OLD | NEW |
(Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 package org.chromium.content.browser.installedapp; |
| 6 |
| 7 import android.content.Context; |
| 8 import android.content.pm.ApplicationInfo; |
| 9 import android.content.pm.PackageManager; |
| 10 import android.content.pm.PackageManager.NameNotFoundException; |
| 11 import android.content.res.Resources; |
| 12 |
| 13 import org.json.JSONArray; |
| 14 import org.json.JSONException; |
| 15 import org.json.JSONObject; |
| 16 |
| 17 import org.chromium.base.Log; |
| 18 import org.chromium.base.VisibleForTesting; |
| 19 import org.chromium.installedapp.mojom.InstalledAppProvider; |
| 20 import org.chromium.installedapp.mojom.RelatedApplication; |
| 21 import org.chromium.mojo.system.MojoException; |
| 22 |
| 23 import java.net.URI; |
| 24 import java.net.URISyntaxException; |
| 25 import java.util.ArrayList; |
| 26 |
| 27 /** |
| 28 * Android implementation of the InstalledAppProvider service defined in |
| 29 * installed_app_provider.mojom |
| 30 */ |
| 31 public class InstalledAppProviderImpl implements InstalledAppProvider { |
| 32 @VisibleForTesting |
| 33 public static final String ASSET_STATEMENTS_KEY = "asset_statements"; |
| 34 private static final String ASSET_STATEMENT_FIELD_TARGET = "target"; |
| 35 private static final String ASSET_STATEMENT_FIELD_NAMESPACE = "namespace"; |
| 36 private static final String ASSET_STATEMENT_FIELD_SITE = "site"; |
| 37 @VisibleForTesting |
| 38 public static final String ASSET_STATEMENT_NAMESPACE_WEB = "web"; |
| 39 @VisibleForTesting |
| 40 public static final String RELATED_APP_PLATFORM_ANDROID = "play"; |
| 41 |
| 42 private static final String TAG = "InstalledAppProvider"; |
| 43 |
| 44 private final FrameUrlDelegate mFrameUrlDelegate; |
| 45 private final Context mContext; |
| 46 |
| 47 /** |
| 48 * Small interface for dynamically getting the URL of the current frame. |
| 49 * |
| 50 * Abstract to allow for testing. |
| 51 */ |
| 52 public static interface FrameUrlDelegate { |
| 53 /** |
| 54 * Gets the URL of the current frame. Can return null (if the frame has
disappeared). |
| 55 */ |
| 56 public URI getUrl(); |
| 57 } |
| 58 |
| 59 public InstalledAppProviderImpl(FrameUrlDelegate frameUrlDelegate, Context c
ontext) { |
| 60 mFrameUrlDelegate = frameUrlDelegate; |
| 61 mContext = context; |
| 62 } |
| 63 |
| 64 @Override |
| 65 public void filterInstalledApps( |
| 66 RelatedApplication[] relatedApps, FilterInstalledAppsResponse callba
ck) { |
| 67 URI frameUrl = mFrameUrlDelegate.getUrl(); |
| 68 ArrayList<RelatedApplication> installedApps = new ArrayList<RelatedAppli
cation>(); |
| 69 PackageManager pm = mContext.getPackageManager(); |
| 70 for (RelatedApplication app : relatedApps) { |
| 71 // If the package is of type "play", it is installed, and the origin
is associated with |
| 72 // package, add the package to the list of valid packages. |
| 73 // NOTE: For security, it must not be possible to distinguish (from
the response) |
| 74 // between the app not being installed and the origin not being asso
ciated with the app |
| 75 // (otherwise, arbitrary websites would be able to test whether un-a
ssociated apps are |
| 76 // installed on the user's device). |
| 77 if (app.platform.equals(RELATED_APP_PLATFORM_ANDROID) && app.id != n
ull |
| 78 && isAppInstalledAndAssociatedWithOrigin(app.id, frameUrl, p
m)) { |
| 79 installedApps.add(app); |
| 80 } |
| 81 } |
| 82 RelatedApplication[] installedAppsArray = new RelatedApplication[install
edApps.size()]; |
| 83 installedApps.toArray(installedAppsArray); |
| 84 callback.call(installedAppsArray); |
| 85 } |
| 86 |
| 87 @Override |
| 88 public void close() {} |
| 89 |
| 90 @Override |
| 91 public void onConnectionError(MojoException e) {} |
| 92 |
| 93 /** |
| 94 * Determines whether a particular app is installed and matches the origin. |
| 95 * |
| 96 * @param packageName Name of the Android package to check if installed. Ret
urns false if the |
| 97 * app is not installed. |
| 98 * @param frameUrl Returns false if the Android package does not declare ass
ociation with the |
| 99 * origin of this URL. Can be null. |
| 100 */ |
| 101 private static boolean isAppInstalledAndAssociatedWithOrigin( |
| 102 String packageName, URI frameUrl, PackageManager pm) { |
| 103 if (frameUrl == null) return false; |
| 104 |
| 105 // Early-exit if the Android app is not installed. |
| 106 JSONArray statements; |
| 107 try { |
| 108 statements = getAssetStatements(packageName, pm); |
| 109 } catch (NameNotFoundException e) { |
| 110 return false; |
| 111 } |
| 112 |
| 113 // The installed Android app has provided us with a list of asset statem
ents. If any one of |
| 114 // those statements is a web asset that matches the given origin, return
true. |
| 115 for (int i = 0; i < statements.length(); i++) { |
