From b9d5a0b681786ee0540d482363556cb26ab0e574 Mon Sep 17 00:00:00 2001 From: Narinder Rana Date: Wed, 11 Aug 2021 15:59:13 +0530 Subject: [PATCH 01/14] update systemApp.json for microG package --- app/src/main/assets/systemApp.json | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/app/src/main/assets/systemApp.json b/app/src/main/assets/systemApp.json index 6c791ec3c..145b4cbcc 100644 --- a/app/src/main/assets/systemApp.json +++ b/app/src/main/assets/systemApp.json @@ -1,7 +1,14 @@ { - "com.explusalpha.Snes9xPlus":{ - "url" : "https://cleanapk.org/#/app/5b15b33a89bb693d3a3e806b", - "project_id" : "1001", - "app_name": "Snes9x EX+" + + "com.google.android.gms": { + "url": "https://gitlab.e.foundation/e/apps/GmsCore", + "project_id": "149", + "app_name": "microG Exposure Notification version" + }, + "foundation.e.mail": { + "url": "https://gitlab.e.foundation/e/apps/Mail", + "project_id": "13", + "app_name": "Mail" } + } \ No newline at end of file -- GitLab From 82b82377c9cfde82b164f25b154db27deb75a642 Mon Sep 17 00:00:00 2001 From: Narinder Rana Date: Wed, 11 Aug 2021 17:54:37 +0530 Subject: [PATCH 02/14] update url and JsonObject check json Key --- .../e/apps/application/model/IntegrityVerificationTask.kt | 5 ++--- app/src/main/java/foundation/e/apps/utils/Constants.kt | 3 ++- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt index 156b4671b..0775d51c4 100644 --- a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt +++ b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt @@ -159,9 +159,8 @@ class IntegrityVerificationTask( } } try { - if (packageName == JSONObject(jsonResponse).get(packageName)) { - return true - } + + return JSONObject(jsonResponse).has(packageName); } catch (e: Exception) { if (e is JSONException) { Log.d(TAG, "$packageName is not a system application") diff --git a/app/src/main/java/foundation/e/apps/utils/Constants.kt b/app/src/main/java/foundation/e/apps/utils/Constants.kt index c80ab129a..46b94ec17 100644 --- a/app/src/main/java/foundation/e/apps/utils/Constants.kt +++ b/app/src/main/java/foundation/e/apps/utils/Constants.kt @@ -71,5 +71,6 @@ object Constants { // Integrity Verification const val F_DROID_PACKAGES_URL = "https://f-droid.org/en/packages/" - const val SYSTEM_PACKAGES_JSON_FILE_URL = "https://gitlab.e.foundation/e/apps/apps/-/raw/e169c1905114d97af867b051f96c38166f4782e2/app/src/main/assets/systemApp.json" + //const val SYSTEM_PACKAGES_JSON_FILE_URL = "https://gitlab.e.foundation/e/apps/apps/-/raw/e169c1905114d97af867b051f96c38166f4782e2/app/src/main/assets/systemApp.json" + const val SYSTEM_PACKAGES_JSON_FILE_URL = "https://gitlab.e.foundation/e/apps/apps/-/raw/issue-3328JSON/app/src/main/assets/systemApp.json" } -- GitLab From 4c5fa2012bdcc505db228b064e2725468afd741b Mon Sep 17 00:00:00 2001 From: Narinder Rana Date: Mon, 23 Aug 2021 14:25:14 +0530 Subject: [PATCH 03/14] update for testing --- .../model/IntegrityVerificationTask.kt | 80 +++++++++++++------ 1 file changed, 57 insertions(+), 23 deletions(-) diff --git a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt index 0775d51c4..83cf7ea18 100644 --- a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt +++ b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt @@ -23,6 +23,7 @@ import android.content.pm.PackageInfo import android.content.pm.PackageManager import android.content.pm.Signature import android.os.AsyncTask +import android.os.Environment import android.os.Handler import android.os.Looper import android.util.Log @@ -49,18 +50,24 @@ import java.security.MessageDigest import java.security.Security class IntegrityVerificationTask( - private val applicationInfo: ApplicationInfo, - private val fullData: FullData, - private val integrityVerificationCallback: IntegrityVerificationCallback + private val applicationInfo: ApplicationInfo, + private