mirror of
https://github.com/bitwarden/android.git
synced 2024-11-24 10:25:57 +03:00
BITAU-99 Expose and protect AuthenticatorBridgeService
(#3988)
This commit is contained in:
parent
488ec095bc
commit
567c2ffb94
4 changed files with 39 additions and 0 deletions
9
app/src/beta/res/values/manifest.xml
Normal file
9
app/src/beta/res/values/manifest.xml
Normal file
|
@ -0,0 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<resources>
|
||||
<!-- For beta variant, we don't have a matching variant of the Bitwarden Authenticator app.
|
||||
Therefore, we leave the known app cert null here so that no clients can connect to
|
||||
AuthenticatorBridgeService in the beta variant. If later another variant of the
|
||||
Bitwarden Authenticator app is added, a SHA-256 digest of that variant's APK can be added here.
|
||||
-->
|
||||
<string name="known_authenticator_app_cert">@null</string>
|
||||
</resources>
|
5
app/src/debug/res/values/manifest.xml
Normal file
5
app/src/debug/res/values/manifest.xml
Normal file
|
@ -0,0 +1,5 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<resources>
|
||||
<!-- This is the SHA-256 digest for the Authenticator App debug variant:-->
|
||||
<string name="known_authenticator_app_cert">13144ab52af797a88c2fe292674461ef1715e0e1e4f5f538f63f1c174696f476</string>
|
||||
</resources>
|
|
@ -16,6 +16,20 @@
|
|||
<uses-permission android:name="android.permission.INTERNET" />
|
||||
<uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
|
||||
|
||||
<!-- Protect access to AuthenticatorBridgeService using this custom permission.
|
||||
|
||||
Note that each build type uses a different value for knownCerts.
|
||||
|
||||
This in effect means that the only application that can connect to the debug/release/etc
|
||||
variant AuthenticatorBridgeService is the debug/release/etc variant Bitwarden Authenticator
|
||||
app. -->
|
||||
<permission
|
||||
android:name="${applicationId}.permission.AUTHENTICATOR_BRIDGE_SERVICE"
|
||||
android:knownCerts="@string/known_authenticator_app_cert"
|
||||
android:label="Bitwarden Bridge"
|
||||
android:protectionLevel="signature|knownSigner"
|
||||
tools:targetApi="s" />
|
||||
|
||||
<application
|
||||
android:name=".BitwardenApplication"
|
||||
android:allowBackup="false"
|
||||
|
@ -277,6 +291,11 @@
|
|||
android:name="android.content.APP_RESTRICTIONS"
|
||||
android:resource="@xml/app_restrictions" />
|
||||
|
||||
<service
|
||||
android:name="com.x8bit.bitwarden.data.platform.service.AuthenticatorBridgeService"
|
||||
android:exported="true"
|
||||
android:permission="${applicationId}.permission.AUTHENTICATOR_BRIDGE_SERVICE" />
|
||||
|
||||
</application>
|
||||
|
||||
<queries>
|
||||
|
|
6
app/src/release/res/values/manifest.xml
Normal file
6
app/src/release/res/values/manifest.xml
Normal file
|
@ -0,0 +1,6 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<resources>
|
||||
<!-- This is the SHA-256 digest for Google Play signing key of the Authenticator App Release
|
||||
variant: -->
|
||||
<string name="known_authenticator_app_cert">45bd689eb1493eaef19c346dc1385197ddbb53ddc5d09476db4895df75b9b53b</string>
|
||||
</resources>
|
Loading…
Reference in a new issue