diff options
14 files changed, 267 insertions, 71 deletions
@@ -59,7 +59,7 @@ See http://docs.oseems.com/general/application/eclipse/fix-gc-overhead-limit-exc 1. Open svg file in Inkscape 2. Extensions -> Color -> darker (2 times!) -# Security Concept +# Security Model ## Basic goals @@ -83,7 +83,7 @@ Android primitives to exchange data: Intent, Intent with return values, Send (al * DECRYPT * DECRYPT_FILE -### With permission +### With permission ACCESS_API * CREATE_KEY * ENCRYPT_AND_RETURN @@ -100,9 +100,9 @@ Android primitives to exchange data: Intent, Intent with return values, Send (al ## Remote Service -* The whole service requires a permission +* The whole service requires the permission ACCESS_API ## Resulting permission -* Read key information (not the actual keys)(content provider) -* Encrypt/Sign/Decrypt/Create keys (intents, remote service) without user interaction
\ No newline at end of file +* READ_KEY_DATABASE: Read key information (not the actual keys)(content provider) +* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service)
\ No newline at end of file diff --git a/org_apg/AndroidManifest.xml b/org_apg/AndroidManifest.xml index eba3f840e..05034de95 100644 --- a/org_apg/AndroidManifest.xml +++ b/org_apg/AndroidManifest.xml @@ -53,15 +53,23 @@ <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" /> <uses-permission android:name="com.fsck.k9.permission.READ_ATTACHMENT" /> + <permission-group + android:name="org.thialfihar.android.apg.permission-group.APG" + android:description="@string/permission_group_description" + android:icon="@drawable/icon" + android:label="@string/permission_group_label" /> + <permission - android:name="org.thialfihar.android.apg.permission.READ_KEY_DETAILS" - android:description="@string/permission_read_key_details_description" - android:label="@string/permission_read_key_details_label" + android:name="org.thialfihar.android.apg.permission.READ_KEY_DATABASE" + android:description="@string/permission_read_key_database_description" + android:label="@string/permission_read_key_database_label" + android:permissionGroup="org.thialfihar.android.apg.permission-group.APG" android:protectionLevel="dangerous" /> <permission - android:name="org.thialfihar.android.apg.permission.STORE_BLOBS" - android:description="@string/permission_store_blobs_description" - android:label="@string/permission_store_blobs_label" + android:name="org.thialfihar.android.apg.permission.ACCESS_API" + android:description="@string/permission_access_api_description" + android:label="@string/permission_access_api_label" + android:permissionGroup="org.thialfihar.android.apg.permission-group.APG" android:protectionLevel="dangerous" /> <application @@ -341,7 +349,7 @@ android:name=".service.ApgService" android:enabled="true" android:exported="true" - android:permission="org.thialfihar.android.apg.permission.READ_KEY_DETAILS" + android:permission="org.thialfihar.android.apg.permission.ACCESS_API" android:process=":remote" > <intent-filter> <action android:name="org.thialfihar.android.apg.service.IApgService" /> @@ -353,16 +361,19 @@ </service> <provider - android:name=".provider.ApgProvider" + android:name=".provider.ApgProviderInternal" + android:authorities="org.thialfihar.android.apg.internal" + android:exported="false" /> + <provider + android:name=".provider.ApgProviderExternal" android:authorities="org.thialfihar.android.apg" - android:readPermission="org.thialfihar.android.apg.permission.READ_KEY_DETAILS" /> - - + android:readPermission="org.thialfihar.android.apg.permission.READ_KEY_DATABASE" /> + <!