val fullData: FullData, + private val integrityVerificationCallback: IntegrityVerificationCallback ) : + AsyncTask() { + private lateinit var systemJsonData: JSONObject private var verificationSuccessful: Boolean = false private var TAG = "IntegrityVerificationTask" + + override fun doInBackground(vararg context: Context): Context { try { verificationSuccessful = if (isSystemApplication(fullData.packageName)) { - verifySystemSignature(context[0]) + //verifySystemSignature(context[0]) + verifySystemValues(context[0]) + } else if (isfDroidApplication(fullData.packageName)) { verifyFdroidSignature(context[0]) } else { @@ -88,9 +95,30 @@ class IntegrityVerificationTask( if (!fullData.getLastVersion()?.signature.isNullOrEmpty()) { return fullData.getLastVersion()?.signature == getSystemSignature(context.packageManager)?.toCharsString() + } + else{ + } return false } + private fun verifySystemValues(context: Context): Boolean { + + val pm: PackageManager = context.packageManager + val fullPath: String = applicationInfo.getApkFile( + context, + fullData.basicData + ).absolutePath + val info = pm.getPackageArchiveInfo(fullPath, 0) + if (info != null) { + Log.e("TAG", ".................."+ info.packageName) + Log.e("TAG", ".................."+ info.signatures) + }; + + return false; +// +// return (fullData.basicData.id==systemJsonData.getString("project_id") +// && fullData.basicData.name==systemJsonData.getString("app_name")) + } private fun getFirstSignature(pkg: PackageInfo?): Signature? { return if (pkg?.signatures != null && pkg.signatures.isNotEmpty()) { @@ -111,17 +139,17 @@ class IntegrityVerificationTask( private fun verifyFdroidSignature(context: Context): Boolean { Security.addProvider(BouncyCastleProvider()) return verifyAPKSignature( - context, - BufferedInputStream( - FileInputStream( - applicationInfo.getApkFile( - context, - fullData.basicData - ).absolutePath - ) - ), - fullData.getLastVersion()!!.signature.byteInputStream(Charsets.UTF_8), - context.assets.open("f-droid.org-signing-key.gpg") + context, + BufferedInputStream( + FileInputStream( + applicationInfo.getApkFile( + context, + fullData.basicData + ).absolutePath + ) + ), + fullData.getLastVersion()!!.signature.byteInputStream(Charsets.UTF_8), + context.assets.open("f-droid.org-signing-key.gpg") ) } @@ -159,8 +187,14 @@ class IntegrityVerificationTask( } } try { - - return JSONObject(jsonResponse).has(packageName); + if(JSONObject(jsonResponse).has(packageName)){ + systemJsonData = JSONObject(jsonResponse).getJSONObject(packageName); + return true + } + else{ + return false + } + // return JSONObject(jsonResponse).has(packageName); } catch (e: Exception) { if (e is JSONException) { Log.d(TAG, "$packageName is not a system application") @@ -199,10 +233,10 @@ class IntegrityVerificationTask( } private fun verifyAPKSignature( - context: Context, - apkInputStream: BufferedInputStream, - apkSignatureInputStream: InputStream, - publicKeyInputStream: InputStream + context: Context, + apkInputStream: BufferedInputStream, + apkSignatureInputStream: InputStream, + publicKeyInputStream: InputStream ): Boolean { try { @@ -220,8 +254,8 @@ class IntegrityVerificationTask( val pgpPublicKeyRingCollection = PGPPublicKeyRingCollection( - PGPUtil.getDecoderStream(publicKeyInputStream), - JcaKeyFingerprintCalculator() + PGPUtil.getDecoderStream(publicKeyInputStream), + JcaKeyFingerprintCalculator() ) val signature = pgpSignatureList.get(0) -- GitLab From ab195e91ceff5216f84d1b2fecd8c1ab5034a4fd Mon Sep 17 00:00:00 2001 From: Narinder Rana Date: Tue, 24 Aug 2021 15:23:51 +0530 Subject: [PATCH 04/14] undo --- .../application/model/IntegrityVerificationTask.kt | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt index 83cf7ea18..21c70a9ee 100644 --- a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt +++ b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt @@ -65,8 +65,8 @@ class IntegrityVerificationTask( override fun doInBackground(vararg context: Context): Context { try { verificationSuccessful = if (isSystemApplication(fullData.packageName)) { - //verifySystemSignature(context[0]) - verifySystemValues(context[0]) + verifySystemSignature(context[0]) + // verifySystemValues(context[0]) } else if (isfDroidApplication(fullData.packageName)) { verifyFdroidSignature(context[0]) @@ -95,12 +95,14 @@ class IntegrityVerificationTask( if (!fullData.getLastVersion()?.signature.isNullOrEmpty()) { return fullData.getLastVersion()?.signature == getSystemSignature(context.packageManager)?.toCharsString() - } - else{ - } return false } + + //get signature from apk and check + + + private fun verifySystemValues(context: Context): Boolean { val pm: PackageManager = context.packageManager @@ -112,7 +114,7 @@ class IntegrityVerificationTask( if (info != null) { Log.e("TAG", ".................."+ info.packageName) Log.e("TAG", ".................."+ info.signatures) - }; + } return false; // -- GitLab From 2709b5a65d6f1b989636e74d3075bfecf403bb59 Mon Sep 17 00:00:00 2001 From: Narinder Rana Date: Tue, 24 Aug 2021 15:33:42 +0530 Subject: [PATCH 05/14] getAPK_signature and verifyAPKSignature --- .../model/IntegrityVerificationTask.kt | 34 ++++++++++++++++--- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt index 21c70a9ee..92bf3c8ac 100644 --- a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt +++ b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt @@ -23,7 +23,6 @@ import android.content.pm.PackageInfo import android.content.pm.PackageManager import android.content.pm.Signature import android.os.AsyncTask -import android.os.Environment import android.os.Handler import android.os.Looper import android.util.Log @@ -49,6 +48,7 @@ import java.io.InputStream import java.security.MessageDigest import java.security.Security + class IntegrityVerificationTask( private val applicationInfo: ApplicationInfo, private val fullData: FullData, @@ -65,7 +65,9 @@ class IntegrityVerificationTask( override fun doInBackground(vararg context: Context): Context { try { verificationSuccessful = if (isSystemApplication(fullData.packageName)) { - verifySystemSignature(context[0]) + + verifyAPKSignature(context[0]) + // verifySystemSignature(context[0]) // verifySystemValues(context[0]) } else if (isfDroidApplication(fullData.packageName)) { @@ -100,7 +102,31 @@ class IntegrityVerificationTask( } //get signature from apk and check + private fun verifyAPKSignature(context: Context): Boolean { + + //get Signature from APK + if (getAPKSignature(context)!=null) { + return getAPKSignature(context)?.toCharsString() == + getSystemSignature(context.packageManager)?.toCharsString() + } + return false + } + + private fun getAPKSignature(context: Context): Signature? { + try { + val fullPath: String = applicationInfo.getApkFile( + context, + fullData.basicData + ).absolutePath + + val releaseSig = context.packageManager.getPackageArchiveInfo(fullPath, PackageManager.GET_SIGNATURES) + return getFirstSignature(releaseSig) + } catch (e: PackageManager.NameNotFoundException) { + Log.d(TAG, "Unable to find the package: android") + } + return null + } private fun verifySystemValues(context: Context): Boolean { @@ -112,8 +138,8 @@ class IntegrityVerificationTask( ).absolutePath val info = pm.getPackageArchiveInfo(fullPath, 0) if (info != null) { - Log.e("TAG", ".................."+ info.packageName) - Log.e("TAG", ".................."