diff options
| author | Janito Vaqueiro Ferreira Filho <janito@mullvad.net> | 2020-06-05 13:14:28 -0300 |
|---|---|---|
| committer | Janito Vaqueiro Ferreira Filho <janito@mullvad.net> | 2020-06-05 13:14:28 -0300 |
| commit | 9f24024e55c166f0b84cfadbb8f856baa2203193 (patch) | |
| tree | 1b21b6d7e42c535f662f757affebc4c3a0b61e5e | |
| parent | 284a08c528ac520c9e4dfef33254e7b511bf8679 (diff) | |
| parent | 4a7e5672c88e89aaa275900b0f087f8e407bf737 (diff) | |
| download | mullvadvpn-9f24024e55c166f0b84cfadbb8f856baa2203193.tar.xz mullvadvpn-9f24024e55c166f0b84cfadbb8f856baa2203193.zip | |
Merge branch 'secure-sensitive-screens'
6 files changed, 60 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 839a1a6542..7467fb9a91 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,6 +34,7 @@ Line wrap the file at 100 chars. Th - Make all screens scrollable to better handle small screens and split-screen mode. - Ignore touch events when another view is shown on top of the app in order to prevent tapjacking attacks. +- Prevent screens showing potentially sensitive data from being recorded. #### Linux - Send an ICMP reject message or TCP reset packet when blocking outgoing packets to prevent diff --git a/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/AccountFragment.kt b/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/AccountFragment.kt index eae581a243..20851572e9 100644 --- a/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/AccountFragment.kt +++ b/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/AccountFragment.kt @@ -15,6 +15,8 @@ import net.mullvad.mullvadvpn.ui.widget.UrlButton import org.joda.time.DateTime class AccountFragment : ServiceDependentFragment(OnNoService.GoBack) { + override val isSecureScreen = true + private val dateStyle = DateFormat.MEDIUM private val timeStyle = DateFormat.SHORT private val expiryFormatter = DateFormat.getDateTimeInstance(dateStyle, timeStyle) diff --git a/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/MainActivity.kt b/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/MainActivity.kt index 10e886f73e..c946b47e83 100644 --- a/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/MainActivity.kt +++ b/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/MainActivity.kt @@ -6,11 +6,14 @@ import android.content.Intent import android.os.Build import android.os.Bundle import android.os.IBinder +import android.support.v4.app.Fragment import android.support.v4.app.FragmentActivity import android.support.v4.app.FragmentManager +import android.view.WindowManager import kotlinx.coroutines.Dispatchers import kotlinx.coroutines.GlobalScope import kotlinx.coroutines.launch +import net.mullvad.mullvadvpn.BuildConfig import net.mullvad.mullvadvpn.R import net.mullvad.mullvadvpn.dataproxy.MullvadProblemReport import net.mullvad.mullvadvpn.service.MullvadVpnService @@ -27,6 +30,7 @@ class MainActivity : FragmentActivity() { private var service: MullvadVpnService.LocalBinder? = null private var serviceConnection: ServiceConnection? = null private var shouldConnect = false + private var visibleSecureScreens = HashSet<Fragment>() private val serviceConnectionManager = object : android.content.ServiceConnection { override fun onServiceConnected(className: ComponentName, binder: IBinder) { @@ -105,6 +109,26 @@ class MainActivity : FragmentActivity() { super.onDestroy() } + fun enterSecureScreen(screen: Fragment) { + synchronized(this) { + visibleSecureScreens.add(screen) + + if (!BuildConfig.DEBUG) { + window?.addFlags(WindowManager.LayoutParams.FLAG_SECURE) + } + } + } + + fun leaveSecureScreen(screen: Fragment) { + synchronized(this) { + visibleSecureScreens.remove(screen) + + if (!BuildConfig.DEBUG && visibleSecureScreens.isEmpty()) { + window?.clearFlags(WindowManager.LayoutParams.FLAG_SECURE) + } + } + } + fun openSettings() { supportFragmentManager?.beginTransaction()?.apply { setCustomAnimations( diff --git