forked from Divested-Mobile/Mull-Fenix
-
Notifications
You must be signed in to change notification settings - Fork 0
/
gecko-liberate.patch
95 lines (84 loc) · 4.62 KB
/
gecko-liberate.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
diff -r d80eefe94738 mobile/android/geckoview/build.gradle
--- a/mobile/android/geckoview/build.gradle Tue Nov 28 21:01:37 2023 +0000
+++ b/mobile/android/geckoview/build.gradle Fri Dec 15 11:32:38 2023 +0300
@@ -222,7 +222,7 @@
implementation "androidx.annotation:annotation:1.6.0"
implementation "androidx.legacy:legacy-support-v4:1.0.0"
- implementation "com.google.android.gms:play-services-fido:20.0.1"
+ implementation "org.microg.gms:play-services-fido:0.3.2.240913"
implementation "org.yaml:snakeyaml:2.2"
implementation "androidx.lifecycle:lifecycle-common:2.6.1"
diff -r d80eefe94738 mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebAuthnTokenManager.java
--- a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebAuthnTokenManager.java Tue Nov 28 21:01:37 2023 +0000
+++ b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebAuthnTokenManager.java Fri Dec 15 11:32:38 2023 +0300
@@ -260,27 +260,15 @@
final Task<PendingIntent> intentTask;
- if (BuildConfig.MOZILLA_OFFICIAL) {
- // Certain Fenix builds and signing keys are whitelisted for Web Authentication.
- // See https://wiki.mozilla.org/Security/Web_Authentication
- //
- // Third party apps will need to get whitelisted themselves.
- final Fido2PrivilegedApiClient fidoClient =
- Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
+ // The privileged FIDO2 API normally is restricted to apps with package
+ // names and signatures that Google knows to be a browser. microG does not
+ // have such a list, instead it asks the user to confirm that the app doing
+ // the request is indeed a browser app (only for the first request from
+ // that app).
+ final Fido2PrivilegedApiClient fidoClient =
+ Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
- intentTask = fidoClient.getRegisterPendingIntent(browserOptions);
- } else {
- // For non-official builds, websites have to opt-in to permit the
- // particular version of Gecko to perform WebAuthn operations on
- // them. See https://developers.google.com/digital-asset-links
- // for the general form, and Step 1 of
- // https://developers.google.com/identity/fido/android/native-apps
- // for details about doing this correctly for the FIDO2 API.
- final Fido2ApiClient fidoClient =
- Fido.getFido2ApiClient(GeckoAppShell.getApplicationContext());
-
- intentTask = fidoClient.getRegisterPendingIntent(requestOptions);
- }
+ intentTask = fidoClient.getRegisterPendingIntent(browserOptions);
final GeckoResult<MakeCredentialResponse> result = new GeckoResult<>();
@@ -464,19 +452,12 @@
.build();
final Task<PendingIntent> intentTask;
- // See the makeCredential method for documentation about this
- // conditional.
- if (BuildConfig.MOZILLA_OFFICIAL) {
- final Fido2PrivilegedApiClient fidoClient =
- Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
+ // See the makeCredential method for documentation about the FIDO2 API and
+ // microG.
+ final Fido2PrivilegedApiClient fidoClient =
+ Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
- intentTask = fidoClient.getSignPendingIntent(browserOptions);
- } else {
- final Fido2ApiClient fidoClient =
- Fido.getFido2ApiClient(GeckoAppShell.getApplicationContext());
-
- intentTask = fidoClient.getSignPendingIntent(requestOptions);
- }
+ intentTask = fidoClient.getSignPendingIntent(browserOptions);
final GeckoResult<GetAssertionResponse> result = new GeckoResult<>();
intentTask.addOnSuccessListener(
@@ -573,15 +554,9 @@
@WrapForJNI(calledFrom = "gecko")
private static GeckoResult<Boolean> webAuthnIsUserVerifyingPlatformAuthenticatorAvailable() {
final Task<Boolean> task;
- if (BuildConfig.MOZILLA_OFFICIAL) {
- final Fido2PrivilegedApiClient fidoClient =
- Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
- task = fidoClient.isUserVerifyingPlatformAuthenticatorAvailable();
- } else {
- final Fido2ApiClient fidoClient =
- Fido.getFido2ApiClient(GeckoAppShell.getApplicationContext());
- task = fidoClient.isUserVerifyingPlatformAuthenticatorAvailable();
- }
+ final Fido2PrivilegedApiClient fidoClient =
+ Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
+ task = fidoClient.isUserVerifyingPlatformAuthenticatorAvailable();
final GeckoResult<Boolean> res = new GeckoResult<>();
task.addOnSuccessListener(