Add locked down ACTIVATE/DEACTIVATE intents

pimterry · pimterry · commit 52b5ee650f1b · 2020-02-10T19:06:31.000+01:00
diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
@@ -16,6 +16,11 @@
             android:name="android.permission.WRITE_EXTERNAL_STORAGE"
             tools:node="remove" />
 
+    <permission
+        android:name="tech.httptoolkit.android.REMOTE_CONTROL_INTERCEPTION"
+        android:protectionLevel="signature"
+    />
+
     <application
             android:name=".HttpToolkitApplication"
             android:allowBackup="true"
@@ -36,9 +41,9 @@
         </service>
 
         <activity
-            android:name=".MainActivity"
-            android:label="@string/app_name"
-            android:launchMode="singleTask">
+                android:name=".MainActivity"
+                android:label="@string/app_name"
+                android:launchMode="singleTask">
             <intent-filter>
                 <action android:name="android.intent.action.MAIN" />
                 <category android:name="android.intent.category.LAUNCHER" />
@@ -57,6 +62,30 @@
             </intent-filter>
         </activity>
 
+        <!--
+            Alias that allows remote intents of ACTIVATE/DEACTIVATE from other apps, but only
+            if they have RC permissions (same signature only). In practice, this is only used
+            by debugging calls using ADB. Important to lock down or other apps could activate
+            the VPN and pass a cert, to intercept all traffic from the phone without prompts.
+        -->
+        <activity-alias
+                android:name=".RemoteControlMainActivity"
+                android:targetActivity=".MainActivity"
+                android:permission="tech.httptoolkit.android.REMOTE_CONTROL_INTERCEPTION">
+            <intent-filter>
+                <action android:name="tech.httptoolkit.android.ACTIVATE" />
+                <category android:name="android.intent.category.DEFAULT" />
+
+                <data android:scheme="https"
+                        android:host="android.httptoolkit.tech"
+                        android:pathPrefix="/connect" />
+            </intent-filter>
+            <intent-filter>
+                <action android:name="tech.httptoolkit.android.DEACTIVATE" />
+                <category android:name="android.intent.category.DEFAULT" />
+            </intent-filter>
+        </activity-alias>
+
         <activity android:name=".ScanActivity" android:parentActivityName=".MainActivity">
             <meta-data
                 android:name="android.support.PARENT_ACTIVITY"
diff --git a/app/src/main/java/tech/httptoolkit/android/MainActivity.kt b/app/src/main/java/tech/httptoolkit/android/MainActivity.kt
@@ -59,6 +59,9 @@ private fun getCertificateFingerprint(cert: X509Certificate): String {
     return Base64.encodeToString(fingerprint, Base64.NO_WRAP)
 }
 
+private val ACTIVATE_INTENT = "tech.httptoolkit.android.ACTIVATE"
+private val DEACTIVATE_INTENT = "tech.httptoolkit.android.DEACTIVATE"
+
 class MainActivity : AppCompatActivity(), CoroutineScope by MainScope() {
 
     private val TAG = MainActivity::class.simpleName
@@ -137,38 +140,50 @@ class MainActivity : AppCompatActivity(), CoroutineScope by MainScope() {
     override fun onNewIntent(intent: Intent) {
         super.onNewIntent(intent)
 
-        if (intent.action != Intent.ACTION_VIEW) {
-            Log.w(TAG, "Unknown intent. Action ${intent.action}, data: ${intent.data}")
-            return
-        }
-
         app.trackEvent("Setup", "action-view")
 
-        if (app.lastProxy != null && isVpnConfigured()) {
-            Log.i(TAG, "Showing prompt for ACTION_VIEW intent")
-
-            // If we were started from an intent (e.g. another barcode scanner/link), and we
-            // had a proxy before (so no prompts required) then confirm before starting the VPN.
-            // Without this any QR code you scan could instantly MitM you.
-            MaterialAlertDialogBuilder(this)
-                .setTitle("Enable Interception")
-                .setIcon(R.drawable.ic_exclamation_triangle)
-                .setMessage(
-                    "Do you want to share all this device's HTTP traffic with HTTP Toolkit?" +
-                    "\n\n" +
-                    "Only accept this if you trust the source."
-                )
-                .setPositiveButton("Enable") { _, _ ->
-                    Log.i(TAG, "Prompt confirmed")
+        when (intent.action) {
+            // ACTION_VIEW means that somebody had the app installed, and scanned the barcode with
+            // a separate barcode app anyway (or opened the QR code URL in a browser)
+            Intent.ACTION_VIEW -> {
+                if (app.lastProxy != null && isVpnConfigured()) {
+                    Log.i(TAG, "Showing prompt for ACTION_VIEW intent")
+
+                    // If we were started from an intent (e.g. another barcode scanner/link), and we
+                    // had a proxy before (so no prompts required) then confirm before starting the VPN.
+                    // Without this any QR code you scan could instantly MitM you.
+                    MaterialAlertDialogBuilder(this)
+                        .setTitle("Enable Interception")
+                        .setIcon(R.drawable.ic_exclamation_triangle)
+                        .setMessage(
+                            "Do you want to share all this device's HTTP traffic with HTTP Toolkit?" +
+                                    "\n\n" +
+                                    "Only accept this if you trust the source."
+                        )
+                        .setPositiveButton("Enable") { _, _ ->
+                            Log.i(TAG, "Prompt confirmed")
+                            launch { connectToVpnFromUrl(intent.data!!) }
+                        }
+                        .setNegativeButton("Cancel") { _, _ ->
+                            Log.i(TAG, "Prompt cancelled")
+                        }
+                        .show()
+                } else {
+                    Log.i(TAG, "Launching from ACTION_VIEW intent")
                     launch { connectToVpnFromUrl(intent.data!!) }
                 }
-                .setNegativeButton("Cancel") { _, _ ->
-                    Log.i(TAG, "Prompt cancelled")
-                }
-                .show()
-        } else {
-            Log.i(TAG, "Launching from ACTION_VIEW intent")
-            launch { connectToVpnFromUrl(intent.data!!) }
+            }
+
+            // RPC setup API, used by ADB to enable/disable without prompts.
+            // Permission required, checked for via activity-alias in the manifest
+            ACTIVATE_INTENT -> {
+                launch { connectToVpnFromUrl(intent.data!!) }
+            }
+            DEACTIVATE_INTENT -> {
+                disconnect()
+            }
+
+            else -> Log.w(TAG, "Unknown intent. Action ${intent.action}, data: ${intent.data}")
         }
     }
 
