PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Revert "Support installation of the new app source certificate""

Browse Source
This commit is contained in:
Victor Hsieh
2020-02-19 17:43:12 +00:00
committed by Android (Google) Code Review
parent a7fd2030f7 cef970cda4
commit 4573c0e0fa
13 changed files with 10 additions and 371 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
src/com/android/settings/RebootDialog.java
View File

@@ -1,64 +0,0 @@
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.settings;
import android.annotation.StringRes;
import android.app.Activity;
import android.content.Context;
import android.content.DialogInterface;
import android.os.PowerManager;
import androidx.appcompat.app.AlertDialog;
/** Dialog to confirm a reboot immediately, or later. */
public class RebootDialog implements DialogInterface.OnClickListener,
DialogInterface.OnDismissListener {
private final Activity mActivity;
private final AlertDialog mDialog;
private final String mRebootReason;
public RebootDialog(Activity activity, @StringRes int titleRes, @StringRes int messageRes,
String rebootReason) {
mActivity = activity;
mDialog = new AlertDialog.Builder(activity)
.setTitle(titleRes)
.setMessage(messageRes)
.setPositiveButton(R.string.app_src_cert_reboot_dialog_button_restart, this)
.setNegativeButton(R.string.app_src_cert_reboot_dialog_button_not_now, null)
.setOnDismissListener(this)
.create();
mRebootReason = rebootReason;
}
/** Shows the dialog. */
public void show() {
mDialog.show();
}
@Override
public void onClick(DialogInterface dialog, int button) {
if (button == DialogInterface.BUTTON_POSITIVE) {
PowerManager pm = (PowerManager) mActivity.getSystemService(Context.POWER_SERVICE);
pm.reboot(mRebootReason);
}
}
@Override
public void onDismiss(DialogInterface dialog) {
mActivity.finish();
}
}

