Ensure trust agents are only provided by platform packages
Prevents the TrustManagerService from binding to any non-platform
trust agents and updates the SampleTrustAgent to use the new
permission.
Bug: 15287044
Change-Id: I38c3deebd5ad359075e68f52d19417bab5ab43db
diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index 986cdc1..462b234 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -49,6 +49,7 @@
import android.service.trust.TrustAgentService;
import android.util.ArraySet;
import android.util.AttributeSet;
+import android.util.Log;
import android.util.Slog;
import android.util.SparseBooleanArray;
import android.util.Xml;
@@ -80,6 +81,7 @@
private static final Intent TRUST_AGENT_INTENT =
new Intent(TrustAgentService.SERVICE_INTERFACE);
+ private static final String PERMISSION_PROVIDE_AGENT = Manifest.permission.PROVIDE_TRUST_AGENT;
private static final int MSG_REGISTER_LISTENER = 1;
private static final int MSG_UNREGISTER_LISTENER = 2;
@@ -181,6 +183,15 @@
PackageManager.GET_META_DATA, userInfo.id);
for (ResolveInfo resolveInfo : resolveInfos) {
if (resolveInfo.serviceInfo == null) continue;
+
+ String packageName = resolveInfo.serviceInfo.packageName;
+ if (pm.checkPermission(PERMISSION_PROVIDE_AGENT, packageName)
+ != PackageManager.PERMISSION_GRANTED) {
+ Log.w(TAG, "Skipping agent because package " + packageName
+ + " does not have permission " + PERMISSION_PROVIDE_AGENT + ".");
+ continue;
+ }
+
ComponentName name = getComponentName(resolveInfo);
if (!enabledAgents.contains(name)) continue;