RESTRICT AUTOMERGE Fix bluetooth settings will broadcast to anywhere when some cases

BluetoothPermissionActivity and DevicePickerFragment will send
broadcast to return the result to calling apps. As this broadcast
intent is from Settings with uid 1000, it will be sent to any
protected BroadcastReceivers in the device. It can make an attacker
send broadcast to protected BroadcastReceivers like factory reset intent
(android/com.android.server.MasterClearReceiver) via
BluetoothPermissionActivity or DevicePickerFragment.

This CL will not allow to set package name and class name to avoid
the attacker.

Bug: 179386960
Bug: 179386068
Test: make -j42 RunSettingsRoboTests and use test apk to manually test
to verify factory reset not started and no system UI notification.

Change-Id: Id27a78091ab578077853b8fbb97a4422cff0a158
(cherry picked from commit 8adedc6249)

src/com/android/settings/bluetooth/BluetoothPermissionActivity.java

@@ -16,6 +16,8 @@
 
 package com.android.settings.bluetooth;
 
+import static android.view.WindowManager.LayoutParams.SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS;
+
 import android.bluetooth.BluetoothDevice;
 import android.content.BroadcastReceiver;
 import android.content.Context;
@@ -30,12 +32,11 @@ import android.widget.TextView;
 
 import androidx.preference.Preference;
 
+import com.android.internal.annotations.VisibleForTesting;
 import com.android.internal.app.AlertActivity;
 import com.android.internal.app.AlertController;
 import com.android.settings.R;
 
-import static android.view.WindowManager.LayoutParams.SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS;
-
 /**
  * BluetoothPermissionActivity shows a dialog for accepting incoming
  * profile connection request from untrusted devices.
@@ -51,8 +52,6 @@ public class BluetoothPermissionActivity extends AlertActivity implements
     private TextView messageView;
     private Button mOkButton;
     private BluetoothDevice mDevice;
-    private String mReturnPackage = null;
-    private String mReturnClass = null;
 
     private int mRequestType = 0;
     private BroadcastReceiver mReceiver = new BroadcastReceiver() {
@@ -89,8 +88,6 @@ public class BluetoothPermissionActivity extends AlertActivity implements
         }
 
         mDevice = i.getParcelableExtra(BluetoothDevice.EXTRA_DEVICE);
-        mReturnPackage = i.getStringExtra(BluetoothDevice.EXTRA_PACKAGE_NAME);
-        mReturnClass = i.getStringExtra(BluetoothDevice.EXTRA_CLASS_NAME);
         mRequestType = i.getIntExtra(BluetoothDevice.EXTRA_ACCESS_REQUEST_TYPE,
                                      BluetoothDevice.REQUEST_TYPE_PHONEBOOK_ACCESS);
 
@@ -202,14 +199,14 @@ public class BluetoothPermissionActivity extends AlertActivity implements
         sendReplyIntentToReceiver(false, true);
     }
 
-    private void sendReplyIntentToReceiver(final boolean allowed, final boolean always) {
+    @VisibleForTesting
+    void sendReplyIntentToReceiver(final boolean allowed, final boolean always) {
         Intent intent = new Intent(BluetoothDevice.ACTION_CONNECTION_ACCESS_REPLY);
 
-        if (mReturnPackage != null && mReturnClass != null) {
-            intent.setClassName(mReturnPackage, mReturnClass);
+        if (DEBUG) {
+            Log.i(TAG, "sendReplyIntentToReceiver() Request type: " + mRequestType
+                    + " mReturnPackage");
         }
-        if (DEBUG) Log.i(TAG, "sendReplyIntentToReceiver() Request type: " + mRequestType +
-                " mReturnPackage" + mReturnPackage + " mReturnClass" + mReturnClass);
 
         intent.putExtra(BluetoothDevice.EXTRA_CONNECTION_ACCESS_RESULT,
                         allowed ? BluetoothDevice.CONNECTION_ACCESS_YES