Check permissions for unattended installer
This PR introduces the class ApkVerifier
which checks the permissions of the downloaded apk file against the expected permissions from the F-Droid listing (Apk
class).
- I removed
AndroidXMLDecompress
because everything which it has been used for can also be done withPackageManager.getPackageArchiveInfo()
, to the best of my knowledge. I even asked in at a similar project whyPackageManager.getPackageArchiveInfo()
may not be enough: https://github.com/jaredrummler/APKParser/issues/3 It turns out in our case it should do everything we need. - The code responsible for sanitizing the local apk file and making it world readable has also been moved into
ApkVerifier
for now. This can change in a later PR when I introduce the FileProvider for downloaded apks.
We still need to check the target sdk version (see TODO in ApkVerifier
). This depends on https://gitlab.com/fdroid/fdroidclient/merge_requests/323