+ info.signatures) + Log.e("TAG", ".................." + info.packageName) + Log.e("TAG", ".................." + info.signatures) } return false; -- GitLab From d3b72b3153ceb5307bbd7d3f36dac801946eda9a Mon Sep 17 00:00:00 2001 From: Narinder Rana Date: Tue, 24 Aug 2021 15:45:52 +0530 Subject: [PATCH 06/14] Clean some code --- .../e/apps/application/model/IntegrityVerificationTask.kt | 8 -------- 1 file changed, 8 deletions(-) diff --git a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt index 92bf3c8ac..c0c1d7632 100644 --- a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt +++ b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt @@ -65,11 +65,7 @@ class IntegrityVerificationTask( override fun doInBackground(vararg context: Context): Context { try { verificationSuccessful = if (isSystemApplication(fullData.packageName)) { - verifyAPKSignature(context[0]) - // verifySystemSignature(context[0]) - // verifySystemValues(context[0]) - } else if (isfDroidApplication(fullData.packageName)) { verifyFdroidSignature(context[0]) } else { @@ -141,11 +137,7 @@ class IntegrityVerificationTask( Log.e("TAG", ".................." + info.packageName) Log.e("TAG", ".................." + info.signatures) } - return false; -// -// return (fullData.basicData.id==systemJsonData.getString("project_id") -// && fullData.basicData.name==systemJsonData.getString("app_name")) } private fun getFirstSignature(pkg: PackageInfo?): Signature? { -- GitLab From 50e4f13c7a2cbd58765aa97bd85bf11c4392f484 Mon Sep 17 00:00:00 2001 From: Narinder Rana Date: Wed, 25 Aug 2021 13:16:10 +0530 Subject: [PATCH 07/14] ktlintFormat run --- .../model/IntegrityVerificationTask.kt | 72 +++++++++---------- .../java/foundation/e/apps/utils/Constants.kt | 2 +- 2 files changed, 34 insertions(+), 40 deletions(-) diff --git a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt index c0c1d7632..ec08daf9d 100644 --- a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt +++ b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt @@ -48,11 +48,10 @@ import java.io.InputStream import java.security.MessageDigest import java.security.Security - class IntegrityVerificationTask( - private val applicationInfo: ApplicationInfo, - private val fullData: FullData, - private val integrityVerificationCallback: IntegrityVerificationCallback + private val applicationInfo: ApplicationInfo, + private val fullData: FullData, + private val integrityVerificationCallback: IntegrityVerificationCallback ) : AsyncTask() { @@ -60,8 +59,6 @@ class IntegrityVerificationTask( private var verificationSuccessful: Boolean = false private var TAG = "IntegrityVerificationTask" - - override fun doInBackground(vararg context: Context): Context { try { verificationSuccessful = if (isSystemApplication(fullData.packageName)) { @@ -97,13 +94,13 @@ class IntegrityVerificationTask( return false } - //get signature from apk and check + // get signature from apk and check private fun verifyAPKSignature(context: Context): Boolean { - //get Signature from APK - if (getAPKSignature(context)!=null) { + // get Signature from APK + if (getAPKSignature(context) != null) { return getAPKSignature(context)?.toCharsString() == - getSystemSignature(context.packageManager)?.toCharsString() + getSystemSignature(context.packageManager)?.toCharsString() } return false } @@ -111,33 +108,31 @@ class IntegrityVerificationTask( private fun getAPKSignature(context: Context): Signature? { try { val fullPath: String = applicationInfo.getApkFile( - context, - fullData.basicData + context, + fullData.basicData ).absolutePath val releaseSig = context.packageManager.getPackageArchiveInfo(fullPath, PackageManager.GET_SIGNATURES) return getFirstSignature(releaseSig) - } catch (e: PackageManager.NameNotFoundException) { Log.d(TAG, "Unable to find the package: android") } return null } - private fun verifySystemValues(context: Context): Boolean { val pm: PackageManager = context.packageManager val fullPath: String = applicationInfo.getApkFile( - context, - fullData.basicData + context, + fullData.basicData ).absolutePath