This repository has been archived by the owner on Dec 23, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathgecko-liberate.patch
95 lines (86 loc) · 4.63 KB
/
gecko-liberate.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
diff -r 0a6479ef0332 mobile/android/geckoview/build.gradle
--- a/mobile/android/geckoview/build.gradle Mon Nov 18 12:58:35 2024 +0000
+++ b/mobile/android/geckoview/build.gradle Tue Nov 19 09:11:18 2024 +0000
@@ -216,7 +216,7 @@
implementation ComponentsDependencies.androidx_collection
implementation ComponentsDependencies.androidx_core
- implementation ComponentsDependencies.play_services_fido
+ implementation "org.microg.gms:play-services-fido:0.3.4.240913"
implementation "org.yaml:snakeyaml:2.2"
implementation 'androidx.core:core:1.12.0'
diff -r 0a6479ef0332 mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebAuthnTokenManager.java
--- a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebAuthnTokenManager.java Mon Nov 18 12:58:35 2024 +0000
+++ b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebAuthnTokenManager.java Tue Nov 19 09:11:18 2024 +0000
@@ -193,27 +193,14 @@
final Task<PendingIntent> intentTask;
- if (BuildConfig.MOZILLA_OFFICIAL) {
- // Certain Fenix builds and signing keys are whitelisted for Web Authentication.
- // See https://wiki.mozilla.org/Security/Web_Authentication
- //
- // Third party apps will need to get whitelisted themselves.
- final Fido2PrivilegedApiClient fidoClient =
- Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
-
- intentTask = fidoClient.getRegisterPendingIntent(browserOptions);
- } else {
- // For non-official builds, websites have to opt-in to permit the
- // particular version of Gecko to perform WebAuthn operations on
- // them. See https://developers.google.com/digital-asset-links
- // for the general form, and Step 1 of
- // https://developers.google.com/identity/fido/android/native-apps
- // for details about doing this correctly for the FIDO2 API.
- final Fido2ApiClient fidoClient =
- Fido.getFido2ApiClient(GeckoAppShell.getApplicationContext());
-
- intentTask = fidoClient.getRegisterPendingIntent(requestOptions);
- }
+ // The privileged FIDO2 API normally is restricted to apps with package
+ // names and signatures that Google knows to be a browser. microG does not
+ // have such a list, instead it asks the user to confirm that the app doing
+ // the request is indeed a browser app (only for the first request from
+ // that app).
+ final Fido2PrivilegedApiClient fidoClient =
+ Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
+ intentTask = fidoClient.getRegisterPendingIntent(browserOptions);
intentTask.addOnSuccessListener(
pendingIntent -> {
@@ -411,19 +398,12 @@
.build();
final Task<PendingIntent> intentTask;
- // See the makeCredential method for documentation about this
- // conditional.
- if (BuildConfig.MOZILLA_OFFICIAL) {
- final Fido2PrivilegedApiClient fidoClient =
- Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
+ // See the makeCredential method for documentation about the FIDO2 API and
+ // microG.
+ final Fido2PrivilegedApiClient fidoClient =
+ Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
- intentTask = fidoClient.getSignPendingIntent(browserOptions);
- } else {
- final Fido2ApiClient fidoClient =
- Fido.getFido2ApiClient(GeckoAppShell.getApplicationContext());
-
- intentTask = fidoClient.getSignPendingIntent(requestOptions);
- }
+ intentTask = fidoClient.getSignPendingIntent(browserOptions);
intentTask.addOnSuccessListener(
pendingIntent -> {
@@ -557,15 +537,9 @@
@WrapForJNI(calledFrom = "gecko")
private static GeckoResult<Boolean> webAuthnIsUserVerifyingPlatformAuthenticatorAvailable() {
final Task<Boolean> task;
- if (BuildConfig.MOZILLA_OFFICIAL) {
- final Fido2PrivilegedApiClient fidoClient =
- Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
- task = fidoClient.isUserVerifyingPlatformAuthenticatorAvailable();
- } else {
- final Fido2ApiClient fidoClient =
- Fido.getFido2ApiClient(GeckoAppShell.getApplicationContext());
- task = fidoClient.isUserVerifyingPlatformAuthenticatorAvailable();
- }
+ final Fido2PrivilegedApiClient fidoClient =
+ Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
+ task = fidoClient.isUserVerifyingPlatformAuthenticatorAvailable();
final GeckoResult<Boolean> res = new GeckoResult<>();
task.addOnSuccessListener(