Remove SHOW_INPUT_METHOD_PICKER receiver

Although there is a security check for IMM#showInputMethodPicker() [1], any background application can virtually call the method via explicit broadcast intent to Settings app. Since showing IME picker from the notification has implemented in InputMethodManagerService using protected-broadcast [2], the receiver in Settings app isn't necessary and should be removed to close the security bypass. Note that this broadcast receiver stops working from Android-O due to background check [3]. [1]: I4f0fc21268200c64d12b31ca54416acfbf62f37b [2]: Id36c8c34159bea8b72557b40bcf024d401f580b6 [3]: https://developer.android.com/preview/features/background.html#broadcasts Test: The following broadcast intent will not show IME picker. $ adb shell am broadcast \ -a android.settings.SHOW_INPUT_METHOD_PICKER \ com.android.settings Fixes: 64008672 Bug: 63644555 Change-Id: Id990c66516c9b3ed7ada6891746ec0e0eecbe545
2017-07-19 14:05:02 +09:00
parent 7edaa60315
commit 38a58371a0
2 changed files with 0 additions and 39 deletions
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -670,13 +670,6 @@
                android:value="true" />
        </activity>

-        <receiver android:name=".inputmethod.InputMethodDialogReceiver"
-                android:enabled="true">
-            <intent-filter>
-                <action android:name="android.settings.SHOW_INPUT_METHOD_PICKER" />
-            </intent-filter>
-        </receiver>
-
        <activity android:name="Settings$UserDictionarySettingsActivity"
                android:label="@string/user_dict_settings_title"
                android:taskAffinity="com.android.settings"
--- a/src/com/android/settings/inputmethod/InputMethodDialogReceiver.java
+++ b/src/com/android/settings/inputmethod/InputMethodDialogReceiver.java
@@ -1,32 +0,0 @@
-/*
- * Copyright (C) 2011 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.android.settings.inputmethod;
-
-import android.content.BroadcastReceiver;
-import android.content.Context;
-import android.content.Intent;
-import android.provider.Settings;
-import android.view.inputmethod.InputMethodManager;
-
-public class InputMethodDialogReceiver extends BroadcastReceiver {
-    @Override
-    public void onReceive(Context context, Intent intent) {
-        if (Settings.ACTION_SHOW_INPUT_METHOD_PICKER.equals(intent.getAction())) {
-            ((InputMethodManager) context.getSystemService(Context.INPUT_METHOD_SERVICE))
-                    .showInputMethodPicker(true /* showAuxiliarySubtypes */);
-        }
-    }
-}