsck.k9.permission.READ_ATTACHMENT" /> - <permission-group - android:name="org.sufficientlysecure.keychain.permission-group.keychain" - android:description="@string/permission_group_description" - android:icon="@drawable/icon" - android:label="@string/permission_group_label" /> - - <permission - android:name="org.sufficientlysecure.keychain.permission.ACCESS_KEYS" - android:description="@string/permission_access_keys_description" - android:label="@string/permission_access_keys_label" - android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain" - android:protectionLevel="dangerous" /> - <permission - android:name="org.sufficientlysecure.keychain.permission.ACCESS_API" - android:description="@string/permission_access_api_description" - android:label="@string/permission_access_api_label" - android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain" - android:protectionLevel="dangerous" /> + <!-- TODO: disabled, old API --> + <!-- <permission-group --> + <!-- android:name="org.sufficientlysecure.keychain.permission-group.keychain" --> + <!-- android:description="@string/permission_group_description" --> + <!-- android:icon="@drawable/icon" --> + <!-- android:label="@string/permission_group_label" /> --> + + + <!-- <permission --> + <!-- android:name="org.sufficientlysecure.keychain.permission.ACCESS_KEYS" --> + <!-- android:description="@string/permission_access_keys_description" --> + <!-- android:label="@string/permission_access_keys_label" --> + <!-- android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain" --> + <!-- android:protectionLevel="dangerous" /> --> + <!-- <permission --> + <!-- android:name="org.sufficientlysecure.keychain.permission.ACCESS_API" --> + <!-- android:description="@string/permission_access_api_description" --> + <!-- android:label="@string/permission_access_api_label" --> + <!-- android:permissionGroup="org.sufficientlysecure.keychain.permission-group.keychain" --> + <!-- android:protectionLevel="dangerous" /> --> + <!-- android:allowBackup="false": Don't allow backup over adb backup or other apps! --> <application @@ -412,50 +415,57 @@ android:exported="false" android:process=":passphrase_cache" /> <service android:name="org.sufficientlysecure.keychain.service.KeychainIntentService" /> - <service - android:name="org.sufficientlysecure.keychain.service.KeychainApiService" - android:enabled="true" - android:exported="true" - android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" - android:process=":remoteapi" > - <intent-filter> - <action android:name="org.sufficientlysecure.keychain.service.IKeychainApiService" /> - </intent-filter> - - <meta-data - android:name="api_version" - android:value="3" /> - </service> - <service - android:name="org.sufficientlysecure.keychain.service.KeychainKeyService" - android:enabled="true" - android:exported="true" - android:permission="org.sufficientlysecure.keychain.permission.ACCESS_KEYS" - android:process=":remotekeys" > - <intent-filter> - <action android:name="org.sufficientlysecure.keychain.service.IKeychainKeyService" /> - </intent-filter> - <meta-data - android:name="api_version" - android:value="3" /> - </service> + <!-- TODO: disabled, old API! --> + <!-- <service --> + <!-- android:name="org.sufficientlysecure.keychain.service.KeychainApiService" --> + <!-- android:enabled="true" --> + <!-- android:exported="true" --> + <!-- android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" --> + <!-- android:process=":remoteapi" > --> + <!-- <intent-filter> --> + <!-- <action android:name="org.sufficientlysecure.keychain.service.IKeychainApiService" /> --> + <!-- </intent-filter> --> + + + <!-- <meta-data --> + <!-- android:name="api_version" --> + <!-- android:value="3" /> --> + <!-- </service> --> + <!-- <service --> + <!-- android:name="org.sufficientlysecure.keychain.service.KeychainKeyService" --> + <!-- android:enabled="true" --> + <!-- android:exported="true" --> + <!-- android:permission="org.sufficientlysecure.keychain.permission.ACCESS_KEYS" --> + <!-- android:process=":remotekeys" > --> + <!-- <intent-filter> --> + <!-- <action android:name="org.sufficientlysecure.keychain.service.IKeychainKeyService" /> --> + <!-- </intent-filter> --> + + + <!-- <meta-data --> + <!-- android:name="api_version" --> + <!