Implement dispatching of resolution UI.
Create a subclass of the dispatcher for resolution intents. This is
needed because the regular dispatcher is accessible to any app so that
it can resolve public intents; however, apps should not be able to
start the resoution dispatcher directly as one of the dispatcher's
argments is the operation to perform next - if apps could spoof this,
they could trick the platform into thinking the caller was somebody
else.
Bug: 33075886
Test: Unit tests and E2E verification with dummy LPA
Change-Id: Ife30de87af7d275424bc254002c426a13d66178f
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 3408774..5858ca9 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -487,7 +487,7 @@
</service>
<!-- Handler for EuiccManager's public-facing intents. -->
- <activity android:name=".EuiccUiDispatcherActivity"
+ <activity android:name=".euicc.EuiccUiDispatcherActivity"
android:theme="@android:style/Theme.NoDisplay">
<!-- Max out priority to ensure nobody else will handle these intents. -->
<intent-filter android:priority="1000">
@@ -499,6 +499,21 @@
</intent-filter>
</activity>
+ <!--
+ Handler for EuiccManager's resolution intents. These are locked down so that only
+ privileged processes can start them, which means we can trust the Intent used to start
+ it (which contains a description of the next step to perform after resolution).
+ -->
+ <activity android:name=".euicc.EuiccResolutionUiDispatcherActivity"
+ android:permission="android.permission.CALL_PRIVILEGED">
+ <!-- Max out priority to ensure nobody else will handle these intents. -->
+ <intent-filter android:priority="1000">
+ <action android:name=
+ "android.telephony.euicc.action.RESOLVE_ERROR" />
+ <category android:name="android.intent.category.DEFAULT" />
+ </intent-filter>
+ </activity>
+
<activity android:name="EmergencyCallbackModeExitDialog"
android:excludeFromRecents="true"
android:label="@string/ecm_exit_dialog"