am b2302d43: Merge "Ensure trust agents are only provided by platform packages" into lmp-preview-dev
* commit 'b2302d437fd636d9973f466062cfad145cdd042d':
Ensure trust agents are only provided by platform packages
diff --git a/core/java/android/service/trust/TrustAgentService.java b/core/java/android/service/trust/TrustAgentService.java
index 98f70f40..a6cddae 100644
--- a/core/java/android/service/trust/TrustAgentService.java
+++ b/core/java/android/service/trust/TrustAgentService.java
@@ -33,6 +33,8 @@
* A service that notifies the system about whether it believes the environment of the device
* to be trusted.
*
+ * <p>Trust agents may only be provided by the platform.</p>
+ *
* <p>To extend this class, you must declare the service in your manifest file with
* the {@link android.Manifest.permission#BIND_TRUST_AGENT} permission
* and include an intent filter with the {@link #SERVICE_INTERFACE} action. For example:</p>
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index fe703b2..e785526 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2616,6 +2616,13 @@
android:label="@string/permlab_trust_listener"
android:description="@string/permdesc_trust_listener" />
+ <!-- Allows an application to provide a trust agent.
+ @hide For security reasons, this is a platform-only permission. -->
+ <permission android:name="android.permission.PROVIDE_TRUST_AGENT"
+ android:protectionLevel="signatureOrSystem"
+ android:label="@string/permlab_provide_trust_agent"
+ android:description="@string/permdesc_provide_trust_agent" />
+
<!-- Must be required by an {@link
android.service.trust.TrustAgentService},
to ensure that only the system can bind to it. -->
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index 9ff67b4..e7365fc 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -3779,6 +3779,11 @@
<!-- Description of an application permission that lets it listen to trust state changes. -->
<string name="permdesc_trust_listener">Allows an application to listen for changes in trust state.</string>
+ <!-- Title of an application permission that lets it provide a trust agent. -->
+ <string name="permlab_provide_trust_agent">Provide a trust agent.</string>
+ <!-- Description of an application permission that lets it provide a trust agent. -->
+ <string name="permdesc_provide_trust_agent">Allows an application to provide a trust agent.</string>
+
<!-- Title of an application permission that lets it bind to a trust agent service. -->
<string name="permlab_bind_trust_agent_service">Bind to a trust agent service</string>
<!-- Description of an application permission that lets it bind to a trust agent service. -->
diff --git a/packages/Keyguard/test/SampleTrustAgent/Android.mk b/packages/Keyguard/test/SampleTrustAgent/Android.mk
index 7551fdf..2a18ee1 100644
--- a/packages/Keyguard/test/SampleTrustAgent/Android.mk
+++ b/packages/Keyguard/test/SampleTrustAgent/Android.mk
@@ -20,9 +20,8 @@
LOCAL_PACKAGE_NAME := SampleTrustAgent
-# Remove these to verify permission checks are working correctly
-#LOCAL_CERTIFICATE := platform
-#LOCAL_PRIVILEGED_MODULE := true
+# Remove this to verify permission checks are working correctly
+LOCAL_CERTIFICATE := platform
LOCAL_MODULE_TAGS := tests
diff --git a/packages/Keyguard/test/SampleTrustAgent/AndroidManifest.xml b/packages/Keyguard/test/SampleTrustAgent/AndroidManifest.xml
index 7904927..f3125f1 100644
--- a/packages/Keyguard/test/SampleTrustAgent/AndroidManifest.xml
+++ b/packages/Keyguard/test/SampleTrustAgent/AndroidManifest.xml
@@ -18,6 +18,7 @@
package="com.android.trustagent.test">
<uses-sdk android:minSdkVersion="10" android:targetSdkVersion="17"/>
<uses-permission android:name="android.permission.CONTROL_KEYGUARD" />
+ <uses-permission android:name="android.permission.PROVIDE_TRUST_AGENT" />
<application android:label="@string/app_name">
<service
android:name=".SampleTrustAgent"
diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index 1629a614..32546df 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -50,6 +50,7 @@
import android.service.trust.TrustAgentService;
import android.util.ArraySet;
import android.util.AttributeSet;
+import android.util.Log;
import android.util.Slog;
import android.util.SparseBooleanArray;
import android.util.Xml;
@@ -81,6 +82,7 @@
private static final Intent TRUST_AGENT_INTENT =
new Intent(TrustAgentService.SERVICE_INTERFACE);
+ private static final String PERMISSION_PROVIDE_AGENT = Manifest.permission.PROVIDE_TRUST_AGENT;
private static final int MSG_REGISTER_LISTENER = 1;
private static final int MSG_UNREGISTER_LISTENER = 2;
@@ -182,6 +184,15 @@
PackageManager.GET_META_DATA, userInfo.id);
for (ResolveInfo resolveInfo : resolveInfos) {
if (resolveInfo.serviceInfo == null) continue;
+
+ String packageName = resolveInfo.serviceInfo.packageName;
+ if (pm.checkPermission(PERMISSION_PROVIDE_AGENT, packageName)
+ != PackageManager.PERMISSION_GRANTED) {
+ Log.w(TAG, "Skipping agent because package " + packageName
+ + " does not have permission " + PERMISSION_PROVIDE_AGENT + ".");
+ continue;
+ }
+
ComponentName name = getComponentName(resolveInfo);
if (!enabledAgents.contains(name)) continue;