diff --git a/app/src/main/java/org/fdroid/fdroid/AppDetails.java b/app/src/main/java/org/fdroid/fdroid/AppDetails.java index 71fa35b30..ead493e76 100644 --- a/app/src/main/java/org/fdroid/fdroid/AppDetails.java +++ b/app/src/main/java/org/fdroid/fdroid/AppDetails.java @@ -78,7 +78,6 @@ import com.nostra13.universalimageloader.core.DisplayImageOptions; import com.nostra13.universalimageloader.core.ImageLoader; import com.nostra13.universalimageloader.core.assist.ImageScaleType; -import org.fdroid.fdroid.Utils.CommaSeparatedList; import org.fdroid.fdroid.data.Apk; import org.fdroid.fdroid.data.ApkProvider; import org.fdroid.fdroid.data.App; @@ -93,7 +92,6 @@ import org.fdroid.fdroid.net.Downloader; import org.fdroid.fdroid.net.DownloaderService; import java.util.ArrayList; -import java.util.Iterator; import java.util.List; public class AppDetails extends AppCompatActivity { diff --git a/app/src/main/java/org/fdroid/fdroid/installer/ApkVerifier.java b/app/src/main/java/org/fdroid/fdroid/installer/ApkVerifier.java index c818df9a5..7b38093b2 100644 --- a/app/src/main/java/org/fdroid/fdroid/installer/ApkVerifier.java +++ b/app/src/main/java/org/fdroid/fdroid/installer/ApkVerifier.java @@ -23,7 +23,7 @@ import android.content.Context; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; import android.net.Uri; -import android.util.Log; +import android.text.TextUtils; import org.apache.commons.io.FileUtils; import org.fdroid.fdroid.Hasher; @@ -37,14 +37,19 @@ import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.HashSet; +/** + * This ApkVerifier verifies that the downloaded apk corresponds to the Apk information + * displayed to the user. This is especially important in case an unattended installer + * has been used which displays permissions before download. + */ public class ApkVerifier { private static final String TAG = "ApkVerifier"; - Context context; - Uri localApkUri; - Apk expectedApk; - PackageManager pm; + private final Context context; + private final Uri localApkUri; + private final Apk expectedApk; + private final PackageManager pm; ApkVerifier(Context context, Uri localApkUri, Apk expectedApk) { this.context = context; @@ -54,14 +59,15 @@ public class ApkVerifier { } public void verifyApk() throws ApkVerificationException { + // parse downloaded apk file locally PackageInfo localApkInfo = pm.getPackageArchiveInfo( localApkUri.getPath(), PackageManager.GET_PERMISSIONS); if (localApkInfo == null) { - throw new ApkVerificationException("parsing apk failed!"); + throw new ApkVerificationException("parsing apk file failed!"); } // check if the apk has the expected packageName - if (localApkInfo.packageName == null || !localApkInfo.packageName.equals(expectedApk.packageName)) { + if (!TextUtils.equals(localApkInfo.packageName, expectedApk.packageName)) { throw new ApkVerificationException("apk has unexpected packageName!"); } @@ -78,7 +84,10 @@ public class ApkVerifier { throw new ApkVerificationException("permissions of apk not equals expected permissions!"); } + int localTargetSdkVersion = localApkInfo.applicationInfo.targetSdkVersion; + Utils.debugLog(TAG, "localTargetSdkVersion: " + localTargetSdkVersion); // TODO: check target sdk + } private HashSet getLocalPermissionsSet(PackageInfo localApkInfo) { diff --git a/app/src/main/java/org/fdroid/fdroid/installer/ExtensionInstaller.java b/app/src/main/java/org/fdroid/fdroid/installer/ExtensionInstaller.java index b9902bd58..a17565dd3 100644 --- a/app/src/main/java/org/fdroid/fdroid/installer/ExtensionInstaller.java +++ b/app/src/main/java/org/fdroid/fdroid/installer/ExtensionInstaller.java @@ -38,8 +38,6 @@ import java.io.File; */ public class ExtensionInstaller extends Installer { - private static final String TAG = "ExtensionInstaller"; - ExtensionInstaller(Context context) { super(context); } diff --git a/app/src/main/java/org/fdroid/fdroid/privileged/views/AppDiff.java b/app/src/main/java/org/fdroid/fdroid/privileged/views/AppDiff.java index 58d10cfdb..3753093d2 100644 --- a/app/src/main/java/org/fdroid/fdroid/privileged/views/AppDiff.java +++ b/app/src/main/java/org/fdroid/fdroid/privileged/views/AppDiff.java @@ -18,18 +18,12 @@ package org.fdroid.fdroid.privileged.views; -import android.annotation.TargetApi; import android.content.pm.ApplicationInfo; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; -import android.os.Build; -import org.fdroid.fdroid.Permission; import org.fdroid.fdroid.data.Apk; -import java.util.ArrayList; - -@TargetApi(Build.VERSION_CODES.M) public class AppDiff { private final PackageManager mPm;