mirrors/bitwarden-android
1
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2024-11-24 10:25:57 +03:00
Code Issues Projects Releases Packages Wiki Activity

BITAU-99 Expose and protect AuthenticatorBridgeService (#3988)

Browse source
This commit is contained in:
Andrew Haisting 2024-10-03 15:02:58 -05:00 committed by GitHub
parent 488ec095bc
commit 567c2ffb94
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 39 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/src/beta/res/values/manifest.xml Normal file
View file

@ -0,0 +1,9 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<!-- For beta variant, we don't have a matching variant of the Bitwarden Authenticator app.
Therefore, we leave the known app cert null here so that no clients can connect to
AuthenticatorBridgeService in the beta variant. If later another variant of the
Bitwarden Authenticator app is added, a SHA-256 digest of that variant's APK can be added here.
-->
<string name="known_authenticator_app_cert">@null</string>
</resources>

5
app/src/debug/res/values/manifest.xml Normal file
View file

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<!-- This is the SHA-256 digest for the Authenticator App debug variant:-->
<string name="known_authenticator_app_cert">13144ab52af797a88c2fe292674461ef1715e0e1e4f5f538f63f1c174696f476</string>
</resources>

19
app/src/main/AndroidManifest.xml
View file

@ -16,6 +16,20 @@
<uses-permission android:name="android.permission.INTERNET" /> <uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.POST_NOTIFICATIONS" /> <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
<!-- Protect access to AuthenticatorBridgeService using this custom permission.
Note that each build type uses a different value for knownCerts.
This in effect means that the only application that can connect to the debug/release/etc
variant AuthenticatorBridgeService is the debug/release/etc variant Bitwarden Authenticator
app. -->
<permission
android:name="${applicationId}.permission.AUTHENTICATOR_BRIDGE_SERVICE"
android:knownCerts="@string/known_authenticator_app_cert"
android:label="Bitwarden Bridge"
android:protectionLevel="signature|knownSigner"
tools:targetApi="s" />
<application <application
android:name=".BitwardenApplication" android:name=".BitwardenApplication"
android:allowBackup="false" android:allowBackup="false"
@ -277,6 +291,11 @@
android:name="android.content.APP_RESTRICTIONS" android:name="android.content.APP_RESTRICTIONS"
android:resource="@xml/app_restrictions" /> android:resource="@xml/app_restrictions" />
<service
android:name="com.x8bit.bitwarden.data.platform.service.AuthenticatorBridgeService"
android:exported="true"
android:permission="${applicationId}.permission.AUTHENTICATOR_BRIDGE_SERVICE" />
</application> </application>
<queries> <queries>

6
app/src/release/res/values/manifest.xml Normal file
View file

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<!-- This is the SHA-256 digest for Google Play signing key of the Authenticator App Release
variant: -->
<string name="known_authenticator_app_cert">45bd689eb1493eaef19c346dc1385197ddbb53ddc5d09476db4895df75b9b53b</string>
</resources>