Deprecate Intent.ACSD
The intent can be used to prevent the user from accessing critical
notifications (b/137274359) and system dialogs in general (eg. the
long-press power menu, assistant UIs, etc.). For these security reasons,
in S, the intent is severely limited to only a few use-cases/callers
after investigation (go/close-system-dialogs-usage), these are:
1. Permission holders of BROADCAST_CLOSE_SYSTEM_DIALOGS (includes
platform, sysUI and recents).
2. Non-activity notification trampolines: Apps send the intent before
starting an activity in trampolines.
3. Tests: Tests that interact with the UI send the intent to dismiss
random dialogs.
4. Windows above the notification shade: Apps with windows above the
shade that want to start activity send the intent to collapse the
shade in order to show the activity to the user.
For apps w/ targetSdk < S: The intent will be dropped with the exception
of the cases above.
For apps w/ targetSdk S+: Sending the intent will result in a
SecurityException except for cases 1 and 3. For cases 2 and 4:
2. Non-activity notification trampolines: These activity starts are
blocked (go/notification-trampolines), so the app has no reason to
send the intent anymore.
4. Windows above the notification shade: The platform will automatically
collapse the shade on activity starts in this case.
In all other use-cases, the user and the system is in control of closing
system dialogs, not third-party applications. Hence, marking
Intent.ACSD as deprecated for third-party applications.
Test: Builds
Bug: 159105552
Change-Id: Id82415ab4cfe09f7582da06ee20adb1e1cf447e0
diff --git a/core/api/current.txt b/core/api/current.txt
index 5a020d4..541eb03 100644
--- a/core/api/current.txt
+++ b/core/api/current.txt
@@ -10729,7 +10729,7 @@
field public static final String ACTION_CAMERA_BUTTON = "android.intent.action.CAMERA_BUTTON";
field public static final String ACTION_CARRIER_SETUP = "android.intent.action.CARRIER_SETUP";
field public static final String ACTION_CHOOSER = "android.intent.action.CHOOSER";
- field public static final String ACTION_CLOSE_SYSTEM_DIALOGS = "android.intent.action.CLOSE_SYSTEM_DIALOGS";
+ field @Deprecated @RequiresPermission("android.permission.BROADCAST_CLOSE_SYSTEM_DIALOGS") public static final String ACTION_CLOSE_SYSTEM_DIALOGS = "android.intent.action.CLOSE_SYSTEM_DIALOGS";
field public static final String ACTION_CONFIGURATION_CHANGED = "android.intent.action.CONFIGURATION_CHANGED";
field public static final String ACTION_CREATE_DOCUMENT = "android.intent.action.CREATE_DOCUMENT";
field public static final String ACTION_CREATE_REMINDER = "android.intent.action.CREATE_REMINDER";
diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
index a03bdf2..13a1381 100644
--- a/core/java/android/content/Intent.java
+++ b/core/java/android/content/Intent.java
@@ -2393,8 +2393,19 @@
* Broadcast Action: This is broadcast when a user action should request a
* temporary system dialog to dismiss. Some examples of temporary system
* dialogs are the notification window-shade and the recent tasks dialog.
+ *
+ * @deprecated This intent is deprecated for third-party applications starting from Android
+ * {@link Build.VERSION_CODES#S} for security reasons. Unauthorized usage by applications
+ * will result in the broadcast intent being dropped for apps targeting API level less than
+ * {@link Build.VERSION_CODES#S} and in a {@link SecurityException} for apps targeting SDK
+ * level {@link Build.VERSION_CODES#S} or higher. Instrumentation initiated from the shell
+ * (eg. tests) is still able to use the intent. The platform will automatically collapse
+ * the proper system dialogs in the proper use-cases. For all others, the user is the one in
+ * control of closing dialogs.
*/
@SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
+ @RequiresPermission(android.Manifest.permission.BROADCAST_CLOSE_SYSTEM_DIALOGS)
+ @Deprecated
public static final String ACTION_CLOSE_SYSTEM_DIALOGS = "android.intent.action.CLOSE_SYSTEM_DIALOGS";
/**
* Broadcast Action: Trigger the download and eventual installation
