Force users to retrust unknown extensions on cold starts

2025-10-09 04:49:33 +02:00 · 2024-01-05 08:53:45 -05:00
parent 4e221397ce
commit 493da5c3f4
3 changed files with 13 additions and 7 deletions
--- a/app/src/main/java/eu/kanade/tachiyomi/extension/ExtensionManager.kt
+++ b/app/src/main/java/eu/kanade/tachiyomi/extension/ExtensionManager.kt
@@ -258,7 +258,6 @@ class ExtensionManager(
        val untrustedSignatures = _untrustedExtensionsFlow.value.map { it.signatureHash }.toSet()
        if (signature !in untrustedSignatures) return

-        ExtensionLoader.trustedSignatures += signature
        preferences.trustedSignatures() += signature

        val nowTrustedExtensions = _untrustedExtensionsFlow.value.filter { it.signatureHash == signature }
--- a/app/src/main/java/eu/kanade/tachiyomi/extension/util/ExtensionLoader.kt
+++ b/app/src/main/java/eu/kanade/tachiyomi/extension/util/ExtensionLoader.kt
@@ -15,6 +15,7 @@ import eu.kanade.tachiyomi.source.Source
 import eu.kanade.tachiyomi.source.SourceFactory
 import eu.kanade.tachiyomi.util.lang.Hash
 import eu.kanade.tachiyomi.util.storage.copyAndSetReadOnlyTo
+import eu.kanade.tachiyomi.util.system.isDevFlavor
 import kotlinx.coroutines.async
 import kotlinx.coroutines.awaitAll
 import kotlinx.coroutines.runBlocking
@@ -62,11 +63,6 @@ internal object ExtensionLoader {
    // inorichi's key
    private const val officialSignature = "7ce04da7773d41b489f4693a366c36bcd0a11fc39b547168553c285bd7348e23"

-    /**
-     * List of the trusted signatures.
-     */
-    var trustedSignatures = mutableSetOf(officialSignature) + preferences.trustedSignatures().get()
-
    private const val PRIVATE_EXTENSION_EXTENSION = "ext"

    private fun getPrivateExtensionDir(context: Context) = File(context.filesDir, "exts")
@@ -123,6 +119,12 @@ internal object ExtensionLoader {
     * @param context The application context.
     */
    fun loadExtensions(context: Context): List<LoadResult> {
+        // Always make users trust unknown extensions on cold starts in non-dev builds
+        // due to inherent security risks
+        if (!isDevFlavor) {
+            preferences.trustedSignatures().delete()
+        }
+
        val pkgManager = context.packageManager

        val installedPkgs = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
@@ -394,6 +396,11 @@ internal object ExtensionLoader {
    }

    private fun hasTrustedSignature(signatures: List<String>): Boolean {
+        if (officialSignature in signatures) {
+            return true
+        }
+
+        val trustedSignatures = preferences.trustedSignatures().get()
        return trustedSignatures.any { signatures.contains(it) }
    }