Ensure trust agents are only provided by platform packages
Prevents the TrustManagerService from binding to any non-platform
trust agents and updates the SampleTrustAgent to use the new
permission.
Bug: 15287044
Change-Id: I38c3deebd5ad359075e68f52d19417bab5ab43db
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 14141d7..e9d9b14 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2610,6 +2610,13 @@
android:label="@string/permlab_trust_listener"
android:description="@string/permdesc_trust_listener" />
+ <!-- Allows an application to provide a trust agent.
+ @hide For security reasons, this is a platform-only permission. -->
+ <permission android:name="android.permission.PROVIDE_TRUST_AGENT"
+ android:protectionLevel="signatureOrSystem"
+ android:label="@string/permlab_provide_trust_agent"
+ android:description="@string/permdesc_provide_trust_agent" />
+
<!-- Must be required by an {@link
android.service.trust.TrustAgentService},
to ensure that only the system can bind to it. -->