cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

disable automatic accept for own uid in RemoteService, and fix some warnings

Browse Source
This commit is contained in:
Vincent Breitmoser
2015-06-26 02:44:34 +02:00
parent 080d1c747a
commit 56ef0f320b
1 changed files with 8 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/RemoteService.java
View File

@@ -17,6 +17,7 @@
package org.sufficientlysecure.keychain.remote; package org.sufficientlysecure.keychain.remote;
import android.annotation.SuppressLint;
import android.app.PendingIntent; import android.app.PendingIntent;
import android.app.Service; import android.app.Service;
import android.content.Context; import android.content.Context;
@@ -65,12 +66,11 @@ public abstract class RemoteService extends Service {
/** /**
* Checks if caller is allowed to access the API * Checks if caller is allowed to access the API
* *
* @param data
* @return null if caller is allowed, or a Bundle with a PendingIntent * @return null if caller is allowed, or a Bundle with a PendingIntent
*/ */
protected Intent isAllowed(Intent data) { protected Intent isAllowed(Intent data) {
try { try {
if (isCallerAllowed(false)) { if (isCallerAllowed()) {
return null; return null;
} else { } else {
String packageName = getCurrentCallingPackage(); String packageName = getCurrentCallingPackage();
@@ -130,8 +130,8 @@ public abstract class RemoteService extends Service {
} }
private byte[] getPackageCertificate(String packageName) throws NameNotFoundException { private byte[] getPackageCertificate(String packageName) throws NameNotFoundException {
PackageInfo pkgInfo = getPackageManager().getPackageInfo(packageName, @SuppressLint("PackageManagerGetSignatures") // we do check the byte array of *all* signatures
PackageManager.GET_SIGNATURES); PackageInfo pkgInfo = getPackageManager().getPackageInfo(packageName, PackageManager.GET_SIGNATURES);
// NOTE: Silly Android API naming: Signatures are actually certificates // NOTE: Silly Android API naming: Signatures are actually certificates
Signature[] certificates = pkgInfo.signatures; Signature[] certificates = pkgInfo.signatures;
ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
@@ -211,22 +211,15 @@ public abstract class RemoteService extends Service {
* Checks if process that binds to this service (i.e. the package name corresponding to the * Checks if process that binds to this service (i.e. the package name corresponding to the
* process) is in the list of allowed package names. * process) is in the list of allowed package names.
* *
* @param allowOnlySelf allow only Keychain app itself
* @return true if process is allowed to use this service * @return true if process is allowed to use this service
* @throws WrongPackageCertificateException * @throws WrongPackageCertificateException
*/ */
private boolean isCallerAllowed(boolean allowOnlySelf) throws WrongPackageCertificateException { private boolean isCallerAllowed() throws WrongPackageCertificateException {
return isUidAllowed(Binder.getCallingUid(), allowOnlySelf); return isUidAllowed(Binder.getCallingUid());
} }
private boolean isUidAllowed(int uid, boolean allowOnlySelf) private boolean isUidAllowed(int uid)
throws WrongPackageCertificateException { throws WrongPackageCertificateException {
if (android.os.Process.myUid() == uid) {
return true;
}
if (allowOnlySelf) { // barrier
return false;
}
String[] callingPackages = getPackageManager().getPackagesForUid(uid); String[] callingPackages = getPackageManager().getPackagesForUid(uid);
@@ -237,7 +230,7 @@ public abstract class RemoteService extends Service {
} }
} }
Log.d(Constants.TAG, "Uid is NOT allowed!"); Log.e(Constants.TAG, "Uid is NOT allowed!");
return false; return false;
} }