Merge branch 'master' into v/multi-decrypt

OpenKeychain/src/debug/res/values/strings.xml

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <string name="app_name">"OpenKeychain (Debug)"</string>
+</resources>

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java

@@ -23,6 +23,8 @@ import org.spongycastle.bcpg.HashAlgorithmTags;
 import org.spongycastle.bcpg.SymmetricKeyAlgorithmTags;
 import org.spongycastle.jce.provider.BouncyCastleProvider;
 
+import org.sufficientlysecure.keychain.BuildConfig;
+
 import java.io.File;
 
 public final class Constants {

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java

@@ -34,6 +34,7 @@ import android.widget.Toast;
 
 import org.spongycastle.jce.provider.BouncyCastleProvider;
 import org.sufficientlysecure.keychain.provider.TemporaryStorageProvider;
+import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.ui.ConsolidateDialogActivity;
 import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.util.PRNGFixes;

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/RemoteService.java

@@ -17,6 +17,7 @@
 
 package org.sufficientlysecure.keychain.remote;
 
+import android.annotation.SuppressLint;
 import android.app.PendingIntent;
 import android.app.Service;
 import android.content.Context;
@@ -65,12 +66,11 @@ public abstract class RemoteService extends Service {
     /**
      * Checks if caller is allowed to access the API
      *
-     * @param data
      * @return null if caller is allowed, or a Bundle with a PendingIntent
      */
     protected Intent isAllowed(Intent data) {
         try {
-            if (isCallerAllowed(false)) {
+            if (isCallerAllowed()) {
                 return null;
             } else {
                 String packageName = getCurrentCallingPackage();
@@ -130,8 +130,8 @@ public abstract class RemoteService extends Service {
     }
 
     private byte[] getPackageCertificate(String packageName) throws NameNotFoundException {
-        PackageInfo pkgInfo = getPackageManager().getPackageInfo(packageName,
-                PackageManager.GET_SIGNATURES);
+        @SuppressLint("PackageManagerGetSignatures") // we do check the byte array of *all* signatures
+        PackageInfo pkgInfo = getPackageManager().getPackageInfo(packageName, PackageManager.GET_SIGNATURES);
         // NOTE: Silly Android API naming: Signatures are actually certificates
         Signature[] certificates = pkgInfo.signatures;
         ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
@@ -211,22 +211,15 @@ public abstract class RemoteService extends Service {
      * Checks if process that binds to this service (i.e. the package name corresponding to the
      * process) is in the list of allowed package names.
      *
-     * @param allowOnlySelf allow only Keychain app itself
      * @return true if process is allowed to use this service
      * @throws WrongPackageCertificateException
      */
-    private boolean isCallerAllowed(boolean allowOnlySelf) throws WrongPackageCertificateException {
-        return isUidAllowed(Binder.getCallingUid(), allowOnlySelf);
+    private boolean isCallerAllowed() throws WrongPackageCertificateException {
+        return isUidAllowed(Binder.getCallingUid());
     }
 
-    private boolean isUidAllowed(int uid, boolean allowOnlySelf)
+    private boolean isUidAllowed(int uid)
             throws WrongPackageCertificateException {
-        if (android.os.Process.myUid() == uid) {
-            return true;
-        }
-        if (allowOnlySelf) { // barrier
-            return false;
-        }
 
         String[] callingPackages = getPackageManager().getPackagesForUid(uid);
 
@@ -237,7 +230,7 @@ public abstract class RemoteService extends Service {
             }
         }
 
-        Log.d(Constants.TAG, "Uid is NOT allowed!");
+        Log.e(Constants.TAG, "Uid is NOT allowed!");
         return false;
     }
 

OpenKeychain/src/test/java/org/sufficientlysecure/keychain/WorkaroundBuildConfig.java

@@ -1,5 +1,7 @@
 package org.sufficientlysecure.keychain;
 
+import org.sufficientlysecure.keychain.BuildConfig;
+
 /**
  * Temporary workaround for https://github.com/robolectric/robolectric/issues/1747
  */