val info = pm.getPackageArchiveInfo(fullPath, 0) if (info != null) { Log.e("TAG", ".................." + info.packageName) Log.e("TAG", ".................." + info.signatures) } - return false; + return false } private fun getFirstSignature(pkg: PackageInfo?): Signature? { @@ -159,17 +154,17 @@ class IntegrityVerificationTask( private fun verifyFdroidSignature(context: Context): Boolean { Security.addProvider(BouncyCastleProvider()) return verifyAPKSignature( - context, - BufferedInputStream( - FileInputStream( - applicationInfo.getApkFile( - context, - fullData.basicData - ).absolutePath - ) - ), - fullData.getLastVersion()!!.signature.byteInputStream(Charsets.UTF_8), - context.assets.open("f-droid.org-signing-key.gpg") + context, + BufferedInputStream( + FileInputStream( + applicationInfo.getApkFile( + context, + fullData.basicData + ).absolutePath + ) + ), + fullData.getLastVersion()!!.signature.byteInputStream(Charsets.UTF_8), + context.assets.open("f-droid.org-signing-key.gpg") ) } @@ -207,14 +202,13 @@ class IntegrityVerificationTask( } } try { - if(JSONObject(jsonResponse).has(packageName)){ - systemJsonData = JSONObject(jsonResponse).getJSONObject(packageName); + if (JSONObject(jsonResponse).has(packageName)) { + systemJsonData = JSONObject(jsonResponse).getJSONObject(packageName) return true - } - else{ + } else { return false } - // return JSONObject(jsonResponse).has(packageName); + // return JSONObject(jsonResponse).has(packageName); } catch (e: Exception) { if (e is JSONException) { Log.d(TAG, "$packageName is not a system application") @@ -253,10 +247,10 @@ class IntegrityVerificationTask( } private fun verifyAPKSignature( - context: Context, - apkInputStream: BufferedInputStream, - apkSignatureInputStream: InputStream, - publicKeyInputStream: InputStream + context: Context, + apkInputStream: BufferedInputStream, + apkSignatureInputStream: InputStream, + publicKeyInputStream: InputStream ): Boolean { try { @@ -274,8 +268,8 @@ class IntegrityVerificationTask( val pgpPublicKeyRingCollection = PGPPublicKeyRingCollection( - PGPUtil.getDecoderStream(publicKeyInputStream), - JcaKeyFingerprintCalculator() + PGPUtil.getDecoderStream(publicKeyInputStream), + JcaKeyFingerprintCalculator() ) val signature = pgpSignatureList.get(0) diff --git a/app/src/main/java/foundation/e/apps/utils/Constants.kt b/app/src/main/java/foundation/e/apps/utils/Constants.kt index 46b94ec17..d17d0e0ee 100644 --- a/app/src/main/java/foundation/e/apps/utils/Constants.kt +++ b/app/src/main/java/foundation/e/apps/utils/Constants.kt @@ -71,6 +71,6 @@ object Constants { // Integrity Verification const val F_DROID_PACKAGES_URL = "https://f-droid.org/en/packages/" - //const val SYSTEM_PACKAGES_JSON_FILE_URL = "https://gitlab.e.foundation/e/apps/apps/-/raw/e169c1905114d97af867b051f96c38166f4782e2/app/src/main/assets/systemApp.json" + // const val SYSTEM_PACKAGES_JSON_FILE_URL = "https://gitlab.e.foundation/e/apps/apps/-/raw/e169c1905114d97af867b051f96c38166f4782e2/app/src/main/assets/systemApp.json" const val SYSTEM_PACKAGES_JSON_FILE_URL = "https://gitlab.e.foundation/e/apps/apps/-/raw/issue-3328JSON/app/src/main/assets/systemApp.json" } -- GitLab From 454f1297bbe8a82df4133d133b5cfcdf0e559b9f Mon Sep 17 00:00:00 2001 From: Aayush Gupta Date: Thu, 26 Aug 2021 05:05:29 +0000 Subject: [PATCH 08/14] Constants: Drop commented out code --- app/src/main/java/foundation/e/apps/utils/Constants.kt | 1 - 1 file changed, 1 deletion(-) diff --git a/app/src/main/java/foundation/e/apps/utils/Constants.kt b/app/src/main/java/foundation/e/apps/utils/Constants.kt index d17d0e0ee..346169f7f 100644 --- a/app/src/main/java/foundation/e/apps/utils/Constants.kt +++ b/app/src/main/java/foundation/e/apps/utils/Constants.kt @@ -71,6 +71,5 @@ object Constants { // Integrity Verification const val