Upstream
/
bitwarden-mobile
mirror of https://github.com/bitwarden/mobile.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Honor user CA store when targeting Android Nougat SDK and later (#420) 

* Included network-security-config.xml file to honor user added CAs (see:
https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html)

* Added domain-config entry to only use system CAs connecting to bitwarden.com

* Deny all plaintext traffic from network_security_config


Ref: https://developer.android.com/training/articles/security-config#CleartextTrafficPermitted
This commit is contained in:
Farzad E 2018-12-02 05:56:16 -08:00 committed by Kyle Spearrin
parent 366578600b
commit e280f585cf
4 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Android/Android.csproj
View File

@ -1021,5 +1021,8 @@
<ItemGroup>
<AndroidResource Include="Resources\drawable-xxxhdpi\upload2.png" />
</ItemGroup>
<ItemGroup>
<AndroidResource Include="Resources\xml\network_security_config.xml" />
</ItemGroup>
<Import Project="$(MSBuildExtensionsPath)\Xamarin\Android\Xamarin.Android.CSharp.targets" />
</Project>

3
src/Android/Properties/AndroidManifest.xml
View File

@ -13,7 +13,8 @@
<uses-feature android:name="android.hardware.camera.autofocus" android:required="false" />
<application android:label="Bitwarden" android:theme="@style/BitwardenTheme" android:allowBackup="false"
android:icon="@mipmap/ic_launcher" android:roundIcon="@mipmap/ic_launcher_round">
android:icon="@mipmap/ic_launcher" android:roundIcon="@mipmap/ic_launcher_round"
android:networkSecurityConfig="@xml/network_security_config">
<provider
android:name="android.support.v4.content.FileProvider"
android:authorities="com.x8bit.bitwarden.fileprovider"

3
src/Android/Resources/Resource.Designer.cs generated
View File

@ -8565,6 +8565,9 @@ namespace Bit.Android
// aapt resource value: 0x7f080002
public const int filepaths = 2131230722;
// aapt resource value: 0x7f080003
public const int network_security_config = 2131230723;
static Xml()
{
global::Android.Runtime.ResourceIdManager.UpdateIdValues();

18
src/Android/Resources/xml/network_security_config.xml Normal file
View File

@ -0,0 +1,18 @@
<network-security-config>
<base-config cleartextTrafficPermitted="false">
<trust-anchors>
<!-- Trust pre-installed CAs -->
<certificates src="system" />
<!-- Additionally trust user added CAs -->
<certificates src="user" />
</trust-anchors>
</base-config>
<domain-config cleartextTrafficPermitted="false">
<domain includeSubdomains="true">bitwarden.com</domain>
<trust-anchors>
<!-- Only trust pre-installed CAs for
Bitwarden.com and all subdomains -->
<certificates src="system" />
</trust-anchors>
</domain-config>
</network-security-config>