Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8c24eb10 authored by Bernardo Rufino's avatar Bernardo Rufino
Browse files

Deprecate Intent.ACSD 

The intent can be used to prevent the user from accessing critical
notifications (b/137274359) and system dialogs in general (eg. the
long-press power menu, assistant UIs, etc.). For these security reasons,
in S, the intent is severely limited to only a few use-cases/callers
after investigation (go/close-system-dialogs-usage), these are:

1. Permission holders of BROADCAST_CLOSE_SYSTEM_DIALOGS (includes
   platform, sysUI and recents).
2. Non-activity notification trampolines: Apps send the intent before
   starting an activity in trampolines.
3. Tests: Tests that interact with the UI send the intent to dismiss
   random dialogs.
4. Windows above the notification shade: Apps with windows above the
   shade that want to start activity send the intent to collapse the
   shade in order to show the activity to the user.

For apps w/ targetSdk < S: The intent will be dropped with the exception
of the cases above.

For apps w/ targetSdk S+: Sending the intent will result in a
SecurityException except for cases 1 and 3. For cases 2 and 4:

2. Non-activity notification trampolines: These activity starts are
   blocked (go/notification-trampolines), so the app has no reason to
   send the intent anymore.
4. Windows above the notification shade: The platform will automatically
   collapse the shade on activity starts in this case.

In all other use-cases, the user and the system is in control of closing
system dialogs, not third-party applications. Hence, marking
Intent.ACSD as deprecated for third-party applications.

Test: Builds
Bug: 159105552
Change-Id: Id82415ab4cfe09f7582da06ee20adb1e1cf447e0
parent d09c22c4

core/api/current.txt

+1 −1
Original line number Diff line number Diff line
@@ -10729,7 +10729,7 @@ package android.content { 
    field public static final String ACTION_CAMERA_BUTTON = "android.intent.action.CAMERA_BUTTON";

    field public static final String ACTION_CARRIER_SETUP = "android.intent.action.CARRIER_SETUP";

    field public static final String ACTION_CHOOSER = "android.intent.action.CHOOSER";

    field public static final String ACTION_CLOSE_SYSTEM_DIALOGS = "android.intent.action.CLOSE_SYSTEM_DIALOGS";

    field @Deprecated @RequiresPermission("android.permission.BROADCAST_CLOSE_SYSTEM_DIALOGS") public static final String ACTION_CLOSE_SYSTEM_DIALOGS = "android.intent.action.CLOSE_SYSTEM_DIALOGS";

    field public static final String ACTION_CONFIGURATION_CHANGED = "android.intent.action.CONFIGURATION_CHANGED";

    field public static final String ACTION_CREATE_DOCUMENT = "android.intent.action.CREATE_DOCUMENT";

    field public static final String ACTION_CREATE_REMINDER = "android.intent.action.CREATE_REMINDER";

core/java/android/content/Intent.java

+11 −0
Original line number Diff line number Diff line
@@ -2393,8 +2393,19 @@ public class Intent implements Parcelable, Cloneable { 
     * Broadcast Action: This is broadcast when a user action should request a

     * temporary system dialog to dismiss.  Some examples of temporary system

     * dialogs are the notification window-shade and the recent tasks dialog.

     *

     * @deprecated This intent is deprecated for third-party applications starting from Android

     *     {@link Build.VERSION_CODES#S} for security reasons. Unauthorized usage by applications

     *     will result in the broadcast intent being dropped for apps targeting API level less than

     *     {@link Build.VERSION_CODES#S} and in a {@link SecurityException} for apps targeting SDK

     *     level {@link Build.VERSION_CODES#S} or higher. Instrumentation initiated from the shell

     *     (eg. tests) is still able to use the intent. The platform will automatically collapse

     *     the proper system dialogs in the proper use-cases. For all others, the user is the one in

     *     control of closing dialogs.

     */

    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)

    @RequiresPermission(android.Manifest.permission.BROADCAST_CLOSE_SYSTEM_DIALOGS)

    @Deprecated

    public static final String ACTION_CLOSE_SYSTEM_DIALOGS = "android.intent.action.CLOSE_SYSTEM_DIALOGS";

    /**

     * Broadcast Action: Trigger the download and eventual installation