-- TODO: authority! --> <provider android:name=".provider.ApgServiceBlobProvider" android:authorities="org.thialfihar.android.apg.provider.apgserviceblobprovider" - android:permission="org.thialfihar.android.apg.permission.STORE_BLOBS" /> + android:permission="org.thialfihar.android.apg.permission.ACCESS_API" /> <!-- DEPRECATED: --> <!-- <provider --> diff --git a/org_apg/res/values/strings.xml b/org_apg/res/values/strings.xml index 3f1692023..fe807e36c 100644 --- a/org_apg/res/values/strings.xml +++ b/org_apg/res/values/strings.xml @@ -229,7 +229,7 @@ <string name="qrScanImportSuccess">Successfully validated and imported key</string> <string name="listInformation">Long press one entry in this list to show more options!</string> <string name="listEmpty">This list is empty!</string> - + <!-- error_lowerCase: phrases, no punctuation, all lowercase, they will be put after "errorMessage", e.g. "Error: file not found" @@ -260,7 +260,7 @@ <string name="error_wrongPassPhrase">wrong passphrase</string> <string name="error_savingKeys">error saving some key(s)</string> <string name="error_couldNotExtractPrivateKey">could not extract private key</string> - + <!-- progress_lowerCase: lowercase, phrases, usually ending in '…' --> <string name="progress_done">done.</string> <string name="progress_initializing">initializing…</string> @@ -298,11 +298,13 @@ <string name="progress_queryingServer">querying %s…</string> <!-- permission strings --> - <string name="permission_read_key_details_label">Read key details from APG.</string> - <string name="permission_read_key_details_description">Read key details of public and secret keys stored in APG, such as key ID and user IDs. The keys themselves can NOT be read.</string> - <string name="permission_store_blobs_label">Store blobs to en/decrypt with APG.</string> - <string name="permission_store_blobs_description">Store and read files on the android file system through APG. It cannot read files of other applications.</string> - + <string name="permission_group_label">APG</string> + <string name="permission_group_description">Permissions to use APG</string> + <string name="permission_read_key_database_label">Read key details of public and secret keys (The keys themselves can NOT be read.)</string> + <string name="permission_read_key_database_description">Read key details of public and secret keys stored in APG, such as key ID and user IDs. The keys themselves can NOT be read.</string> + <string name="permission_access_api_label">Encrypt/Sign/Decrypt/Create keys without user interaction</string> + <string name="permission_access_api_description">Encrypt/Sign/Decrypt/Create keys (by using Intents or Remote Service) without user interaction</string> + <!-- action strings --> <string name="action_encrypt">Encrypt</string> <string name="action_decrypt">Decrypt</string> diff --git a/org_apg/src/org/thialfihar/android/apg/Constants.java b/org_apg/src/org/thialfihar/android/apg/Constants.java index 97e70bbea..95ab8158d 100644 --- a/org_apg/src/org/thialfihar/android/apg/Constants.java +++ b/org_apg/src/org/thialfihar/android/apg/Constants.java @@ -20,11 +20,15 @@ import android.os.Environment; public final class Constants { + public static final boolean DEBUG = true; + public static final String TAG = "APG"; public static final String PACKAGE_NAME = "org.thialfihar.android.apg"; - public static final boolean DEBUG = true; + public