From 5e9de4447c95cd9ed332ec012b4d73ad7a8ef8b2 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Fri, 6 May 2016 12:54:35 +0200 Subject: external-provider: only allow permission check for caller package names --- .../keychain/remote/ApiPermissionHelper.java | 51 ++++++++++------------ 1 file changed, 22 insertions(+), 29 deletions(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPermissionHelper.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPermissionHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPermissionHelper.java index 3af8e70dd..47ecdb21f 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPermissionHelper.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPermissionHelper.java @@ -18,6 +18,10 @@ package org.sufficientlysecure.keychain.remote; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.util.Arrays; + import android.annotation.SuppressLint; import android.app.PendingIntent; import android.content.Context; @@ -37,11 +41,6 @@ import org.sufficientlysecure.keychain.provider.ApiDataAccessObject; import org.sufficientlysecure.keychain.provider.KeychainContract; import org.sufficientlysecure.keychain.util.Log; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.util.ArrayList; -import java.util.Arrays; - /** * Abstract service class for remote APIs that handle app registration and user input. @@ -234,35 +233,29 @@ public class ApiPermissionHelper { private boolean isPackageAllowed(String packageName) throws WrongPackageCertificateException { Log.d(Constants.TAG, "isPackageAllowed packageName: " + packageName); - ArrayList allowedPkgs = mApiDao.getRegisteredApiApps(); - Log.d(Constants.TAG, "allowed: " + allowedPkgs); + byte[] storedPackageCert = mApiDao.getApiAppCertificate(packageName); - // check if package is allowed to use our service - if (allowedPkgs.contains(packageName)) { - Log.d(Constants.TAG, "Package is allowed! packageName: " + packageName); + boolean isKnownPackage = storedPackageCert != null; + if (!isKnownPackage) { + Log.d(Constants.TAG, "Package is NOT allowed! packageName: " + packageName); + return false; + } + Log.d(Constants.TAG, "Package is allowed! packageName: " + packageName); - // check package signature - byte[] currentCert; - try { - currentCert = getPackageCertificate(packageName); - } catch (NameNotFoundException e) { - throw new WrongPackageCertificateException(e.getMessage()); - } + byte[] currentPackageCert; + try { + currentPackageCert = getPackageCertificate(packageName); + } catch (NameNotFoundException e) { + throw new WrongPackageCertificateException(e.getMessage()); + } - byte[] storedCert = mApiDao.getApiAppCertificate(packageName); - if (Arrays.equals(currentCert, storedCert)) { - Log.d(Constants.TAG, - "Package certificate is correct! (equals certificate from database)"); - return true; - } else { - throw new WrongPackageCertificateException( - "PACKAGE NOT ALLOWED! Certificate wrong! (Certificate not " + - "equals certificate from database)"); - } + boolean packageCertMatchesStored = Arrays.equals(currentPackageCert, storedPackageCert); + if (packageCertMatchesStored) { + Log.d(Constants.TAG,"Package certificate matches expected."); + return true; } - Log.d(Constants.TAG, "Package is NOT allowed! packageName: " + packageName); - return false; + throw new WrongPackageCertificateException("PACKAGE NOT ALLOWED DUE TO CERTIFICATE MISMATCH!"); } } -- cgit v1.2.3