From 8327dbaeed92b5ee2a9cf3bc70d9f89e570c2061 Mon Sep 17 00:00:00 2001 From: Azhara Assanova Date: Wed, 11 Jan 2023 20:44:32 +0000 Subject: [PATCH] Make mutable implicit PendingIntents immutable Starting from target SDK U, we will block creation of mutable PendingIntents with implicit Intents because attackers can mutate the Intent object within and launch altered behavior on behalf of victim apps. For more details on the vulnerability, see go/pendingintent-rca. From a quick analysis, we concluded that the PendingIntents here do not get mutated, so we made them immutable. Reviewers, please call out if this is not the case. Bug: 236704164 Bug: 229362273 Test: atest MediaVolumePreferenceControllerTest Change-Id: Ic5f701b504c0d8d0d0a44b002117ee5ef1c188f7 --- .../notification/MediaVolumePreferenceControllerTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/robotests/src/com/android/settings/notification/MediaVolumePreferenceControllerTest.java b/tests/robotests/src/com/android/settings/notification/MediaVolumePreferenceControllerTest.java index 251b1d75c59..ed934733ea5 100644 --- a/tests/robotests/src/com/android/settings/notification/MediaVolumePreferenceControllerTest.java +++ b/tests/robotests/src/com/android/settings/notification/MediaVolumePreferenceControllerTest.java @@ -216,12 +216,12 @@ public class MediaVolumePreferenceControllerTest { final Intent intent = new Intent(action); intent.setPackage(MediaOutputConstants.SYSTEMUI_PACKAGE_NAME); return PendingIntent.getBroadcast(mContext, 0 /* requestCode */, intent, - PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE); + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); } private PendingIntent getActivityIntent(String action) { final Intent intent = new Intent(action); return PendingIntent.getActivity(mContext, 0 /* requestCode */, intent, - PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE); + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); } }