F_DROID_PACKAGES_URL = "https://f-droid.org/en/packages/" - // const val SYSTEM_PACKAGES_JSON_FILE_URL = "https://gitlab.e.foundation/e/apps/apps/-/raw/e169c1905114d97af867b051f96c38166f4782e2/app/src/main/assets/systemApp.json" const val SYSTEM_PACKAGES_JSON_FILE_URL = "https://gitlab.e.foundation/e/apps/apps/-/raw/issue-3328JSON/app/src/main/assets/systemApp.json" } -- GitLab From 9a421be30e41607726eb32d37b7940866942f6c7 Mon Sep 17 00:00:00 2001 From: Narinder Rana Date: Thu, 26 Aug 2021 14:53:43 +0530 Subject: [PATCH 09/14] get package name from APK file --- .../model/IntegrityVerificationTask.kt | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt index ec08daf9d..9d7733dfa 100644 --- a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt +++ b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt @@ -61,9 +61,10 @@ class IntegrityVerificationTask( override fun doInBackground(vararg context: Context): Context { try { - verificationSuccessful = if (isSystemApplication(fullData.packageName)) { + var packageName = getAPK_PackageName(context[0]); + verificationSuccessful = if (isSystemApplication(packageName.toString())) { verifyAPKSignature(context[0]) - } else if (isfDroidApplication(fullData.packageName)) { + } else if (isfDroidApplication(packageName.toString())) { verifyFdroidSignature(context[0]) } else { checkGoogleApp(context[0]) @@ -120,7 +121,7 @@ class IntegrityVerificationTask( return null } - private fun verifySystemValues(context: Context): Boolean { + private fun getAPK_PackageName(context: Context): String? { val pm: PackageManager = context.packageManager val fullPath: String = applicationInfo.getApkFile( @@ -129,10 +130,12 @@ class IntegrityVerificationTask( ).absolutePath val info = pm.getPackageArchiveInfo(fullPath, 0) if (info != null) { - Log.e("TAG", ".................." + info.packageName) - Log.e("TAG", ".................." + info.signatures) + return info.packageName; } - return false + else + return null; + + } private fun getFirstSignature(pkg: PackageInfo?): Signature? { -- GitLab From 7ac0be44b7e5f14c7711d6d0a87d555f8d4caf62 Mon Sep 17 00:00:00 2001 From: Narinder Rana Date: Thu, 26 Aug 2021 15:02:21 +0530 Subject: [PATCH 10/14] gradlew ktlintFormat --- .../application/model/IntegrityVerificationTask.kt | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt index 9d7733dfa..b2c329e7f 100644 --- a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt +++ b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt @@ -61,7 +61,7 @@ class IntegrityVerificationTask( override fun doInBackground(vararg context: Context): Context { try { - var packageName = getAPK_PackageName(context[0]); + var packageName = getAPK_PackageName(context[0]) verificationSuccessful = if (isSystemApplication(packageName.toString())) { verifyAPKSignature(context[0]) } else if (isfDroidApplication(packageName.toString())) { @@ -130,12 +130,9 @@ class IntegrityVerificationTask( ).absolutePath val info = pm.getPackageArchiveInfo(fullPath, 0) if (info != null) { - return info.packageName; - } - else - return null; - - + return info.packageName + } else + return null } private fun getFirstSignature(pkg: PackageInfo?): Signature? { -- GitLab From de5f4bbf5f0d96effda2af0f850fcfcfcd4d6179 Mon Sep 17 00:00:00 2001 From: Narinder Rana Date: Mon, 30 Aug 2021 17:53:18 +0530 Subject: [PATCH 11/14] feedBack: remove unused function verifySystemSignature --- .../e/apps/application/model/IntegrityVerificationTask.kt | 7 ------- 1 file changed, 7 deletions(-) diff --git a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt index b2c329e7f..c14d51406 100644 --- a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt +++ b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt @@ -87,13 +87,6 @@ class IntegrityVerificationTask( return false } - private fun