Revert^2 "Handling intent whose nested intent keys not collected case"

    @IntDef(flag = true, prefix = { "EXTENDED_FLAG_" }, value = {

            EXTENDED_FLAG_FILTER_MISMATCH,

            EXTENDED_FLAG_MISSING_CREATOR_OR_INVALID_TOKEN,

            EXTENDED_FLAG_NESTED_INTENT_KEYS_COLLECTED,

    })

    @Retention(RetentionPolicy.SOURCE)

    public @interface ExtendedFlags {}

     */

    public static final int EXTENDED_FLAG_MISSING_CREATOR_OR_INVALID_TOKEN = 1 << 1;

    /**

     * This flag indicates this intent called {@link #collectExtraIntentKeys()}.

     *

     * @hide

     */

    public static final int EXTENDED_FLAG_NESTED_INTENT_KEYS_COLLECTED = 1 << 2;

    // ---------------------------------------------------------------------

    // ---------------------------------------------------------------------

    // toUri() and parseUri() options.

    }

    private void collectNestedIntentKeysRecur(Set<Intent> visited) {

        if (mExtras != null && !mExtras.isParcelled() && !mExtras.isEmpty()) {

        addExtendedFlags(EXTENDED_FLAG_NESTED_INTENT_KEYS_COLLECTED);

        if (mExtras != null && !mExtras.isEmpty()) {

            for (String key : mExtras.keySet()) {

                Object value = mExtras.get(key);

    is_fixed_read_only: true

}

flag {

    name: "prevent_intent_redirect_throw_exception_if_nested_keys_not_collected"

    namespace: "responsible_apis"

    description: "Prevent intent redirect attacks by throwing exception if the intent does not collect nested keys"

    bug: "361143368"

}

flag {

    name: "prevent_intent_redirect_collect_nested_keys_on_server_if_not_collected"

    namespace: "responsible_apis"

    description: "Prevent intent redirect attacks by collecting nested keys on server if not yet collected"

    bug: "361143368"

    is_fixed_read_only: true

}

flag {

    name: "enable_intent_matching_flags"

    is_exported: true

import static android.provider.Settings.Global.DEBUG_APP;

import static android.provider.Settings.Global.WAIT_FOR_DEBUGGER;

import static android.security.Flags.preventIntentRedirect;

import static android.security.Flags.preventIntentRedirectCollectNestedKeysOnServerIfNotCollected;

import static android.security.Flags.preventIntentRedirectShowToast;

import static android.security.Flags.preventIntentRedirectThrowExceptionIfNestedKeysNotCollected;

import static android.util.FeatureFlagUtils.SETTINGS_ENABLE_MONITOR_PHANTOM_PROCS;

import static android.view.Display.INVALID_DISPLAY;

import android.view.View;

import android.view.WindowManager;

import android.view.autofill.AutofillManagerInternal;

import android.widget.Toast;

import com.android.internal.annotations.CompositeRWLock;

import com.android.internal.annotations.GuardedBy;

import com.android.server.SystemService;

import com.android.server.SystemServiceManager;

import com.android.server.ThreadPriorityBooster;

import com.android.server.UiThread;

import com.android.server.Watchdog;

import com.android.server.am.LowMemDetector.MemFactor;

import com.android.server.appop.AppOpsService;

import dalvik.annotation.optimization.NeverCompile;

import dalvik.system.VMRuntime;

import libcore.util.EmptyArray;

import java.io.File;

     */

    public void addCreatorToken(@Nullable Intent intent, String creatorPackage) {

        if (!preventIntentRedirect()) return;

        if (intent == null) return;

        if ((intent.getExtendedFlags() & Intent.EXTENDED_FLAG_NESTED_INTENT_KEYS_COLLECTED) == 0) {

            Slog.wtf(TAG,

                    "[IntentRedirect] The intent does not have its nested keys collected as a "

                            + "preparation for creating intent creator tokens. Intent: "

                            + intent + "; creatorPackage: " + creatorPackage);

            if (preventIntentRedirectShowToast()) {

                UiThread.getHandler().post(

                        () -> Toast.makeText(mContext,

                                "Nested keys not collected. go/report-bug-intentRedir to report a"

                                        + " bug", Toast.LENGTH_LONG).show());

            }

            if (preventIntentRedirectThrowExceptionIfNestedKeysNotCollected()) {

                // this flag will be internal only, not ramped to public.

                throw new SecurityException(

                        "The intent does not have its nested keys collected as a preparation for "

                                + "creating intent creator tokens. Intent: "

                                + intent + "; creatorPackage: " + creatorPackage);

            }

            if (preventIntentRedirectCollectNestedKeysOnServerIfNotCollected()) {

                // this flag will be ramped to public.

                intent.collectExtraIntentKeys();

            }

        }

        String targetPackage = intent.getComponent() != null

                ? intent.getComponent().getPackageName()

                : intent.getPackage();

                }

                options.setDismissKeyguardIfInsecure();

            }

            intent.collectExtraIntentKeys();

            if (mWaitOption) {

                result = mInternal.startActivityAndWait(null, SHELL_PACKAGE_NAME, null, intent,

                        mimeType, null, null, 0, mStartFlags, profilerInfo,

        }

        pw.println("Starting service: " + intent);

        pw.flush();

        intent.collectExtraIntentKeys();

        ComponentName cn = mInterface.startService(null, intent, intent.getType(),

                asForeground, SHELL_PACKAGE_NAME, null, mUserId);

        if (cn == null) {

        }

        pw.println("Stopping service: " + intent);

        pw.flush();

        intent.collectExtraIntentKeys();

        int result = mInterface.stopService(null, intent, intent.getType(), mUserId);

        if (result == 0) {

            err.println("Service not stopped: was not running.");