blob: 86be161c690cfef9406d78ec123bec86ffc3aeaa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
# APG
This is a fork of Android Privacy Guard (APG)
I will try to reintegrate the various forks and develope a new user interface and API via AIDL and build a new stable version.
# Contribute
Fork APG and do a merge request. I will merge your changes back into the main project.
# Build
## Build with Ant
1. Add a file called ``local.properties`` in APG folder with the following lines, altered to your locations of the SDK: ``sdk.dir=/opt/android-sdk``
2. execute ``ant release``
## Build with Eclipse
1. File -> Import -> Android -> Existing Android Code Into Workspace, choose ``APG/android-libs/ActionBarSherlock``
2. File -> Import -> Android -> Existing Android Code Into Workspace, choose ``APG``
3. APG can now be build
# Libraries
The Libraries are provided in the git repository.
* ActionBarSherlock to provide an ActionBar for Android < 3.0
* Spongy Castle Crypto Lib (Android version of Bouncy Castle)
* android-support-v4.jar: Compatibility Lib
* barcodescanner-android-integration-supportv4.jar: Barcode Scanner Integration
## Build Barcode Scanner Integration
1. Checkout their SVN (see http://code.google.com/p/zxing/source/checkout)
2. Change android-home variable in ``build.properties`` in the main directory to point to your Android SDK
3. Change directory to android-integration
4. Build using ``ant build``
5. We use ``android-integration-supportv4.jar``
On error see: http://code.google.com/p/zxing/issues/detail?id=1207
## Build Spongy Castle
Spongy Castle is the stock Bouncy Castle libraries with a couple of small changes to make it work on Android.
see http://rtyley.github.com/spongycastle/
# Notes
## Eclipse: "GC overhead limit exceeded"
If you have problems starting APG from Eclipse, consider increasing the memory limits in eclipse.ini.
See http://docs.oseems.com/general/application/eclipse/fix-gc-overhead-limit-exceeded for more information.
## Generate pressed dashboard icons
1. Open svg file in Inkscape
2. Extensions -> Color -> darker (2 times!)
# Security Model
## Basic goals
* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)
Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL
## Permission
* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider)
* ACCESS_KEYS: get and import actual public and secret keys (remote service)
## Intents
### Without permission
* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt
* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
* IMPORT
* EDIT_KEY
* SELECT_PUBLIC_KEYS
* SELECT_SECRET_KEY
* ENCRYPT
* ENCRYPT_FILE
* DECRYPT
* DECRYPT_FILE
### With permission ACCESS_API
* CREATE_KEY
* ENCRYPT_AND_RETURN
* GENERATE_SIGNATURE
* DECRYPT_AND_RETURN
## Content Provider
* The whole content provider requires a permission (only read)
* Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service)
* Make an internal and external content provider (or pathes with <path-permission>)
* Look at android:grantUriPermissions especially for ApgServiceBlobProvider
* Only give out android:readPermission
## ApgApiService (Remote Service)
* ACCESS_API
## ApgKeyService (Remote Service)
* ACCESS_KEYS
|
