Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 127d4e7a authored by Zac Iqbal's avatar Zac Iqbal Committed by Android (Google) Code Review
Browse files

Merge "Added a whitelist for factory trust agents."

parents 8623f89c 666484d5

core/res/res/values/config.xml

+5 −0
Original line number Diff line number Diff line
@@ -2812,6 +2812,11 @@ 
    <!-- TODO(b/35230407) complete the link field -->

    <bool name="config_allowEscrowTokenForTrustAgent">false</bool>



    <!-- A flattened ComponentName which corresponds to the only trust agent that should be enabled

         by default. If the default value is used, or set to an empty string, the restriction will

         not be applied. -->

    <string name="config_defaultTrustAgent" translatable="false"></string>



    <!-- Colon separated list of package names that should be granted Notification Listener access -->

    <string name="config_defaultListenerAccessPackages" translatable="false"></string>

core/res/res/values/symbols.xml

+1 −0
Original line number Diff line number Diff line
@@ -2890,6 +2890,7 @@ 


  <!-- android.service.trust -->

  <java-symbol type="bool" name="config_allowEscrowTokenForTrustAgent"/>

  <java-symbol type="string" name="config_defaultTrustAgent" />



  <!-- Time picker -->

  <java-symbol type="id" name="toggle_mode"/>

services/core/java/com/android/server/trust/TrustManagerService.java

+30 −8
Original line number Diff line number Diff line
@@ -49,6 +49,7 @@ import android.os.UserManager; 
import android.os.storage.StorageManager;

import android.provider.Settings;

import android.service.trust.TrustAgentService;

import android.text.TextUtils;

import android.util.ArraySet;

import android.util.AttributeSet;

import android.util.Log;
@@ -580,7 +581,14 @@ public class TrustManagerService extends SystemService { 
        }

        PackageManager pm = mContext.getPackageManager();

        List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userId);

        ComponentName defaultAgent = getDefaultFactoryTrustAgent(mContext);

        boolean shouldUseDefaultAgent = defaultAgent != null;

        ArraySet<ComponentName> discoveredAgents = new ArraySet<>();



        if (shouldUseDefaultAgent) {

            discoveredAgents.add(defaultAgent);

            Log.i(TAG, "Enabling " + defaultAgent + " because it is a default agent.");

        } else { // A default agent is not set; perform regular trust agent discovery

            for (ResolveInfo resolveInfo : resolveInfos) {

                ComponentName componentName = getComponentName(resolveInfo);

                int applicationInfoFlags = resolveInfo.serviceInfo.applicationInfo.flags;
@@ -591,6 +599,7 @@ public class TrustManagerService extends SystemService { 
                }

                discoveredAgents.add(componentName);

            }

        }



        List<ComponentName> previouslyEnabledAgents = utils.getEnabledTrustAgents(userId);

        if (previouslyEnabledAgents != null) {
@@ -601,6 +610,19 @@ public class TrustManagerService extends SystemService { 
                Settings.Secure.TRUST_AGENTS_INITIALIZED, 1, userId);

    }



    /**

     * Returns the {@link ComponentName} for the default trust agent, or {@code null} if there

     * is no trust agent set.

     */

    private static ComponentName getDefaultFactoryTrustAgent(Context context) {

        String defaultTrustAgent = context.getResources()

            .getString(com.android.internal.R.string.config_defaultTrustAgent);

        if (TextUtils.isEmpty(defaultTrustAgent)) {

            return null;

        }

        return ComponentName.unflattenFromString(defaultTrustAgent);

    }



    private List<ResolveInfo> resolveAllowedTrustAgents(PackageManager pm, int userId) {

        List<ResolveInfo> resolveInfos = pm.queryIntentServicesAsUser(TRUST_AGENT_INTENT,

                PackageManager.GET_META_DATA |