| 116 JSONObject statement; |
| 117 try { |
| 118 statement = statements.getJSONObject(i); |
| 119 } catch (JSONException e) { |
| 120 // If an element is not an object, just ignore it. |
| 121 continue; |
| 122 } |
| 123 |
| 124 URI site = getSiteForWebAsset(statement); |
| 125 |
| 126 // The URI is considered equivalent if the scheme, host, and port ma
tch, according |
| 127 // to the DigitalAssetLinks v1 spec. |
| 128 if (site != null && statementTargetMatches(frameUrl, site)) { |
| 129 return true; |
| 130 } |
| 131 } |
| 132 |
| 133 // No asset matched the origin. |
| 134 return false; |
| 135 } |
| 136 |
| 137 /** |
| 138 * Gets the asset statements from an Android app's manifest. |
| 139 * |
| 140 * This retrieves the list of statements from the Android app's "asset_state
ments" manifest |
| 141 * resource, as specified in Digital Asset Links v1. |
| 142 * |
| 143 * @param packageName Name of the Android package to get statements from. |
| 144 * @return The list of asset statements, parsed from JSON. |
| 145 * @throws NameNotFoundException if the application is not installed. |
| 146 */ |
| 147 private static JSONArray getAssetStatements(String packageName, PackageManag
er pm) |
| 148 throws NameNotFoundException { |
| 149 // Get the <meta-data> from this app's manifest. |
| 150 // Throws NameNotFoundException if the application is not installed. |
| 151 ApplicationInfo appInfo = pm.getApplicationInfo(packageName, PackageMana
ger.GET_META_DATA); |
| 152 int identifier = appInfo.metaData.getInt(ASSET_STATEMENTS_KEY); |
| 153 if (identifier == 0) { |
| 154 return new JSONArray(); |
| 155 } |
| 156 |
| 157 // Throws NameNotFoundException in the rare case that the application wa
s uninstalled since |
| 158 // getting |appInfo| (or resources could not be loaded for some other re
ason). |
| 159 Resources resources = pm.getResourcesForApplication(appInfo); |
| 160 |
| 161 String statements; |
| 162 try { |
| 163 statements = resources.getString(identifier); |
| 164 } catch (Resources.NotFoundException e) { |
| 165 // This should never happen, but it could if there was a broken APK,
so handle it |
| 166 // gracefully without crashing. |
| 167 Log.w(TAG, |
| 168 "Android package " + packageName + " missing asset statement
s resource (0x" |
| 169 + Integer.toHexString(identifier) + ")."); |
| 170 return new JSONArray(); |
| 171 } |
| 172 |
| 173 try { |
| 174 return new JSONArray(statements); |
| 175 } catch (JSONException e) { |
| 176 // If the JSON is invalid or not an array, assume it is empty. |
| 177 Log.w(TAG, |
| 178 "Android package " + packageName |
| 179 + " has JSON syntax error in asset statements resour
ce (0x" |
| 180 + Integer.toHexString(identifier) + ")."); |
| 181 return new JSONArray(); |
| 182 } |
| 183 } |
| 184 |
| 185 /** |
| 186 * Gets the "site" URI from an Android asset statement. |
| 187 * |
| 188 * @return The site, or null if the asset string was invalid or not related
to a web site. This |
| 189 * could be because: the JSON string was invalid, there was no "targ
et" field, this was |
| 190 * not a web asset, there was no "site" field, or the "site" field w
as invalid. |
| 191 */ |
| 192 private static URI getSiteForWebAsset(JSONObject statement) { |
| 193 JSONObject target; |
| 194 try { |
| 195 // Ignore the "relation" field and allow an asset with any relation
to this origin. |
| 196 // TODO(mgiuca): [Spec issue] Should we require a specific relation
string, rather |
| 197 // than any or no relation? |
| 198 target = statement.getJSONObject(ASSET_STATEMENT_FIELD_TARGET); |
| 199 } catch (JSONException e) { |
| 200 return null; |
| 201 } |
| 202 |
| 203 // If it is not a web asset, skip it. |
| 204 if (!isAssetWeb(target)) { |
| 205 return null; |
| 206 } |
| 207 |
| 208 try { |
| 209 return new URI(target.getString(ASSET_STATEMENT_FIELD_SITE)); |
| 210 } catch (JSONException | URISyntaxException e) { |
| 211 return null; |
| 212 } |
| 213 } |
| 214 |
| 215 /** |
| 216 * Determines whether an Android asset statement is for a website. |
| 217 * |
| 218 * @param target The "target" field of the asset statement. |
| 219 */ |
| 220 private static boolean isAssetWeb(JSONObject target) { |
| 221 String namespace; |
| 222 try { |
| 223 namespace = target.getString(ASSET_STATEMENT_FIELD_NAMESPACE); |
| 224 } catch (JSONException e) { |
| 225 return false; |
| 226 } |
| 227 |
| 228 return namespace.equals(ASSET_STATEMENT_NAMESPACE_WEB); |
| 229 } |
| 230 |
| 231 private static boolean statementTargetMatches(URI frameUrl, URI assetUrl) { |
| 232 if (assetUrl.getScheme() == null || assetUrl.getAuthority() == null) { |
| 233 return false; |
| 234 } |
| 235 |
| 236 return assetUrl.getScheme().equals(frameUrl.getScheme()) |
| 237 && assetUrl.getAuthority().equals(frameUrl.getAuthority()); |
| 238 } |
| 239 } |
OLD | NEW |