Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b4df2f58 authored by Adrian Roos's avatar Adrian Roos Committed by Android Git Automerger
Browse files

am b2302d43: Merge "Ensure trust agents are only provided by platform... 

am b2302d43: Merge "Ensure trust agents are only provided by platform packages" into lmp-preview-dev

* commit 'b2302d437fd636d9973f466062cfad145cdd042d':
  Ensure trust agents are only provided by platform packages
parents 713059d4 1e9021ae

core/java/android/service/trust/TrustAgentService.java

+2 −0
Original line number Diff line number Diff line
@@ -33,6 +33,8 @@ import android.util.Slog; 
 * A service that notifies the system about whether it believes the environment of the device

 * to be trusted.

 *

 * <p>Trust agents may only be provided by the platform.</p>

 *

 * <p>To extend this class, you must declare the service in your manifest file with

 * the {@link android.Manifest.permission#BIND_TRUST_AGENT} permission

 * and include an intent filter with the {@link #SERVICE_INTERFACE} action. For example:</p>

core/res/AndroidManifest.xml

+7 −0
Original line number Diff line number Diff line
@@ -2616,6 +2616,13 @@ 
                android:label="@string/permlab_trust_listener"

                android:description="@string/permdesc_trust_listener" />



    <!-- Allows an application to provide a trust agent.

         @hide For security reasons, this is a platform-only permission. -->

    <permission android:name="android.permission.PROVIDE_TRUST_AGENT"

                android:protectionLevel="signatureOrSystem"

                android:label="@string/permlab_provide_trust_agent"

                android:description="@string/permdesc_provide_trust_agent" />



    <!-- Must be required by an {@link

         android.service.trust.TrustAgentService},

         to ensure that only the system can bind to it. -->

core/res/res/values/strings.xml

+5 −0
Original line number Diff line number Diff line
@@ -3779,6 +3779,11 @@ 
    <!-- Description of an application permission that lets it listen to trust state changes. -->

    <string name="permdesc_trust_listener">Allows an application to listen for changes in trust state.</string>



    <!-- Title of an application permission that lets it provide a trust agent. -->

    <string name="permlab_provide_trust_agent">Provide a trust agent.</string>

    <!-- Description of an application permission that lets it provide a trust agent. -->

    <string name="permdesc_provide_trust_agent">Allows an application to provide a trust agent.</string>



    <!-- Title of an application permission that lets it bind to a trust agent service. -->

    <string name="permlab_bind_trust_agent_service">Bind to a trust agent service</string>

    <!-- Description of an application permission that lets it bind to a trust agent service. -->

packages/Keyguard/test/SampleTrustAgent/Android.mk

+2 −3
Original line number Diff line number Diff line
@@ -20,9 +20,8 @@ LOCAL_SRC_FILES := $(call all-java-files-under, src) 


LOCAL_PACKAGE_NAME := SampleTrustAgent



# Remove these to verify permission checks are working correctly

#LOCAL_CERTIFICATE := platform

#LOCAL_PRIVILEGED_MODULE := true

# Remove this to verify permission checks are working correctly

LOCAL_CERTIFICATE := platform



LOCAL_MODULE_TAGS := tests

packages/Keyguard/test/SampleTrustAgent/AndroidManifest.xml

+1 −0
Original line number Diff line number Diff line
@@ -18,6 +18,7 @@ 
    package="com.android.trustagent.test">

    <uses-sdk android:minSdkVersion="10" android:targetSdkVersion="17"/>

    <uses-permission android:name="android.permission.CONTROL_KEYGUARD" />

    <uses-permission android:name="android.permission.PROVIDE_TRUST_AGENT" />

    <application android:label="@string/app_name">

      <service

          android:name=".SampleTrustAgent"