From 897a0e04707194caaf86521462b3581427c78204 Mon Sep 17 00:00:00 2001
From: Bernardo Rufino <brufino@google.com>
Date: Wed, 6 Nov 2019 15:00:27 +0000
Subject: [PATCH] Ignore "package:<package>" in MANAGE_OVERLAY_PERMISSION
 intent

Before this change, intents with action = MANAGE_OVERLAY_PERMISSION and data =
URI "package:<package>" would redirect the user to the specific app screen with
the toggle to grant SYSTEM_ALERT_WINDOW (SAW) permission.

This makes it too easy for malicious apps to fool the user into enabling
it and we know that exist malware attempts to do so.

This CL redirects that intent to the screen that list all the apps
requesting SAW permission, introducing some friction for the user, which
hopefully will allow more time for consideration.

This is consistent with how other access permission intents work.

Test: Working on CTS
Test: adb shell am start -a
      android.settings.action.MANAGE_OVERLAY_PERMISSION -d package:<package>
      goes to list of apps screen
Test: adb shell am start -a android.settings.action.MANAGE_OVERLAY_PERMISSION
      also goes there
Bug: 135920175

Change-Id: I02fb842106602dab7fc285d0741edb58432ac7ad
---
 AndroidManifest.xml                    | 9 +--------
 src/com/android/settings/Settings.java | 1 -
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index afc4d40e3f4..f2ed29cd3b7 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -2701,20 +2701,13 @@
                 <action android:name="android.settings.action.MANAGE_OVERLAY_PERMISSION" />
                 <category android:name="android.intent.category.DEFAULT" />
             </intent-filter>
-            <meta-data android:name="com.android.settings.FRAGMENT_CLASS"
-                android:value="com.android.settings.applications.manageapplications.ManageApplications" />
-        </activity>
-
-        <activity
-            android:name="Settings$AppDrawOverlaySettingsActivity"
-            android:label="@string/draw_overlay">
             <intent-filter android:priority="1">
                 <action android:name="android.settings.action.MANAGE_OVERLAY_PERMISSION" />
                 <category android:name="android.intent.category.DEFAULT" />
                 <data android:scheme="package" />
             </intent-filter>
             <meta-data android:name="com.android.settings.FRAGMENT_CLASS"
-                android:value="com.android.settings.applications.appinfo.DrawOverlayDetails" />
+                android:value="com.android.settings.applications.manageapplications.ManageApplications" />
         </activity>
 
         <activity
diff --git a/src/com/android/settings/Settings.java b/src/com/android/settings/Settings.java
index 24963b3adfb..c189b7b2ffe 100644
--- a/src/com/android/settings/Settings.java
+++ b/src/com/android/settings/Settings.java
@@ -137,7 +137,6 @@ public class Settings extends SettingsActivity {
     public static class OverlaySettingsActivity extends SettingsActivity { /* empty */ }
     public static class WriteSettingsActivity extends SettingsActivity { /* empty */ }
     public static class ChangeWifiStateActivity extends SettingsActivity { /* empty */ }
-    public static class AppDrawOverlaySettingsActivity extends SettingsActivity { /* empty */ }
     public static class AppWriteSettingsActivity extends SettingsActivity { /* empty */ }
 
     public static class ManageExternalSourcesActivity extends SettingsActivity {/* empty */ }