mirror of
https://github.com/bitwarden/android.git
synced 2024-11-28 06:04:16 +03:00
BITAU-99 Expose and protect AuthenticatorBridgeService
(#3988)
This commit is contained in:
parent
488ec095bc
commit
567c2ffb94
4 changed files with 39 additions and 0 deletions
9
app/src/beta/res/values/manifest.xml
Normal file
9
app/src/beta/res/values/manifest.xml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<resources>
|
||||||
|
<!-- For beta variant, we don't have a matching variant of the Bitwarden Authenticator app.
|
||||||
|
Therefore, we leave the known app cert null here so that no clients can connect to
|
||||||
|
AuthenticatorBridgeService in the beta variant. If later another variant of the
|
||||||
|
Bitwarden Authenticator app is added, a SHA-256 digest of that variant's APK can be added here.
|
||||||
|
-->
|
||||||
|
<string name="known_authenticator_app_cert">@null</string>
|
||||||
|
</resources>
|
5
app/src/debug/res/values/manifest.xml
Normal file
5
app/src/debug/res/values/manifest.xml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<resources>
|
||||||
|
<!-- This is the SHA-256 digest for the Authenticator App debug variant:-->
|
||||||
|
<string name="known_authenticator_app_cert">13144ab52af797a88c2fe292674461ef1715e0e1e4f5f538f63f1c174696f476</string>
|
||||||
|
</resources>
|
|
@ -16,6 +16,20 @@
|
||||||
<uses-permission android:name="android.permission.INTERNET" />
|
<uses-permission android:name="android.permission.INTERNET" />
|
||||||
<uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
|
<uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
|
||||||
|
|
||||||
|
<!-- Protect access to AuthenticatorBridgeService using this custom permission.
|
||||||
|
|
||||||
|
Note that each build type uses a different value for knownCerts.
|
||||||
|
|
||||||
|
This in effect means that the only application that can connect to the debug/release/etc
|
||||||
|
variant AuthenticatorBridgeService is the debug/release/etc variant Bitwarden Authenticator
|
||||||
|
app. -->
|
||||||
|
<permission
|
||||||
|
android:name="${applicationId}.permission.AUTHENTICATOR_BRIDGE_SERVICE"
|
||||||
|
android:knownCerts="@string/known_authenticator_app_cert"
|
||||||
|
android:label="Bitwarden Bridge"
|
||||||
|
android:protectionLevel="signature|knownSigner"
|
||||||
|
tools:targetApi="s" />
|
||||||
|
|
||||||
<application
|
<application
|
||||||
android:name=".BitwardenApplication"
|
android:name=".BitwardenApplication"
|
||||||
android:allowBackup="false"
|
android:allowBackup="false"
|
||||||
|
@ -277,6 +291,11 @@
|
||||||
android:name="android.content.APP_RESTRICTIONS"
|
android:name="android.content.APP_RESTRICTIONS"
|
||||||
android:resource="@xml/app_restrictions" />
|
android:resource="@xml/app_restrictions" />
|
||||||
|
|
||||||
|
<service
|
||||||
|
android:name="com.x8bit.bitwarden.data.platform.service.AuthenticatorBridgeService"
|
||||||
|
android:exported="true"
|
||||||
|
android:permission="${applicationId}.permission.AUTHENTICATOR_BRIDGE_SERVICE" />
|
||||||
|
|
||||||
</application>
|
</application>
|
||||||
|
|
||||||
<queries>
|
<queries>
|
||||||
|
|
6
app/src/release/res/values/manifest.xml
Normal file
6
app/src/release/res/values/manifest.xml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<resources>
|
||||||
|
<!-- This is the SHA-256 digest for Google Play signing key of the Authenticator App Release
|
||||||
|
variant: -->
|
||||||
|
<string name="known_authenticator_app_cert">45bd689eb1493eaef19c346dc1385197ddbb53ddc5d09476db4895df75b9b53b</string>
|
||||||
|
</resources>
|
Loading…
Reference in a new issue