2014-08-22 20:08:44 +00:00
|
|
|
/*
|
2017-06-12 22:30:41 +00:00
|
|
|
* Copyright (C) 2013-2017 microG Project Team
|
2014-08-22 20:08:44 +00:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
2015-02-01 22:27:46 +00:00
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
2014-08-22 20:08:44 +00:00
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
package com.google.android.gms.common.security;
|
|
|
|
|
|
|
|
import android.content.Context;
|
2019-07-01 09:11:13 +00:00
|
|
|
import android.content.pm.ApplicationInfo;
|
2019-05-25 13:54:32 +00:00
|
|
|
import android.os.Process;
|
2014-08-22 20:08:44 +00:00
|
|
|
import android.util.Log;
|
2019-05-25 13:54:32 +00:00
|
|
|
|
2019-07-01 09:11:13 +00:00
|
|
|
import org.conscrypt.NativeCrypto;
|
2018-10-09 02:09:06 +00:00
|
|
|
import org.conscrypt.OpenSSLProvider;
|
2019-05-25 13:54:32 +00:00
|
|
|
import org.microg.gms.common.PackageUtils;
|
|
|
|
|
2019-07-01 09:11:13 +00:00
|
|
|
import java.io.File;
|
|
|
|
import java.io.FileOutputStream;
|
|
|
|
import java.io.IOException;
|
|
|
|
import java.io.InputStream;
|
|
|
|
import java.io.OutputStream;
|
|
|
|
import java.lang.reflect.Field;
|
|
|
|
import java.lang.reflect.InvocationTargetException;
|
|
|
|
import java.lang.reflect.Method;
|
2018-10-09 02:09:06 +00:00
|
|
|
import java.security.Security;
|
2019-05-25 13:54:32 +00:00
|
|
|
import java.util.Collections;
|
|
|
|
import java.util.List;
|
2019-07-04 22:47:12 +00:00
|
|
|
import java.util.Set;
|
2019-07-01 09:11:13 +00:00
|
|
|
import java.util.zip.ZipEntry;
|
|
|
|
import java.util.zip.ZipFile;
|
2019-05-25 13:54:32 +00:00
|
|
|
|
|
|
|
import javax.net.ssl.HttpsURLConnection;
|
|
|
|
import javax.net.ssl.SSLContext;
|
2014-08-22 20:08:44 +00:00
|
|
|
|
|
|
|
public class ProviderInstallerImpl {
|
2019-05-25 13:54:32 +00:00
|
|
|
private static final String TAG = "GmsProviderInstaller";
|
|
|
|
private static final List<String> DISABLED = Collections.singletonList("com.discord");
|
|
|
|
|
2014-08-22 20:08:44 +00:00
|
|
|
public static void insertProvider(Context context) {
|
2019-07-01 09:11:13 +00:00
|
|
|
String packageName = PackageUtils.packageFromProcessId(context, Process.myPid());
|
|
|
|
Log.d(TAG, "Provider installer invoked for " + packageName);
|
2019-05-25 13:54:32 +00:00
|
|
|
try {
|
|
|
|
if (DISABLED.contains(packageName)) {
|
|
|
|
Log.d(TAG, "Package is excluded from usage of provider installer");
|
2019-07-01 09:11:13 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
OpenSSLProvider provider = null;
|
|
|
|
|
|
|
|
try {
|
|
|
|
provider = new OpenSSLProvider("GmsCore_OpenSSL");
|
|
|
|
} catch (UnsatisfiedLinkError e) {
|
|
|
|
Log.w(TAG, "Could not link conscrypt via default loader, trying manual loading");
|
|
|
|
|
|
|
|
// TODO: Move manual loading into helper function (as it is also used in both maps implementations)
|
|
|
|
try {
|
|
|
|
ApplicationInfo otherAppInfo = context.getPackageManager().getApplicationInfo(packageName, 0);
|
|
|
|
|
|
|
|
String primaryCpuAbi = (String) ApplicationInfo.class.getField("primaryCpuAbi").get(otherAppInfo);
|
|
|
|
if (primaryCpuAbi != null) {
|
|
|
|
String path = "lib/" + primaryCpuAbi + "/libconscrypt_jni.so";
|
|
|
|
File cacheFile = new File(context.createPackageContext(packageName, 0).getCacheDir().getAbsolutePath() + "/.gmscore/" + path);
|
|
|
|
cacheFile.getParentFile().mkdirs();
|
|
|
|
File apkFile = new File(context.getPackageCodePath());
|
|
|
|
if (!cacheFile.exists() || cacheFile.lastModified() < apkFile.lastModified()) {
|
|
|
|
ZipFile zipFile = new ZipFile(apkFile);
|
|
|
|
ZipEntry entry = zipFile.getEntry(path);
|
|
|
|
if (entry != null) {
|
|
|
|
copyInputStream(zipFile.getInputStream(entry), new FileOutputStream(cacheFile));
|
|
|
|
} else {
|
|
|
|
Log.d(TAG, "Can't load native library: " + path + " does not exist in " + apkFile);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
Log.d(TAG, "Loading conscrypt_jni from " + cacheFile.getPath());
|
|
|
|
System.load(cacheFile.getAbsolutePath());
|
|
|
|
|
|
|
|
Class<NativeCrypto> clazz = NativeCrypto.class;
|
2019-07-04 22:47:12 +00:00
