config: make all generated files accessible to the user

Permissions mode 0600 was preventing even the user from accessing the configuration files. This makes the permissions more open. The private key files should nevertheless be protected from other apps by the permissions on the parent directory. Password protection for the private key is also recommended in general. GitHub: fixes #122
author: pacien 2024-01-20 00:20:12 +0100
committer: pacien 2024-01-20 00:20:12 +0100
commit: 94f3a07b20019a7d412bb1b5caa4f5ce153732a9 (patch)
tree: d27823422dad159b9a57c064b28ca64d1af1cf78
parent: b5fe5e49e0d3cc2b7c53af23b7a4e7d3c4491be1 (diff)
download: tincapp-94f3a07b20019a7d412bb1b5caa4f5ce153732a9.tar.gz
5 files changed, 60 insertions, 10 deletions
diff --git a/app/src/main/java/org/pacien/tincapp/activities/configure/tools/GenerateConfigToolDialogFragment.kt b/app/src/main/java/org/pacien/tincapp/activities/configure/tools/GenerateConfigToolDialogFragment.kt
index 96e39ba..c152d54 100644
--- a/app/src/main/java/org/pacien/tincapp/activities/configure/tools/GenerateConfigToolDialogFragment.kt
+++ b/app/src/main/java/org/pacien/tincapp/activities/configure/tools/GenerateConfigToolDialogFragment.kt
@@ -1,6 +1,6 @@
 /*
 * Tinc App, an Android binding and user interface for the tinc mesh VPN daemon
- * Copyright (C) 2017-2018 Pacien TRAN-GIRARD
+ * Copyright (C) 2017-2024 Pacien TRAN-GIRARD
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -23,6 +23,8 @@ import kotlinx.android.synthetic.main.configure_tools_dialog_network_generate.vi
 import org.pacien.tincapp.R
 import org.pacien.tincapp.commands.Tinc
 import org.pacien.tincapp.commands.TincApp
+import org.pacien.tincapp.context.AppPaths
+import org.pacien.tincapp.utils.makePublic
 /**
 * @author pacien
@@ -47,5 +49,6 @@ class GenerateConfigToolDialogFragment : ConfigurationToolDialogFragment() {
      .thenCompose { Tinc.init(netName, nodeName) }
      .thenCompose { TincApp.removeScripts(netName) }
      .thenCompose { TincApp.generateIfaceCfgTemplate(netName) }
-      .thenCompose { TincApp.setPassphrase(netName, newPassphrase = passphrase) })
+      .thenCompose { TincApp.setPassphrase(netName, newPassphrase = passphrase) }
+      .thenApply { AppPaths.confDir(netName).makePublic() })
 }
diff --git a/app/src/main/java/org/pacien/tincapp/activities/configure/tools/JoinNetworkToolDialogFragment.kt b/app/src/main/java/org/pacien/tincapp/activities/configure/tools/JoinNetworkToolDialogFragment.kt
index 25bdb15..f00b961 100644
--- a/app/src/main/java/org/pacien/tincapp/activities/configure/tools/JoinNetworkToolDialogFragment.kt
+++ b/app/src/main/java/org/pacien/tincapp/activities/configure/tools/JoinNetworkToolDialogFragment.kt
@@ -1,6 +1,6 @@
 /*
 * Tinc App, an Android binding and user interface for the tinc mesh VPN daemon
- * Copyright (C) 2017-2018 Pacien TRAN-GIRARD
+ * Copyright (C) 2017-2024 Pacien TRAN-GIRARD
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -27,7 +27,9 @@ import kotlinx.android.synthetic.main.configure_tools_dialog_network_join.view.*
 import org.pacien.tincapp.R
 import org.pacien.tincapp.commands.Tinc
 import org.pacien.tincapp.commands.TincApp
+import org.pacien.tincapp.context.AppPaths
 import org.pacien.tincapp.databinding.ConfigureToolsDialogNetworkJoinBinding
+import org.pacien.tincapp.utils.makePublic
 /**
 * @author pacien
@@ -78,5 +80,6 @@ class JoinNetworkToolDialogFragment : ConfigurationToolDialogFragment() {
        .thenCompose { TincApp.removeScripts(netName) }
        .thenCompose { TincApp.generateIfaceCfg(netName) }
        .thenCompose { TincApp.setPassphrase(netName, newPassphrase = passphrase) }
+        .thenApply { AppPaths.confDir(netName).makePublic() }
    )
 }
diff --git a/app/src/main/java/org/pacien/tincapp/utils/Files.kt b/app/src/main/java/org/pacien/tincapp/utils/Files.kt
new file mode 100644
index 0000000..95653b3
--- /dev/null
+++ b/app/src/main/java/org/pacien/tincapp/utils/Files.kt
@@ -0,0 +1,47 @@
+/*
+ * Tinc App, an Android binding and user interface for the tinc mesh VPN daemon
+ * Copyright (C) 2017-2024 Pacien TRAN-GIRARD
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package org.pacien.tincapp.utils
+import android.annotation.SuppressLint
+import java.io.File
+/**
+ * @author pacien
+ */
+fun File.makePrivate() {
+  this.setExecutable(this.isDirectory, false)
+  this.setReadable(true, true)
+  this.setWritable(true, true)
+  if (this.isDirectory)
+    for (file in this.listFiles()!!)
+      file.makePrivate()
+}
+@SuppressLint("SetWorldReadable", "SetWorldWritable")
+fun File.makePublic() {
+  this.setExecutable(this.isDirectory, false)
+  this.setReadable(true, false)
+  this.setWritable(true, false)
+  if (this.isDirectory)
+    for (file in this.listFiles()!!)
+      file.makePublic()
+}
+\ No newline at end of file
diff --git a/app/src/main/java/org/pacien/tincapp/utils/TincKeyring.kt b/app/src/main/java/org/pacien/tincapp/utils/TincKeyring.kt
index 7d534e6..e8d9ad6 100644
--- a/app/src/main/java/org/pacien/tincapp/utils/TincKeyring.kt
+++ b/app/src/main/java/org/pacien/tincapp/utils/TincKeyring.kt
@@ -1,6 +1,6 @@
 /*
 * Tinc App, an Android binding and user interface for the tinc mesh VPN daemon
- * Copyright (C) 2017-2020 Pacien TRAN-GIRARD
+ * Copyright (C) 2017-2024 Pacien TRAN-GIRARD
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -49,10 +49,4 @@ object TincKeyring {
    file.makePrivate()
    return file
  }
-  private fun File.makePrivate() {
-    this.setExecutable(false, false)
-    this.setReadable(true, true)
-    this.setWritable(true, true)
-  }
 }
diff --git a/changelog.md b/changelog.md
index dfc455b..8b17f91 100644
--- a/changelog.md
+++ b/changelog.md
@@ -3,6 +3,9 @@
 This file lists notable changes that have been made to the application on each release.
 Releases are tracked and referred to using git tags.
+## v0.39 -- (next release)
+- fix permissions for newly created or joined network host and key files
 ## v0.38 -- 2023-07-30
 - make configuration files and logs accessible in the user-accessible storage
  (in USB storage mode). The embedded FTP server has been removed
author	pacien	2024-01-20 00:20:12 +0100
committer	pacien	2024-01-20 00:20:12 +0100
commit	94f3a07b20019a7d412bb1b5caa4f5ce153732a9 (patch)
tree	d27823422dad159b9a57c064b28ca64d1af1cf78
parent	b5fe5e49e0d3cc2b7c53af23b7a4e7d3c4491be1 (diff)
download	tincapp-94f3a07b20019a7d412bb1b5caa4f5ce153732a9.tar.gz