Bug 811358: Protect broadcasts with per-package Android signature-level permission. r=rnewman, a=akeybl
authorNick Alexander <nalexander@mozilla.com>
Tue, 28 May 2013 12:16:07 -0700
changeset 142936 e5255296ce294a58bbd50bcb04720769222aff89
parent 142935 0b4c3890db765290fea29e19e3f6282072c37292
child 142937 71778324511add9f740b7b3785f26c3f534d4e1e
push id2579
push userakeybl@mozilla.com
push dateMon, 24 Jun 2013 18:52:47 +0000
treeherdermozilla-beta@b69b7de8a05a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrnewman, akeybl
bugs811358
milestone23.0a2
Bug 811358: Protect broadcasts with per-package Android signature-level permission. r=rnewman, a=akeybl
mobile/android/base/GeckoPreferences.java
mobile/android/base/background/common/GlobalConstants.java.in
mobile/android/services/manifests/AnnouncementsAndroidManifest_services.xml.in
mobile/android/services/manifests/SyncAndroidManifest_permissions.xml.in
--- a/mobile/android/base/GeckoPreferences.java
+++ b/mobile/android/base/GeckoPreferences.java
@@ -1,16 +1,17 @@
 /* -*- Mode: Java; c-basic-offset: 4; tab-width: 4; indent-tabs-mode: nil; -*-
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 package org.mozilla.gecko;
 
 import org.mozilla.gecko.background.announcements.AnnouncementsConstants;
+import org.mozilla.gecko.background.common.GlobalConstants;
 import org.mozilla.gecko.util.GeckoEventListener;
 import org.mozilla.gecko.GeckoPreferenceFragment;
 import org.mozilla.gecko.util.ThreadUtils;
 
 import org.json.JSONArray;
 import org.json.JSONObject;
 
 import android.app.AlertDialog;
@@ -284,28 +285,31 @@ public class GeckoPreferences
     public static boolean getCharEncodingState() {
         return sIsCharEncodingEnabled;
     }
 
     /**
      * Broadcast an intent with <code>pref</code>, <code>branch</code>, and
      * <code>enabled</code> extras. This is intended to represent the
      * notification of a preference value to observers.
+     *
+     * The broadcast will be sent only to receivers registered with the
+     * (Fennec-specific) per-Android package permission.
      */
     public static void broadcastPrefAction(final Context context,
                                            final String action,
                                            final String pref,
                                            final boolean value) {
         final Intent intent = new Intent(action);
         intent.setAction(action);
         intent.putExtra("pref", pref);
         intent.putExtra("branch", GeckoApp.PREFS_NAME);
         intent.putExtra("enabled", value);
         Log.d(LOGTAG, "Broadcast: " + action + ", " + pref + ", " + GeckoApp.PREFS_NAME + ", " + value);
-        context.sendBroadcast(intent);
+        context.sendBroadcast(intent, GlobalConstants.PER_ANDROID_PACKAGE_PERMISSION);
     }
 
     /**
      * Broadcast the provided value as the value of the
      * <code>PREFS_ANNOUNCEMENTS_ENABLED</code> pref.
      */
     public static void broadcastAnnouncementsPref(final Context context, final boolean value) {
         broadcastPrefAction(context,
--- a/mobile/android/base/background/common/GlobalConstants.java.in
+++ b/mobile/android/base/background/common/GlobalConstants.java.in
@@ -24,16 +24,23 @@ public class GlobalConstants {
 
   public static final long BUILD_TIMESTAMP = @MOZ_BUILD_TIMESTAMP@;
 
   public static final String MOZ_APP_DISPLAYNAME = "@MOZ_APP_DISPLAYNAME@";
   public static final String MOZ_APP_VERSION = "@MOZ_APP_VERSION@";
   public static final String BROWSER_INTENT_PACKAGE = "@ANDROID_PACKAGE_NAME@";
   public static final String BROWSER_INTENT_CLASS = BROWSER_INTENT_PACKAGE + ".App";
 
+  /**
+   * Bug 800244: this signing-level permission protects broadcast intents that
+   * should be received only by the Firefox versions with the given Android
+   * package name.
+   */
+  public static final String PER_ANDROID_PACKAGE_PERMISSION = "@ANDROID_PACKAGE_NAME@.permission.PER_ANDROID_PACKAGE";
+
   public static final int SHARED_PREFERENCES_MODE = 0;
   // These are used to ask Fennec (via reflection) to send
   // us a pref notification. This avoids us having to guess
   // Fennec's prefs branch and pref name.
   // Eventually Fennec might listen to startup notifications and
   // do this automatically, but this will do for now. See Bug 800244.
   public static String GECKO_PREFERENCES_CLASS = "org.mozilla.gecko.GeckoPreferences";
   public static String GECKO_BROADCAST_METHOD  = "broadcastAnnouncementsPref";
--- a/mobile/android/services/manifests/AnnouncementsAndroidManifest_services.xml.in
+++ b/mobile/android/services/manifests/AnnouncementsAndroidManifest_services.xml.in
@@ -1,8 +1,10 @@
         <service
 		        android:exported="false"
 		        android:name="org.mozilla.gecko.background.announcements.AnnouncementsService" >
         </service>
         <service
 		        android:exported="false"
 		        android:name="org.mozilla.gecko.background.announcements.AnnouncementsBroadcastService" >
         </service>
+
+        <uses-permission android:name="@ANDROID_PACKAGE_NAME@.permission.PER_ANDROID_PACKAGE" />
--- a/mobile/android/services/manifests/SyncAndroidManifest_permissions.xml.in
+++ b/mobile/android/services/manifests/SyncAndroidManifest_permissions.xml.in
@@ -12,8 +12,21 @@
          versions sharing an Android Account type.  This needs to
          agree with GlobalConstants.PER_ACCOUNT_TYPE_PERMISSION. -->
     <permission
         android:name="@MOZ_ANDROID_SHARED_ACCOUNT_TYPE@.permission.PER_ACCOUNT_TYPE"
         android:protectionLevel="signature">
     </permission>
 
     <uses-permission android:name="@MOZ_ANDROID_SHARED_ACCOUNT_TYPE@.permission.PER_ACCOUNT_TYPE" />
+
+    <!-- A signature level permission specific to each Firefox version
+         (Android package name, e.g., org.mozilla.firefox).  Use this
+         permission to broadcast securely within a single Firefox
+         version.  This needs to agree with
+         GlobalConstants.PER_ANDROID_PACKAGE_PERMISSION.
+
+         This is not Sync-specific, but we don't have a better place
+         to put generic background service manifest snippets, so here
+         is expedient. -->
+    <permission
+        android:name="@ANDROID_PACKAGE_NAME@.permission.PER_ANDROID_PACKAGE"
+        android:protectionLevel="signature"/>