Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1560)

Unified Diff: content/public/android/java/src/org/chromium/content/browser/installedapp/InstalledAppProviderImpl.java

Issue 2706403014: Add Android implementation of navigator.getInstalledRelatedApps. (Closed)
Patch Set: Rebase. Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: content/public/android/java/src/org/chromium/content/browser/installedapp/InstalledAppProviderImpl.java
diff --git a/content/public/android/java/src/org/chromium/content/browser/installedapp/InstalledAppProviderImpl.java b/content/public/android/java/src/org/chromium/content/browser/installedapp/InstalledAppProviderImpl.java
new file mode 100644
index 0000000000000000000000000000000000000000..fb4353128202f721f1abfc488d81e1e94a0df9c9
--- /dev/null
+++ b/content/public/android/java/src/org/chromium/content/browser/installedapp/InstalledAppProviderImpl.java
@@ -0,0 +1,239 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package org.chromium.content.browser.installedapp;
+
+import android.content.Context;
+import android.content.pm.ApplicationInfo;
+import android.content.pm.PackageManager;
+import android.content.pm.PackageManager.NameNotFoundException;
+import android.content.res.Resources;
+
+import org.json.JSONArray;
+import org.json.JSONException;
+import org.json.JSONObject;
+
+import org.chromium.base.Log;
+import org.chromium.base.VisibleForTesting;
+import org.chromium.installedapp.mojom.InstalledAppProvider;
+import org.chromium.installedapp.mojom.RelatedApplication;
+import org.chromium.mojo.system.MojoException;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+
+/**
+ * Android implementation of the InstalledAppProvider service defined in
+ * installed_app_provider.mojom
+ */
+public class InstalledAppProviderImpl implements InstalledAppProvider {
+ @VisibleForTesting
+ public static final String ASSET_STATEMENTS_KEY = "asset_statements";
+ private static final String ASSET_STATEMENT_FIELD_TARGET = "target";
+ private static final String ASSET_STATEMENT_FIELD_NAMESPACE = "namespace";
+ private static final String ASSET_STATEMENT_FIELD_SITE = "site";
+ @VisibleForTesting
+ public static final String ASSET_STATEMENT_NAMESPACE_WEB = "web";
+ @VisibleForTesting
+ public static final String RELATED_APP_PLATFORM_ANDROID = "play";
+
+ private static final String TAG = "InstalledAppProvider";
+
+ private final FrameUrlDelegate mFrameUrlDelegate;
+ private final Context mContext;
+
+ /**
+ * Small interface for dynamically getting the URL of the current frame.
+ *
+ * Abstract to allow for testing.
+ */
+ public static interface FrameUrlDelegate {
+ /**
+ * Gets the URL of the current frame. Can return null (if the frame has disappeared).
+ */
+ public URI getUrl();
+ }
+
+ public InstalledAppProviderImpl(FrameUrlDelegate frameUrlDelegate, Context context) {
+ mFrameUrlDelegate = frameUrlDelegate;
+ mContext = context;
+ }
+
+ @Override
+ public void filterInstalledApps(
+ RelatedApplication[] relatedApps, FilterInstalledAppsResponse callback) {
+ URI frameUrl = mFrameUrlDelegate.getUrl();
+ ArrayList<RelatedApplication> installedApps = new ArrayList<RelatedApplication>();
+ PackageManager pm = mContext.getPackageManager();
+ for (RelatedApplication app : relatedApps) {
+ // If the package is of type "play", it is installed, and the origin is associated with
+ // package, add the package to the list of valid packages.
+ // NOTE: For security, it must not be possible to distinguish (from the response)
+ // between the app not being installed and the origin not being associated with the app
+ // (otherwise, arbitrary websites would be able to test whether un-associated apps are
+ // installed on the user's device).
+ if (app.platform.equals(RELATED_APP_PLATFORM_ANDROID) && app.id != null
+ && isAppInstalledAndAssociatedWithOrigin(app.id, frameUrl, pm)) {
+ installedApps.add(app);
+ }
+ }
+ RelatedApplication[] installedAppsArray = new RelatedApplication[installedApps.size()];
+ installedApps.toArray(installedAppsArray);
+ callback.call(installedAppsArray);
+ }
+
+ @Override
+ public void close() {}
+
+ @Override
+ public void onConnectionError(MojoException e) {}
+
+ /**
+ * Determines whether a particular app is installed and matches the origin.
+ *
+ * @param packageName Name of the Android package to check if installed. Returns false if the
+ * app is not installed.
+ * @param frameUrl Returns false if the Android package does not declare association with the
+ * origin of this URL. Can be null.
+ */
+ private static boolean isAppInstalledAndAssociatedWithOrigin(
