fankes/termux-app
2
0
Fork 0
mirror of https://github.com/fankes/termux-app.git synced 2025-09-06 02:35:19 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Changed: Only allow ContentProvider access if allow-external-apps is set to true

Browse Source
This commit is contained in:
agnostic-apollo
2021-09-24 00:47:38 +05:00
parent e302a14cd0
commit dcedf39434
4 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/src/main/java/com/termux/app/RunCommandService.java
View File

@@ -122,7 +122,7 @@ public class RunCommandService extends Service {
// user knows someone tried to run a command in termux context, since it may be malicious // user knows someone tried to run a command in termux context, since it may be malicious
// app or imported (tasker) plugin project and not the user himself. If a pending intent is // app or imported (tasker) plugin project and not the user himself. If a pending intent is
// also sent, then its creator is also logged and shown. // also sent, then its creator is also logged and shown.
errmsg = PluginUtils.checkIfRunCommandServiceAllowExternalAppsPolicyIsViolated(this); errmsg = PluginUtils.checkIfAllowExternalAppsPolicyIsViolated(this, LOG_TAG);
if (errmsg != null) { if (errmsg != null) {
executionCommand.setStateFailed(Errno.ERRNO_FAILED.getCode(), errmsg); executionCommand.setStateFailed(Errno.ERRNO_FAILED.getCode(), errmsg);
PluginUtils.processPluginExecutionCommandError(this, LOG_TAG, executionCommand, true); PluginUtils.processPluginExecutionCommandError(this, LOG_TAG, executionCommand, true);

7
app/src/main/java/com/termux/app/TermuxOpenReceiver.java
View File

@@ -13,6 +13,7 @@ import android.os.ParcelFileDescriptor;
import android.provider.MediaStore; import android.provider.MediaStore;
import android.webkit.MimeTypeMap; import android.webkit.MimeTypeMap;
import com.termux.app.utils.PluginUtils;
import com.termux.shared.data.IntentUtils; import com.termux.shared.data.IntentUtils;
import com.termux.shared.logger.Logger; import com.termux.shared.logger.Logger;
import com.termux.shared.termux.TermuxConstants; import com.termux.shared.termux.TermuxConstants;
@@ -190,6 +191,12 @@ public class TermuxOpenReceiver extends BroadcastReceiver {
throw new IllegalArgumentException("Invalid path: " + path); throw new IllegalArgumentException("Invalid path: " + path);
} }
// If "allow-external-apps" property to not set to "true", then throw exception
String errmsg = PluginUtils.checkIfAllowExternalAppsPolicyIsViolated(getContext(), LOG_TAG);
if (errmsg != null) {
throw new IllegalArgumentException(errmsg);
}
// Do not allow apps with RUN_COMMAND permission to modify termux apps properties files, // Do not allow apps with RUN_COMMAND permission to modify termux apps properties files,
// including allow-external-apps // including allow-external-apps
if (TermuxConstants.TERMUX_PROPERTIES_PRIMARY_FILE_PATH.equals(path) || if (TermuxConstants.TERMUX_PROPERTIES_PRIMARY_FILE_PATH.equals(path) ||

8
app/src/main/java/com/termux/app/utils/PluginUtils.java
View File

@@ -321,10 +321,12 @@ public class PluginUtils {
* @param context The {@link Context} to get error string. * @param context The {@link Context} to get error string.
* @return Returns the {@code error} if policy is violated, otherwise {@code null}. * @return Returns the {@code error} if policy is violated, otherwise {@code null}.
*/ */
public static String checkIfRunCommandServiceAllowExternalAppsPolicyIsViolated(final Context context) { public static String checkIfAllowExternalAppsPolicyIsViolated(final Context context, String apiName) {
String errmsg = null; String errmsg = null;
if (!SharedProperties.isPropertyValueTrue(context, TermuxPropertyConstants.getTermuxPropertiesFile(), TermuxConstants.PROP_ALLOW_EXTERNAL_APPS, true)) { if (!SharedProperties.isPropertyValueTrue(context, TermuxPropertyConstants.getTermuxPropertiesFile(),
errmsg = context.getString(R.string.error_run_command_service_allow_external_apps_ungranted); TermuxConstants.PROP_ALLOW_EXTERNAL_APPS, true)) {
errmsg = context.getString(R.string.error_allow_external_apps_ungranted, apiName,
TermuxFileUtils.getUnExpandedTermuxPath(TermuxConstants.TERMUX_PROPERTIES_PRIMARY_FILE_PATH));
} }
return errmsg; return errmsg;

9
app/src/main/res/values/strings.xml
View File

@@ -9,7 +9,6 @@
<!ENTITY TERMUX_STYLING_APP_NAME "Termux:Styling"> <!ENTITY TERMUX_STYLING_APP_NAME "Termux:Styling">
<!ENTITY TERMUX_TASKER_APP_NAME "Termux:Tasker"> <!ENTITY TERMUX_TASKER_APP_NAME "Termux:Tasker">
<!ENTITY TERMUX_WIDGET_APP_NAME "Termux:Widget"> <!ENTITY TERMUX_WIDGET_APP_NAME "Termux:Widget">
<!ENTITY TERMUX_PROPERTIES_PRIMARY_PATH_SHORT "~/.termux/termux.properties">
]> ]>
<resources> <resources>
@@ -105,8 +104,6 @@
<!-- Termux RunCommandService --> <!-- Termux RunCommandService -->
<string name="error_run_command_service_invalid_intent_action">Invalid intent action to RunCommandService: `%1$s`</string> <string name="error_run_command_service_invalid_intent_action">Invalid intent action to RunCommandService: `%1$s`</string>
<string name="error_run_command_service_mandatory_extra_missing">Mandatory extra missing to RunCommandService: \"%1$s\"</string> <string name="error_run_command_service_mandatory_extra_missing">Mandatory extra missing to RunCommandService: \"%1$s\"</string>
<string name="error_run_command_service_allow_external_apps_ungranted">RunCommandService requires `allow-external-apps`
property to be set to `true` in `&TERMUX_PROPERTIES_PRIMARY_PATH_SHORT;` file.</string>
<string name="error_run_command_service_api_help">Visit %1$s for more info on RUN_COMMAND Intent usage.</string> <string name="error_run_command_service_api_help">Visit %1$s for more info on RUN_COMMAND Intent usage.</string>
@@ -118,6 +115,12 @@
<!-- Miscellaneous -->
<string name="error_allow_external_apps_ungranted">%1$s requires `allow-external-apps`
property to be set to `true` in `%2$s` file.</string>
<!-- Termux Settings --> <!-- Termux Settings -->
<string name="title_activity_termux_settings">&TERMUX_APP_NAME; Settings</string> <string name="title_activity_termux_settings">&TERMUX_APP_NAME; Settings</string>