[DO NOT MERGE] Verify URI Permissions in Autofill RemoteViews
Check permissions of URI inside of FillResponse's RemoteViews. If the
current user does not have the required permissions to view the URI, the
RemoteView is dropped from displaying.
This fixes a security spill in which a user can view content of another
user through a malicious Autofill provider.
Bug: 283137865
Fixes: b/283264674 b/281666022 b/281665050 b/281848557 b/281533566
b/281534749 b/283101289
Test: Verified by POC app attached in bugs
Test: atest CtsAutoFillServiceTestCases (added new tests)
Change-Id: I6f4d2a35e89bbed7bd9e07bf5cd3e2d68b20af9a
Merged-In: I6f4d2a35e89bbed7bd9e07bf5cd3e2d68b20af9a
4 files changed
