Deprecate Intent.ACSD
The intent can be used to prevent the user from accessing critical
notifications (b/137274359) and system dialogs in general (eg. the
long-press power menu, assistant UIs, etc.). For these security reasons,
in S, the intent is severely limited to only a few use-cases/callers
after investigation (go/close-system-dialogs-usage), these are:
1. Permission holders of BROADCAST_CLOSE_SYSTEM_DIALOGS (includes
platform, sysUI and recents).
2. Non-activity notification trampolines: Apps send the intent before
starting an activity in trampolines.
3. Tests: Tests that interact with the UI send the intent to dismiss
random dialogs.
4. Windows above the notification shade: Apps with windows above the
shade that want to start activity send the intent to collapse the
shade in order to show the activity to the user.
For apps w/ targetSdk < S: The intent will be dropped with the exception
of the cases above.
For apps w/ targetSdk S+: Sending the intent will result in a
SecurityException except for cases 1 and 3. For cases 2 and 4:
2. Non-activity notification trampolines: These activity starts are
blocked (go/notification-trampolines), so the app has no reason to
send the intent anymore.
4. Windows above the notification shade: The platform will automatically
collapse the shade on activity starts in this case.
In all other use-cases, the user and the system is in control of closing
system dialogs, not third-party applications. Hence, marking
Intent.ACSD as deprecated for third-party applications.
Test: Builds
Bug: 159105552
Change-Id: Id82415ab4cfe09f7582da06ee20adb1e1cf447e0
2 files changed