aboutsummaryrefslogtreecommitdiff
path: root/app/src/main/java
diff options
context:
space:
mode:
authorFabian Henneke <FabianHenneke@users.noreply.github.com>2020-03-26 16:29:19 +0100
committerGitHub <noreply@github.com>2020-03-26 20:59:19 +0530
commita736dcc255b768f4275a200990943ab2c3567d0a (patch)
tree6ced99fcf1ba6667579781b9c2f0ebde1c5feee4 /app/src/main/java
parente05b544894c312457e980bcac64ad0a41c4dc5ef (diff)
Fix: Don't apply single-origin mode to native apps (#667)
An unwarranted use of the Elivs operator in Form.kt makes it such that the restrictions of single-origin mode also apply to native apps. This commit fixes the bug and also reduces the number of intermediate values that can mask mistakes like this one. It also renames saveFlag to saveFlags in BrowserAutofillSupportInfo since this variable is not limited to contain only a single flag.
Diffstat (limited to 'app/src/main/java')
-rw-r--r--app/src/main/java/com/zeapo/pwdstore/autofill/oreo/FeatureAndTrustDetection.kt6
-rw-r--r--app/src/main/java/com/zeapo/pwdstore/autofill/oreo/Form.kt20
2 files changed, 10 insertions, 16 deletions
diff --git a/app/src/main/java/com/zeapo/pwdstore/autofill/oreo/FeatureAndTrustDetection.kt b/app/src/main/java/com/zeapo/pwdstore/autofill/oreo/FeatureAndTrustDetection.kt
index fdd862ad..c268e755 100644
--- a/app/src/main/java/com/zeapo/pwdstore/autofill/oreo/FeatureAndTrustDetection.kt
+++ b/app/src/main/java/com/zeapo/pwdstore/autofill/oreo/FeatureAndTrustDetection.kt
@@ -141,7 +141,7 @@ private fun getBrowserSaveFlag(appPackage: String): Int? = BROWSER_SAVE_FLAG[app
data class BrowserAutofillSupportInfo(
val multiOriginMethod: BrowserMultiOriginMethod,
- val saveFlag: Int?
+ val saveFlags: Int?
)
@RequiresApi(Build.VERSION_CODES.O)
@@ -152,7 +152,7 @@ fun getBrowserAutofillSupportInfoIfTrusted(
if (!isTrustedBrowser(context, appPackage)) return null
return BrowserAutofillSupportInfo(
multiOriginMethod = getBrowserMultiOriginMethod(appPackage),
- saveFlag = getBrowserSaveFlag(appPackage)
+ saveFlags = getBrowserSaveFlag(appPackage)
)
}
@@ -175,7 +175,7 @@ private fun getBrowserAutofillSupportLevel(
val browserInfo = getBrowserAutofillSupportInfoIfTrusted(context, appPackage)
return when {
browserInfo == null -> BrowserAutofillSupportLevel.None
- browserInfo.saveFlag != null -> BrowserAutofillSupportLevel.FillAndSave
+ browserInfo.saveFlags != null -> BrowserAutofillSupportLevel.FillAndSave
appPackage in FLAKY_BROWSERS -> BrowserAutofillSupportLevel.FlakyFill
else -> BrowserAutofillSupportLevel.Fill
}
diff --git a/app/src/main/java/com/zeapo/pwdstore/autofill/oreo/Form.kt b/app/src/main/java/com/zeapo/pwdstore/autofill/oreo/Form.kt
index 6e405005..df8b037a 100644
--- a/app/src/main/java/com/zeapo/pwdstore/autofill/oreo/Form.kt
+++ b/app/src/main/java/com/zeapo/pwdstore/autofill/oreo/Form.kt
@@ -81,15 +81,9 @@ private class Form(context: Context, structure: AssistStructure, isManualRequest
private var appPackage = structure.activityComponent.packageName
- private val browserAutofillSupportInfo =
+ private val trustedBrowserInfo =
getBrowserAutofillSupportInfoIfTrusted(context, appPackage)
- private val isTrustedBrowser = browserAutofillSupportInfo != null
-
- private val browserMultiOriginMethod =
- browserAutofillSupportInfo?.multiOriginMethod ?: BrowserMultiOriginMethod.None
- private val singleOriginMode = browserMultiOriginMethod == BrowserMultiOriginMethod.None
-
- val saveFlags = browserAutofillSupportInfo?.saveFlag
+ val saveFlags = trustedBrowserInfo?.saveFlags
private val webOrigins = mutableSetOf<String>()
@@ -114,7 +108,7 @@ private class Form(context: Context, structure: AssistStructure, isManualRequest
private fun visitFormNode(node: AssistStructure.ViewNode, inheritedWebOrigin: String? = null) {
trackOrigin(node)
val field =
- if (browserMultiOriginMethod == BrowserMultiOriginMethod.WebView) {
+ if (trustedBrowserInfo?.multiOriginMethod == BrowserMultiOriginMethod.WebView) {
FormField(node, fieldIndex, true, inheritedWebOrigin)
} else {
check(inheritedWebOrigin == null)
@@ -135,12 +129,12 @@ private class Form(context: Context, structure: AssistStructure, isManualRequest
private fun detectFieldsToFill(isManualRequest: Boolean) = autofillStrategy.match(
relevantFields,
- singleOriginMode = singleOriginMode,
+ singleOriginMode = trustedBrowserInfo?.multiOriginMethod == BrowserMultiOriginMethod.None,
isManualRequest = isManualRequest
)
private fun trackOrigin(node: AssistStructure.ViewNode) {
- if (!isTrustedBrowser) return
+ if (trustedBrowserInfo == null) return
node.webOrigin?.let {
if (it !in webOrigins) {
d { "Origin encountered: $it" }
@@ -159,14 +153,14 @@ private class Form(context: Context, structure: AssistStructure, isManualRequest
private fun determineFormOrigin(context: Context): FormOrigin? {
if (scenario == null) return null
- if (!isTrustedBrowser || webOrigins.isEmpty()) {
+ if (trustedBrowserInfo == null || webOrigins.isEmpty()) {
// Security assumption: If a trusted browser includes no web origin in the provided
// AssistStructure, then the form is a native browser form (e.g. for a sync password).
// TODO: Support WebViews in apps via Digital Asset Links
// See: https://developer.android.com/reference/android/service/autofill/AutofillService#web-security
return FormOrigin.App(appPackage)
}
- return when (browserMultiOriginMethod) {
+ return when (trustedBrowserInfo.multiOriginMethod) {
BrowserMultiOriginMethod.None -> {
// Security assumption: If a browser is trusted but does not support tracking
// multiple origins, it is expected to annotate a single field, in most cases its