add permission check for exported activity CaptivePortalLoginActivity is exported without any permission check which has security concerns: The captive portal activity can be tricked into making various carrier calls, including resetAllCarrierActions. Bug: 160871056 Test: Build Change-Id: Ib7cc1ba4aca665bc94f8582de6bba7af252c481d

commit: 1292b4a974b321d99bb54d5db8c56c497b46f5b5 [log] [tgz]
author: Chen Xu <fionaxu@google.com> Sun Dec 13 22:00:18 2020 +0800
committer: Chen Xu <fionaxu@google.com> Sun Dec 13 14:12:15 2020 +0000
tree: 0f3869fc279a7d02814248848e46428b5e62d816
parent: 0943ebe36db64c1fd0c66b13d34faeaf63baa9c6 [diff]
diff --git a/packages/CarrierDefaultApp/AndroidManifest.xml b/packages/CarrierDefaultApp/AndroidManifest.xml
index f116546..8081eed 100644
--- a/packages/CarrierDefaultApp/AndroidManifest.xml
+++ b/packages/CarrierDefaultApp/AndroidManifest.xml

@@ -47,6 +47,7 @@
             android:name="com.android.carrierdefaultapp.CaptivePortalLoginActivity"
             android:label="@string/action_bar_label"
             android:exported="true"
+            android:permission="android.permission.MODIFY_PHONE_STATE"
             android:theme="@style/AppTheme"
             android:configChanges="keyboardHidden|orientation|screenSize">
             <intent-filter>
commit	1292b4a974b321d99bb54d5db8c56c497b46f5b5	[log] [tgz]
author	Chen Xu <fionaxu@google.com>	Sun Dec 13 22:00:18 2020 +0800
committer	Chen Xu <fionaxu@google.com>	Sun Dec 13 14:12:15 2020 +0000
tree	0f3869fc279a7d02814248848e46428b5e62d816
parent	0943ebe36db64c1fd0c66b13d34faeaf63baa9c6 [diff]