-- android:value="3" /> --> + <!-- </service> --> <provider android:name="org.sufficientlysecure.keychain.provider.KeychainProviderInternal" android:authorities="org.sufficientlysecure.keychain.internal" android:exported="false" /> - <provider - android:name="org.sufficientlysecure.keychain.provider.KeychainProviderExternal" - android:authorities="org.sufficientlysecure.keychain" - android:exported="true" - android:readPermission="org.sufficientlysecure.keychain.permission.ACCESS_API" /> + <!-- TODO: disabled, old API --> + <!-- <provider --> + <!-- android:name="org.sufficientlysecure.keychain.provider.KeychainProviderExternal" --> + <!-- android:authorities="org.sufficientlysecure.keychain" --> + <!-- android:exported="true" --> + <!-- android:readPermission="org.sufficientlysecure.keychain.permission.ACCESS_API" /> --> + <!-- TODO: authority! --> - <provider - android:name="org.sufficientlysecure.keychain.provider.KeychainServiceBlobProvider" - android:authorities="org.sufficientlysecure.keychain.provider.apgserviceblobprovider" - android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" /> + <!-- <provider --> + <!-- android:name="org.sufficientlysecure.keychain.provider.KeychainServiceBlobProvider" --> + <!-- android:authorities="org.sufficientlysecure.keychain.provider.apgserviceblobprovider" --> + <!-- android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" /> --> + <!-- Remote API internal intents --> @@ -486,6 +496,8 @@ android:process=":crypto" > <intent-filter> <action android:name="org.openintents.crypto.ICryptoService" /> + </intent-filter> + <intent-filter> <!-- Can only be used from OpenPGP Keychain (internal): --> <action android:name="org.sufficientlysecure.keychain.crypto_provider.IServiceActivityCallback" /> diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/helper/OtherHelper.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/helper/OtherHelper.java index 6a71ca0ba..e38b1b726 100644 --- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/helper/OtherHelper.java +++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/helper/OtherHelper.java @@ -122,26 +122,31 @@ public class OtherHelper { if (action != null) { PackageManager pkgManager = activity.getPackageManager(); - for (int i = 0; i < restrictedActions.length; i++) { - if (restrictedActions[i].equals(action)) { - if (pkgName != null - && (pkgManager.checkPermission(permName, pkgName) == PackageManager.PERMISSION_GRANTED || pkgName - .equals(Constants.PACKAGE_NAME))) { - Log.d(Constants.TAG, pkgName + " has permission " + permName + ". Action " - + action + " was granted!"); - } else { - String error = pkgName + " does NOT have permission " + permName - + ". Action " + action + " was NOT granted!"; - Log.e(Constants.TAG, error); - Toast.makeText(activity, activity.getString(R.string.errorMessage, error), - Toast.LENGTH_LONG).show(); - - // end activity - activity.setResult(Activity.RESULT_CANCELED, null); - activity.finish(); - } - } - } +// for (int i = 0; i < restrictedActions.length; i++) { +// if (restrictedActions[i].equals(action)) { +// if (pkgName != null +// && (pkgManager.checkPermission(permName, pkgName) == PackageManager.PERMISSION_GRANTED || pkgName +// .equals(Constants.PACKAGE_NAME))) { +// Log.d(Constants.TAG, pkgName + " has permission " + permName + ". Action " +// + action + " was granted!"); +// } else { +// String error = pkgName + " does NOT have permission " + permName +// + ". Action " + action + " was NOT granted!"; +// Log.e(Constants.TAG, error); +// Toast.makeText(activity, activity.getString(R.string.errorMessage, error), +// Toast.LENGTH_LONG).show(); +// +// // end activity +// activity.setResult(Activity.RESULT_CANCELED, null); +// activity.finish(); +// } +// } +// } + + // TODO: currently always cancels! THis is the old API + // end activity + activity.setResult(Activity.RESULT_CANCELED, null); + activity.finish(); } } diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/provider/KeychainProvider.