Fix phishing attacks over Bluetooth due to unclear warning message

Before this CL, there is a possible phishing attack allowing a malicious BT device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. This CL add more prompts presented for users to avoid phishing attacks. Bug: 167403112 Test: send intent to test right prompts message is pop up. make -j42 RunSettingsRoboTests Change-Id: Idc6ef558b692115bb82ea58cf223f5919b618633
2020-12-17 11:29:31 +08:00
parent b763de8493
commit db9175015a
3 changed files with 24 additions and 10 deletions
--- a/src/com/android/settings/bluetooth/BluetoothPermissionActivity.java
+++ b/src/com/android/settings/bluetooth/BluetoothPermissionActivity.java
@@ -96,9 +96,9 @@ public class BluetoothPermissionActivity extends AlertActivity implements
        if (mRequestType == BluetoothDevice.REQUEST_TYPE_PROFILE_CONNECTION) {
            showDialog(getString(R.string.bluetooth_connection_permission_request), mRequestType);
        } else if (mRequestType == BluetoothDevice.REQUEST_TYPE_PHONEBOOK_ACCESS) {
-            showDialog(getString(R.string.bluetooth_phonebook_request), mRequestType);
+            showDialog(getString(R.string.bluetooth_phonebook_access_dialog_title), mRequestType);
        } else if (mRequestType == BluetoothDevice.REQUEST_TYPE_MESSAGE_ACCESS) {
-            showDialog(getString(R.string.bluetooth_map_request), mRequestType);
+            showDialog(getString(R.string.bluetooth_message_access_dialog_title), mRequestType);
        } else if (mRequestType == BluetoothDevice.REQUEST_TYPE_SIM_ACCESS) {
            showDialog(getString(R.string.bluetooth_sap_request), mRequestType);
        }
@@ -133,9 +133,9 @@ public class BluetoothPermissionActivity extends AlertActivity implements
            p.mView = createSapDialogView();
            break;
        }
-        p.mPositiveButtonText = getString(R.string.yes);
+        p.mPositiveButtonText = getString(R.string.allow);
        p.mPositiveButtonListener = this;
-        p.mNegativeButtonText = getString(R.string.no);
+        p.mNegativeButtonText = getString(R.string.deny);
        p.mNegativeButtonListener = this;
        mOkButton = mAlert.getButton(DialogInterface.BUTTON_POSITIVE);
        setupAlert();
@@ -165,7 +165,7 @@ public class BluetoothPermissionActivity extends AlertActivity implements
        String mRemoteName = Utils.createRemoteName(this, mDevice);
        mView = getLayoutInflater().inflate(R.layout.bluetooth_access, null);
        messageView = (TextView)mView.findViewById(R.id.message);
-        messageView.setText(getString(R.string.bluetooth_pb_acceptance_dialog_text,
+        messageView.setText(getString(R.string.bluetooth_phonebook_access_dialog_content,
                mRemoteName, mRemoteName));
        return mView;
    }
@@ -174,7 +174,7 @@ public class BluetoothPermissionActivity extends AlertActivity implements
        String mRemoteName = Utils.createRemoteName(this, mDevice);
        mView = getLayoutInflater().inflate(R.layout.bluetooth_access, null);
        messageView = (TextView)mView.findViewById(R.id.message);
-        messageView.setText(getString(R.string.bluetooth_map_acceptance_dialog_text,
+        messageView.setText(getString(R.string.bluetooth_message_access_dialog_content,
                mRemoteName, mRemoteName));
        return mView;
    }
--- a/src/com/android/settings/bluetooth/BluetoothPermissionRequest.java
+++ b/src/com/android/settings/bluetooth/BluetoothPermissionRequest.java
@@ -139,13 +139,13 @@ public final class BluetoothPermissionRequest extends BroadcastReceiver {
                switch (mRequestType) {
                    case BluetoothDevice.REQUEST_TYPE_PHONEBOOK_ACCESS:
                        title = context.getString(R.string.bluetooth_phonebook_request);
-                        message = context.getString(R.string.bluetooth_pb_acceptance_dialog_text,
-                                deviceAlias, deviceAlias);
+                        message = context.getString(
+                                R.string.bluetooth_phonebook_access_notification_content);
                        break;
                    case BluetoothDevice.REQUEST_TYPE_MESSAGE_ACCESS:
                        title = context.getString(R.string.bluetooth_map_request);
-                        message = context.getString(R.string.bluetooth_map_acceptance_dialog_text,
-                                deviceAlias, deviceAlias);
+                        message = context.getString(
+                                R.string.bluetooth_message_access_notification_content);
                        break;
                    case BluetoothDevice.REQUEST_TYPE_SIM_ACCESS:
                        title = context.getString(R.string.bluetooth_sap_request);
@@ -171,6 +171,7 @@ public final class BluetoothPermissionRequest extends BroadcastReceiver {
                        .setContentTitle(title)
                        .setTicker(message)
                        .setContentText(message)
+                        .setStyle(new Notification.BigTextStyle().bigText(message))
                        .setSmallIcon(android.R.drawable.stat_sys_data_bluetooth)
                        .setAutoCancel(true)
                        .setPriority(Notification.PRIORITY_MAX)