mirror of
https://github.com/bitwarden/android.git
synced 2024-12-25 02:18:27 +03:00
Honor user CA store when targeting Android Nougat SDK and later (#420)
* Included network-security-config.xml file to honor user added CAs (see: https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html) * Added domain-config entry to only use system CAs connecting to bitwarden.com * Deny all plaintext traffic from network_security_config Ref: https://developer.android.com/training/articles/security-config#CleartextTrafficPermitted
This commit is contained in:
parent
366578600b
commit
e280f585cf
4 changed files with 26 additions and 1 deletions
|
@ -1021,5 +1021,8 @@
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<AndroidResource Include="Resources\drawable-xxxhdpi\upload2.png" />
|
<AndroidResource Include="Resources\drawable-xxxhdpi\upload2.png" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<AndroidResource Include="Resources\xml\network_security_config.xml" />
|
||||||
|
</ItemGroup>
|
||||||
<Import Project="$(MSBuildExtensionsPath)\Xamarin\Android\Xamarin.Android.CSharp.targets" />
|
<Import Project="$(MSBuildExtensionsPath)\Xamarin\Android\Xamarin.Android.CSharp.targets" />
|
||||||
</Project>
|
</Project>
|
|
@ -13,7 +13,8 @@
|
||||||
<uses-feature android:name="android.hardware.camera.autofocus" android:required="false" />
|
<uses-feature android:name="android.hardware.camera.autofocus" android:required="false" />
|
||||||
|
|
||||||
<application android:label="Bitwarden" android:theme="@style/BitwardenTheme" android:allowBackup="false"
|
<application android:label="Bitwarden" android:theme="@style/BitwardenTheme" android:allowBackup="false"
|
||||||
android:icon="@mipmap/ic_launcher" android:roundIcon="@mipmap/ic_launcher_round">
|
android:icon="@mipmap/ic_launcher" android:roundIcon="@mipmap/ic_launcher_round"
|
||||||
|
android:networkSecurityConfig="@xml/network_security_config">
|
||||||
<provider
|
<provider
|
||||||
android:name="android.support.v4.content.FileProvider"
|
android:name="android.support.v4.content.FileProvider"
|
||||||
android:authorities="com.x8bit.bitwarden.fileprovider"
|
android:authorities="com.x8bit.bitwarden.fileprovider"
|
||||||
|
|
3
src/Android/Resources/Resource.Designer.cs
generated
3
src/Android/Resources/Resource.Designer.cs
generated
|
@ -8565,6 +8565,9 @@ namespace Bit.Android
|
||||||
// aapt resource value: 0x7f080002
|
// aapt resource value: 0x7f080002
|
||||||
public const int filepaths = 2131230722;
|
public const int filepaths = 2131230722;
|
||||||
|
|
||||||
|
// aapt resource value: 0x7f080003
|
||||||
|
public const int network_security_config = 2131230723;
|
||||||
|
|
||||||
static Xml()
|
static Xml()
|
||||||
{
|
{
|
||||||
global::Android.Runtime.ResourceIdManager.UpdateIdValues();
|
global::Android.Runtime.ResourceIdManager.UpdateIdValues();
|
||||||
|
|
18
src/Android/Resources/xml/network_security_config.xml
Normal file
18
src/Android/Resources/xml/network_security_config.xml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
<network-security-config>
|
||||||
|
<base-config cleartextTrafficPermitted="false">
|
||||||
|
<trust-anchors>
|
||||||
|
<!-- Trust pre-installed CAs -->
|
||||||
|
<certificates src="system" />
|
||||||
|
<!-- Additionally trust user added CAs -->
|
||||||
|
<certificates src="user" />
|
||||||
|
</trust-anchors>
|
||||||
|
</base-config>
|
||||||
|
<domain-config cleartextTrafficPermitted="false">
|
||||||
|
<domain includeSubdomains="true">bitwarden.com</domain>
|
||||||
|
<trust-anchors>
|
||||||
|
<!-- Only trust pre-installed CAs for
|
||||||
|
Bitwarden.com and all subdomains -->
|
||||||
|
<certificates src="system" />
|
||||||
|
</trust-anchors>
|
||||||
|
</domain-config>
|
||||||
|
</network-security-config>
|
Loading…
Reference in a new issue