This is to support CTS's ability to check that the expected verifications
are indeed being performed by the currently active verifier.
Bug 27482754
Change-Id: Iccb9bd273c7893f04e45bfca0708dcfdde595a3e
For intent filters that match "*.example.tld" hosts, we now look at
https://example.tld/... to validate the claim.
Change-Id: I9725058fa45e85c96ed4a07781b3f989ac6fd661
* Change the well known file location to assetlinks.json.
* Cleanup http connection after verification.
BUG=21487368
BUG=21163039
Change-Id: I0d317ac32c44933af7ed9a98ff1b0efa13eb44b1
JSONObject parser is too lenient when parsing Json string. Security review
suggested us to use a stricter parser, which we implemented with
JsonReader in this CL.
BUG=20665035
Change-Id: I379976731a1d35ef8ec746f3a6e78be998370f00
For security reason, disallow HTTP include files if the source asset is
a HTTPS site or an Android app.
Change the include statement field name from "delegate" to "include".
Bug: 20323096
Change-Id: Ifc12b61657c9c89a670b9d7c3220853321c15dea
Change the location of statement file for web asset
from /.well-known/associations.json to /.well-known/statements.json.
BUG=21153250
Change-Id: Ie8538b852d62c54254c895e0abadc7f502ea2181
This commit adds a verifier that verifies a host delegates permission for
an app to handle Url for the host using the Statement protocol.
- Implements the Statement protocol
-- The protocol defines a file format that represents statements.
-- The protocol defines where each asset type should put their statement
declaration. For web asset, the statement file should be hosted at
<scheme>://<host>:<port>/.well-known/associations.json.
- Implements IntentFilterVerificationReceiver, an interface between
StatementService and PackageManager. PackageManager will send a
broadcast with action Intent.ACTION_INTENT_FILTER_NEEDS_VERIFICATION.
The service will process the request and returns the results by calling
PackageManager.verifyIntentFilter().
To verify an IntentFilter like this defined in Android app com.test.app
<intent-filter>
<data android:scheme="https" />
<data android:host="www.test.com" />
<data android:pathPattern=".*"/>
</intent-filter>
The service will try to retrieve the statement file from
https://www.test.com:443/.well-known/associations.json and try to find
a JSON object equivalent to
{'relation': ['delegate_permission/common.handle_all_urls'],
'target': {'namespace': 'android_app',
'package_name': 'com.test.app',
'sha256_cert_fingerprints': [APP_CERT_FP]}}
The entry should have the correct relation, package name, and
certificate sha256 fingerprint.
Because this implementation will send a HTTP request for each host
specified in the intent-filter in AndroidManifest.xml, to avoid overwhelming
the network at app install time, we limit the maximum number of hosts we will
verify for a single app to 10. Any app with more than 10 hosts in the
autoVerify=true intent-filter won't be auto verified.
Change-Id: I787c9d176e4110aa441eb5fe4fa9651a071c6610