+ String packageName, URI frameUrl, PackageManager pm) {
+ if (frameUrl == null) return false;
+
+ // Early-exit if the Android app is not installed.
+ JSONArray statements;
+ try {
+ statements = getAssetStatements(packageName, pm);
+ } catch (NameNotFoundException e) {
+ return false;
+ }
+
+ // The installed Android app has provided us with a list of asset statements. If any one of
+ // those statements is a web asset that matches the given origin, return true.
+ for (int i = 0; i < statements.length(); i++) {
+ JSONObject statement;
+ try {
+ statement = statements.getJSONObject(i);
+ } catch (JSONException e) {
+ // If an element is not an object, just ignore it.
+ continue;
+ }
+
+ URI site = getSiteForWebAsset(statement);
+
+ // The URI is considered equivalent if the scheme, host, and port match, according
+ // to the DigitalAssetLinks v1 spec.
+ if (site != null && statementTargetMatches(frameUrl, site)) {
+ return true;
+ }
+ }
+
+ // No asset matched the origin.
+ return false;
+ }
+
+ /**
+ * Gets the asset statements from an Android app's manifest.
+ *
+ * This retrieves the list of statements from the Android app's "asset_statements" manifest
+ * resource, as specified in Digital Asset Links v1.
+ *
+ * @param packageName Name of the Android package to get statements from.
+ * @return The list of asset statements, parsed from JSON.
+ * @throws NameNotFoundException if the application is not installed.
+ */
+ private static JSONArray getAssetStatements(String packageName, PackageManager pm)
+ throws NameNotFoundException {
+ // Get the <meta-data> from this app's manifest.
+ // Throws NameNotFoundException if the application is not installed.
+ ApplicationInfo appInfo = pm.getApplicationInfo(packageName, PackageManager.GET_META_DATA);
+ int identifier = appInfo.metaData.getInt(ASSET_STATEMENTS_KEY);
+ if (identifier == 0) {
+ return new JSONArray();
+ }
+
+ // Throws NameNotFoundException in the rare case that the application was uninstalled since
+ // getting |appInfo| (or resources could not be loaded for some other reason).
+ Resources resources = pm.getResourcesForApplication(appInfo);
+
+ String statements;
+ try {
+ statements = resources.getString(identifier);
+ } catch (Resources.NotFoundException e) {
+ // This should never happen, but it could if there was a broken APK, so handle it
+ // gracefully without crashing.
+ Log.w(TAG,
+ "Android package " + packageName + " missing asset statements resource (0x"
+ + Integer.toHexString(identifier) + ").");
+ return new JSONArray();
+ }
+
+ try {
+ return new JSONArray(statements);
+ } catch (JSONException e) {
+ // If the JSON is invalid or not an array, assume it is empty.
+ Log.w(TAG,
+ "Android package " + packageName
+ + " has JSON syntax error in asset statements resource (0x"
+ + Integer.toHexString(identifier) + ").");
+ return new JSONArray();
+ }
+ }
+
+ /**
+ * Gets the "site" URI from an Android asset statement.
+ *
+ * @return The site, or null if the asset string was invalid or not related to a web site. This
+ * could be because: the JSON string was invalid, there was no "target" field, this was
+ * not a web asset, there was no "site" field, or the "site" field was invalid.
+ */
+ private static URI getSiteForWebAsset(JSONObject statement) {
+ JSONObject target;
+ try {
+ // Ignore the "relation" field and allow an asset with any relation to this origin.
+ // TODO(mgiuca): [Spec issue] Should we require a specific relation string, rather
+ // than any or no relation?
+ target = statement.getJSONObject(ASSET_STATEMENT_FIELD_TARGET);
+ } catch (JSONException e) {
+ return null;
+ }
+
+ // If it is not a web asset, skip it.
+ if (!isAssetWeb(target)) {
+ return null;
+ }
+
+ try {
+ return new URI(target.getString(ASSET_STATEMENT_FIELD_SITE));
+ } catch (JSONException | URISyntaxException e) {
+ return null;
+ }
+ }
+
+ /**
+ * Determines whether an Android asset statement is for a website.
+ *
+ * @param target The "target" field of the asset statement.
+ */
+ private static boolean isAssetWeb(JSONObject target) {
+ String namespace;
+ try {
+ namespace = target.getString(ASSET_STATEMENT_FIELD_NAMESPACE);
+ } catch (JSONException e) {
+ return false;
+ }
+
+ return namespace.equals(ASSET_STATEMENT_NAMESPACE_WEB);
+ }
+
+ private static boolean statementTargetMatches(URI frameUrl, URI assetUrl) {
+ if (assetUrl.getScheme() == null || assetUrl.getAuthority() == null) {
+ return false;
+ }
+
+ return assetUrl.getScheme().equals(frameUrl.getScheme())
+ && assetUrl.getAuthority().equals(frameUrl.getAuthority());
+ }
+}

Powered by Google App Engine
This is Rietveld 408576698