static final String PERMISSION_ACCESS_KEY_DATABASE = PACKAGE_NAME + + ".permission.ACCESS_KEY_DATABASE"; + public static final String PERMISSION_ACCESS_API = PACKAGE_NAME + ".permission.ACCESS_API"; /* * TODO: @@ -37,7 +41,7 @@ public final class Constants { * * - even better and shorter (without .android.): org.apg.action.DECRYPT */ - public static final String INTENT_PREFIX = "org.thialfihar.android.apg.intent."; + public static final String INTENT_PREFIX = PACKAGE_NAME + ".intent."; public static final class path { public static final String APP_DIR = Environment.getExternalStorageDirectory() + "/APG"; diff --git a/org_apg/src/org/thialfihar/android/apg/helper/OtherHelper.java b/org_apg/src/org/thialfihar/android/apg/helper/OtherHelper.java index 531ae20fb..7d618406b 100644 --- a/org_apg/src/org/thialfihar/android/apg/helper/OtherHelper.java +++ b/org_apg/src/org/thialfihar/android/apg/helper/OtherHelper.java @@ -23,13 +23,17 @@ import java.util.Iterator; import java.util.Set; import org.thialfihar.android.apg.Constants; +import org.thialfihar.android.apg.R; import org.thialfihar.android.apg.util.Log; import com.actionbarsherlock.app.ActionBar; import com.actionbarsherlock.app.SherlockFragmentActivity; +import android.app.Activity; import android.content.Context; +import android.content.pm.PackageManager; import android.os.Bundle; +import android.widget.Toast; public class OtherHelper { @@ -118,6 +122,45 @@ public class OtherHelper { } /** + * Check if the calling package has the needed permission to invoke an intent with specific + * restricted actions. + * + * If pkgName is null, this will also deny the use of the given action + * + * @param activity + * @param pkgName + * @param permName + * @param action + * @param restrictedActions + */ + public static void checkPackagePermissionForActions(Activity activity, String pkgName, + String permName, String action, String[] restrictedActions) { + if (action != null) { + PackageManager pkgManager = activity.getPackageManager(); + + for (int i = 0; i < restrictedActions.length; i++) { + if (restrictedActions[i].equals(action)) { + if (pkgName != null + && pkgManager.checkPermission(permName, pkgName) == PackageManager.PERMISSION_GRANTED) { + Log.d(Constants.TAG, pkgName + " has permission " + permName + ". Action " + + action + " was granted!"); + } else { + String error = pkgName + " does NOT have permission " + permName + ". Action " + + action + " was NOT granted!"; + Log.e(Constants.TAG, error); + Toast.makeText(activity, activity.getString(R.string.errorMessage, error), + Toast.LENGTH_LONG).show(); + + // end activity + activity.setResult(Activity.RESULT_CANCELED, null); + activity.finish(); + } + } + } + } + } + + /** * Splits userId string into naming part and email part * * @param userId diff --git a/org_apg/src/org/thialfihar/android/apg/provider/ApgContract.java b/org_apg/src/org/thialfihar/android/apg/provider/ApgContract.java index 235d2d8ca..c68eec750 100644 --- a/org_apg/src/org/thialfihar/android/apg/provider/ApgContract.java +++ b/org_apg/src/org/thialfihar/android/apg/provider/ApgContract.java @@ -57,9 +57,11 @@ public class ApgContract { public static final int SECRET = 1; } - public static final String CONTENT_AUTHORITY = Constants.PACKAGE_NAME; + public static final String CONTENT_AUTHORITY_EXTERNAL = Constants.PACKAGE_NAME; + public static final String CONTENT_AUTHORITY_INTERNAL = Constants.PACKAGE_NAME + ".internal"; - private static final Uri BASE_CONTENT_URI = Uri.parse("content://" + CONTENT_AUTHORITY); + private static final Uri BASE_CONTENT_URI_INTERNAL = Uri.parse("content://" + + CONTENT_AUTHORITY_INTERNAL); public static final String BASE_KEY_RINGS = "key_rings"; public static final String BASE_DATA = "data"; @@ -75,7 +77,7 @@ public class ApgContract { public static final String PATH_KEYS = "keys"; public static class KeyRings implements KeyRingsColumns, BaseColumns { - public static final Uri CONTENT_URI = BASE_CONTENT_URI.buildUpon() + public static final Uri CONTENT_URI = BASE_CONTENT_URI_INTERNAL.buildUpon() .appendPath(BASE_KEY_RINGS).build(); /** Use if multiple items get returned */ @@ -132,7 +134,7 @@ public class ApgContract { } public static class Keys implements KeysColumns, BaseColumns { - public static final Uri CONTENT_URI = BASE_CONTENT_URI.buildUpon() + public static final Uri CONTENT_URI = BASE_CONTENT_URI_INTERNAL.buildUpon() .appendPath(BASE_KEY_RINGS).build(); /** Use if multiple items get returned */ @@ -163,7 +165,7 @@ public class ApgContract { } public static class UserIds implements UserIdsColumns, BaseColumns { - public static final Uri CONTENT_URI = BASE_CONTENT_URI.buildUpon() + public static final Uri CONTENT_URI = BASE_CONTENT_URI_INTERNAL.buildUpon() .appendPath(BASE_KEY_RINGS).build(); /** Use if multiple items get returned */ @@ -194,8 +196,8 @@ public class ApgContract { } public static class DataStream { - public static final Uri CONTENT_URI = BASE_CONTENT_URI.buildUpon().appendPath(BASE_DATA) - .build(); + public static final Uri CONTENT_URI = BASE_CONTENT_URI_INTERNAL.buildUpon() + .appendPath(BASE_DATA).build(); public static Uri buildDataStreamUri(String streamFilename) { return CONTENT_URI.buildUpon().appendPath(streamFilename).build(); diff --git a/org_apg/src/org/thialfihar/android/apg/provider/ApgProvider.java b/org_apg/src/org/thialfihar/android/apg/provider/ApgProvider.java index 8e93365b7..10bc3cee5 100644 --- a/org_apg/src/org/thialfihar/android/apg/provider/ApgProvider.java +++ b/org_apg/src/org/thialfihar/android/apg/provider/ApgProvider.java @@ -47,8 +47,6 @@ import android.provider.BaseColumns; import android.text.TextUtils; public class ApgProvider extends ContentProvider { - private static final UriMatcher sUriMatcher = buildUriMatcher(); - private static final int PUBLIC_KEY_RING = 101; private static final int PUBLIC_KEY_RING_BY_ROW_ID = 102; private static final int PUBLIC_KEY_RING_BY_MASTER_KEY_ID = 103; @@ -75,13 +73,22 @@ public class ApgProvider extends ContentProvider { private static final int DATA_STREAM = 301; + protected static boolean sInternalProvider; + protected static UriMatcher sUriMatcher; + /** * Build and return a {@link UriMatcher} that catches all {@link Uri} variations supported by * this {@link ContentProvider}. */ - private static UriMatcher buildUriMatcher() { + protected static UriMatcher buildUriMatcher(boolean internalProvider) { final UriMatcher matcher = new UriMatcher(UriMatcher.NO_MATCH); - final String authority = ApgContract.CONTENT_AUTHORITY; + + String authority; + if (internalProvider) { + authority = ApgContract.CONTENT_AUTHORITY_INTERNAL; + } else { + authority = ApgContract.CONTENT_AUTHORITY_EXTERNAL; + } /** * public key rings @@ -283,8 +290,66 @@ public class ApgProvider extends ContentProvider { return type; } - private SQLiteQueryBuilder buildKeyRingQuery(SQLiteQueryBuilder qb, - HashMap<String, String> projectionMap, int match, boolean isMasterKey, String sortOrder) { + /** + * Set