DO NOT MERGE add private function convertSafeLable
Bug: 28557603
Change-Id: I8d6a13a71011c38e7dd7039fa7ae0a69cf6adc2e
diff --git a/src/java/com/android/internal/telephony/SMSDispatcher.java b/src/java/com/android/internal/telephony/SMSDispatcher.java
index 7590a8a..963b872 100644
--- a/src/java/com/android/internal/telephony/SMSDispatcher.java
+++ b/src/java/com/android/internal/telephony/SMSDispatcher.java
@@ -16,6 +16,7 @@
package com.android.internal.telephony;
import android.annotation.Nullable;
+import android.annotation.NonNull;
import android.app.Activity;
import android.app.AlertDialog;
import android.app.PendingIntent;
@@ -52,6 +53,7 @@
import android.telephony.TelephonyManager;
import android.text.Html;
import android.text.Spanned;
+import android.text.TextPaint;
import android.text.TextUtils;
import android.util.EventLog;
import android.view.LayoutInflater;
@@ -87,6 +89,7 @@
static final String TAG = "SMSDispatcher"; // accessed from inner class
static final boolean DBG = false;
private static final String SEND_NEXT_MSG_EXTRA = "SendNextMsg";
+ private static final float MAX_LABEL_SIZE_PX = 500f;
private static final int PREMIUM_RULE_USE_SIM = 1;
private static final int PREMIUM_RULE_USE_NETWORK = 2;
@@ -1102,7 +1105,8 @@
PackageManager pm = mContext.getPackageManager();
try {
ApplicationInfo appInfo = pm.getApplicationInfo(appPackage, 0);
- return appInfo.loadSafeLabel(pm);
+ String label = appInfo.loadLabel(pm).toString();
+ return convertSafeLabel(label, appPackage);
} catch (PackageManager.NameNotFoundException e) {
Rlog.e(TAG, "PackageManager Name Not Found for package " + appPackage);
return appPackage; // fall back to package name if we can't get app label
@@ -1110,6 +1114,53 @@
}
/**
+ * Check appLabel with the addition that the returned label is safe for being presented
+ * in the UI since it will not contain new lines and the length will be limited to a
+ * reasonable amount. This prevents a malicious party to influence UI
+ * layout via the app label misleading the user into performing a
+ * detrimental for them action. If the label is too long it will be
+ * truncated and ellipsized at the end.
+ *
+ * @param label A string of appLabel from PackageItemInfo#loadLabel
+ * @param appPackage the package name of the app requesting to send an SMS
+ * @return Returns a CharSequence containing the item's label. If the
+ * item does not have a label, its name is returned.
+ */
+ private CharSequence convertSafeLabel(@NonNull String labelStr, String appPackage) {
+ // If the label contains new line characters it may push the UI
+ // down to hide a part of it. Labels shouldn't have new line
+ // characters, so just truncate at the first time one is seen.
+ final int labelLength = labelStr.length();
+ int offset = 0;
+ while (offset < labelLength) {
+ final int codePoint = labelStr.codePointAt(offset);
+ final int type = Character.getType(codePoint);
+ if (type == Character.LINE_SEPARATOR
+ || type == Character.CONTROL
+ || type == Character.PARAGRAPH_SEPARATOR) {
+ labelStr = labelStr.substring(0, offset);
+ break;
+ }
+ // replace all non-break space to " " in order to be trimmed
+ if (type == Character.SPACE_SEPARATOR) {
+ labelStr = labelStr.substring(0, offset) + " " + labelStr.substring(offset +
+ Character.charCount(codePoint));
+ }
+ offset += Character.charCount(codePoint);
+ }
+
+ labelStr = labelStr.trim();
+ if (labelStr.isEmpty()) {
+ return appPackage;
+ }
+ TextPaint paint = new TextPaint();
+ paint.setTextSize(42);
+
+ return TextUtils.ellipsize(labelStr, paint, MAX_LABEL_SIZE_PX,
+ TextUtils.TruncateAt.END);
+ }
+
+ /**
* Post an alert when SMS needs confirmation due to excessive usage.
* @param tracker an SmsTracker for the current message.
*/
