Enforce that trust agents declare the BIND_TRUST_AGENT permission

Change-Id: Iba10b6fb140362c368fb12b7d3c6be550897de40
author: Adrian Roos <roosa@google.com> 2014-05-16 23:55:56 +0200
committer: Adrian Roos <roosa@google.com> 2014-05-17 03:19:56 +0200
commit: cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73 (patch)
tree: 4f414121a420ea56ad5353209e845c0451b3cdc3
parent: 7046bfd054b67fd3cfe8f462f7b9ea126652610f (diff)
download: frameworks_base-cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73.zip
frameworks_base-cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73.tar.gz
frameworks_base-cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73.tar.bz2
2 files changed, 22 insertions, 0 deletions
diff --git a/core/java/android/service/trust/TrustAgentService.java b/core/java/android/service/trust/TrustAgentService.java
index bb40eec..98f70f4 100644
--- a/core/java/android/service/trust/TrustAgentService.java
+++ b/core/java/android/service/trust/TrustAgentService.java
@@ -16,12 +16,17 @@
 
 package android.service.trust;
 
+import android.Manifest;
 import android.annotation.SdkConstant;
 import android.app.Service;
+import android.content.ComponentName;
 import android.content.Intent;
+import android.content.pm.PackageManager;
+import android.content.pm.ServiceInfo;
 import android.os.Handler;
 import android.os.IBinder;
 import android.os.RemoteException;
+import android.util.Log;
 import android.util.Slog;
 
 /**
@@ -83,6 +88,22 @@ public class TrustAgentService extends Service {
         };
     };
 
+    @Override
+    public void onCreate() {
+        super.onCreate();
+        ComponentName component = new ComponentName(this, getClass());
+        try {
+            ServiceInfo serviceInfo = getPackageManager().getServiceInfo(component, 0 /* flags */);
+            if (!Manifest.permission.BIND_TRUST_AGENT.equals(serviceInfo.permission)) {
+                throw new IllegalStateException(component.flattenToShortString()
+                        + " is not declared with the permission "
+                        + "\"" + Manifest.permission.BIND_TRUST_AGENT + "\"");
+            }
+        } catch (PackageManager.NameNotFoundException e) {
+            Log.e(TAG, "Can't get ServiceInfo for " + component.toShortString());
+        }
+    }
+
     /**
      * Called when the user attempted to authenticate on the device.
      *
diff --git a/packages/Keyguard/test/SampleTrustAgent/AndroidManifest.xml b/packages/Keyguard/test/SampleTrustAgent/AndroidManifest.xml
index 1511911..7904927 100644
--- a/packages/Keyguard/test/SampleTrustAgent/AndroidManifest.xml
+++ b/packages/Keyguard/test/SampleTrustAgent/AndroidManifest.xml
@@ -22,6 +22,7 @@
       <service
           android:name=".SampleTrustAgent"
           android:label="@string/app_name"
+          android:permission="android.permission.BIND_TRUST_AGENT"
           android:exported="true">
         <intent-filter>
           <action android:name="android.service.trust.TrustAgentService" />
author	Adrian Roos <roosa@google.com>	2014-05-16 23:55:56 +0200
committer	Adrian Roos <roosa@google.com>	2014-05-17 03:19:56 +0200
commit	cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73 (patch)
tree	4f414121a420ea56ad5353209e845c0451b3cdc3
parent	7046bfd054b67fd3cfe8f462f7b9ea126652610f (diff)
download	frameworks_base-cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73.zip frameworks_base-cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73.tar.gz frameworks_base-cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73.tar.bz2