Moved LRResolverRankerService to ExtServices, and added a permission to

ensure that ResolverRankerServices are from trust sources.

Test: manually shared images in Camera, and in PTP to confirm it works
as expected.

Change-Id: I3549292d424fec949e9115faea7a0c5bdec06e87
(cherry picked from commit 61cf4d145e3f899ff2ff4500c3e46ea2c39adaf3)

7 files changed, 39 insertions, 9 deletions

diff --git a/api/system-current.txt b/api/system-current.txt
index 0cf4a8992e39..814a871ced01 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -174,6 +174,7 @@ package android {
     field public static final java.lang.String PERFORM_SIM_ACTIVATION = "android.permission.PERFORM_SIM_ACTIVATION";
     field public static final deprecated java.lang.String PERSISTENT_ACTIVITY = "android.permission.PERSISTENT_ACTIVITY";
     field public static final java.lang.String PROCESS_OUTGOING_CALLS = "android.permission.PROCESS_OUTGOING_CALLS";
+    field public static final java.lang.String PROVIDE_RESOLVER_RANKER_SERVICE = "android.permission.PROVIDE_RESOLVER_RANKER_SERVICE";
     field public static final java.lang.String PROVIDE_TRUST_AGENT = "android.permission.PROVIDE_TRUST_AGENT";
     field public static final java.lang.String READ_CALENDAR = "android.permission.READ_CALENDAR";
     field public static final java.lang.String READ_CALL_LOG = "android.permission.READ_CALL_LOG";
@@ -40767,6 +40768,7 @@ package android.service.resolver {
     method public void onPredictSharingProbabilities(java.util.List<android.service.resolver.ResolverTarget>);
     method public void onTrainRankingModel(java.util.List<android.service.resolver.ResolverTarget>, int);
     field public static final java.lang.String BIND_PERMISSION = "android.permission.BIND_RESOLVER_RANKER_SERVICE";
+    field public static final java.lang.String HOLD_PERMISSION = "android.permission.PROVIDE_RESOLVER_RANKER_SERVICE";
     field public static final java.lang.String SERVICE_INTERFACE = "android.service.resolver.ResolverRankerService";
   }
 
diff --git a/core/java/android/service/resolver/ResolverRankerService.java b/core/java/android/service/resolver/ResolverRankerService.java
index 05067479bf45..75233474415a 100644
--- a/core/java/android/service/resolver/ResolverRankerService.java
+++ b/core/java/android/service/resolver/ResolverRankerService.java
@@ -65,6 +65,12 @@ public abstract class ResolverRankerService extends Service {
     public static final String SERVICE_INTERFACE = "android.service.resolver.ResolverRankerService";
 
     /**
+     * The permission that a service must hold. If the service does not hold the permission, the
+     * system will skip that service.
+     */
+    public static final String HOLD_PERMISSION = "android.permission.PROVIDE_RESOLVER_RANKER_SERVICE";
+
+    /**
      * The permission that a service must require to ensure that only Android system can bind to it.
      * If this permission is not enforced in the AndroidManifest of the service, the system will
      * skip that service.
diff --git a/core/java/com/android/internal/app/ResolverComparator.java b/core/java/com/android/internal/app/ResolverComparator.java
index 73b62a5fe60d..54b9cd869f2d 100644
--- a/core/java/com/android/internal/app/ResolverComparator.java
+++ b/core/java/com/android/internal/app/ResolverComparator.java
@@ -438,6 +438,14 @@ class ResolverComparator implements Comparator<ResolvedComponentInfo> {
                             + " in the manifest.");
                     continue;
                 }
+                if (PackageManager.PERMISSION_GRANTED != mPm.checkPermission(
+                        ResolverRankerService.HOLD_PERMISSION,
+                        resolveInfo.serviceInfo.packageName)) {
+                    Log.w(TAG, "ResolverRankerService " + componentName + " does not hold"
+                            + " permission " + ResolverRankerService.HOLD_PERMISSION
+                            + " - this service will not be queried for ResolverComparator.");
+                    continue;
+                }
             } catch (NameNotFoundException e) {
                 Log.e(TAG, "Could not look up service " + componentName
                         + "; component name not found");
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 155a939b730c..98d33af4e9e1 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -3160,6 +3160,14 @@
     <permission android:name="android.permission.BIND_CHOOSER_TARGET_SERVICE"
         android:protectionLevel="signature" />
 
+    <!-- @SystemApi Must be held by services that extend
+         {@link android.service.resolver.ResolverRankerService}.
+         <p>Protection level: signature|privileged
+         @hide
+    -->
+    <permission android:name="android.permission.PROVIDE_RESOLVER_RANKER_SERVICE"
+                android:protectionLevel="signature|privileged" />
+
     <!-- @SystemApi Must be required by services that extend
          {@link android.service.resolver.ResolverRankerService}, to ensure that only the system can
          bind to them.
@@ -3701,14 +3709,6 @@
         <service android:name="com.android.server.PreloadsFileCacheExpirationJobService"
                  android:permission="android.permission.BIND_JOB_SERVICE" >
         </service>
-
-        <service android:name="com.android.internal.app.LRResolverRankerService"
-            android:permission="android.permission.BIND_RESOLVER_RANKER_SERVICE"
-            android:priority="-1" >
-            <intent-filter>
-                <action android:name="android.service.resolver.ResolverRankerService" />
-            </intent-filter>
-        </service>
     </application>
 
 </manifest>
diff --git a/data/etc/privapp-permissions-platform.xml b/data/etc/privapp-permissions-platform.xml
index 7f07f03dde61..efed165238cc 100644
--- a/data/etc/privapp-permissions-platform.xml
+++ b/data/etc/privapp-permissions-platform.xml
@@ -356,4 +356,8 @@ applications that come with the platform
         <permission name="android.permission.CONTROL_VPN"/>
     </privapp-permissions>
 
+    <privapp-permissions package="com.google.android.ext.services">
+        <permission name="android.permission.PROVIDE_RESOLVER_RANKER_SERVICE" />
+    </privapp-permissions>
+
 </permissions>
diff --git a/packages/ExtServices/AndroidManifest.xml b/packages/ExtServices/AndroidManifest.xml
index f3d8983f74b3..f54b6fb4604c 100644
--- a/packages/ExtServices/AndroidManifest.xml
+++ b/packages/ExtServices/AndroidManifest.xml
@@ -21,6 +21,8 @@
     android:versionName="1"
     coreApp="true">
 
+    <uses-permission android:name="android.permission.PROVIDE_RESOLVER_RANKER_SERVICE" />
+
     <application android:label="@string/app_name"
         android:defaultToDeviceProtectedStorage="true"
         android:directBootAware="true">
@@ -32,6 +34,14 @@
             </intent-filter>
         </service>
 
+        <service android:name=".resolver.LRResolverRankerService"
+                 android:permission="android.permission.BIND_RESOLVER_RANKER_SERVICE"
+                 android:priority="-1" >
+            <intent-filter>
+                <action android:name="android.service.resolver.ResolverRankerService" />
+            </intent-filter>
+        </service>
+
         <library android:name="android.ext.services"/>
     </application>
 
diff --git a/core/java/com/android/internal/app/LRResolverRankerService.java b/packages/ExtServices/src/android/ext/services/resolver/LRResolverRankerService.java
index 1cad7c770b7c..9d7a5689dcd1 100644
--- a/core/java/com/android/internal/app/LRResolverRankerService.java
+++ b/packages/ExtServices/src/android/ext/services/resolver/LRResolverRankerService.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package com.android.internal.app;
+package android.ext.services.resolver;
 
 import android.content.Context;
 import android.content.Intent;