49
src/com/android/settings/UserCredentialsSettings.java
View File

@@ -193,8 +193,6 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
for (final Credential credential : credentials) {
if (credential.isSystem()) {
removeGrantsAndDelete(credential);
} else if (credential.isFsverity()) {
deleteAppSourceCredential(credential);
} else {
deleteWifiCredential(credential);
}
@@ -221,16 +219,6 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
}
}
private void deleteAppSourceCredential(final Credential credential) {
final KeyStore keyStore = KeyStore.getInstance();
final EnumSet<Credential.Type> storedTypes = credential.getStoredTypes();
if (storedTypes.contains(Credential.Type.APP_SOURCE_CERTIFICATE)) {
keyStore.delete(Credentials.APP_SOURCE_CERTIFICATE + credential.getAlias(),
Process.FSVERITY_CERT_UID);
}
}
private void removeGrantsAndDelete(final Credential credential) {
final KeyChainConnection conn;
try {
@@ -254,21 +242,10 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
protected void onPostExecute(Credential... credentials) {
if (targetFragment instanceof UserCredentialsSettings && targetFragment.isAdded()) {
final UserCredentialsSettings target = (UserCredentialsSettings) targetFragment;
boolean includeFsverity = false;
for (final Credential credential : credentials) {
target.announceRemoval(credential.alias);
if (credential.isFsverity()) {
includeFsverity = true;
}
}
target.refreshItems();
if (includeFsverity) {
new RebootDialog(
getActivity(),
R.string.app_src_cert_reboot_dialog_uninstall_title,
R.string.app_src_cert_reboot_dialog_uninstall_message,
"Reboot to make new fsverity cert effective").show();
}
}
}
}
@@ -295,12 +272,10 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
final int myUserId = UserHandle.myUserId();
final int systemUid = UserHandle.getUid(myUserId, Process.SYSTEM_UID);
final int wifiUid = UserHandle.getUid(myUserId, Process.WIFI_UID);
final int fsverityUid = UserHandle.getUid(myUserId, Process.FSVERITY_CERT_UID);
List<Credential> credentials = new ArrayList<>();
credentials.addAll(getCredentialsForUid(keyStore, systemUid).values());
credentials.addAll(getCredentialsForUid(keyStore, wifiUid).values());
credentials.addAll(getCredentialsForUid(keyStore, fsverityUid).values());
return credentials;
}
@@ -427,7 +402,6 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
credentialViewTypes.put(R.id.contents_userkey, Credential.Type.USER_KEY);
credentialViewTypes.put(R.id.contents_usercrt, Credential.Type.USER_CERTIFICATE);
credentialViewTypes.put(R.id.contents_cacrt, Credential.Type.CA_CERTIFICATE);
credentialViewTypes.put(R.id.contents_appsrccrt, Credential.Type.APP_SOURCE_CERTIFICATE);
}
protected static View getCredentialView(Credential item, @LayoutRes int layoutResource,
@@ -437,15 +411,9 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
}
((TextView) view.findViewById(R.id.alias)).setText(item.alias);
int purpose;
if (item.isSystem()) {
purpose = R.string.credential_for_vpn_and_apps;
} else if (item.isFsverity()) {
purpose = R.string.credential_for_fsverity;
} else {
purpose = R.string.credential_for_wifi;
}
((TextView) view.findViewById(R.id.purpose)).setText(purpose);
((TextView) view.findViewById(R.id.purpose)).setText(item.isSystem()
? R.string.credential_for_vpn_and_apps
: R.string.credential_for_wifi);
view.findViewById(R.id.contents).setVisibility(expanded ? View.VISIBLE : View.GONE);
if (expanded) {
@@ -467,8 +435,7 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
static enum Type {
CA_CERTIFICATE (Credentials.CA_CERTIFICATE),
USER_CERTIFICATE (Credentials.USER_CERTIFICATE),
USER_KEY(Credentials.USER_PRIVATE_KEY, Credentials.USER_SECRET_KEY),
APP_SOURCE_CERTIFICATE(Credentials.APP_SOURCE_CERTIFICATE);
USER_KEY(Credentials.USER_PRIVATE_KEY, Credentials.USER_SECRET_KEY);
final String[] prefix;
@@ -485,8 +452,7 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
/**
* UID under which this credential is stored. Typically {@link Process#SYSTEM_UID} but can
* also be {@link Process#WIFI_UID} for credentials installed as wifi certificates, or
* {@link Process#FSVERITY_CERT_UID} for app source certificates.
* also be {@link Process#WIFI_UID} for credentials installed as wifi certificates.
*/
final int uid;
@@ -496,7 +462,6 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
* <li>{@link Credentials.CA_CERTIFICATE}</li>
* <li>{@link Credentials.USER_CERTIFICATE}</li>
* <li>{@link Credentials.USER_KEY}</li>
* <li>{@link Credentials.APP_SOURCE_CERTIFICATE}</li>
* </ul>
*/
final EnumSet<Type> storedTypes = EnumSet.noneOf(Type.class);
@@ -547,10 +512,6 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
return UserHandle.getAppId(uid) == Process.SYSTEM_UID;
}
public boolean isFsverity() {
return UserHandle.getAppId(uid) == Process.FSVERITY_CERT_UID;
}
public String getAlias() { return alias; }
public EnumSet<Type> getStoredTypes() {

17
src/com/android/settings/security/CredentialStorage.java
View File

@@ -44,7 +44,6 @@ import androidx.fragment.app.FragmentActivity;
import com.android.internal.widget.LockPatternUtils;
import com.android.settings.R;
import com.android.settings.RebootDialog;
import com.android.settings.password.ChooseLockSettingsHelper;
import com.android.settings.vpn2.VpnUtils;
@@ -131,10 +130,10 @@ public final class CredentialStorage extends FragmentActivity {
if (uid != KeyStore.UID_SELF && !UserHandle.isSameUser(uid, Process.myUid())) {
final int dstUserId = UserHandle.getUserId(uid);
// Restrict install target to the known uid.
if (uid != Process.WIFI_UID && uid != Process.FSVERITY_CERT_UID) {
// Restrict install target to the wifi uid.
if (uid != Process.WIFI_UID) {
Log.e(TAG, "Failed to install credentials as uid " + uid + ": cross-user installs"
+ " may only target known uids");
+ " may only target wifi uids");
return true;
}
@@ -310,16 +309,6 @@ public final class CredentialStorage extends FragmentActivity {
Log.i(TAG, String.format("Successfully installed alias %s to uid %d.",
alias, uid));
if (uid == Process.FSVERITY_CERT_UID) {
new RebootDialog(
this,
R.string.app_src_cert_reboot_dialog_install_title,
R.string.app_src_cert_reboot_dialog_install_message,
"Reboot to make new fsverity cert effective").show();
setResult(RESULT_OK);
return;
}
// Send the broadcast.
final Intent broadcast = new Intent(KeyChain.ACTION_KEYCHAIN_CHANGED);
sendBroadcast(broadcast);

