Implement privileged app management for FIDO2

Introduces the ability to trust privileged applications for FIDO2 operations.

If a calling application is acting as a privileged application but is not yet trusted, the user will be given the option to trust the app and continue the operation, or to cancel the operation without trusting the application. If the application is trusted, subsequent requests from the application will be treated as a trusted application without user interaction.

Author: SaintPatrck

app/src/main/assets/fido2_privileged_community.json

@@ -12,7 +12,6 @@
         ]
       }
     },
-
     {
       "type": "android",
       "info": {
@@ -25,7 +24,6 @@
         ]
       }
     },
-
     {
       "type": "android",
       "info": {

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/datasource/disk/Fido2PrivilegedAppDiskSource.kt

@@ -0,0 +1,36 @@
+package com.x8bit.bitwarden.data.autofill.fido2.datasource.disk
+
+import com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.entity.Fido2PrivilegedAppInfoEntity
+import kotlinx.coroutines.flow.Flow
+
+/**
+ * Primary access point for disk information related to privileged apps trusted for FIDO2
+ * operations.
+ */
+interface Fido2PrivilegedAppDiskSource {
+
+    /**
+     * Flow of the user's trusted privileged apps.
+     */
+    val userTrustedPrivilegedAppsFlow: Flow<List<Fido2PrivilegedAppInfoEntity>>
+
+    /**
+     * Retrieves all the user's trusted privileged apps.
+     */
+    suspend fun getAllUserTrustedPrivilegedApps(): List<Fido2PrivilegedAppInfoEntity>
+
+    /**
+     * Adds a privileged app to the user's trusted list.
+     */
+    suspend fun addTrustedPrivilegedApp(packageName: String, signature: String)
+
+    /**
+     * Removes a privileged app from the user's trusted list.
+     */
+    suspend fun removeTrustedPrivilegedApp(packageName: String, signature: String)
+
+    /**
+     * Checks if a privileged app is trusted.
+     */
+    suspend fun isPrivilegedAppTrustedByUser(packageName: String, signature: String): Boolean
+}

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/datasource/disk/Fido2PrivilegedAppDiskSourceImpl.kt

@@ -0,0 +1,52 @@
+package com.x8bit.bitwarden.data.autofill.fido2.datasource.disk
+
+import android.content.SharedPreferences
+import com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.dao.Fido2PrivilegedAppInfoDao
+import com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.entity.Fido2PrivilegedAppInfoEntity
+import com.x8bit.bitwarden.data.platform.datasource.disk.BaseDiskSource
+import kotlinx.coroutines.flow.Flow
+
+/**
+ * Implementation of the [Fido2PrivilegedAppDiskSource] interface.
+ */
+class Fido2PrivilegedAppDiskSourceImpl(
+    private val privilegedAppDao: Fido2PrivilegedAppInfoDao,
+    sharedPreferences: SharedPreferences,
+) : Fido2PrivilegedAppDiskSource, BaseDiskSource(sharedPreferences = sharedPreferences) {
+
+    override val userTrustedPrivilegedAppsFlow: Flow<List<Fido2PrivilegedAppInfoEntity>> =
+        privilegedAppDao.getUserTrustedPrivilegedAppsFlow()
+
+    override suspend fun getAllUserTrustedPrivilegedApps(): List<Fido2PrivilegedAppInfoEntity> {
+        return privilegedAppDao.getAllUserTrustedPrivilegedApps()
+    }
+
+    override suspend fun isPrivilegedAppTrustedByUser(
+        packageName: String,
+        signature: String,
+    ): Boolean = privilegedAppDao
+        .getAllUserTrustedPrivilegedApps()
+        .any { it.packageName == packageName && it.signature == signature }
+
+    override suspend fun addTrustedPrivilegedApp(
+        packageName: String,
+        signature: String,
+    ) {
+        privilegedAppDao.addTrustedPrivilegedApp(
+            appInfo = Fido2PrivilegedAppInfoEntity(
+                packageName = packageName,
+                signature = signature,
+            ),
+        )
+    }
+
+    override suspend fun removeTrustedPrivilegedApp(
+        packageName: String,
+        signature: String,
+    ) {
+        privilegedAppDao.removeTrustedPrivilegedApp(
+            packageName = packageName,
+            signature = signature,
+        )
+    }
+}

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/datasource/disk/dao/Fido2PrivilegedAppInfoDao.kt