verifySystemSignature(context: Context): Boolean { - if (!fullData.getLastVersion()?.signature.isNullOrEmpty()) { - return fullData.getLastVersion()?.signature == - getSystemSignature(context.packageManager)?.toCharsString() - } - return false - } // get signature from apk and check private fun verifyAPKSignature(context: Context): Boolean { -- GitLab From deecdb11b5aba84b97d90d72a5ebe8d592509a2a Mon Sep 17 00:00:00 2001 From: Narinder Rana Date: Mon, 30 Aug 2021 17:58:44 +0530 Subject: [PATCH 12/14] feedBack: remove unused comment and update some Code --- .../apps/application/model/IntegrityVerificationTask.kt | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt index c14d51406..2cd647505 100644 --- a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt +++ b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt @@ -61,7 +61,7 @@ class IntegrityVerificationTask( override fun doInBackground(vararg context: Context): Context { try { - var packageName = getAPK_PackageName(context[0]) + val packageName = getAPK_PackageName(context[0]) verificationSuccessful = if (isSystemApplication(packageName.toString())) { verifyAPKSignature(context[0]) } else if (isfDroidApplication(packageName.toString())) { @@ -88,10 +88,9 @@ class IntegrityVerificationTask( } - // get signature from apk and check + private fun verifyAPKSignature(context: Context): Boolean { - // get Signature from APK if (getAPKSignature(context) != null) { return getAPKSignature(context)?.toCharsString() == getSystemSignature(context.packageManager)?.toCharsString() @@ -198,10 +197,8 @@ class IntegrityVerificationTask( if (JSONObject(jsonResponse).has(packageName)) { systemJsonData = JSONObject(jsonResponse).getJSONObject(packageName) return true - } else { - return false } - // return JSONObject(jsonResponse).has(packageName); + } catch (e: Exception) { if (e is JSONException) { Log.d(TAG, "$packageName is not a system application") -- GitLab From 62cf8a6c21c3c60fd0ee9bc8f7991c967c75d5c9 Mon Sep 17 00:00:00 2001 From: Narinder Rana Date: Mon, 30 Aug 2021 17:59:58 +0530 Subject: [PATCH 13/14] gradlew ktlintFormat --- .../e/apps/application/model/IntegrityVerificationTask.kt | 3 --- 1 file changed, 3 deletions(-) diff --git a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt index 2cd647505..df6839333 100644 --- a/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt +++ b/app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt @@ -87,8 +87,6 @@ class IntegrityVerificationTask( return false } - - private fun verifyAPKSignature(context: Context): Boolean { if (getAPKSignature(context) != null) { @@ -198,7 +196,6 @@ class IntegrityVerificationTask( systemJsonData = JSONObject(jsonResponse).getJSONObject(packageName) return true } - } catch (e: Exception) { if (e is JSONException) { Log.d(TAG, "$packageName is not a system application") -- GitLab From 144403466f8035c68ece57d10e8531e36f5c488c Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Mon, 30 Aug 2021 13:00:25 +0000 Subject: [PATCH 14/14] Use master branch to fetch JSON --- app/src/main/java/foundation/e/apps/utils/Constants.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/src/main/java/foundation/e/apps/utils/Constants.kt b/app/src/main/java/foundation/e/apps/utils/Constants.kt index 346169f7f..867201b2f 100644 --- a/app/src/main/java/foundation/e/apps/utils/Constants.kt +++ b/app/src/main/java/foundation/e/apps/utils/Constants.kt @@ -71,5 +71,5 @@ object Constants { // Integrity Verification const val F_DROID_PACKAGES_URL = "https://f-droid.org/en/packages/" - const val SYSTEM_PACKAGES_JSON_FILE_URL = "https://gitlab.e.foundation/e/apps/apps/-/raw/issue-3328JSON/app/src/main/assets/systemApp.json" + const val SYSTEM_PACKAGES_JSON_FILE_URL = "https://gitlab.e.foundation/e/apps/apps/-/raw/master/app/src/main/assets/systemApp.json" } -- GitLab