|
|
|
|
2019-07-01 09:11:13 +00:00
|
|
|
Field loadError = clazz.getDeclaredField("loadError");
|
|
|
|
loadError.setAccessible(true);
|
|
|
|
loadError.set(null, null);
|
2019-07-04 22:47:12 +00:00
|
|
|
|
|
|
|
Method clinit = clazz.getDeclaredMethod("clinit");
|
2019-07-01 09:11:13 +00:00
|
|
|
clinit.setAccessible(true);
|
2019-07-04 22:47:12 +00:00
|
|
|
|
|
|
|
Method get_cipher_names = clazz.getDeclaredMethod("get_cipher_names", String.class);
|
|
|
|
get_cipher_names.setAccessible(true);
|
|
|
|
|
|
|
|
Method cipherSuiteToJava = clazz.getDeclaredMethod("cipherSuiteToJava", String.class);
|
|
|
|
cipherSuiteToJava.setAccessible(true);
|
|
|
|
|
|
|
|
Method EVP_has_aes_hardware = clazz.getDeclaredMethod("EVP_has_aes_hardware");
|
|
|
|
EVP_has_aes_hardware.setAccessible(true);
|
|
|
|
|
|
|
|
Field f = clazz.getDeclaredField("SUPPORTED_TLS_1_2_CIPHER_SUITES_SET");
|
|
|
|
f.setAccessible(true);
|
|
|
|
|
|
|
|
Set<String> SUPPORTED_TLS_1_2_CIPHER_SUITES_SET = (Set<String>) f.get(null);
|
|
|
|
f = clazz.getDeclaredField("SUPPORTED_LEGACY_CIPHER_SUITES_SET");
|
|
|
|
f.setAccessible(true);
|
|
|
|
|
|
|
|
Set<String> SUPPORTED_LEGACY_CIPHER_SUITES_SET = (Set<String>) f.get(null);
|
|
|
|
f = clazz.getDeclaredField("SUPPORTED_TLS_1_2_CIPHER_SUITES");
|
|
|
|
f.setAccessible(true);
|
|
|
|
|
2019-07-01 09:11:13 +00:00
|
|
|
try {
|
|
|
|
clinit.invoke(null);
|
2019-07-04 22:47:12 +00:00
|
|
|
|
|
|
|
String[] allCipherSuites = (String[]) get_cipher_names.invoke(null, "ALL:!DHE");
|
|
|
|
int size = allCipherSuites.length;
|
|
|
|
|
|
|
|
String[] SUPPORTED_TLS_1_2_CIPHER_SUITES = new String[size / 2 + 2];
|
|
|
|
for (int i = 0; i < size; i += 2) {
|
|
|
|
String cipherSuite = (String) cipherSuiteToJava.invoke(null, allCipherSuites[i]);
|
|
|
|
|
|
|
|
SUPPORTED_TLS_1_2_CIPHER_SUITES[i / 2] = cipherSuite;
|
|
|
|
SUPPORTED_TLS_1_2_CIPHER_SUITES_SET.add(cipherSuite);
|
|
|
|
|
|
|
|
SUPPORTED_LEGACY_CIPHER_SUITES_SET.add(allCipherSuites[i + 1]);
|
|
|
|
}
|
|
|
|
SUPPORTED_TLS_1_2_CIPHER_SUITES[size / 2] = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
|
|
|
|
SUPPORTED_TLS_1_2_CIPHER_SUITES[size / 2 + 1] = "TLS_FALLBACK_SCSV";
|
|
|
|
f.set(null, SUPPORTED_TLS_1_2_CIPHER_SUITES);
|
|
|
|
|
|
|
|
f = clazz.getDeclaredField("HAS_AES_HARDWARE");
|
|
|
|
f.setAccessible(true);
|
|
|
|
f.set(null, (int) EVP_has_aes_hardware.invoke(null) == 1);
|
|
|
|
|
2019-07-01 09:11:13 +00:00
|
|
|
provider = new OpenSSLProvider("GmsCore_OpenSSL");
|
|
|
|
} catch (InvocationTargetException inner) {
|
|
|
|
if (inner.getTargetException() instanceof UnsatisfiedLinkError) {
|
|
|
|
loadError.set(null, inner.getTargetException());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} catch (Exception e2) {
|
|
|
|
Log.w(TAG, e2);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (provider == null) {
|
|
|
|
Log.w(TAG, "Failed to initialize conscrypt provider");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (Security.insertProviderAt(provider, 1) == 1) {
|
2019-05-25 13:54:32 +00:00
|
|
|
Security.setProperty("ssl.SocketFactory.provider", "org.conscrypt.OpenSSLSocketFactoryImpl");
|
|
|
|
Security.setProperty("ssl.ServerSocketFactory.provider", "org.conscrypt.OpenSSLServerSocketFactoryImpl");
|
|
|
|
|
|
|
|
SSLContext.setDefault(SSLContext.getInstance("Default"));
|
|
|
|
HttpsURLConnection.setDefaultSSLSocketFactory(SSLContext.getDefault().getSocketFactory());
|
|
|
|
Log.d(TAG, "SSL provider installed");
|
|
|
|
} else {
|
|
|
|
Log.w(TAG, "Did not insert the new SSL provider");
|
|
|
|
}
|
2019-07-01 09:11:13 +00:00
|
|
|
} catch (Throwable e) {
|
2019-05-25 13:54:32 +00:00
|
|
|
Log.w(TAG, e);
|
|
|
|
}
|
2014-08-22 20:08:44 +00:00
|
|
|
}
|
2019-07-01 09:11:13 +00:00
|
|
|
|
|
|
|
|
|
|
|
private static final void copyInputStream(InputStream in, OutputStream out) throws IOException {
|
|
|
|
byte[] buffer = new byte[1024];
|
|
|
|
int len;
|
|
|
|
|
|
|
|
while ((len = in.read(buffer)) >= 0)
|
|
|
|
out.write(buffer, 0, len);
|
|
|
|
|
|
|
|
in.close();
|
|
|
|
out.close();
|
|
|
|
}
|
2014-08-22 20:08:44 +00:00
|
|
|
}
|