• R/O
  • HTTP
  • SSH
  • HTTPS

コミット

よく使われているワード(クリックで追加)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

packages/apps/Settings


コミットメタ情報

リビジョンbbe765f992f5852154a8e7aa6a4117f74fd99493 (tree)
日時2020-12-31 11:33:52
作者Hugh Chen <hughchen@goog...>
コミッターBryan Ferris

ログメッセージ

RESTRICT AUTOMERGE Fix phishing attacks over Bluetooth due to unclear warning message

Before this CL, there is a possible phishing attack allowing a malicious
BT device to acquire permissions based on insufficient information
presented to the user in the consent dialog. This could lead to local
escalation of privilege with no additional execution privileges needed.
User interaction is needed for exploitation.

This CL add more prompts presented for users to avoid phishing attacks.

Merge Conflict Notes:
There were a number of entries in strings.xml that did not exist on this
branch. However, as the CL only adds new entries rather than modifying
old ones this should not cause a problem. There were no merge conflicts
in the java files.

Bug: 167403112
Test: send intent to test right prompts message is pop up. make -j42 RunSettingsRoboTests
Change-Id: Idc6ef558b692115bb82ea58cf223f5919b618633

変更サマリ

差分

--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -11315,4 +11315,17 @@
1131511315 <!-- Summary for Enterprise Privacy settings, explaining what the user can expect to find under it [CHAR LIMIT=NONE]-->
1131611316 <string name="work_policy_privacy_settings_summary">Settings managed by your IT admin</string>
1131711317
11318+ <!-- Bluetooth message permission alert for notification content [CHAR LIMIT=none] -->
11319+ <string name="bluetooth_message_access_notification_content">Untrusted device wants to access your messages. Tap for details.</string>
11320+ <!-- Bluetooth message permission alert for dialog title [CHAR LIMIT=none] -->
11321+ <string name="bluetooth_message_access_dialog_title">Allow access to messages?</string>
11322+ <!-- Bluetooth message permission alert for dialog content [CHAR LIMIT=none] -->
11323+ <string name="bluetooth_message_access_dialog_content">An untrusted Bluetooth device, [<xliff:g id="device_name" example="My device">%1$s</xliff:g>], wants to access your messages.\n\nYou haven\u2019t connected to [<xliff:g id="device_name" example="My device">%2$s</xliff:g>] before.</string>
11324+ <!-- Bluetooth phonebook permission alert for notification content [CHAR LIMIT=none] -->
11325+ <string name="bluetooth_phonebook_access_notification_content">Untrusted device wants to access your contacts and call log. Tap for details.</string>
11326+ <!-- Bluetooth phonebook permission alert for dialog title [CHAR LIMIT=none] -->
11327+ <string name="bluetooth_phonebook_access_dialog_title">Allow access to contacts and call log?</string>
11328+ <!-- Bluetooth phonebook permission alert for dialog content [CHAR LIMIT=none] -->
11329+ <string name="bluetooth_phonebook_access_dialog_content">An untrusted Bluetooth device, [<xliff:g id="device_name" example="My device">%1$s</xliff:g>], wants to access your contacts and call log. This includes data about incoming and outgoing calls.\n\nYou haven\u2019t connected to [<xliff:g id="device_name" example="My device">%2$s</xliff:g>] before.</string>
11330+
1131811331 </resources>
--- a/src/com/android/settings/bluetooth/BluetoothPermissionActivity.java
+++ b/src/com/android/settings/bluetooth/BluetoothPermissionActivity.java
@@ -99,9 +99,9 @@ public class BluetoothPermissionActivity extends AlertActivity implements
9999 if (mRequestType == BluetoothDevice.REQUEST_TYPE_PROFILE_CONNECTION) {
100100 showDialog(getString(R.string.bluetooth_connection_permission_request), mRequestType);