a/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/ProblemReportFragment.kt b/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/ProblemReportFragment.kt index 0cf2c61c84..69da3542c5 100644 --- a/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/ProblemReportFragment.kt +++ b/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/ProblemReportFragment.kt @@ -13,6 +13,7 @@ import android.widget.EditText import android.widget.ScrollView import android.widget.TextView import android.widget.ViewSwitcher +import kotlin.properties.Delegates.observable import kotlinx.coroutines.CompletableDeferred import net.mullvad.mullvadvpn.R import net.mullvad.mullvadvpn.dataproxy.MullvadProblemReport @@ -21,6 +22,17 @@ import net.mullvad.mullvadvpn.util.JobTracker class ProblemReportFragment : Fragment() { private val jobTracker = JobTracker() + private var showingEmail by observable(false) { _, oldValue, newValue -> + if (oldValue != newValue) { + if (newValue == true) { + parentActivity.enterSecureScreen(this) + } else { + parentActivity.leaveSecureScreen(this) + } + } + } + + private lateinit var parentActivity: MainActivity private lateinit var problemReport: MullvadProblemReport private lateinit var bodyContainer: ViewSwitcher @@ -46,7 +58,7 @@ class ProblemReportFragment : Fragment() { override fun onAttach(context: Context) { super.onAttach(context) - val parentActivity = context as MainActivity + parentActivity = context as MainActivity problemReport = parentActivity.problemReport problemReport.collect() @@ -118,6 +130,12 @@ class ProblemReportFragment : Fragment() { super.onDestroyView() } + override fun onDetach() { + showingEmail = false + + super.onDetach() + } + private suspend fun sendReport(shouldConfirmNoEmail: Boolean) { val userEmail = userEmailInput.text.trim().toString() @@ -194,6 +212,8 @@ class ProblemReportFragment : Fragment() { responseMessageLabel.visibility = View.VISIBLE responseEmailLabel.visibility = View.VISIBLE responseEmailLabel.text = userEmail + + showingEmail = true } sendStatusLabel.setText(R.string.sent) diff --git a/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/ServiceAwareFragment.kt b/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/ServiceAwareFragment.kt index 648215527c..4bbff22a59 100644 --- a/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/ServiceAwareFragment.kt +++ b/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/ServiceAwareFragment.kt @@ -7,6 +7,8 @@ import net.mullvad.mullvadvpn.util.JobTracker abstract class ServiceAwareFragment : Fragment() { val jobTracker = JobTracker() + open val isSecureScreen = false + lateinit var parentActivity: MainActivity private set @@ -18,6 +20,10 @@ abstract class ServiceAwareFragment : Fragment() { parentActivity = context as MainActivity + if (isSecureScreen) { + parentActivity.enterSecureScreen(this) + } + parentActivity.serviceNotifier.subscribe(this) { connection -> configureServiceConnection(connection) } @@ -32,6 +38,10 @@ abstract class ServiceAwareFragment : Fragment() { override fun onDetach() { parentActivity.serviceNotifier.unsubscribe(this) + if (isSecureScreen) { + parentActivity.leaveSecureScreen(this) + } + super.onDetach() } diff --git a/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/WireguardKeyFragment.kt b/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/WireguardKeyFragment.kt index 25537b76a5..787032eaab 100644 --- a/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/WireguardKeyFragment.kt +++ b/android/src/main/kotlin/net/mullvad/mullvadvpn/ui/WireguardKeyFragment.kt @@ -25,6 +25,8 @@ import org.joda.time.format.DateTimeFormat val RFC3339_FORMAT = DateTimeFormat.forPattern("YYYY-MM-dd HH:mm:ss.SSSSSSSSSS z") class WireguardKeyFragment : ServiceDependentFragment(OnNoService.GoToLaunchScreen) { + override val isSecureScreen = true + sealed class ActionState { class Idle(val verified: Boolean) : ActionState() class Generating(val replacing: Boolean) : ActionState() |