Merge "LatinIME: Fix Implicit PendingIntent Vulnerability" into main

        final long now = System.currentTimeMillis();

        final long alarmTime = now + new Random().nextInt(MAX_ALARM_DELAY_MILLIS);

        final Intent updateIntent = new Intent(DictionaryPackConstants.UPDATE_NOW_INTENT_ACTION);

        // Set the package name to ensure the PendingIntent is only delivered to trusted components

        updateIntent.setPackage(context.getPackageName());

        int pendingIntentFlags = PendingIntent.FLAG_CANCEL_CURRENT;

        if (android.os.Build.VERSION.SDK_INT >= 23) {

            pendingIntentFlags |= PendingIntent.FLAG_IMMUTABLE;

        }

        final PendingIntent pendingIntent = PendingIntent.getBroadcast(context, 0,

                updateIntent, PendingIntent.FLAG_CANCEL_CURRENT);

                updateIntent, pendingIntentFlags);

        // We set the alarm in the type that doesn't forcefully wake the device

        // from sleep, but fires the next time the device actually wakes for any