From 4c8fd9e0cf9b4df38a7c9cef79eca3e43f1fa8bf Mon Sep 17 00:00:00 2001
From: Adrian Roos <roosa@google.com>
Date: Wed, 4 Jun 2014 15:43:24 +0200
Subject: Ensure trust agents are only provided by platform packages - DO NOT
 MERGE

Ensures that Settings only shows TrustAgentServices from
platform packages.

Bug: 15287044
Change-Id: I6c7f62e61f9dd63cbcf4d2f8eb75986b0a314a46
---
 src/com/android/settings/TrustAgentSettings.java | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'src/com/android/settings')

diff --git a/src/com/android/settings/TrustAgentSettings.java b/src/com/android/settings/TrustAgentSettings.java
index d31436dae..79cccaedf 100644
--- a/src/com/android/settings/TrustAgentSettings.java
+++ b/src/com/android/settings/TrustAgentSettings.java
@@ -21,6 +21,7 @@ import com.android.internal.widget.LockPatternUtils;
 import org.xmlpull.v1.XmlPullParser;
 import org.xmlpull.v1.XmlPullParserException;
 
+import android.Manifest;
 import android.app.ListFragment;
 import android.content.ComponentName;
 import android.content.Context;
@@ -36,6 +37,7 @@ import android.service.trust.TrustAgentService;
 import android.util.ArrayMap;
 import android.util.ArraySet;
 import android.util.AttributeSet;
+import android.util.Log;
 import android.util.Slog;
 import android.util.Xml;
 import android.view.LayoutInflater;
@@ -55,6 +57,8 @@ public class TrustAgentSettings extends ListFragment implements View.OnClickList
     private static final String SERVICE_INTERFACE = TrustAgentService.SERVICE_INTERFACE;
     private static final String TRUST_AGENT_META_DATA = TrustAgentService.TRUST_AGENT_META_DATA;
 
+    private static final String PERMISSION_PROVIDE_AGENT = Manifest.permission.PROVIDE_TRUST_AGENT;
+
 
     private final ArraySet<ComponentName> mActiveAgents = new ArraySet<ComponentName>();
     private final ArrayMap<ComponentName, AgentInfo> mAvailableAgents
@@ -121,6 +125,15 @@ public class TrustAgentSettings extends ListFragment implements View.OnClickList
 
         for (ResolveInfo resolveInfo : resolveInfos) {
             if (resolveInfo.serviceInfo == null) continue;
+
+            String packageName = resolveInfo.serviceInfo.packageName;
+            if (pm.checkPermission(PERMISSION_PROVIDE_AGENT, packageName)
+                    != PackageManager.PERMISSION_GRANTED) {
+                Log.w(TAG, "Skipping agent because package " + packageName
+                        + " does not have permission " + PERMISSION_PROVIDE_AGENT + ".");
+                continue;
+            }
+
             ComponentName name = getComponentName(resolveInfo);
             if (!mAvailableAgents.containsKey(name)) {
                 AgentInfo agentInfo = new AgentInfo();
-- 
cgit v1.2.3