From 4e71b31e0c85f4928c0db2c9e35129e5c192eb68 Mon Sep 17 00:00:00 2001
From: Winson <chiuwinson@google.com>
Date: Wed, 28 Oct 2020 13:25:44 -0700
Subject: Remove updateIntentVerificationStatusAsUser from ResolverActivity

DO NOT CHERRY PICK ANYWHERE: Security issue

This API is meant to grant an app complete verification over the
domains it has declared, meaning it will always resolve the domains it
declares for web links.

This can allow an app to take over links that are unowned. Any time a
user selects "Always" when resolving an Intent in the diambiguation
dialog, this API would be called, and all subsequent resolutions of any
domain declared by the app selected would be automatically directed to
that app, with no prompt to the user.

From a quick search, it's possible that all usages of this API are
actually unintended and should be removed. Should be considered for
deprecation in the future.

Bug: 163358811

Test: none, this is not generally testable, see linked bug for context

Merged-In: Iff7f788a83af68c7fbb1c6b9a8be7b47136be2b6
Change-Id: Iff7f788a83af68c7fbb1c6b9a8be7b47136be2b6
---
 .../com/android/internal/app/ResolverActivity.java    | 19 -------------------
 1 file changed, 19 deletions(-)

diff --git a/core/java/com/android/internal/app/ResolverActivity.java b/core/java/com/android/internal/app/ResolverActivity.java
index ceb06f511108..2b8dfad202ed 100644
--- a/core/java/com/android/internal/app/ResolverActivity.java
+++ b/core/java/com/android/internal/app/ResolverActivity.java
@@ -780,25 +780,6 @@ public class ResolverActivity extends Activity {
                         if (TextUtils.isEmpty(packageName)) {
                             pm.setDefaultBrowserPackageNameAsUser(ri.activityInfo.packageName, userId);
                         }
-                    } else {
-                        // Update Domain Verification status
-                        ComponentName cn = intent.getComponent();
-                        String packageName = cn.getPackageName();
-                        String dataScheme = (data != null) ? data.getScheme() : null;
-
-                        boolean isHttpOrHttps = (dataScheme != null) &&
-                                (dataScheme.equals(IntentFilter.SCHEME_HTTP) ||
-                                        dataScheme.equals(IntentFilter.SCHEME_HTTPS));
-
-                        boolean isViewAction = (action != null) && action.equals(Intent.ACTION_VIEW);
-                        boolean hasCategoryBrowsable = (categories != null) &&
-                                categories.contains(Intent.CATEGORY_BROWSABLE);
-
-                        if (isHttpOrHttps && isViewAction && hasCategoryBrowsable) {
-                            pm.updateIntentVerificationStatusAsUser(packageName,
-                                    PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS,
-                                    userId);
-                        }
                     }
                 } else {
                     try {
-- 
cgit v1.2.3-59-g8ed1b