diff options
author | Adrian Roos <roosa@google.com> | 2014-05-28 14:53:06 +0200 |
---|---|---|
committer | Adrian Roos <roosa@google.com> | 2014-06-03 15:49:19 +0200 |
commit | 18ea893a2319e2a192188d2288bb881149c9b06e (patch) | |
tree | 0cb7c43ad9a7a6c28873697f1f133f985d74adaa | |
parent | becab9a7dbbfd5395e6889e7d73dd08c3406bf1a (diff) | |
download | frameworks_base-18ea893a2319e2a192188d2288bb881149c9b06e.zip frameworks_base-18ea893a2319e2a192188d2288bb881149c9b06e.tar.gz frameworks_base-18ea893a2319e2a192188d2288bb881149c9b06e.tar.bz2 |
Ensure trust agents are only provided by platform packages
Prevents the TrustManagerService from binding to any non-platform
trust agents and updates the SampleTrustAgent to use the new
permission.
Bug: 15287044
Change-Id: I38c3deebd5ad359075e68f52d19417bab5ab43db
6 files changed, 28 insertions, 3 deletions
diff --git a/core/java/android/service/trust/TrustAgentService.java b/core/java/android/service/trust/TrustAgentService.java index 98f70f4..a6cddae 100644 --- a/core/java/android/service/trust/TrustAgentService.java +++ b/core/java/android/service/trust/TrustAgentService.java @@ -33,6 +33,8 @@ import android.util.Slog; * A service that notifies the system about whether it believes the environment of the device * to be trusted. * + * <p>Trust agents may only be provided by the platform.</p> + * * <p>To extend this class, you must declare the service in your manifest file with * the {@link android.Manifest.permission#BIND_TRUST_AGENT} permission * and include an intent filter with the {@link #SERVICE_INTERFACE} action. For example:</p> diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 14141d7..e9d9b14 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -2610,6 +2610,13 @@ android:label="@string/permlab_trust_listener" android:description="@string/permdesc_trust_listener" /> + <!-- Allows an application to provide a trust agent. + @hide For security reasons, this is a platform-only permission. --> + <permission android:name="android.permission.PROVIDE_TRUST_AGENT" + android:protectionLevel="signatureOrSystem" + android:label="@string/permlab_provide_trust_agent" + android:description="@string/permdesc_provide_trust_agent" /> + <!-- Must be required by an {@link android.service.trust.TrustAgentService}, to ensure that only the system can bind to it. --> diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml index 8286ef9..989f7b5 100644 --- a/core/res/res/values/strings.xml +++ b/core/res/res/values/strings.xml @@ -3777,6 +3777,11 @@ <!-- Description of an application permission that lets it listen to trust state changes. --> <string name="permdesc_trust_listener">Allows an application to listen for changes in trust state.</string> + <!-- Title of an application permission that lets it provide a trust agent. --> + <string name="permlab_provide_trust_agent">Provide a trust agent.</string> + <!-- Description of an application permission that lets it provide a trust agent. --> + <string name="permdesc_provide_trust_agent">Allows an application to provide a trust agent.</string> + <!-- Title of an application permission that lets it bind to a trust agent service. --> <string name="permlab_bind_trust_agent_service">Bind to a trust agent service</string> <!-- Description of an application permission that lets it bind to a trust agent service. --> diff --git a/packages/Keyguard/test/SampleTrustAgent/Android.mk b/packages/Keyguard/test/SampleTrustAgent/Android.mk index 7551fdf..2a18ee1 100644 --- a/packages/Keyguard/test/SampleTrustAgent/Android.mk +++ b/packages/Keyguard/test/SampleTrustAgent/Android.mk @@ -20,9 +20,8 @@ LOCAL_SRC_FILES := $(call all-java-files-under, src) LOCAL_PACKAGE_NAME := SampleTrustAgent -# Remove these to verify permission checks are working correctly -#LOCAL_CERTIFICATE := platform -#LOCAL_PRIVILEGED_MODULE := true +# Remove this to verify permission checks are working correctly +LOCAL_CERTIFICATE := platform LOCAL_MODULE_TAGS := tests diff --git a/packages/Keyguard/test/SampleTrustAgent/AndroidManifest.xml b/packages/Keyguard/test/SampleTrustAgent/AndroidManifest.xml index 7904927..f3125f1 100644 --- a/packages/Keyguard/test/SampleTrustAgent/AndroidManifest.xml +++ b/packages/Keyguard/test/SampleTrustAgent/AndroidManifest.xml @@ -18,6 +18,7 @@ package="com.android.trustagent.test"> <uses-sdk android:minSdkVersion="10" android:targetSdkVersion="17"/> <uses-permission android:name="android.permission.CONTROL_KEYGUARD" /> + <uses-permission android:name="android.permission.PROVIDE_TRUST_AGENT" /> <application android:label="@string/app_name"> <service android:name=".SampleTrustAgent" diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java index 986cdc1..462b234 100644 --- a/services/core/java/com/android/server/trust/TrustManagerService.java +++ b/services/core/java/com/android/server/trust/TrustManagerService.java @@ -49,6 +49,7 @@ import android.os.UserManager; import android.service.trust.TrustAgentService; import android.util.ArraySet; import android.util.AttributeSet; +import android.util.Log; import android.util.Slog; import android.util.SparseBooleanArray; import android.util.Xml; @@ -80,6 +81,7 @@ public class TrustManagerService extends SystemService { private static final Intent TRUST_AGENT_INTENT = new Intent(TrustAgentService.SERVICE_INTERFACE); + private static final String PERMISSION_PROVIDE_AGENT = Manifest.permission.PROVIDE_TRUST_AGENT; private static final int MSG_REGISTER_LISTENER = 1; private static final int MSG_UNREGISTER_LISTENER = 2; @@ -181,6 +183,15 @@ public class TrustManagerService extends SystemService { PackageManager.GET_META_DATA, userInfo.id); for (ResolveInfo resolveInfo : resolveInfos) { if (resolveInfo.serviceInfo == null) continue; + + String packageName = resolveInfo.serviceInfo.packageName; + if (pm.checkPermission(PERMISSION_PROVIDE_AGENT, packageName) + != PackageManager.PERMISSION_GRANTED) { + Log.w(TAG, "Skipping agent because package " + packageName + + " does not have permission " + PERMISSION_PROVIDE_AGENT + "."); + continue; + } + ComponentName name = getComponentName(resolveInfo); if (!enabledAgents.contains(name)) continue; |