aboutsummaryrefslogtreecommitdiffstats
path: root/OpenKeychain/src/main/java/org
diff options
context:
space:
mode:
Diffstat (limited to 'OpenKeychain/src/main/java/org')
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java76
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java29
2 files changed, 76 insertions, 29 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java
index 843a55389..596686e9f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java
@@ -17,9 +17,17 @@
package org.sufficientlysecure.keychain.operations;
+import android.annotation.TargetApi;
+import android.content.ContentResolver;
import android.content.Context;
+import android.content.res.AssetFileDescriptor;
import android.net.Uri;
+import android.os.Build;
+import android.os.ParcelFileDescriptor;
import android.support.annotation.NonNull;
+import android.system.ErrnoException;
+import android.system.Os;
+import android.system.StructStat;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
@@ -42,19 +50,24 @@ import org.sufficientlysecure.keychain.util.ProgressScaler;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
+import java.io.File;
import java.io.FileNotFoundException;
+import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.ArrayDeque;
import java.util.ArrayList;
import java.util.concurrent.atomic.AtomicBoolean;
-/** This is a high-level operation, which encapsulates one or more sign/encrypt
+import static android.system.OsConstants.S_IFMT;
+import static android.system.OsConstants.S_IROTH;
+
+/**
+ * This is a high-level operation, which encapsulates one or more sign/encrypt
* operations, using URIs or byte arrays as input and output.
*
* This operation is fail-fast: If any sign/encrypt sub-operation fails or returns
* a pending result, it will terminate.
- *
*/
public class SignEncryptOperation extends BaseOperation<SignEncryptParcel> {
@@ -63,6 +76,63 @@ public class SignEncryptOperation extends BaseOperation<SignEncryptParcel> {
super(context, providerHelper, progressable, cancelled);
}
+
+ /**
+ * Tests whether a file is readable by others
+ */
+ @TargetApi(Build.VERSION_CODES.LOLLIPOP)
+ public static boolean S_IROTH(int mode) {
+ return (mode & S_IROTH) == S_IROTH;
+ }
+
+ /**
+ * A replacement for ContentResolver.openInputStream() that does not allow the usage of
+ * "file" Uris that point to private files owned by the application only.
+ *
+ * This is not allowed:
+ * am start -a android.intent.action.SEND -t text/plain -n
+ * "org.sufficientlysecure.keychain.debug/org.sufficientlysecure.keychain.ui.EncryptFilesActivity" --eu
+ * android.intent.extra.STREAM
+ * file:///data/data/org.sufficientlysecure.keychain.debug/databases/openkeychain.db
+ *
+ * @throws FileNotFoundException
+ */
+ @TargetApi(Build.VERSION_CODES.LOLLIPOP)
+ private InputStream openInputStreamSafe(ContentResolver resolver, Uri uri)
+ throws FileNotFoundException {
+
+ // Not supported on Android < 5
+ if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
+ return resolver.openInputStream(uri);
+ }
+
+ String scheme = uri.getScheme();
+ if (ContentResolver.SCHEME_FILE.equals(scheme)) {
+ ParcelFileDescriptor pfd = ParcelFileDescriptor.open(
+ new File(uri.getPath()), ParcelFileDescriptor.parseMode("r"));
+
+ try {
+ final StructStat st = Os.fstat(pfd.getFileDescriptor());
+ if (!S_IROTH(st.st_mode)) {
+ Log.e(Constants.TAG, "File is not readable by others, aborting!");
+ throw new FileNotFoundException("Unable to create stream");
+ }
+ } catch (ErrnoException e) {
+ Log.e(Constants.TAG, "fstat() failed: " + e);
+ throw new FileNotFoundException("fstat() failed");
+ }
+
+ AssetFileDescriptor fd = new AssetFileDescriptor(pfd, 0, -1);
+ try {
+ return fd.createInputStream();
+ } catch (IOException e) {
+ throw new FileNotFoundException("Unable to create stream");
+ }
+ } else {
+ return resolver.openInputStream(uri);
+ }
+ }
+
@NonNull
public SignEncryptResult execute(SignEncryptParcel input, CryptoInputParcel cryptoInput) {
@@ -115,7 +185,7 @@ public class SignEncryptOperation extends BaseOperation<SignEncryptParcel> {
log.add(LogType.MSG_SE_INPUT_URI, 1);
Uri uri = inputUris.removeFirst();
try {
- InputStream is = mContext.getContentResolver().openInputStream(uri);
+ InputStream is = openInputStreamSafe(mContext.getContentResolver(), uri);
long fileSize = FileHelper.getFileSize(mContext, uri, 0);
String filename = FileHelper.getFilename(mContext, uri);
inputData = new InputData(is, fileSize, filename);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
index ebb9674bf..19603a549 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
@@ -18,7 +18,6 @@
package org.sufficientlysecure.keychain.ui;
-import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
@@ -451,29 +450,9 @@ public class EncryptFilesFragment
}
- /**
- * Checks that the input uris are not linked to our own internal storage.
- * This prevents the encryption of our own database (-> export of whole database)
- */
- private void securityCheckInternalStorage() {
- for (FilesAdapter.ViewModel model : mFilesAdapter.mDataset) {
- File fileInput = new File(model.inputUri.getPath());
- try {
- // the canonical path of the file must not start with /data/data/org.sufficientlysecure.keychain/
- if (fileInput.getCanonicalPath().startsWith(getActivity().getApplicationInfo().dataDir)) {
- throw new RuntimeException("Encrypting OpenKeychain's private files is not allowed!");
- }
- } catch (IOException e) {
- Log.e(Constants.TAG, "Getting canonical path failed!", e);
- }
- }
- }
-
- /**
- * Prepares mOutputUris, either directly and returns false, or indirectly
- * which returns true and will call cryptoOperation after mOutputUris has
- * been set at a later point.
- */
+ // prepares mOutputUris, either directly and returns false, or indirectly
+ // which returns true and will call cryptoOperation after mOutputUris has
+ // been set at a later point.
private boolean prepareOutputStreams() {
switch (mAfterEncryptAction) {
@@ -549,8 +528,6 @@ public class EncryptFilesFragment
}
- securityCheckInternalStorage();
-
return actionsParcel;
}