Fix phishing attacks over Bluetooth due to unclear warning message

Before this CL, there is a possible phishing attack allowing a malicious
BT device to acquire permissions based on insufficient information
presented to the user in the consent dialog. This could lead to local
escalation of privilege with no additional execution privileges needed.
User interaction is needed for exploitation.

This CL add more prompts presented for users to avoid phishing attacks.

Bug: 167403112
Test: send intent to test right prompts message is pop up. make -j42 RunSettingsRoboTests
Change-Id: Idc6ef558b692115bb82ea58cf223f5919b618633

res/values/strings.xml

@@ -12499,4 +12499,17 @@
 
     <!-- Title for setting tile leading to Apps settings [CHAR LIMIT=40]-->
     <string name="apps_dashboard_title">Apps</string>
+
+    <!-- Bluetooth message permission alert for notification content [CHAR LIMIT=none] -->
+    <string name="bluetooth_message_access_notification_content">Untrusted device wants to access your messages. Tap for details.</string>
+    <!-- Bluetooth message permission alert for dialog title [CHAR LIMIT=none] -->
+    <string name="bluetooth_message_access_dialog_title">Allow access to messages?</string>
+    <!-- Bluetooth message permission alert for dialog content [CHAR LIMIT=none] -->
+    <string name="bluetooth_message_access_dialog_content">An untrusted Bluetooth device, [<xliff:g id="device_name" example="My device">%1$s</xliff:g>], wants to access your messages.\n\nYou haven\u2019t connected to [<xliff:g id="device_name" example="My device">%2$s</xliff:g>] before.</string>
+    <!-- Bluetooth phonebook permission alert for notification content [CHAR LIMIT=none] -->
+    <string name="bluetooth_phonebook_access_notification_content">Untrusted device wants to access your contacts and call log. Tap for details.</string>
+    <!-- Bluetooth phonebook permission alert for dialog title [CHAR LIMIT=none] -->
+    <string name="bluetooth_phonebook_access_dialog_title">Allow access to contacts and call log?</string>
+    <!-- Bluetooth phonebook permission alert for dialog content [CHAR LIMIT=none] -->
+    <string name="bluetooth_phonebook_access_dialog_content">An untrusted Bluetooth device, [<xliff:g id="device_name" example="My device">%1$s</xliff:g>], wants to access your contacts and call log. This includes data about incoming and outgoing calls.\n\nYou haven\u2019t connected to [<xliff:g id="device_name" example="My device">%2$s</xliff:g>] before.</string>
 </resources>

src/com/android/settings/bluetooth/BluetoothPermissionActivity.java

@@ -96,9 +96,9 @@ public class BluetoothPermissionActivity extends AlertActivity implements
         if (mRequestType == BluetoothDevice.REQUEST_TYPE_PROFILE_CONNECTION) {
             showDialog(getString(R.string.bluetooth_connection_permission_request), mRequestType);
         } else if (mRequestType == BluetoothDevice.REQUEST_TYPE_PHONEBOOK_ACCESS) {
-            showDialog(getString(R.string.bluetooth_phonebook_request), mRequestType);
+            showDialog(getString(R.string.bluetooth_phonebook_access_dialog_title), mRequestType);
         } else if (mRequestType == BluetoothDevice.REQUEST_TYPE_MESSAGE_ACCESS) {
-            showDialog(getString(R.string.bluetooth_map_request), mRequestType);
+            showDialog(getString(R.string.bluetooth_message_access_dialog_title), mRequestType);
         } else if (mRequestType == BluetoothDevice.REQUEST_TYPE_SIM_ACCESS) {
             showDialog(getString(R.string.bluetooth_sap_request), mRequestType);
         }
@@ -133,9 +133,9 @@ public class BluetoothPermissionActivity extends AlertActivity implements
             p.mView = createSapDialogView();
             break;
         }
-        p.mPositiveButtonText = getString(R.string.yes);
+        p.mPositiveButtonText = getString(R.string.allow);
         p.mPositiveButtonListener = this;
-        p.mNegativeButtonText = getString(R.string.no);
+        p.mNegativeButtonText = getString(R.string.deny);
         p.mNegativeButtonListener = this;
         mOkButton = mAlert.getButton(DialogInterface.BUTTON_POSITIVE);
         setupAlert();
@@ -165,7 +165,7 @@ public class BluetoothPermissionActivity extends AlertActivity implements
         String mRemoteName = Utils.createRemoteName(this, mDevice);
         mView = getLayoutInflater().inflate(R.layout.bluetooth_access, null);
         messageView = (TextView)mView.findViewById(R.id.message);
-        messageView.setText(getString(R.string.bluetooth_pb_acceptance_dialog_text,
+        messageView.setText(getString(R.string.bluetooth_phonebook_access_dialog_content,
                 mRemoteName, mRemoteName));
         return mView;
     }
@@ -174,7 +174,7 @@ public class BluetoothPermissionActivity extends AlertActivity implements
         String mRemoteName = Utils.createRemoteName(this, mDevice);
         mView = getLayoutInflater().inflate(R.layout.bluetooth_access, null);
         messageView = (TextView)mView.findViewById(R.id.message);
-        messageView.setText(getString(R.string.bluetooth_map_acceptance_dialog_text,
+        messageView.setText(getString(R.string.bluetooth_message_access_dialog_content,
                 mRemoteName, mRemoteName));
         return mView;
     }

src/com/android/settings/bluetooth/BluetoothPermissionRequest.java

@@ -139,13 +139,13 @@ public final class BluetoothPermissionRequest extends BroadcastReceiver {
                 switch (mRequestType) {
                     case BluetoothDevice.REQUEST_TYPE_PHONEBOOK_ACCESS:
                         title = context.getString(R.string.bluetooth_phonebook_request);
-                        message = context.getString(R.string.bluetooth_pb_acceptance_dialog_text,
+                        message = context.getString(
-                                deviceAlias, deviceAlias);
+                                R.string.bluetooth_phonebook_access_notification_content);
                         break;
                     case BluetoothDevice.REQUEST_TYPE_MESSAGE_ACCESS:
                         title = context.getString(R.string.bluetooth_map_request);
-                        message = context.getString(R.string.bluetooth_map_acceptance_dialog_text,
+                        message = context.getString(
-                                deviceAlias, deviceAlias);
+                                R.string.bluetooth_message_access_notification_content);
                         break;
                     case BluetoothDevice.REQUEST_TYPE_SIM_ACCESS:
                         title = context.getString(R.string.bluetooth_sap_request);
@@ -171,6 +171,7 @@ public final class BluetoothPermissionRequest extends BroadcastReceiver {
                         .setContentTitle(title)
                         .setTicker(message)
                         .setContentText(message)
+                        .setStyle(new Notification.BigTextStyle().bigText(message))
                         .setSmallIcon(android.R.drawable.stat_sys_data_bluetooth)
                         .setAutoCancel(true)
                         .setPriority(Notification.PRIORITY_MAX)