From da113638122dc1d9e8b3b621ca1c7740b3752d1c Mon Sep 17 00:00:00 2001 From: Adrian Roos Date: Wed, 4 Jun 2014 15:53:14 +0200 Subject: [PATCH] Ensure trust agents are only provided by platform packages Ensures that Settings only shows TrustAgentServices from platform packages. Bug: 15287044 Change-Id: I62c131d99c7266f8617ec32a50a4f5549a07b4b7 --- .../settings/AdvancedSecuritySettings.java | 1 + src/com/android/settings/SecuritySettings.java | 1 + src/com/android/settings/TrustAgentUtils.java | 18 ++++++++++++++++++ 3 files changed, 20 insertions(+) diff --git a/src/com/android/settings/AdvancedSecuritySettings.java b/src/com/android/settings/AdvancedSecuritySettings.java index c497ac44e11..2a8c623e83e 100644 --- a/src/com/android/settings/AdvancedSecuritySettings.java +++ b/src/com/android/settings/AdvancedSecuritySettings.java @@ -109,6 +109,7 @@ public class AdvancedSecuritySettings extends ListFragment implements View.OnCli for (ResolveInfo resolveInfo : resolveInfos) { if (resolveInfo.serviceInfo == null) continue; + if (!TrustAgentUtils.checkProvidePermission(resolveInfo, pm)) continue; ComponentName name = TrustAgentUtils.getComponentName(resolveInfo); if (!mAvailableAgents.containsKey(name)) { AgentInfo agentInfo = new AgentInfo(); diff --git a/src/com/android/settings/SecuritySettings.java b/src/com/android/settings/SecuritySettings.java index ab03853711a..b35a362d8c8 100644 --- a/src/com/android/settings/SecuritySettings.java +++ b/src/com/android/settings/SecuritySettings.java @@ -317,6 +317,7 @@ public class SecuritySettings extends RestrictedSettingsFragment PackageManager.GET_META_DATA); for (ResolveInfo resolveInfo : resolveInfos) { if (resolveInfo.serviceInfo == null) continue; + if (!TrustAgentUtils.checkProvidePermission(resolveInfo, pm)) continue; TrustAgentUtils.TrustAgentComponentInfo trustAgentComponentInfo = TrustAgentUtils.getSettingsComponent(pm, resolveInfo); if (trustAgentComponentInfo.componentName == null || diff --git a/src/com/android/settings/TrustAgentUtils.java b/src/com/android/settings/TrustAgentUtils.java index 64829a20074..f1713abfe6b 100644 --- a/src/com/android/settings/TrustAgentUtils.java +++ b/src/com/android/settings/TrustAgentUtils.java @@ -16,6 +16,8 @@ package com.android.settings; +import com.android.internal.Manifest; + import android.content.ComponentName; import android.content.pm.PackageManager; import android.content.pm.ResolveInfo; @@ -24,6 +26,7 @@ import android.content.res.TypedArray; import android.content.res.XmlResourceParser; import android.service.trust.TrustAgentService; import android.util.AttributeSet; +import android.util.Log; import android.util.Slog; import android.util.Xml; @@ -36,6 +39,21 @@ public class TrustAgentUtils { static final String TAG = "TrustAgentUtils"; private static final String TRUST_AGENT_META_DATA = TrustAgentService.TRUST_AGENT_META_DATA; + private static final String PERMISSION_PROVIDE_AGENT = Manifest.permission.PROVIDE_TRUST_AGENT; + + /** + * @return true, if the service in resolveInfo has the permission to provide a trust agent. + */ + public static boolean checkProvidePermission(ResolveInfo resolveInfo, PackageManager pm) { + String packageName = resolveInfo.serviceInfo.packageName; + if (pm.checkPermission(PERMISSION_PROVIDE_AGENT, packageName) + != PackageManager.PERMISSION_GRANTED) { + Log.w(TAG, "Skipping agent because package " + packageName + + " does not have permission " + PERMISSION_PROVIDE_AGENT + "."); + return false; + } + return true; + } public static class TrustAgentComponentInfo { ComponentName componentName;