Merge "Add permission checks for Verification API calls" into jb-mr1-dev

Author: rich cannings

api/current.txt

@@ -76,6 +76,7 @@ package android {
     field public static final java.lang.String MOUNT_UNMOUNT_FILESYSTEMS = "android.permission.MOUNT_UNMOUNT_FILESYSTEMS";
     field public static final java.lang.String NET_TUNNELING = "android.permission.NET_TUNNELING";
     field public static final java.lang.String NFC = "android.permission.NFC";
+    field public static final java.lang.String PACKAGE_VERIFICATION_AGENT = "android.permission.PACKAGE_VERIFICATION_AGENT";
     field public static final deprecated java.lang.String PERSISTENT_ACTIVITY = "android.permission.PERSISTENT_ACTIVITY";
     field public static final java.lang.String PROCESS_OUTGOING_CALLS = "android.permission.PROCESS_OUTGOING_CALLS";
     field public static final java.lang.String READ_CALENDAR = "android.permission.READ_CALENDAR";

core/java/android/content/pm/PackageManager.java

@@ -2319,6 +2319,9 @@ public abstract int installExistingPackage(String packageName)
      *            {@link PackageManager#EXTRA_VERIFICATION_ID} Intent extra
      * @param verificationCode either {@link PackageManager#VERIFICATION_ALLOW}
      *            or {@link PackageManager#VERIFICATION_REJECT}.
+     * @throws SecurityException if the caller does not have the
+     *            {@link android.Manifest.permission#PACKAGE_VERIFICATION_AGENT}
+     *            permission.
      */
     public abstract void verifyPendingInstall(int id, int verificationCode);
 
@@ -2342,9 +2345,11 @@ public abstract int installExistingPackage(String packageName)
      * @param millisecondsToDelay the amount of time requested for the timeout.
      *            Must be positive and less than
      *            {@link PackageManager#MAXIMUM_VERIFICATION_TIMEOUT}.
-     *
      * @throws IllegalArgumentException if {@code millisecondsToDelay} is out
      *            of bounds or {@code verificationCodeAtTimeout} is unknown.
+     * @throws SecurityException if the caller does not have the
+     *            {@link android.Manifest.permission#PACKAGE_VERIFICATION_AGENT}
+     *            permission.
      */
     public abstract void extendVerificationTimeout(int id,
             int verificationCodeAtTimeout, long millisecondsToDelay);

core/res/AndroidManifest.xml

@@ -1662,7 +1662,6 @@
 
     <!-- Package verifier needs to have this permission before the PackageManager will
          trust it to verify packages.
-         @hide
     -->
     <permission android:name="android.permission.PACKAGE_VERIFICATION_AGENT"
         android:label="@string/permlab_packageVerificationAgent"

services/java/com/android/server/pm/PackageManagerService.java

@@ -5578,6 +5578,10 @@ public int installExistingPackage(String packageName) {
 
     @Override
     public void verifyPendingInstall(int id, int verificationCode) throws RemoteException {
+        mContext.enforceCallingOrSelfPermission(
+                android.Manifest.permission.PACKAGE_VERIFICATION_AGENT,
+                "Only package verification agents can verify applications");
+
         final Message msg = mHandler.obtainMessage(PACKAGE_VERIFIED);
         final PackageVerificationResponse response = new PackageVerificationResponse(
                 verificationCode, Binder.getCallingUid());
@@ -5589,6 +5593,10 @@ public void verifyPendingInstall(int id, int verificationCode) throws RemoteExce
     @Override
     public void extendVerificationTimeout(int id, int verificationCodeAtTimeout,
             long millisecondsToDelay) {
+        mContext.enforceCallingOrSelfPermission(
+                android.Manifest.permission.PACKAGE_VERIFICATION_AGENT,
+                "Only package verification agents can extend verification timeouts");
+
         final PackageVerificationState state = mPendingVerification.get(id);
         final PackageVerificationResponse response = new PackageVerificationResponse(
                 verificationCodeAtTimeout, Binder.getCallingUid());