Added a whitelist for factory trust agents. (666484d5) · Commits · e / os / android_frameworks_base

core/res/res/values/config.xml

+5 −0

Original line number	Diff line number	Diff line
		@@ -2812,6 +2812,11 @@
		<!-- TODO(b/35230407) complete the link field -->
		<bool name="config_allowEscrowTokenForTrustAgent">false</bool>

		<!-- A flattened ComponentName which corresponds to the only trust agent that should be enabled
		by default. If the default value is used, or set to an empty string, the restriction will
		not be applied. -->
		<string name="config_defaultTrustAgent" translatable="false"></string>

		<!-- Colon separated list of package names that should be granted Notification Listener access -->
		<string name="config_defaultListenerAccessPackages" translatable="false"></string>

core/res/res/values/symbols.xml

+1 −0

Original line number	Diff line number	Diff line
		@@ -2890,6 +2890,7 @@

		<!-- android.service.trust -->
		<java-symbol type="bool" name="config_allowEscrowTokenForTrustAgent"/>
		<java-symbol type="string" name="config_defaultTrustAgent" />

		<!-- Time picker -->
		<java-symbol type="id" name="toggle_mode"/>

services/core/java/com/android/server/trust/TrustManagerService.java

+30 −8

Original line number	Diff line number	Diff line
		@@ -49,6 +49,7 @@ import android.os.UserManager;
		import android.os.storage.StorageManager;
		import android.provider.Settings;
		import android.service.trust.TrustAgentService;
		import android.text.TextUtils;
		import android.util.ArraySet;
		import android.util.AttributeSet;
		import android.util.Log;
		@@ -579,7 +580,14 @@ public class TrustManagerService extends SystemService {
		}
		PackageManager pm = mContext.getPackageManager();
		List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userId);
		ComponentName defaultAgent = getDefaultFactoryTrustAgent(mContext);
		boolean shouldUseDefaultAgent = defaultAgent != null;
		ArraySet<ComponentName> discoveredAgents = new ArraySet<>();

		if (shouldUseDefaultAgent) {
		discoveredAgents.add(defaultAgent);
		Log.i(TAG, "Enabling " + defaultAgent + " because it is a default agent.");
		} else { // A default agent is not set; perform regular trust agent discovery
		for (ResolveInfo resolveInfo : resolveInfos) {
		ComponentName componentName = getComponentName(resolveInfo);
		int applicationInfoFlags = resolveInfo.serviceInfo.applicationInfo.flags;
		@@ -590,6 +598,7 @@ public class TrustManagerService extends SystemService {
		}
		discoveredAgents.add(componentName);
		}
		}

		List<ComponentName> previouslyEnabledAgents = utils.getEnabledTrustAgents(userId);
		if (previouslyEnabledAgents != null) {
		@@ -600,6 +609,19 @@ public class TrustManagerService extends SystemService {
		Settings.Secure.TRUST_AGENTS_INITIALIZED, 1, userId);
		}

		/**
		* Returns the {@link ComponentName} for the default trust agent, or {@code null} if there
		* is no trust agent set.
		*/
		private static ComponentName getDefaultFactoryTrustAgent(Context context) {
		String defaultTrustAgent = context.getResources()
		.getString(com.android.internal.R.string.config_defaultTrustAgent);
		if (TextUtils.isEmpty(defaultTrustAgent)) {
		return null;
		}
		return ComponentName.unflattenFromString(defaultTrustAgent);
		}

		private List<ResolveInfo> resolveAllowedTrustAgents(PackageManager pm, int userId) {
		List<ResolveInfo> resolveInfos = pm.queryIntentServicesAsUser(TRUST_AGENT_INTENT,
		PackageManager.GET_META_DATA \|