add permission check for exported activity

CaptivePortalLoginActivity is exported without any permission check
which has security concerns: The captive portal activity can be
tricked into making various carrier calls, including
resetAllCarrierActions.

Bug: 160871056
Test: Build
Change-Id: Ib7cc1ba4aca665bc94f8582de6bba7af252c481d
diff --git a/packages/CarrierDefaultApp/AndroidManifest.xml b/packages/CarrierDefaultApp/AndroidManifest.xml
index f116546..8081eed 100644
--- a/packages/CarrierDefaultApp/AndroidManifest.xml
+++ b/packages/CarrierDefaultApp/AndroidManifest.xml
@@ -47,6 +47,7 @@
             android:name="com.android.carrierdefaultapp.CaptivePortalLoginActivity"
             android:label="@string/action_bar_label"
             android:exported="true"
+            android:permission="android.permission.MODIFY_PHONE_STATE"
             android:theme="@style/AppTheme"
             android:configChanges="keyboardHidden|orientation|screenSize">
             <intent-filter>