48
src/com/android/settings/security/InstallAppSourceCertificatePreferenceController.java
View File

@@ -1,48 +0,0 @@
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.settings.security;
import android.content.Context;
import android.os.SystemProperties;
import com.android.internal.annotations.VisibleForTesting;
import com.android.settings.core.BasePreferenceController;
/**
* This controller decides the verification result of the installed app.
*/
public class InstallAppSourceCertificatePreferenceController extends
BasePreferenceController {
private static final String APK_VERITY_PROPERTY = "ro.apk_verity.mode";
private static final int APK_VERITY_MODE_ENABLED = 2;
public InstallAppSourceCertificatePreferenceController(Context context, String key) {
super(context, key);
}
@Override
public int getAvailabilityStatus() {
return isApkVerityEnabled() ? AVAILABLE : UNSUPPORTED_ON_DEVICE;
}
@VisibleForTesting
static boolean isApkVerityEnabled() {
// TODO(victorhsieh): replace this with a new API in PackageManager once it is landed.
return SystemProperties.getInt(APK_VERITY_PROPERTY, 0) == APK_VERITY_MODE_ENABLED;
}
}

83
src/com/android/settings/security/InstallAppSourceCertificateWarning.java
View File

@@ -1,83 +0,0 @@
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.settings.security;
import android.annotation.Nullable;
import android.app.Activity;
import android.content.Intent;
import android.os.Bundle;
import android.security.Credentials;
import android.view.View;
import android.widget.Toast;
import com.android.settings.R;
import com.google.android.setupcompat.template.FooterBarMixin;
import com.google.android.setupcompat.template.FooterButton;
import com.google.android.setupdesign.GlifLayout;
/**
* Creates a warning dialog explaining the consequences of installing a certificate
* This is displayed before an app source certificate can be installed from Settings.
*/
public class InstallAppSourceCertificateWarning extends Activity {
@Override
public void onCreate(@Nullable Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.app_source_certificate_warning_dialog);
final GlifLayout layout = findViewById(R.id.setup_wizard_layout);
final FooterBarMixin mixin = layout.getMixin(FooterBarMixin.class);
mixin.setSecondaryButton(
new FooterButton.Builder(this)
.setText(R.string.certificate_warning_install_anyway)
.setListener(installCertificate())
.setButtonType(FooterButton.ButtonType.OTHER)
.setTheme(R.style.SudGlifButton_Secondary)
.build()
);
mixin.setPrimaryButton(
new FooterButton.Builder(this)
.setText(R.string.certificate_warning_dont_install)
.setListener(returnToInstallCertificateFromStorage())
.setButtonType(FooterButton.ButtonType.NEXT)
.setTheme(R.style.SudGlifButton_Primary)
.build()
);
}
private View.OnClickListener installCertificate() {
return v -> {
final Intent intent = new Intent();
intent.setAction(Credentials.INSTALL_ACTION);
intent.putExtra(Credentials.EXTRA_CERTIFICATE_USAGE,
Credentials.CERTIFICATE_USAGE_APP_SOURCE);
startActivity(intent);
finish();
};
}
private View.OnClickListener returnToInstallCertificateFromStorage() {
return v -> {
Toast.makeText(this, R.string.cert_not_installed, Toast.LENGTH_SHORT).show();
finish();
};
}
}

1
src/com/android/settings/security/InstallCertificateFromStorage.java
View File

@@ -60,7 +60,6 @@ public class InstallCertificateFromStorage extends DashboardFragment {
private static List<AbstractPreferenceController> buildPreferenceControllers(Context context,
Lifecycle lifecycle) {
// TODO(eranm,victorhsieh): use "settings:controller" in xml and remove the following.
final List<AbstractPreferenceController> controllers = new ArrayList<>();
controllers.add(new InstallCaCertificatePreferenceController(context));
controllers.add(new InstallUserCertificatePreferenceController(context));