gecko-liberate.patch raw

   1  diff --git a/mobile/android/geckoview/build.gradle b/mobile/android/geckoview/build.gradle
   2  index c47f4cfe6e47..b7b3d68701fc 100644
   3  --- a/mobile/android/geckoview/build.gradle
   4  +++ b/mobile/android/geckoview/build.gradle
   5  @@ -220,7 +220,7 @@ dependencies {
   6       implementation libs.androidx.core
   7       implementation libs.androidx.lifecycle.common
   8       implementation libs.androidx.lifecycle.process
   9  -    implementation libs.play.services.fido
  10  +    implementation "org.microg.gms:play-services-fido:0.3.13.250932"
  11       implementation "org.yaml:snakeyaml:2.2"
  12   
  13       if (mozconfig.substs.MOZ_ANDROID_HLS_SUPPORT) {
  14  diff --git a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebAuthnTokenManager.java b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebAuthnTokenManager.java
  15  index 2eea4c6af176..7cf1f3a3e1ff 100644
  16  --- a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebAuthnTokenManager.java
  17  +++ b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebAuthnTokenManager.java
  18  @@ -195,27 +195,14 @@ import org.mozilla.gecko.util.WebAuthnUtils;
  19   
  20         final Task<PendingIntent> intentTask;
  21   
  22  -      if (BuildConfig.MOZILLA_OFFICIAL) {
  23  -        // Certain Fenix builds and signing keys are whitelisted for Web Authentication.
  24  -        // See https://wiki.mozilla.org/Security/Web_Authentication
  25  -        //
  26  -        // Third party apps will need to get whitelisted themselves.
  27  -        final Fido2PrivilegedApiClient fidoClient =
  28  -            Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
  29  -
  30  -        intentTask = fidoClient.getRegisterPendingIntent(browserOptions);
  31  -      } else {
  32  -        // For non-official builds, websites have to opt-in to permit the
  33  -        // particular version of Gecko to perform WebAuthn operations on
  34  -        // them. See https://developers.google.com/digital-asset-links
  35  -        // for the general form, and Step 1 of
  36  -        // https://developers.google.com/identity/fido/android/native-apps
  37  -        // for details about doing this correctly for the FIDO2 API.
  38  -        final Fido2ApiClient fidoClient =
  39  -            Fido.getFido2ApiClient(GeckoAppShell.getApplicationContext());
  40  -
  41  -        intentTask = fidoClient.getRegisterPendingIntent(requestOptions);
  42  -      }
  43  +      // The privileged FIDO2 API normally is restricted to apps with package
  44  +      // names and signatures that Google knows to be a browser. microG does not
  45  +      // have such a list, instead it asks the user to confirm that the app doing
  46  +      // the request is indeed a browser app (only for the first request from
  47  +      // that app).
  48  +      final Fido2PrivilegedApiClient fidoClient =
  49  +          Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
  50  +      intentTask = fidoClient.getRegisterPendingIntent(browserOptions);
  51   
  52         intentTask.addOnSuccessListener(
  53             pendingIntent -> {
  54  @@ -428,19 +415,12 @@ import org.mozilla.gecko.util.WebAuthnUtils;
  55                 .build();
  56   
  57         final Task<PendingIntent> intentTask;
  58  -      // See the makeCredential method for documentation about this
  59  -      // conditional.
  60  -      if (BuildConfig.MOZILLA_OFFICIAL) {
  61  -        final Fido2PrivilegedApiClient fidoClient =
  62  -            Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
  63  -
  64  -        intentTask = fidoClient.getSignPendingIntent(browserOptions);
  65  -      } else {
  66  -        final Fido2ApiClient fidoClient =
  67  -            Fido.getFido2ApiClient(GeckoAppShell.getApplicationContext());
  68  +      // See the makeCredential method for documentation about the FIDO2 API and
  69  +      // microG.
  70  +      final Fido2PrivilegedApiClient fidoClient =
  71  +          Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
  72   
  73  -        intentTask = fidoClient.getSignPendingIntent(requestOptions);
  74  -      }
  75  +      intentTask = fidoClient.getSignPendingIntent(browserOptions);
  76   
  77         intentTask.addOnSuccessListener(
  78             pendingIntent -> {
  79  @@ -574,15 +554,9 @@ import org.mozilla.gecko.util.WebAuthnUtils;
  80     @WrapForJNI(calledFrom = "gecko")
  81     private static GeckoResult<Boolean> webAuthnIsUserVerifyingPlatformAuthenticatorAvailable() {
  82       final Task<Boolean> task;
  83  -    if (BuildConfig.MOZILLA_OFFICIAL) {
  84  -      final Fido2PrivilegedApiClient fidoClient =
  85  -          Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
  86  -      task = fidoClient.isUserVerifyingPlatformAuthenticatorAvailable();
  87  -    } else {
  88  -      final Fido2ApiClient fidoClient =
  89  -          Fido.getFido2ApiClient(GeckoAppShell.getApplicationContext());
  90  -      task = fidoClient.isUserVerifyingPlatformAuthenticatorAvailable();
  91  -    }
  92  +    final Fido2PrivilegedApiClient fidoClient =
  93  +        Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext());
  94  +    task = fidoClient.isUserVerifyingPlatformAuthenticatorAvailable();
  95   
  96       final GeckoResult<Boolean> res = new GeckoResult<>();
  97       task.addOnSuccessListener(
  98