Last active
June 25, 2022 21:47
-
-
Save ByteHamster/f488f9993eeb6679c2b5f0180615d518 to your computer and use it in GitHub Desktop.
ConscryptProviderInstaller Proof-Of-Concept
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * This class would be distributed as a small library to be included in apps. | |
| * The library does NOT need the (large) Conscrypt dependency. | |
| */ | |
| package de.danoeh.antennapod.core; | |
| import android.content.Context; | |
| import android.content.pm.PackageManager; | |
| import java.lang.reflect.InvocationTargetException; | |
| import java.lang.reflect.Method; | |
| public class ConscryptProviderInstaller { | |
| private static boolean installed = false; | |
| public static void installIfNeeded(Context context) { | |
| if (installed) { | |
| return; | |
| } | |
| try { | |
| Context targetContext = context.createPackageContext("com.bytehamster.providerinstaller", | |
| Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY); | |
| ClassLoader classLoader = targetContext.getClassLoader(); | |
| Class installClass = classLoader.loadClass("com.bytehamster.providerinstaller.ProviderInstallerImpl"); | |
| Method installMethod = installClass.getMethod("install", new Class[]{ }); | |
| installMethod.invoke(null); | |
| installed = true; | |
| } catch (PackageManager.NameNotFoundException | ClassNotFoundException | |
| | NoSuchMethodException | IllegalAccessException | InvocationTargetException e) { | |
| e.printStackTrace(); | |
| } | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * This class is located in another apk that needs to be installed separately. | |
| * Its code and Conscrypt library can be shared with other apps. | |
| * This apk (com.bytehamster.providerinstaller) needs the (large) Conscrypt dependency. | |
| */ | |
| package com.bytehamster.providerinstaller; | |
| import android.util.Log; | |
| import org.conscrypt.Conscrypt; | |
| import java.security.Security; | |
| public class ProviderInstallerImpl { | |
| private static final String TAG = "ProviderInstallerImpl"; | |
| public static void install() { | |
| Log.d(TAG, "Installing provider..."); | |
| Security.insertProviderAt(Conscrypt.newProvider(), 1); | |
| Log.d(TAG, "Provider installed successfully."); | |
| } | |
| } |
Hi all thanks for your efforts on the gist and discussions around it and the blog post. FWIW I decided to take the an easy approach for myself, which is creating a Conscrypt Provider, I'm going to be using it from another app of mine because I wanted to provide TLS 1.3 capabilities to old Android devices.
In theory anyone could call from their own app. I've included instructions on including it from another app including how to check for my signature or F-Droid's signature.
I've also submitted an app inclusion request on F-Droid.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I mean, the idea itself is nothing special. I just felt a bit left out from the conversation(s) around it. Also I was sad to have missed the congress, it sounds like it was fun. But I'm not sure I'd been able to attend anyway, I'm very busy right now. Speaking of which, sorry for replying so late. I didn't mean to be rude and keep you hanging for so long. If I was pedantic about being credited I would be more concerned about not being credited in the antennapod release notes.
And sure, I think we can agree that the client library (that part the normal apps use) should be able to fetch conscrypt from microG/GMS if it's available, and do it directly (oh, to clarify: when you wrote "(with the technique above)" I thought you suggested the part in ProviderInstallerImpl.java would fetch conscrypt from GMS/microG and then pass it along to the apps, which would have been weird... sorry for the confusion 😅).
But this still leaves the part I'm interested in; a way to distribute conscrypt without relying on GMS/microG. For short while I got hopeful: I got the impression the conscrypt prebuilt&signed files could be copied from GMS (this seems to be what microG is doing, the files are included prebuilt from GMS) and then sent directly to the apps (so they can verify the google signature and somehow link against them at runtime), but that might not be possible with google's version of java (plus I'd imagine every app having a copy would eat more memory). In any way I hope it's possible to avoid a hard-coded signature check of some random developer (for reasons I've previously tried to explain).
Edit: just to clarify why/what I meant by: "not being credited in the antennapod release notes". It's not related to this discussion, I've just been chasing a regression that appeared (for me) around the 2.0 release. It happens rarely, so I've been lazy and just slowly stepping backwards in versions using the apk:s on the github release page (instead of doing bisections and building it myself). I was worried that it might be one of my changes (especially the conscrypt bundling), but then I noticed none of my changes were mentioned in any of the release version details, which I found a bit odd. But I've been able to determine which build has/hasn't conscrypt bundled, based on the file size.