@@ -0,0 +1,40 @@
+package com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.dao
+
+import androidx.room.Dao
+import androidx.room.Insert
+import androidx.room.OnConflictStrategy
+import androidx.room.Query
+import com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.entity.Fido2PrivilegedAppInfoEntity
+import kotlinx.coroutines.flow.Flow
+
+/**
+ * Data Access Object (DAO) for trusted privileged apps.
+ */
+@Dao
+interface Fido2PrivilegedAppInfoDao {
+
+    /**
+     * A flow of all the trusted privileged apps.
+     */
+    @Query("SELECT * FROM fido2_privileged_apps")
+    fun getUserTrustedPrivilegedAppsFlow(): Flow<List<Fido2PrivilegedAppInfoEntity>>
+
+    /**
+     * Retrieves all the trusted privileged apps.
+     */
+    @Query("SELECT * FROM fido2_privileged_apps")
+    suspend fun getAllUserTrustedPrivilegedApps(): List<Fido2PrivilegedAppInfoEntity>
+
+    /**
+     * Adds a trusted privileged app.
+     */
+    @Insert(onConflict = OnConflictStrategy.REPLACE)
+    suspend fun addTrustedPrivilegedApp(appInfo: Fido2PrivilegedAppInfoEntity)
+
+    /**
+     * Removes a trusted privileged app.
+     */
+    @Suppress("MaxLineLength")
+    @Query("DELETE FROM fido2_privileged_apps WHERE package_name = :packageName AND signature = :signature")
+    suspend fun removeTrustedPrivilegedApp(packageName: String, signature: String)
+}

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/datasource/disk/database/Fido2PrivilegedAppDatabase.kt

@@ -0,0 +1,22 @@
+package com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.database
+
+import androidx.room.Database
+import androidx.room.RoomDatabase
+import com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.dao.Fido2PrivilegedAppInfoDao
+import com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.entity.Fido2PrivilegedAppInfoEntity
+
+/**
+ * Room database for storing trusted FIDO2 privileged apps.
+ */
+@Database(
+    entities = [
+        Fido2PrivilegedAppInfoEntity::class,
+    ],
+    version = 1,
+)
+abstract class Fido2PrivilegedAppDatabase : RoomDatabase() {
+    /**
+     * Provides the DAO for accessing trusted FIDO2 privileged apps.
+     */
+    abstract fun fido2PrivilegedAppInfoDao(): Fido2PrivilegedAppInfoDao
+}

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/datasource/disk/di/Fido2DiskModule.kt

@@ -0,0 +1,54 @@
+package com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.di
+
+import android.app.Application
+import android.content.SharedPreferences
+import androidx.room.Room
+import com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.Fido2PrivilegedAppDiskSource
+import com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.Fido2PrivilegedAppDiskSourceImpl
+import com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.dao.Fido2PrivilegedAppInfoDao
+import com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.database.Fido2PrivilegedAppDatabase
+import com.x8bit.bitwarden.data.platform.datasource.di.UnencryptedPreferences
+import dagger.Module
+import dagger.Provides
+import dagger.hilt.InstallIn
+import dagger.hilt.components.SingletonComponent
+import javax.inject.Singleton
+
+/**
+ * Provides persistence-related dependencies in the FIDO2 package.
+ */
+@Module
+@InstallIn(SingletonComponent::class)
+object Fido2DiskModule {
+
+    @Provides
+    @Singleton
+    fun provideFido2PrivilegedAppDatabase(
+        app: Application,
+    ): Fido2PrivilegedAppDatabase =
+        Room
+            .databaseBuilder(
+                context = app,
+                klass = Fido2PrivilegedAppDatabase::class.java,
+                name = "fido2_privileged_apps_database",
+            )
+            .fallbackToDestructiveMigration()
+            .build()
+
+    @Provides
+    @Singleton
+    fun provideFido2PrivilegedAppDao(
+        database: Fido2PrivilegedAppDatabase,
+    ): Fido2PrivilegedAppInfoDao = database.fido2PrivilegedAppInfoDao()
+
+    @Provides
+    @Singleton
+    fun provideFido2PrivilegedAppDiskSource(
+        fido2PrivilegedAppDao: Fido2PrivilegedAppInfoDao,
+        @UnencryptedPreferences sharedPreferences: SharedPreferences,
+    ): Fido2PrivilegedAppDiskSource =
+        Fido2PrivilegedAppDiskSourceImpl(
+            privilegedAppDao = fido2PrivilegedAppDao,
+            sharedPreferences = sharedPreferences,
+        )
+}

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/datasource/disk/entity/Fido2PrivilegedAppInfoEntity.kt

