Clarify a limitation in the current implementation

Two repositories can (and always could) end up with the same exact .apk file. If that .apk is the "suggested version", then we should eliminate the idea of "suggested version code" and instead have a "suggested apk" (which implicitly includes the repository it comes from, so we choose the one with the better priority). Right now, we kind of assume that it doesn't matter which repo provides the suggested apk, as long as one of them has an .apk with the correct version code and signing key. It shouldn't _particularly_ matter from a security perspective, because a malicious repo wont be able to trick a user into installing an apk with a different signing key, but it would be good to iron this out. This commit adds a TODO explaining this for th ebenefit of any CRer.
2016-08-11 10:31:11 +10:00 · 2016-08-11 10:31:11 +10:00 · efdf328fd3
commit efdf328fd3
parent 3ec64d6d82
2 changed files with 14 additions and 9 deletions
--- a/app/src/main/java/org/fdroid/fdroid/data/Apk.java
+++ b/app/src/main/java/org/fdroid/fdroid/data/Apk.java
@ -63,7 +63,7 @@ public class Apk extends ValueObject implements Comparable<Apk>, Parcelable {
    public String[] incompatibleReasons;

    /**
-     * The numeric primary key of the Package table, which is used to join apks.
+     * The numeric primary key of the Metadata table, which is used to join apks.
     */
    public long appId;

--- a/app/src/main/java/org/fdroid/fdroid/data/ApkProvider.java
+++ b/app/src/main/java/org/fdroid/fdroid/data/ApkProvider.java
@ -369,8 +369,14 @@ public class ApkProvider extends FDroidProvider {
    private QuerySelection querySingleFromAnyRepo(Uri uri, boolean includeAlias) {
        String alias = includeAlias ? "apk." : "";

-        // TODO: Change the = to an IN to deal with multiple apps?
-        final String selection = alias + Cols.VERSION_CODE + " = ? and " + alias + Cols.APP_ID + " = (" + getMetadataIdFromPackageNameQuery() + ")";
+        // TODO: Technically multiple repositories can provide the apk with this version code.
+        //       Therefore, in the very near future we'll need to change from calculating a
+        //       "suggested version code" to a "suggested apk" and join directly onto the apk table.
+        //       This way, we can take into account both repo priorities and signing keys of any
+        //       already installed apks to ensure that the best version is suggested to the user.
+        //       At this point, we may pull back the "wrong" apk in weird edge cases, but the user
+        //       wont be tricked into installing it, as it will (likely) have a different signing key.
+        final String selection = alias + Cols.VERSION_CODE + " = ? and " + alias + Cols.APP_ID + " IN (" + getMetadataIdFromPackageNameQuery() + ")";
        final String[] args = {
            // First (0th) path segment is the word "apk",
            // and we are not interested in it.
@ -443,13 +449,12 @@ public class ApkProvider extends FDroidProvider {
        return new QuerySelection(sb.toString(), args);
    }

-    // TODO: This could return many rows of app metadata
    private String getMetadataIdFromPackageNameQuery() {
-        return "SELECT app." + AppMetadataTable.Cols.ROW_ID + " " +
-                "FROM " + AppMetadataTable.NAME + " AS app " +
-                "JOIN " + PackageTable.NAME + " AS pkg ON ( " +
-                "  app." + AppMetadataTable.Cols.PACKAGE_ID + " = pkg." + PackageTable.Cols.ROW_ID + " ) " +
-                "WHERE pkg." + PackageTable.Cols.PACKAGE_NAME + " = ?";
+        return "SELECT m." + AppMetadataTable.Cols.ROW_ID + " " +
+                "FROM " + AppMetadataTable.NAME + " AS m " +
+                "JOIN " + PackageTable.NAME + " AS p ON ( " +
+                "  m." + AppMetadataTable.Cols.PACKAGE_ID + " = p." + PackageTable.Cols.ROW_ID + " ) " +
+                "WHERE p." + PackageTable.Cols.PACKAGE_NAME + " = ?";
    }

    @Override