BluetoothPermissionActivity and DevicePickerFragment will send
broadcast to return the result to calling apps. As this broadcast
intent is from Settings with uid 1000, it will be sent to any
protected BroadcastReceivers in the device. It can make an attacker
send broadcast to protected BroadcastReceivers like factory reset intent
(android/com.android.server.MasterClearReceiver) via
BluetoothPermissionActivity or DevicePickerFragment.
This CL will not allow to set package name and class name to avoid
the attacker.
Bug: 179386960
Bug: 179386068
Test: make -j42 RunSettingsRoboTests and use test apk to manually test
to verify factory reset not started and no system UI notification.
Change-Id: Id27a78091ab578077853b8fbb97a4422cff0a158
(cherry picked from commit 8adedc6249)
Before this CL, there is a possible phishing attack allowing a malicious
BT device to acquire permissions based on insufficient information
presented to the user in the consent dialog. This could lead to local
escalation of privilege with no additional execution privileges needed.
User interaction is needed for exploitation.
This CL add more prompts presented for users to avoid phishing attacks.
Merge Conflict Notes:
There were a number of entries in strings.xml that did not exist on this
branch. However, as the CL only adds new entries rather than modifying
old ones this should not cause a problem. There were no merge conflicts
in the java files.
Bug: 167403112
Test: send intent to test right prompts message is pop up. make -j42 RunSettingsRoboTests
Change-Id: Idc6ef558b692115bb82ea58cf223f5919b618633
For current design, message sharing option only display when
mapPermisson != CachedBluetoothDevice.ACCESS_UNKNOWN. MAP permisson only
saved when user reject requset twice or accept request, if user just
reject once, permission will be ACCESS_UNKNOWN and message sharing
option will not display. This patch remove the check of
MessageRejectionCount and always save message permission choice.
Bug: 120291728
Test: reject message access request and check device details page
Change-Id: I071491d3c4134ed348e195f054b6557e397cdd6a
Having consistent import order will reduce chance of merge
conflict between internal and external master
Test: rebuild
Change-Id: I0b1a170967ddcce7f388603fd521f6ed1eeba30b
Move the non-ui bluetooth control/tracking code to SettingsLib so
that it can be shared with others.
Mostly just move classes to frameworks/base/packages/SettingsLib,
however a few things had to move around.
- Dock handling had to move back to code still in settings
- Local preference related code had to be moved back to settings
- Added an error flow from SettingsLib to Settings
Depends on I69fd888362c6dbb325f6113b32c4b15cc6a23a41
Bug: 19180466
Change-Id: Ie57fe26a27bbb0adc2ef69e042a05c7290c6a52a
Currently, users' preference in phonebook and call history or message
access per each Bluetooth-paired device is stored in Settings application's
shared preferences.
However, some privileged applications other than Settings need to access
such data. So we decided to migrate the data from Settings application's
shared preferences to Bluetooth application's.
Bug: 17158953
Change-Id: I44fde350ea35027df0de77feec1ea19c65f2f1c6
We can remember it as a non persist global value when user click no.
This value won't be saved when power down.
We will restore the permission choice
when we are disconnected with the remote device.
So the "no" choice selected by user will only take effect
until we are disconnected with the remote device.
bug:11176511
Change-Id: Ic0c0829587cf7a812b5fa96fbd381921f67c186f
- Fixes to the issues found during review.
- added support for BluetoothProfile ProfileService Classes
- Added new MapProfile.java to comply with new structure
- changed ORDINAL to use BluetoothProfile.MAP directly
- Moved construction of MapProfile to LocalBluetoothProfileManager constructor
- Added support for multiple concurent permission activities and/or multiple notifications (i.e. pbap and map permission request right after each other)
- cleanup
- changed settings to use Notification.Builder
- made the notifications for map/pbab more informative
- added handling of back button + "clear all notifications"
Bug:10692365
Change-Id: I9803c9658a96b1a9c1d4734d2fdd22f1421d2827
This fixes a NPE by ensuring that cached device list has
a cached device associated with a given BDA before accessing
the cached device
Bug:5964529
Change-Id: Ib2c3596e6e008c78f9f1137134e421ca710e1217
Change the always-allowed checkbox to be don't-ask-again checkbox to remember
user's decision so that user will not be bothered agian if he/she checks
the don't-ask-again checkbox
bug 5099661
Change-Id: If32ab8e93313bbd33ff040553083f0cf9359b69e
Show user dialog for incoming BT connection requests from unknown
devices. Move phone book access permission dialog from bluetooth to settings.
The permision dialog pops up to the screen properly instead of
always as notification. AT+CPBR will also use the permission dialog
to ask for user permission.
bug 4489572
Change-Id: Ic1e74b2a9416a462cac4f519240a313691da90c4