@@ -0,0 +1,19 @@
+package com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.entity
+
+import androidx.room.ColumnInfo
+import androidx.room.Entity
+
+/**
+ * Entity representing a trusted privileged app in the database.
+ */
+@Entity(
+    tableName = "fido2_privileged_apps",
+    primaryKeys = ["package_name", "signature"],
+)
+data class Fido2PrivilegedAppInfoEntity(
+    @ColumnInfo(name = "package_name")
+    val packageName: String,
+
+    @ColumnInfo(name = "signature")
+    val signature: String,
+)

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/di/Fido2ProviderModule.kt

@@ -5,13 +5,16 @@ import android.os.Build
 import androidx.annotation.RequiresApi
 import com.bitwarden.sdk.Fido2CredentialStore
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
+import com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.Fido2PrivilegedAppDiskSource
 import com.x8bit.bitwarden.data.autofill.fido2.datasource.network.service.DigitalAssetLinkService
 import com.x8bit.bitwarden.data.autofill.fido2.manager.Fido2CredentialManager
 import com.x8bit.bitwarden.data.autofill.fido2.manager.Fido2CredentialManagerImpl
 import com.x8bit.bitwarden.data.autofill.fido2.manager.Fido2OriginManager
 import com.x8bit.bitwarden.data.autofill.fido2.manager.Fido2OriginManagerImpl
 import com.x8bit.bitwarden.data.autofill.fido2.processor.Fido2ProviderProcessor
 import com.x8bit.bitwarden.data.autofill.fido2.processor.Fido2ProviderProcessorImpl
+import com.x8bit.bitwarden.data.autofill.fido2.repository.PrivilegedAppRepository
+import com.x8bit.bitwarden.data.autofill.fido2.repository.PrivilegedAppRepositoryImpl
 import com.x8bit.bitwarden.data.platform.manager.AssetManager
 import com.x8bit.bitwarden.data.platform.manager.BiometricsEncryptionManager
 import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
@@ -69,12 +72,27 @@ object Fido2ProviderModule {
         vaultSdkSource: VaultSdkSource,
         fido2CredentialStore: Fido2CredentialStore,
         fido2OriginManager: Fido2OriginManager,
+        intentManager: IntentManager,
         json: Json,
+        @ApplicationContext context: Context,
     ): Fido2CredentialManager =
         Fido2CredentialManagerImpl(
             vaultSdkSource = vaultSdkSource,
             fido2CredentialStore = fido2CredentialStore,
             fido2OriginManager = fido2OriginManager,
+            intentManager = intentManager,
+            context = context,
+            json = json,
+        )
+
+    @Provides
+    @Singleton
+    fun provideFido2PrivilegedAppRepository(
+        fido2PrivilegedAppDiskSource: Fido2PrivilegedAppDiskSource,
+        json: Json,
+    ): PrivilegedAppRepository =
+        PrivilegedAppRepositoryImpl(
+            fido2PrivilegedAppDiskSource = fido2PrivilegedAppDiskSource,
             json = json,
         )
 
@@ -83,9 +101,11 @@ object Fido2ProviderModule {
     fun provideFido2OriginManager(
         assetManager: AssetManager,
         digitalAssetLinkService: DigitalAssetLinkService,
+        privilegedAppRepository: PrivilegedAppRepository,
     ): Fido2OriginManager =
         Fido2OriginManagerImpl(
             assetManager = assetManager,
             digitalAssetLinkService = digitalAssetLinkService,
+            privilegedAppRepository = privilegedAppRepository,
         )
 }

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/manager/Fido2CredentialManager.kt

@@ -1,9 +1,12 @@
 package com.x8bit.bitwarden.data.autofill.fido2.manager
 
+import com.bitwarden.fido.Fido2CredentialAutofillView
 import com.bitwarden.vault.CipherView
 import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2CreateCredentialRequest
 import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2CredentialAssertionRequest
 import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2CredentialAssertionResult
+import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2GetCredentialsRequest
+import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2GetCredentialsResult
 import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2RegisterCredentialResult
 import com.x8bit.bitwarden.data.autofill.fido2.model.PasskeyAssertionOptions
 import com.x8bit.bitwarden.data.autofill.fido2.model.PasskeyAttestationOptions
@@ -47,6 +50,14 @@ interface Fido2CredentialManager {
         selectedCipherView: CipherView,
     ): Fido2RegisterCredentialResult
 
+    /**
+     * Retrieve FIDO 2 credentials for a given relying party.
+     */
+    fun getCredentialsForRelyingParty(
+        request: Fido2GetCredentialsRequest,
+        autofillViews: List<Fido2CredentialAutofillView>,
+    ): Fido2GetCredentialsResult
+
     /**
      * Authenticate a FIDO credential against a cipher in the users vault.
      */