101101 } else if (mRequestType == BluetoothDevice.REQUEST_TYPE_PHONEBOOK_ACCESS) {
102- showDialog(getString(R.string.bluetooth_phonebook_request), mRequestType);
102+ showDialog(getString(R.string.bluetooth_phonebook_access_dialog_title), mRequestType);
103103 } else if (mRequestType == BluetoothDevice.REQUEST_TYPE_MESSAGE_ACCESS) {
104- showDialog(getString(R.string.bluetooth_map_request), mRequestType);
104+ showDialog(getString(R.string.bluetooth_message_access_dialog_title), mRequestType);
105105 } else if (mRequestType == BluetoothDevice.REQUEST_TYPE_SIM_ACCESS) {
106106 showDialog(getString(R.string.bluetooth_sap_request), mRequestType);
107107 }
@@ -136,9 +136,9 @@ public class BluetoothPermissionActivity extends AlertActivity implements
136136 p.mView = createSapDialogView();
137137 break;
138138 }
139- p.mPositiveButtonText = getString(R.string.yes);
139+ p.mPositiveButtonText = getString(R.string.allow);
140140 p.mPositiveButtonListener = this;
141- p.mNegativeButtonText = getString(R.string.no);
141+ p.mNegativeButtonText = getString(R.string.deny);
142142 p.mNegativeButtonListener = this;
143143 mOkButton = mAlert.getButton(DialogInterface.BUTTON_POSITIVE);
144144 setupAlert();
@@ -168,7 +168,7 @@ public class BluetoothPermissionActivity extends AlertActivity implements
168168 String mRemoteName = Utils.createRemoteName(this, mDevice);
169169 mView = getLayoutInflater().inflate(R.layout.bluetooth_access, null);
170170 messageView = (TextView)mView.findViewById(R.id.message);
171- messageView.setText(getString(R.string.bluetooth_pb_acceptance_dialog_text,
171+ messageView.setText(getString(R.string.bluetooth_phonebook_access_dialog_content,
172172 mRemoteName, mRemoteName));
173173 return mView;
174174 }
@@ -177,7 +177,7 @@ public class BluetoothPermissionActivity extends AlertActivity implements
177177 String mRemoteName = Utils.createRemoteName(this, mDevice);
178178 mView = getLayoutInflater().inflate(R.layout.bluetooth_access, null);
179179 messageView = (TextView)mView.findViewById(R.id.message);
180- messageView.setText(getString(R.string.bluetooth_map_acceptance_dialog_text,
180+ messageView.setText(getString(R.string.bluetooth_message_access_dialog_content,
181181 mRemoteName, mRemoteName));
182182 return mView;
183183 }
--- a/src/com/android/settings/bluetooth/BluetoothPermissionRequest.java
+++ b/src/com/android/settings/bluetooth/BluetoothPermissionRequest.java
@@ -140,13 +140,13 @@ public final class BluetoothPermissionRequest extends BroadcastReceiver {
140140 switch (mRequestType) {
141141 case BluetoothDevice.REQUEST_TYPE_PHONEBOOK_ACCESS:
142142 title = context.getString(R.string.bluetooth_phonebook_request);
143- message = context.getString(R.string.bluetooth_pb_acceptance_dialog_text,
144- deviceAlias, deviceAlias);
143+ message = context.getString(
144+ R.string.bluetooth_phonebook_access_notification_content);
145145 break;
146146 case BluetoothDevice.REQUEST_TYPE_MESSAGE_ACCESS:
147147 title = context.getString(R.string.bluetooth_map_request);
148- message = context.getString(R.string.bluetooth_map_acceptance_dialog_text,
149- deviceAlias, deviceAlias);
148+ message = context.getString(
149+ R.string.bluetooth_message_access_notification_content);
150150 break;
151151 case BluetoothDevice.REQUEST_TYPE_SIM_ACCESS:
152152 title = context.getString(R.string.bluetooth_sap_request);
@@ -172,6 +172,7 @@ public final class BluetoothPermissionRequest extends BroadcastReceiver {
172172 .setContentTitle(title)
173173 .setTicker(message)
174174 .setContentText(message)
175+ .setStyle(new Notification.BigTextStyle().bigText(message))
175176 .setSmallIcon(android.R.drawable.stat_sys_data_bluetooth)
176177 .setAutoCancel(true)
177178 .setPriority(Notification.PRIORITY_MAX)