Make mutable implicit PendingIntents immutable

Starting from target SDK U, we will block creation of mutable PendingIntents with implicit Intents because attackers can mutate the Intent object within and launch altered behavior on behalf of victim apps. For more details on the vulnerability, see go/pendingintent-rca. From a quick analysis, we concluded that the PendingIntents here do not get mutated, so we made them immutable. Reviewers, please call out if this is not the case. Bug: 236704164 Bug: 229362273 Test: atest MediaVolumePreferenceControllerTest Change-Id: Ic5f701b504c0d8d0d0a44b002117ee5ef1c188f7
2023-01-11 20:44:32 +00:00
parent 95b9ca6573
commit 8327dbaeed
1 changed files with 2 additions and 2 deletions
--- a/tests/robotests/src/com/android/settings/notification/MediaVolumePreferenceControllerTest.java
+++ b/tests/robotests/src/com/android/settings/notification/MediaVolumePreferenceControllerTest.java
@@ -216,12 +216,12 @@ public class MediaVolumePreferenceControllerTest {
        final Intent intent = new Intent(action);
        intent.setPackage(MediaOutputConstants.SYSTEMUI_PACKAGE_NAME);
        return PendingIntent.getBroadcast(mContext, 0 /* requestCode */, intent,
-                PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE);
+                PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE);
    }

    private PendingIntent getActivityIntent(String action) {
        final Intent intent = new Intent(action);
        return PendingIntent.getActivity(mContext, 0 /* requestCode */, intent,
-                PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE);
+                PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE);
    }
 }