1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.permissioncontroller.permission.service;
18 
19 import android.content.Context;
20 import android.content.Intent;
21 import android.content.SharedPreferences;
22 import android.database.Cursor;
23 import android.database.MatrixCursor;
24 import android.provider.SearchIndexablesContract;
25 import android.provider.SearchIndexablesProvider;
26 import android.util.Log;
27 
28 import androidx.annotation.CheckResult;
29 import androidx.annotation.NonNull;
30 import androidx.annotation.Nullable;
31 
32 import com.android.permissioncontroller.Constants;
33 import com.android.permissioncontroller.permission.utils.Utils;
34 
35 import java.util.Objects;
36 import java.util.UUID;
37 
38 /**
39  * Base class for {@link SearchIndexablesProvider} inside permission controller, which allows using
40  * a password in raw data key and verifying incoming intents afterwards.
41  */
42 public abstract class BaseSearchIndexablesProvider extends SearchIndexablesProvider {
43 
44     private static final String LOG_TAG = BaseSearchIndexablesProvider.class.getSimpleName();
45 
46     private static final String EXTRA_SETTINGS_SEARCH_KEY = ":settings:fragment_args_key";
47 
48     private static final int PASSWORD_LENGTH = 36;
49 
50     @NonNull
51     private static final Object sPasswordLock = new Object();
52 
53     @Override
onCreate()54     public boolean onCreate() {
55         return true;
56     }
57 
58     @Nullable
59     @Override
queryXmlResources(@ullable String[] projection)60     public Cursor queryXmlResources(@Nullable String[] projection) {
61         return new MatrixCursor(SearchIndexablesContract.INDEXABLES_XML_RES_COLUMNS);
62     }
63 
64     @Nullable
65     @Override
queryNonIndexableKeys(@ullable String[] projection)66     public Cursor queryNonIndexableKeys(@Nullable String[] projection) {
67         return new MatrixCursor(SearchIndexablesContract.NON_INDEXABLES_KEYS_COLUMNS);
68     }
69 
70     @NonNull
getPassword(@onNull Context context)71     private static String getPassword(@NonNull Context context) {
72         synchronized (sPasswordLock) {
73             SharedPreferences sharedPreferences = Utils.getDeviceProtectedSharedPreferences(
74                     context);
75             String password = sharedPreferences.getString(
76                     Constants.SEARCH_INDEXABLE_PROVIDER_PASSWORD_KEY, null);
77             if (password == null) {
78                 password = UUID.randomUUID().toString();
79                 sharedPreferences.edit()
80                         .putString(Constants.SEARCH_INDEXABLE_PROVIDER_PASSWORD_KEY, password)
81                         .apply();
82             }
83             return password;
84         }
85     }
86 
87     /**
88      * Create a unique raw data key with password.
89      *
90      * @param key the original key, can be retrieved later with {@link #getOriginalKey(Intent)}
91      * @param context the context to use
92      * @return the created raw data key
93      */
94     @NonNull
createRawDataKey(@onNull String key, @NonNull Context context)95     protected static String createRawDataKey(@NonNull String key, @NonNull Context context) {
96         return getPassword(context) + context.getPackageName() + ',' + key;
97     }
98 
99     /**
100      * Check if the intent contains the properties expected from an intent launched from settings
101      * search.
102      *
103      * @param intent the intent to check
104      * @param context the context to get password
105      *
106      * @return whether the intent is valid
107      */
108     @CheckResult
isIntentValid(@onNull Intent intent, @NonNull Context context)109     public static boolean isIntentValid(@NonNull Intent intent, @NonNull Context context) {
110         String key = intent.getStringExtra(EXTRA_SETTINGS_SEARCH_KEY);
111         if (key == null || key.length() < PASSWORD_LENGTH) {
112             return false;
113         }
114         String passwordFromIntent = key.substring(0, PASSWORD_LENGTH);
115         String password = getPassword(context);
116         boolean verified = Objects.equals(passwordFromIntent, password);
117         if (!verified) {
118             Log.w(LOG_TAG, "Invalid password: " + passwordFromIntent);
119         }
120         return verified;
121     }
122 
123     /**
124      * Get the original key passed to {@link #createRawDataKey(String, Context)}. Should only be
125      * called after {@link #isIntentValid(Intent, Context)}.
126      *
127      * @param intent the intent to get the original key
128      *
129      * @return the original key from the intent, or {@code null} if none
130      */
131     @Nullable
getOriginalKey(@onNull Intent intent)132     public static String getOriginalKey(@NonNull Intent intent) {
133         String key = intent.getStringExtra(EXTRA_SETTINGS_SEARCH_KEY);
134         if (key == null) {
135             return null;
136         }
137         int keyStart = key.indexOf(',') + 1;
138         return keyStart <= key.length() ? key.substring(keyStart) : null;
139     }
140 }
141