diff --git a/api/system-current.txt b/api/system-current.txt index 3c88e5979c8ec..04d2a04871ea5 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -9469,6 +9469,7 @@ package android.content.pm { method public android.graphics.drawable.Drawable loadIcon(android.content.pm.PackageManager); method public java.lang.CharSequence loadLabel(android.content.pm.PackageManager); method public android.graphics.drawable.Drawable loadLogo(android.content.pm.PackageManager); + method public java.lang.CharSequence loadSafeLabel(android.content.pm.PackageManager); method public android.graphics.drawable.Drawable loadUnbadgedIcon(android.content.pm.PackageManager); method public android.content.res.XmlResourceParser loadXmlMetaData(android.content.pm.PackageManager, java.lang.String); method public void writeToParcel(android.os.Parcel, int); diff --git a/core/java/android/content/pm/PackageItemInfo.java b/core/java/android/content/pm/PackageItemInfo.java index 22a899cda05b7..0d089d0613e73 100644 --- a/core/java/android/content/pm/PackageItemInfo.java +++ b/core/java/android/content/pm/PackageItemInfo.java @@ -16,6 +16,8 @@ package android.content.pm; +import android.annotation.NonNull; +import android.annotation.SystemApi; import android.content.res.XmlResourceParser; import android.graphics.drawable.Drawable; @@ -24,7 +26,9 @@ import android.os.Parcel; import android.os.UserHandle; import android.text.TextUtils; import android.util.Printer; - +import android.text.BidiFormatter; +import android.text.TextPaint; +import android.text.Html; import java.text.Collator; import java.util.Comparator; @@ -38,6 +42,7 @@ import java.util.Comparator; * in the implementation of Parcelable in subclasses. */ public class PackageItemInfo { + private static final float MAX_LABEL_SIZE_PX = 500f; /** * Public name of this item. From the "android:name" attribute. */ @@ -138,7 +143,62 @@ public class PackageItemInfo { } return packageName; } + + /** + * Same as {@link #loadLabel(PackageManager)} with the addition that + * the returned label is safe for being presented in the UI since it + * will not contain new lines and the length will be limited to a + * reasonable amount. This prevents a malicious party to influence UI + * layout via the app label misleading the user into performing a + * detrimental for them action. If the label is too long it will be + * truncated and ellipsized at the end. + * + * @param pm A PackageManager from which the label can be loaded; usually + * the PackageManager from which you originally retrieved this item + * @return Returns a CharSequence containing the item's label. If the + * item does not have a label, its name is returned. + * + * @hide + */ + @SystemApi + public @NonNull CharSequence loadSafeLabel(@NonNull PackageManager pm) { + // loadLabel() always returns non-null + String label = loadLabel(pm).toString(); + // strip HTML tags to avoid
and other tags overwriting original message + String labelStr = Html.fromHtml(label).toString(); + // If the label contains new line characters it may push the UI + // down to hide a part of it. Labels shouldn't have new line + // characters, so just truncate at the first time one is seen. + final int labelLength = labelStr.length(); + int offset = 0; + while (offset < labelLength) { + final int codePoint = labelStr.codePointAt(offset); + final int type = Character.getType(codePoint); + if (type == Character.LINE_SEPARATOR + || type == Character.CONTROL + || type == Character.PARAGRAPH_SEPARATOR) { + labelStr = labelStr.substring(0, offset); + break; + } + // replace all non-break space to " " in order to be trimmed + if (type == Character.SPACE_SEPARATOR) { + labelStr = labelStr.substring(0, offset) + " " + labelStr.substring(offset + + Character.charCount(codePoint)); + } + offset += Character.charCount(codePoint); + } + + labelStr = labelStr.trim(); + if (labelStr.isEmpty()) { + return packageName; + } + TextPaint paint = new TextPaint(); + paint.setTextSize(42); + + return TextUtils.ellipsize(labelStr, paint, MAX_LABEL_SIZE_PX, + TextUtils.TruncateAt.END); + } /** * Retrieve the current graphical icon associated with this item. This * will call back on the given PackageManager to load the icon from