Lock down IME switcher notification handling

This CL fixes 1) broken IME switcher notification (Bug 63644555) and
2) a possible security bypass that any background application can
virtually call IMM#showInputMethodPicker() by sending an explicit intent
to the com.android.settings (Bug 64008672), and 3) wrong hint color for
the notification.

1) From Android-O, an implicit broadcast intent doesn't get delivered
to background apps [1]. So that the implicit broadcast intent of
action "android.settings.SHOW_INPUT_METHOD_PICKER" isn't always
delivered to Settings app, especially from the notification. So that
InputMethodManagerService should use an explicit broadcast intent for
a pending intent in the IME switcher notification. And it should also
implement broadcast receiver of the intent by itself and remove
InputMethodDialogReceiver from com.android.settings app [2].

2) In addition to the existing security check [3], the explict broadcast
intent mentioned in the above 1) must be locked down to the system by
using protected-broadcast [4].

 [1]: https://developer.android.com/preview/features/background.html#broadcasts
 [2]: Id990c66516c9b3ed7ada6891746ec0e0eecbe545 Settings app
 [3]: I4f0fc21268200c64d12b31ca54416acfbf62f37b InputMethodManagerService
 [4]: Ib58d2931cc8db3b88eab64352ba445be67eaec68 CTS permission2

Test: Modified InputMethodManagerService.updateSystemUiLocked() method
      to show IME switcher notification, and confirmed IME picker can be
      shown from notification bar.
Test: Confirmed the following command causes error.
    $ adb shell am broadcast \
          -a com.android.server.InputMethodManagerService.SHOW_INPUT_METHOD_PICKER
    java.lang.SecurityException: Permission Denial: not allowed to send
    broadcast com.android.server.InputMethodManagerService.SHOW_INPUT_METHOD_PICKER
    from pid=xxxx, uid=xxxx
Fixes: 63644555
Bug: 64008672
Change-Id: Id36c8c34159bea8b72557b40bcf024d401f580b6

0 files changed, 0 insertions, 0 deletions