From 493da5c3f471b53615e80411d942fc2c92a33ec5 Mon Sep 17 00:00:00 2001 From: arkon Date: Fri, 5 Jan 2024 08:53:45 -0500 Subject: [PATCH] Force users to retrust unknown extensions on cold starts --- .../tachiyomi/extension/ExtensionManager.kt | 1 - .../tachiyomi/extension/util/ExtensionLoader.kt | 17 ++++++++++++----- .../commonMain/resources/MR/base/strings.xml | 2 +- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/app/src/main/java/eu/kanade/tachiyomi/extension/ExtensionManager.kt b/app/src/main/java/eu/kanade/tachiyomi/extension/ExtensionManager.kt index 58ffe1111b..4b43d11ad8 100644 --- a/app/src/main/java/eu/kanade/tachiyomi/extension/ExtensionManager.kt +++ b/app/src/main/java/eu/kanade/tachiyomi/extension/ExtensionManager.kt @@ -258,7 +258,6 @@ class ExtensionManager( val untrustedSignatures = _untrustedExtensionsFlow.value.map { it.signatureHash }.toSet() if (signature !in untrustedSignatures) return - ExtensionLoader.trustedSignatures += signature preferences.trustedSignatures() += signature val nowTrustedExtensions = _untrustedExtensionsFlow.value.filter { it.signatureHash == signature } diff --git a/app/src/main/java/eu/kanade/tachiyomi/extension/util/ExtensionLoader.kt b/app/src/main/java/eu/kanade/tachiyomi/extension/util/ExtensionLoader.kt index eccf66cd65..ecb4d09e2c 100644 --- a/app/src/main/java/eu/kanade/tachiyomi/extension/util/ExtensionLoader.kt +++ b/app/src/main/java/eu/kanade/tachiyomi/extension/util/ExtensionLoader.kt @@ -15,6 +15,7 @@ import eu.kanade.tachiyomi.source.Source import eu.kanade.tachiyomi.source.SourceFactory import eu.kanade.tachiyomi.util.lang.Hash import eu.kanade.tachiyomi.util.storage.copyAndSetReadOnlyTo +import eu.kanade.tachiyomi.util.system.isDevFlavor import kotlinx.coroutines.async import kotlinx.coroutines.awaitAll import kotlinx.coroutines.runBlocking @@ -62,11 +63,6 @@ internal object ExtensionLoader { // inorichi's key private const val officialSignature = "7ce04da7773d41b489f4693a366c36bcd0a11fc39b547168553c285bd7348e23" - /** - * List of the trusted signatures. - */ - var trustedSignatures = mutableSetOf(officialSignature) + preferences.trustedSignatures().get() - private const val PRIVATE_EXTENSION_EXTENSION = "ext" private fun getPrivateExtensionDir(context: Context) = File(context.filesDir, "exts") @@ -123,6 +119,12 @@ internal object ExtensionLoader { * @param context The application context. */ fun loadExtensions(context: Context): List { + // Always make users trust unknown extensions on cold starts in non-dev builds + // due to inherent security risks + if (!isDevFlavor) { + preferences.trustedSignatures().delete() + } + val pkgManager = context.packageManager val installedPkgs = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) { @@ -394,6 +396,11 @@ internal object ExtensionLoader { } private fun hasTrustedSignature(signatures: List): Boolean { + if (officialSignature in signatures) { + return true + } + + val trustedSignatures = preferences.trustedSignatures().get() return trustedSignatures.any { signatures.contains(it) } } diff --git a/i18n/src/commonMain/resources/MR/base/strings.xml b/i18n/src/commonMain/resources/MR/base/strings.xml index cad687b249..4f899abbf2 100644 --- a/i18n/src/commonMain/resources/MR/base/strings.xml +++ b/i18n/src/commonMain/resources/MR/base/strings.xml @@ -318,7 +318,7 @@ Uninstall App info Untrusted extension - This extension was signed with an untrusted certificate and wasn\'t activated.\n\nA malicious extension could read any stored login credentials or execute arbitrary code.\n\nBy trusting this certificate you accept these risks. + This extension was signed by any unknown author and wasn\'t loaded.\n\nMalicious extensions can read any stored login credentials or execute arbitrary code.\n\nBy trusting this extension\'s certificate, you accept these risks. This extension is no longer available. It may not function properly and can cause issues with the app. Uninstalling it is recommended. This extension is not from the official list. Failed to get extensions list