result of query to specific columns, don't show blob column for external content provider + * + * @return + */ + private HashMap<String, String> getProjectionMapForKeyRings() { + HashMap<String, String> projectionMap = new HashMap<String, String>(); + + projectionMap.put(BaseColumns._ID, Tables.KEY_RINGS + "." + BaseColumns._ID); + projectionMap.put(KeyRingsColumns.MASTER_KEY_ID, Tables.KEY_RINGS + "." + + KeyRingsColumns.MASTER_KEY_ID); + // only give out keyRing blob when we are using the internal content provider + if (sInternalProvider) { + projectionMap.put(KeyRingsColumns.KEY_RING_DATA, Tables.KEY_RINGS + "." + + KeyRingsColumns.KEY_RING_DATA); + } + projectionMap.put(UserIdsColumns.USER_ID, Tables.USER_IDS + "." + UserIdsColumns.USER_ID); + + return projectionMap; + } + + /** + * Set result of query to specific columns, don't show blob column for external content provider + * + * @return + */ + private HashMap<String, String> getProjectionMapForKeys() { + HashMap<String, String> projectionMap = new HashMap<String, String>(); + + projectionMap.put(BaseColumns._ID, BaseColumns._ID); + projectionMap.put(KeysColumns.KEY_ID, KeysColumns.KEY_ID); + projectionMap.put(KeysColumns.IS_MASTER_KEY, KeysColumns.IS_MASTER_KEY); + projectionMap.put(KeysColumns.ALGORITHM, KeysColumns.ALGORITHM); + projectionMap.put(KeysColumns.KEY_SIZE, KeysColumns.KEY_SIZE); + projectionMap.put(KeysColumns.CAN_SIGN, KeysColumns.CAN_SIGN); + projectionMap.put(KeysColumns.CAN_ENCRYPT, KeysColumns.CAN_ENCRYPT); + projectionMap.put(KeysColumns.IS_REVOKED, KeysColumns.IS_REVOKED); + projectionMap.put(KeysColumns.CREATION, KeysColumns.CREATION); + projectionMap.put(KeysColumns.EXPIRY, KeysColumns.EXPIRY); + projectionMap.put(KeysColumns.KEY_RING_ROW_ID, KeysColumns.KEY_RING_ROW_ID); + // only give out keyRing blob when we are using the internal content provider + if (sInternalProvider) { + projectionMap.put(KeysColumns.KEY_DATA, KeysColumns.KEY_DATA); + } + projectionMap.put(KeysColumns.RANK, KeysColumns.RANK); + + return projectionMap; + } + + /** + * Builds default query for keyRings: KeyRings table is joined with Keys and UserIds + * + * @param qb + * @param match + * @param isMasterKey + * @param sortOrder + * @return + */ + private SQLiteQueryBuilder buildKeyRingQuery(SQLiteQueryBuilder qb, int match, + boolean isMasterKey, String sortOrder) { qb.appendWhere(Tables.KEY_RINGS + "." + KeyRingsColumns.TYPE + " = "); qb.appendWhereEscapeString(Integer.toString(getKeyType(match))); @@ -300,14 +365,7 @@ public class ApgProvider extends ContentProvider { + Tables.USER_IDS + "." + UserIdsColumns.KEY_RING_ROW_ID + " AND " + Tables.USER_IDS + "." + UserIdsColumns.RANK + " = '0')"); - projectionMap.put(BaseColumns._ID, Tables.KEY_RINGS + "." + BaseColumns._ID); - projectionMap.put(KeyRingsColumns.MASTER_KEY_ID, Tables.KEY_RINGS + "." - + KeyRingsColumns.MASTER_KEY_ID); - projectionMap.put(KeyRingsColumns.KEY_RING_DATA, Tables.KEY_RINGS + "." - + KeyRingsColumns.KEY_RING_DATA); - projectionMap.put(UserIdsColumns.USER_ID, Tables.USER_IDS + "." + UserIdsColumns.USER_ID); - - qb.setProjectionMap(projectionMap); + qb.setProjectionMap(getProjectionMapForKeyRings()); return qb; } @@ -322,14 +380,12 @@ public class ApgProvider extends ContentProvider { SQLiteQueryBuilder qb = new SQLiteQueryBuilder(); SQLiteDatabase db = mApgDatabase.getReadableDatabase(); - HashMap<String, String> projectionMap = new HashMap<String, String>(); - int match = sUriMatcher.match(uri); switch (match) { case PUBLIC_KEY_RING: case SECRET_KEY_RING: - qb = buildKeyRingQuery(qb, projectionMap, match, true, sortOrder); + qb = buildKeyRingQuery(qb, match, true, sortOrder); if (TextUtils.isEmpty(sortOrder)) { sortOrder = Tables.USER_IDS + "." + UserIdsColumns.USER_ID + " ASC"; @@ -339,7 +395,7 @@ public class ApgProvider extends ContentProvider { case PUBLIC_KEY_RING_BY_ROW_ID: case SECRET_KEY_RING_BY_ROW_ID: - qb = buildKeyRingQuery(qb, projectionMap, match, true, sortOrder); + qb = buildKeyRingQuery(qb, match, true, sortOrder); qb.appendWhere(" AND " + Tables.KEY_RINGS + "." + BaseColumns._ID + " = "); qb.appendWhereEscapeString(uri.getLastPathSegment()); @@ -352,7 +408,7 @@ public class ApgProvider extends ContentProvider { case PUBLIC_KEY_RING_BY_MASTER_KEY_ID: case SECRET_KEY_RING_BY_MASTER_KEY_ID: - qb = buildKeyRingQuery(qb, projectionMap, match, true, sortOrder); + qb = buildKeyRingQuery(qb, match, true, sortOrder); qb.appendWhere(" AND " + Tables.KEY_RINGS + "." + KeyRingsColumns.MASTER_KEY_ID + " = "); qb.appendWhereEscapeString(uri.getLastPathSegment()); @@ -365,7 +421,7 @@ public class ApgProvider extends ContentProvider { case SECRET_KEY_RING_BY_KEY_ID: case PUBLIC_KEY_RING_BY_KEY_ID: - qb = buildKeyRingQuery(qb, projectionMap, match, false, sortOrder); + qb = buildKeyRingQuery(qb, match, false, sortOrder); qb.appendWhere(" AND " + Tables.KEYS + "." + KeysColumns.KEY_ID + " = "); qb.appendWhereEscapeString(uri.getLastPathSegment()); @@ -389,15 +445,7 @@ public class ApgProvider extends ContentProvider { + Tables.USER_IDS + "." + UserIdsColumns.KEY_RING_ROW_ID + " AND " + Tables.USER_IDS + "." + UserIdsColumns.RANK + " = '0')"); - projectionMap.put(BaseColumns._ID, Tables.KEY_RINGS + "." + BaseColumns._ID); - projectionMap.put(KeyRingsColumns.MASTER_KEY_ID, Tables.KEY_RINGS + "." - + KeyRingsColumns.MASTER_KEY_ID); - projectionMap.put(KeyRingsColumns.KEY_RING_DATA, Tables.KEY_RINGS + "." - + KeyRingsColumns.KEY_RING_DATA); - projectionMap.put(UserIdsColumns.USER_ID, Tables.USER_IDS + "." - + UserIdsColumns.USER_ID); - - qb.setProjectionMap(projectionMap); + qb.setProjectionMap(getProjectionMapForKeyRings()); String emails = uri.getLastPathSegment(); String chunks[] = emails.split(" *, *"); @@ -434,6 +482,8 @@ public class ApgProvider extends ContentProvider { qb.appendWhere(" AND " + KeysColumns.KEY_RING_ROW_ID + " = "); qb.appendWhereEscapeString(uri.getPathSegments().get(2)); + qb.setProjectionMap(getProjectionMapForKeys()); + break; case PUBLIC_KEY_RING_KEY_BY_ROW_ID: @@ -448,6 +498,8 @@ public class ApgProvider extends ContentProvider { qb.appendWhere(" AND " + BaseColumns._ID + " = "); qb.appendWhereEscapeString(uri.getLastPathSegment()); + qb.setProjectionMap(getProjectionMapForKeys()); + break; case PUBLIC_KEY_RING_USER_ID: diff --git a/org_apg/src/org/thialfihar/android/apg/provider/ApgProviderExternal.java b/org_apg/src/org/thialfihar/android/apg/provider/ApgProviderExternal.java new file mode 100644 index 000000000..61cca8bed --- /dev/null +++ b/org_apg/src/org/thialfihar/android/apg/provider/ApgProviderExternal.java @@ -0,0 +1,32 @@ +/* + * Copyright (C) 2012 Dominik Schürmann <dominik@dominikschuermann.de> + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.thialfihar.android.apg.provider; + +/** + * The same content provider as ApgProviderInternal except that it does not give out keyRing and key + * blob data when querying. + * + * This provider is exported with a readPermission in AndroidManifest.xml + */ +public class ApgProviderExternal extends ApgProvider { + + static { + sInternalProvider = false; + sUriMatcher = buildUriMatcher(sInternalProvider); + } + +} diff --git a/org_apg/src/org/thialfihar/android/apg/provider/ApgProviderInternal.java b/org_apg/src/org/thialfihar/android/apg/provider/ApgProviderInternal.java new file mode 100644 index 000000000..e2226a0fa --- /dev/null +++ b/org_apg/src/org/thialfihar/android/apg/provider/ApgProviderInternal.java @@ -0,0 +1,30 @@ +/* + * Copyright (C) 2012 Dominik Schürmann <dominik@dominikschuermann.de> + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.thialfihar.android.apg.provider; + +/** + * This provider is NOT exported in AndroidManifest.xml as it also return the actual secret keys + * from the database + */ +public class ApgProviderInternal extends ApgProvider { + + static { + sInternalProvider = true; + sUriMatcher = buildUriMatcher(sInternalProvider); + } + +} diff --git a/org_apg/src/org/thialfihar/android/apg/provider/ProviderHelper.java b/org_apg/src/org/thialfihar/android/apg/provider/ProviderHelper.java index 6b3e94938..915c0aea5 100644 --- a/org_apg/src/org/thialfihar/android/apg/provider/ProviderHelper.java +++ b/org_apg/src/org/thialfihar/android/apg/provider/ProviderHelper.java @@ -232,7 +232,7 @@ public class ProviderHelper { } try { - context.getContentResolver().applyBatch(ApgContract.CONTENT_AUTHORITY, operations); + context.getContentResolver().applyBatch(ApgContract.CONTENT_AUTHORITY_INTERNAL, operations); } catch (RemoteException e) { Log.e(Constants.TAG, "applyBatch failed!", e); } catch (OperationApplicationException e) { @@ -288,7 +288,7 @@ public class ProviderHelper { } try { - context.getContentResolver().applyBatch(ApgContract.CONTENT_AUTHORITY, operations); + context.getContentResolver().applyBatch(ApgContract.CONTENT_AUTHORITY_INTERNAL, operations); } catch (RemoteException e) { Log.e(Constants.TAG, "applyBatch failed!", e); } catch (OperationApplicationException e) { diff --git a/org_apg/src/org/thialfihar/android/apg/ui/DecryptActivity.java b/org_apg/src/org/thialfihar/android/apg/ui/DecryptActivity.java index 498dfd93b..a6b10c521 100644 --- a/org_apg/src/org/thialfihar/android/apg/ui/DecryptActivity.java +++ b/org_apg/src/org/thialfihar/android/apg/ui/DecryptActivity.java @@ -172,6 +172,12 @@ public class DecryptActivity extends SherlockFragmentActivity { @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); + + // check permissions for intent actions without user interaction + String[] restrictedActions = new String[] { ACTION_DECRYPT_AND_RETURN }; + OtherHelper.checkPackagePermissionForActions(this, this.getCallingPackage(), + Constants.PERMISSION_ACCESS_API, getIntent().getAction(), restrictedActions); + setContentView(R.layout.decrypt); // set actionbar without home button if called from another app diff --git a/org_apg/src/org/thialfihar/android/apg/ui/EditKeyActivity.java b/org_apg/src/org/thialfihar/android/apg/ui/EditKeyActivity.java index cb5808a2a..0e480a3ae 100644 --- a/org_apg/src/org/thialfihar/android/apg/ui/EditKeyActivity.java +++ b/org_apg/src/org/thialfihar/android/apg/ui/EditKeyActivity.java @@ -134,6 +134,12 @@ public class EditKeyActivity extends SherlockFragmentActivity { @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); + + // check permissions for intent actions without user interaction + String[] restrictedActions = new String[] { ACTION_CREATE_KEY }; + OtherHelper.checkPackagePermissionForActions(this, this.getCallingPackage(), + Constants.PERMISSION_ACCESS_API, getIntent().getAction(), restrictedActions); + setContentView(R.layout.edit_key); mActionBar = getSupportActionBar(); @@ -422,15 +428,16 @@ public class EditKeyActivity extends SherlockFragmentActivity { data.putString(ApgIntentService.NEW_PASSPHRASE, mNewPassPhrase); data.putStringArrayList(ApgIntentService.USER_IDS, getUserIds(mUserIdsView)); ArrayList<PGPSecretKey> keys = getKeys(mKeysView); - data.putByteArray(ApgIntentService.KEYS, PGPConversionHelper.PGPSecretKeyArrayListToBytes(keys)); + data.putByteArray(ApgIntentService.KEYS, + PGPConversionHelper.PGPSecretKeyArrayListToBytes(keys)); data.putIntegerArrayList(ApgIntentService.KEYS_USAGES, getKeysUsages(mKeysView)); data.putLong(ApgIntentService.MASTER_KEY_ID, getMasterKeyId()); intent.putExtra(ApgIntentService.EXTRA_DATA, data); // Message is received after saving is done in ApgService - ApgIntentServiceHandler saveHandler = new ApgIntentServiceHandler(this, R.string.progress_saving, - ProgressDialog.STYLE_HORIZONTAL) { + ApgIntentServiceHandler saveHandler = new ApgIntentServiceHandler(this, + R.string.progress_saving, ProgressDialog.STYLE_HORIZONTAL) { public void handleMessage(Message message) { // handle messages by standard ApgHandler first super.handleMessage(message); diff --git a/org_apg/src/org/thialfihar/android/apg/ui/EncryptActivity.java b/org_apg/src/org/thialfihar/android/apg/ui/EncryptActivity.java index 29b1ab86a..ec7f26883 100644 --- a/org_apg/src/org/thialfihar/android/apg/ui/EncryptActivity.java +++ b/org_apg/src/org/thialfihar/android/apg/ui/EncryptActivity.java @@ -197,6 +197,13 @@ public class EncryptActivity extends SherlockFragmentActivity { @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); + + // check permissions for intent actions without user interaction + String[] restrictedActions = new String[] { ACTION_ENCRYPT_AND_RETURN, + ACTION_GENERATE_SIGNATURE }; + OtherHelper.checkPackagePermissionForActions(this, this.getCallingPackage(), + Constants.PERMISSION_ACCESS_API, getIntent().getAction(), restrictedActions); + setContentView(R.layout.encrypt); // set actionbar without home button if called from another app @@ -841,8 +848,8 @@ public class EncryptActivity extends SherlockFragmentActivity { intent.putExtra(ApgIntentService.EXTRA_DATA, data); // Message is received after encrypting is done in ApgService - ApgIntentServiceHandler saveHandler = new ApgIntentServiceHandler(this, R.string.progress_encrypting, - ProgressDialog.STYLE_HORIZONTAL) { + ApgIntentServiceHandler saveHandler = new ApgIntentServiceHandler(this, + R.string.progress_encrypting, ProgressDialog.STYLE_HORIZONTAL) { public void handleMessage(Message message) { // handle messages by standard ApgHandler first super.handleMessage(message); diff --git a/org_apg_integration_demo/AndroidManifest.xml b/org_apg_integration_demo/AndroidManifest.xml index 6fc5b1817..8d7a9e970 100644 --- a/org_apg_integration_demo/AndroidManifest.xml +++ b/org_apg_integration_demo/AndroidManifest.xml @@ -4,8 +4,8 @@ android:versionCode="1" android:versionName="1.0" > - <!-- permission to access provider and service, intents are public! --> - <uses-permission android:name="org.thialfihar.android.apg.permission.READ_KEY_DETAILS" /> + <uses-permission android:name="org.thialfihar.android.apg.permission.READ_KEY_DATABASE" /> + <uses-permission android:name="org.thialfihar.android.apg.permission.ACCESS_API" /> <uses-sdk android:minSdkVersion="7" |