Useless enforcePrivacyPermission method

[Lekensteyn]

I have been comparing your patches and the one from http://forum.xda-developers.com/showthread.php?t=1554960 and found some differences, small for the most part.

But there is one weird addition I see in your patch, the addition of method enforcePrivacyPermission in frameworks/base/services/java/com/android/server/am/ActivityManagerService.java. That method is private, but never used in that class. Did you make a copy mistake there?

[gsbabil]

Hi Peter,
thanks for your email. Finally some breath of air :-). I just finished writing some papers I had to write and awaiting my (hopefully) last PhD review next week. I haven't gone back to the code since the last test. But to quickly answer your question:

• Framework is implemented slightly differently in JB than in ICS. If not mistaken, part of the old framework implementation is split over ActivityManagerService.java and BroadcastQueue.java in JB.
• The unused enforcePrivacyPermission() that you have pointed out is I believe from the original patch of svyat and pastime1971.
• If you check the new BroadcastQueue.java after applying my patch, You'll find another enforcePrivacyPermission() in BroadcastQueue.java which is the correct one.
• If you are building, could you please remove the unused enforcePrivacyPermission() from ActivityManagerService.java and do some tests. Once confirmed, I will update the patch on GitHub.

Thanks for pointing out. Cheers!

[Lekensteyn]

I am unable to build since I miss some proprietary files (renamed?). When I have time, I'll try to retrieve those from a cm-10 nightly zip (for i9300).

During my searches, I could not find the source for the PDroid APK. Is that one actually open? I think it is also safe to drop the certificate that is within the patch since it is only used for an APK. See my commit history at https://github.com/Lekensteyn/PDroid-AOSP-JellyBean

Note: I still need to start+finish a build, so until now it is quite theoretical what I did there. I did compare your patch against the one from pastime and found no differences other than some imports in the Telephony file.

[gsbabil]

• You should be able to build without any proprietary files for an emulator.
• Source for PDroid's front-end (APK source) is not open.
• I believe the the certificate is to verify and authenticate PDroid's front-end APK to let it control permission settings for other apps.

Therefore I'd say if the front-end was open, someone who's building could add his own certificate. Otherwise, as it is at the moment, dropping the key might make PDroid unusable all together (until there's an open front-end).

[Lekensteyn]

The certificate from the patch:

$ openssl x509 -in privacy.x509.pem -noout -text 
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 10906107848001710937 (0x975a474e023deb59)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=DE, ST=Some-State, O=Internet Widgits Pty Ltd, CN=Svyatoslav H
        Validity
            Not Before: Jul 14 21:25:26 2011 GMT
            Not After : Nov 28 21:25:26 2038 GMT
        Subject: C=DE, ST=Some-State, O=Internet Widgits Pty Ltd, CN=Svyatoslav H
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:db:8b:89:0b:ef:54:ea:35:18:b4:17:94:63:0d:
                    57:a3:3e:59:cd:d5:a8:85:b6:bb:af:5a:2b:af:a6:
                    97:0f:8d:8f:52:37:0e:96:69:37:c9:4b:7e:7a:c9
...

Internet Widgets Pty? This cannot be serious.

The PDroid APK is signed with a different key:

$ openssl pkcs7 -inform DER -in META-INF/CERT.RSA -noout -text -print_certs 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1505666751 (0x59bea6bf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=Germany, ST=None, L=None, O=None, OU=None, CN=Stefan
        Validity
            Not Before: Oct  6 12:42:17 2012 GMT
            Not After : Sep 30 12:42:17 2037 GMT
        Subject: C=Germany, ST=None, L=None, O=None, OU=None, CN=Stefan
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c6:6a:87:60:6f:f4:57:39:c5:2e:c6:3c:12:62:
                    75:95:34:ee:84:62:58:82:22:db:37:32:c3:99:49:
                    07:03:6e:98:ae:54:a3:5f:52:59:30:cb:42:6b:db:
                    56:6f:59:55:6d:0d:38:cb:e9:43:60:04:de:6e:53:
...

Using jd-gui, I could partially retrieve the source, but I was unable to find any references to the privacy.x509.pem. Again, I need to test that by installing the patch+APK.

[rant]Linux is so open, including its community. Why is the Android community so closed? "ROMS" and "mods" are often small modifications to binary blobs, without actually knowing what is happening. Given infrastructures like Github, it should not be difficult to publish opensource Android programs (hint, Pdroid, hint)[/rant]

[gsbabil]

• My hunch is - META-INF/CERT.RSA is less relevant here
• We should be looking for the private key for the corresponding public key in privacy.x509.pem as shown below.
• The certificate is most likely self-signed.
• 2048 bit impractical to brute-force with today's computing power.
• As long as the source for the front-end is closed, a DEX decompiler and sharp eyes are our best hope until we write one ourselves.

Actually Android itself is quite open. The reason behind binary-blob "mods" is - it's easy for the end-users. Most users can't be bothered or capable of building things themselves. For them, a textual patch file or a binary-blob means the same thing.

I don't know what svyat's ultimate plan around PDroid is, but I think what he did is quite impressive. Considering the source for the back-end (Android patch) is open, my eventual plan is to make an open front-end from scratch. I'll keep you posted if you are keen.