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/provider/KeychainProvider.java index 98a45d69f..edb82e632 100644 --- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/provider/KeychainProvider.java +++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/provider/KeychainProvider.java @@ -973,10 +973,12 @@ public class KeychainProvider extends ContentProvider { * updated, or deleted */ private void sendBroadcastDatabaseChange(int keyType, String contentItemType) { - Intent intent = new Intent(); - intent.setAction(ACTION_BROADCAST_DATABASE_CHANGE); - intent.putExtra(EXTRA_BROADCAST_KEY_TYPE, keyType); - intent.putExtra(EXTRA_BROADCAST_CONTENT_ITEM_TYPE, contentItemType); - getContext().sendBroadcast(intent, Constants.PERMISSION_ACCESS_API); + // TODO: Disabled, old API + // Intent intent = new Intent(); + // intent.setAction(ACTION_BROADCAST_DATABASE_CHANGE); + // intent.putExtra(EXTRA_BROADCAST_KEY_TYPE, keyType); + // intent.putExtra(EXTRA_BROADCAST_CONTENT_ITEM_TYPE, contentItemType); + // + // getContext().sendBroadcast(intent, Constants.PERMISSION_ACCESS_API); } } diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/RegisteredAppsListFragment.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/RegisteredAppsListFragment.java index 5ab210d5f..d1e52a2d6 100644 --- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/RegisteredAppsListFragment.java +++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/remote_api/RegisteredAppsListFragment.java @@ -4,8 +4,6 @@ import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.provider.KeychainContract; import org.sufficientlysecure.keychain.provider.KeychainContract.ApiApps; -import com.actionbarsherlock.app.SherlockListFragment; - import android.content.ContentUris; import android.content.Intent; import android.database.Cursor; @@ -17,7 +15,8 @@ import android.support.v4.content.Loader; import android.view.View; import android.widget.AdapterView; import android.widget.AdapterView.OnItemClickListener; -import android.widget.ListView; + +import com.actionbarsherlock.app.SherlockListFragment; public class RegisteredAppsListFragment extends SherlockListFragment implements LoaderManager.LoaderCallbacks<Cursor> { @@ -37,8 +36,7 @@ public class RegisteredAppsListFragment extends SherlockListFragment implements public void onItemClick(AdapterView<?> adapterView, View view, int position, long id) { // edit app settings Intent intent = new Intent(getActivity(), AppSettingsActivity.class); - intent.setData(ContentUris.withAppendedId( - KeychainContract.ApiApps.CONTENT_URI, id)); + intent.setData(ContentUris.withAppendedId(KeychainContract.ApiApps.CONTENT_URI, id)); startActivity(intent); } }); @@ -68,72 +68,6 @@ See http://docs.oseems.com/general/application/eclipse/fix-gc-overhead-limit-exc 1. Open svg file in Inkscape 2. Extensions -> Color -> darker (2 times!) -# Security Model - -## Basic goals - -* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog) - -Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL - -## Possible Permissions - -* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider) -* ACCESS_KEYS: get and import actual public and secret keys (remote service) - -## Without Permissions - -### Intents -All Intents start with org.sufficientlysecure.keychain.action. - -* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt -* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt -* IMPORT -* IMPORT_FROM_FILE -* IMPORT_FROM_QR_CODE -* IMPORT_FROM_NFC -* SHARE_KEYRING -* SHARE_KEYRING_WITH_QR_CODE -* SHARE_KEYRING_WITH_NFC -* EDIT_KEYRING -* SELECT_PUBLIC_KEYRINGS -* SELECT_SECRET_KEYRING -* ENCRYPT -* ENCRYPT_FILE -* DECRYPT -* DECRYPT_FILE - -## With permission ACCESS_API - -### Intents - -* CREATE_KEYRING -* ENCRYPT_AND_RETURN -* ENCRYPT_STREAM_AND_RETURN -* GENERATE_SIGNATURE_AND_RETURN -* DECRYPT_AND_RETURN -* DECRYPT_STREAM_AND_RETURN - -### Broadcast Receiver -On change of database the following broadcast is send. -* DATABASE_CHANGE - -### Content Provider - -* The whole content provider requires a permission (only read) -* Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service) -* Make an internal and external content provider (or pathes with <path-permission>) -* Look at android:grantUriPermissions especially for ApgServiceBlobProvider -* Only give out android:readPermission - -### ApgApiService (Remote Service) -AIDL service - -## With permission ACCESS_KEYS - -### ApgKeyService (Remote Service) -AIDL service to access actual private keyring objects - # Licenses OpenPGP Kechain is licensed under Apache License v2. |