Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 38a58371 authored by Tadashi G. Takaoka's avatar Tadashi G. Takaoka
Browse files

Remove SHOW_INPUT_METHOD_PICKER receiver 

Although there is a security check for IMM#showInputMethodPicker() [1],
any background application can virtually call the method via explicit
broadcast intent to Settings app.

Since showing IME picker from the notification has implemented in
InputMethodManagerService using protected-broadcast [2], the receiver in
Settings app isn't necessary and should be removed to close the security
bypass.

Note that this broadcast receiver stops working from Android-O due to
background check [3].

 [1]: I4f0fc21268200c64d12b31ca54416acfbf62f37b
 [2]: Id36c8c34159bea8b72557b40bcf024d401f580b6
 [3]: https://developer.android.com/preview/features/background.html#broadcasts

Test: The following broadcast intent will not show IME picker.
  $ adb shell am broadcast \
        -a android.settings.SHOW_INPUT_METHOD_PICKER \
        com.android.settings
Fixes: 64008672
Bug: 63644555
Change-Id: Id990c66516c9b3ed7ada6891746ec0e0eecbe545
parent 7edaa603

AndroidManifest.xml

+0 −7
Original line number Diff line number Diff line
@@ -670,13 +670,6 @@ 
                android:value="true" />

        </activity>



        <receiver android:name=".inputmethod.InputMethodDialogReceiver"

                android:enabled="true">

            <intent-filter>

                <action android:name="android.settings.SHOW_INPUT_METHOD_PICKER" />

            </intent-filter>

        </receiver>



        <activity android:name="Settings$UserDictionarySettingsActivity"

                android:label="@string/user_dict_settings_title"

                android:taskAffinity="com.android.settings"

src/com/android/settings/inputmethod/InputMethodDialogReceiver.java

deleted100644 → 0
+0 −32
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2011 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package com.android.settings.inputmethod;



import android.content.BroadcastReceiver;

import android.content.Context;

import android.content.Intent;

import android.provider.Settings;

import android.view.inputmethod.InputMethodManager;



public class InputMethodDialogReceiver extends BroadcastReceiver {

    @Override

    public void onReceive(Context context, Intent intent) {

        if (Settings.ACTION_SHOW_INPUT_METHOD_PICKER.equals(intent.getAction())) {

            ((InputMethodManager) context.getSystemService(Context.INPUT_METHOD_SERVICE))

                    .showInputMethodPicker(true /* showAuxiliarySubtypes */);

        }

    }

}