Public Key Algorithm: rsaEncryption
    Public-Key: (2048 bit)
    Modulus:
        00:db:8b:89:0b:ef:54:ea:35:18:b4:17:94:63:0d:
        57:a3:3e:59:cd:d5:a8:85:b6:bb:af:5a:2b:af:a6:
        97:0f:8d:8f:52:37:0e:96:69:37:c9:4b:7e:7a:c9:
        60:6b:a2:b5:3a:a9:96:ea:4b:49:79:be:5f:82:70:
        ca:e6:f7:81:76:81:b4:d9:6a:6b:07:69:4c:fb:a6:
        e1:8c:2f:1d:d1:fe:cd:ef:bd:84:83:f2:93:f0:ce:
        a8:72:2d:8f:a6:49:22:be:71:b8:6f:b6:12:4c:6b:
        81:49:2c:5c:87:2a:51:e3:ee:5d:70:9f:ca:9e:02:
        bd:9c:78:a5:45:e3:0e:52:8f:01:a5:f6:1c:12:1c:
        0e:bc:4c:c7:9b:f5:d5:8e:f3:b3:7b:f3:6a:7e:0f:
        d7:ea:53:72:37:dd:07:f4:89:e8:81:89:16:2b:10:
        11:d0:b4:3c:02:30:93:64:b4:d9:a6:1b:d1:b2:2b:
        2b:bc:3d:5b:36:8e:1b:c9:90:db:20:6b:f2:de:cb:
        ed:05:3f:04:60:28:0d:0c:82:72:9a:be:58:86:c5:
        24:fb:e9:29:7d:f2:98:a6:73:d8:7e:67:27:9d:c1:
        7c:36:cf:e9:64:d4:58:7e:aa:1b:83:05:66:93:80:
        82:65:0b:ec:8b:a9:af:93:01:8a:a2:99:47:54:61:
        2b:af
    Exponent: 65537 (0x10001)       

[Lekensteyn]

I forgot to say that the private key for that certificate is public too:
http://code.google.com/p/pdroid/source/browse/android-2.3.4_r1/trunk/build/target/product/security/privacy.pk8

$ openssl pkcs8 -in privacy.pk8 -inform DER -nocrypt -out privacy.key
$ openssl rsa -noout -text -in privacy.key
modulus:
    00:db:8b:89:0b:ef:54:ea:35:18:b4:17:94:63:0d:
    57:a3:3e:59:cd:d5:a8:85:b6:bb:af:5a:2b:af:a6:
    97:0f:8d:8f:52:37:0e:96:69:37:c9:4b:7e:7a:c9:
    60:6b:a2:b5:3a:a9:96:ea:4b:49:79:be:5f:82:70:
    ca:e6:f7:81:76:81:b4:d9:6a:6b:07:69:4c:fb:a6:
    e1:8c:2f:1d:d1:fe:cd:ef:bd:84:83:f2:93:f0:ce:
    a8:72:2d:8f:a6:49:22:be:71:b8:6f:b6:12:4c:6b:
    81:49:2c:5c:87:2a:51:e3:ee:5d:70:9f:ca:9e:02:
    bd:9c:78:a5:45:e3:0e:52:8f:01:a5:f6:1c:12:1c:
    0e:bc:4c:c7:9b:f5:d5:8e:f3:b3:7b:f3:6a:7e:0f:
    d7:ea:53:72:37:dd:07:f4:89:e8:81:89:16:2b:10:
    11:d0:b4:3c:02:30:93:64:b4:d9:a6:1b:d1:b2:2b:
    2b:bc:3d:5b:36:8e:1b:c9:90:db:20:6b:f2:de:cb:
    ed:05:3f:04:60:28:0d:0c:82:72:9a:be:58:86:c5:
    24:fb:e9:29:7d:f2:98:a6:73:d8:7e:67:27:9d:c1:
    7c:36:cf:e9:64:d4:58:7e:aa:1b:83:05:66:93:80:
    82:65:0b:ec:8b:a9:af:93:01:8a:a2:99:47:54:61:
    2b:af
publicExponent: 65537 (0x10001)
privateExponent:
    00:93:10:d4:9c:0f:15:85:d2:4d:9b:0e:14:93:89:
    b3:84:21:d7:4c:7f:ec:64:ad:f4:e9:d0:f0:64:b8:
...

The Android source code is indeed public and is for the most part well-documented. I do not mind a blob for the end-user, but then at least enclose the source code for others! Especially for an application like PDroid which controls such an important property.

svyat seems pretty busy and I don't know if there will be any news soon, but I agree too that he did something great.

I am surely interested when you make a open-source front-end :-) Maybe you can start to collaborate with CollegeDev (his English is not too great, but hopefully he codes better). He has created PDroid Extension which is based on PDroid patches with a custom GUI. (the iptables filter of that program is flawed though, it is easily bypassed because it operates at the wrong level)

I think that the patches can be cleaned up too, those // BEGIN privacy and // END privacy lines just add noise and just increase the chance of breaking when the upstream source gets updated (I encountered this when trying to fix your patch for CM10).

[gsbabil]

I forgot to say that the private key for that certificate is public too.

Now that's a bit confusing. I will take a peep at my earliest opportunity.

Thanks. I have looked at CollegeDev's work. It looks all good and could indeed be useful.

I think that the patches can be cleaned up too

I agree.

[wbedard]

Just came across this thread via Google. Make sure you take note of a new "challenger" to CollegeDev's PDroid front end. This one is fully open source and their lead contributor is very knowledgeable and community-friendly!

http://forum.xda-developers.com/showthread.php?t=1994860

[gsbabil]

Hi wbedard, thanks! I have looked at [1]. The open-source approach of the front-end is indeed very much appreciated. I will definitely keep an eye on it. I haven't gone back to upgrading my patch the latest version of Jelly Bean yet. I will give it a shot too. Cheers.

[1] http://forum.xda-developers.com/showthread.php?t=1994860