diff options
| author | Joseph Wen <josephwen@google.com> | 2015-02-25 14:00:39 -0500 |
|---|---|---|
| committer | Joseph Wen <josephwen@google.com> | 2015-04-07 16:57:40 -0400 |
| commit | 6a34bb2d6a6cbc7a70bdf0c53d238dc28e0b1d58 (patch) | |
| tree | 712a98d57ba64d4979ebf7f1f285c4c073ca487d /packages/StatementService/AndroidManifest.xml | |
| parent | b43755be6e95b39619bb64b283710092468154cf (diff) | |
| download | frameworks_base-6a34bb2d6a6cbc7a70bdf0c53d238dc28e0b1d58.zip frameworks_base-6a34bb2d6a6cbc7a70bdf0c53d238dc28e0b1d58.tar.gz frameworks_base-6a34bb2d6a6cbc7a70bdf0c53d238dc28e0b1d58.tar.bz2 | |
Implement IntentFilter verification service.
This commit adds a verifier that verifies a host delegates permission for
an app to handle Url for the host using the Statement protocol.
- Implements the Statement protocol
-- The protocol defines a file format that represents statements.
-- The protocol defines where each asset type should put their statement
declaration. For web asset, the statement file should be hosted at
<scheme>://<host>:<port>/.well-known/associations.json.
- Implements IntentFilterVerificationReceiver, an interface between
StatementService and PackageManager. PackageManager will send a
broadcast with action Intent.ACTION_INTENT_FILTER_NEEDS_VERIFICATION.
The service will process the request and returns the results by calling
PackageManager.verifyIntentFilter().
To verify an IntentFilter like this defined in Android app com.test.app
<intent-filter>
<data android:scheme="https" />
<data android:host="www.test.com" />
<data android:pathPattern=".*"/>
</intent-filter>
The service will try to retrieve the statement file from
https://www.test.com:443/.well-known/associations.json and try to find
a JSON object equivalent to
{'relation': ['delegate_permission/common.handle_all_urls'],
'target': {'namespace': 'android_app',
'package_name': 'com.test.app',
'sha256_cert_fingerprints': [APP_CERT_FP]}}
The entry should have the correct relation, package name, and
certificate sha256 fingerprint.
Because this implementation will send a HTTP request for each host
specified in the intent-filter in AndroidManifest.xml, to avoid overwhelming
the network at app install time, we limit the maximum number of hosts we will
verify for a single app to 10. Any app with more than 10 hosts in the
autoVerify=true intent-filter won't be auto verified.
Change-Id: I787c9d176e4110aa441eb5fe4fa9651a071c6610
Diffstat (limited to 'packages/StatementService/AndroidManifest.xml')
| -rw-r--r-- | packages/StatementService/AndroidManifest.xml | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/packages/StatementService/AndroidManifest.xml b/packages/StatementService/AndroidManifest.xml new file mode 100644 index 0000000..3ee453b --- /dev/null +++ b/packages/StatementService/AndroidManifest.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- Copyright (C) 2015 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="com.android.statementservice" + android:versionCode="1" + android:versionName="1.0"> + + <uses-permission android:name="android.permission.INTERNET"/> + <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/> + <uses-permission android:name="android.permission.INTENT_FILTER_VERIFICATION_AGENT"/> + + <application + android:label="@string/service_name" + android:allowBackup="false"> + <service + android:name=".DirectStatementService" + android:exported="false"> + <intent-filter> + <category android:name="android.intent.category.DEFAULT"/> + <action android:name="com.android.statementservice.aosp.service.CHECK_ACTION"/> + </intent-filter> + </service> + + <receiver + android:name=".IntentFilterVerificationReceiver" + android:permission="android.permission.BIND_INTENT_FILTER_VERIFIER"> + <!-- Set the priority 1 so newer implementation can have higher priority. --> + <intent-filter + android:priority="1"> + <action android:name="android.intent.action.INTENT_FILTER_NEEDS_VERIFICATION"/> + <data android:mimeType="application/vnd.android.package-archive"/> + </intent-filter> + </receiver> + + </application> + +</manifest> |