From 63f1b84914778b8bd11d65bbc261c550a60b2c42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Thu, 24 Sep 2015 22:57:11 +0200 Subject: Remove save support for Android < 4.4 (OKC-01-014) --- .../sufficientlysecure/keychain/ui/EncryptFilesFragment.java | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java index 8572a5712..71d555cc8 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java @@ -308,6 +308,17 @@ public class EncryptFilesFragment return true; } + @Override + public void onPrepareOptionsMenu(Menu menu) { + super.onPrepareOptionsMenu(menu); + + // Show save only on Android >= 4.4 (Document Provider) + if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) { + MenuItem save = menu.findItem(R.id.encrypt_save); + save.setVisible(false); + } + } + public void toggleUseArmor(MenuItem item, final boolean useArmor) { mUseArmor = useArmor; -- cgit v1.2.3 From 756ee28fb0bfb63f1d013d6b82bedc13c811b32f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Thu, 24 Sep 2015 23:15:19 +0200 Subject: Cleanup FileHelper --- .../org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java index 71d555cc8..58476fc57 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java @@ -224,9 +224,8 @@ public class EncryptFilesFragment String targetName = (mEncryptFilenames ? "1" : FileHelper.getFilename(getActivity(), model.inputUri)) + (mUseArmor ? Constants.FILE_EXTENSION_ASC : Constants.FILE_EXTENSION_PGP_MAIN); - Uri inputUri = model.inputUri; - FileHelper.saveDocument(this, targetName, inputUri, - R.string.title_encrypt_to_file, R.string.specify_file_to_encrypt_to, REQUEST_CODE_OUTPUT); + FileHelper.saveDocument(this, targetName, + REQUEST_CODE_OUTPUT); } public void addFile(Intent data) { -- cgit v1.2.3 From b10b14d9bc737edc56af0eec3a14bed5ebf3ea39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Fri, 25 Sep 2015 01:02:21 +0200 Subject: Check that the encrypt input uris are not linked to our own internal storage (OKC-01-010) --- .../keychain/ui/EncryptFilesFragment.java | 29 +++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java index 58476fc57..0e357cfcd 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java @@ -18,6 +18,7 @@ package org.sufficientlysecure.keychain.ui; +import java.io.File; import java.io.IOException; import java.util.ArrayList; import java.util.Date; @@ -451,9 +452,29 @@ public class EncryptFilesFragment } - // prepares mOutputUris, either directly and returns false, or indirectly - // which returns true and will call cryptoOperation after mOutputUris has - // been set at a later point. + /** + * Checks that the input uris are not linked to our own internal storage. + * This prevents the encryption of our own database (-> export of whole database) + */ + private void securityCheckInternalStorage() { + for (FilesAdapter.ViewModel model : mFilesAdapter.mDataset) { + File fileInput = new File(model.inputUri.getPath()); + try { + // the canonical path of the file must not start with /data/data/org.sufficientlysecure.keychain/ + if (fileInput.getCanonicalPath().startsWith(getActivity().getApplicationInfo().dataDir)) { + throw new RuntimeException("Encrypting OpenKeychain's private files is not allowed!"); + } + } catch (IOException e) { + Log.e(Constants.TAG, "Getting canonical path failed!", e); + } + } + } + + /** + * Prepares mOutputUris, either directly and returns false, or indirectly + * which returns true and will call cryptoOperation after mOutputUris has + * been set at a later point. + */ private boolean prepareOutputStreams() { switch (mAfterEncryptAction) { @@ -529,6 +550,8 @@ public class EncryptFilesFragment } + securityCheckInternalStorage(); + return actionsParcel; } -- cgit v1.2.3