add permission check for exported activity

CaptivePortalLoginActivity is exported without any permission check which has security concerns: The captive portal activity can be tricked into making various carrier calls, including resetAllCarrierActions. Bug: 160871056 Test: Build Change-Id: Ib7cc1ba4aca665bc94f8582de6bba7af252c481d
author: Chen Xu <fionaxu@google.com> 2020-12-13 22:00:18 +0800
committer: Chen Xu <fionaxu@google.com> 2020-12-13 14:12:15 +0000
commit: 1292b4a974b321d99bb54d5db8c56c497b46f5b5 (patch)
tree: 0f3869fc279a7d02814248848e46428b5e62d816
parent: 0943ebe36db64c1fd0c66b13d34faeaf63baa9c6 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/packages/CarrierDefaultApp/AndroidManifest.xml b/packages/CarrierDefaultApp/AndroidManifest.xml
index f1165468c0ad..8081eed8028c 100644
--- a/packages/CarrierDefaultApp/AndroidManifest.xml
+++ b/packages/CarrierDefaultApp/AndroidManifest.xml
@@ -47,6 +47,7 @@
             android:name="com.android.carrierdefaultapp.CaptivePortalLoginActivity"
             android:label="@string/action_bar_label"
             android:exported="true"
+            android:permission="android.permission.MODIFY_PHONE_STATE"
             android:theme="@style/AppTheme"
             android:configChanges="keyboardHidden|orientation|screenSize">
             <intent-filter>
author	Chen Xu <fionaxu@google.com>	2020-12-13 22:00:18 +0800
committer	Chen Xu <fionaxu@google.com>	2020-12-13 14:12:15 +0000
commit	1292b4a974b321d99bb54d5db8c56c497b46f5b5 (patch)
tree	0f3869fc279a7d02814248848e46428b5e62d816
parent	0943ebe36db64c1fd0c66b13d34faeaf63baa9c6 (diff)