PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make mutable implicit PendingIntents immutable

Browse Source 
Starting from target SDK U, we will block creation of mutable
PendingIntents with implicit Intents because attackers can mutate the
Intent object within and launch altered behavior on behalf of victim
apps. For more details on the vulnerability, see go/pendingintent-rca.

From a quick analysis, we concluded that the PendingIntents here do not
get mutated, so we made them immutable.

Reviewers, please call out if this is not the case.

Bug: 236704164
Bug: 229362273
Test: atest MediaVolumePreferenceControllerTest
Change-Id: Ic5f701b504c0d8d0d0a44b002117ee5ef1c188f7
This commit is contained in:
Azhara Assanova
2023-01-11 20:44:32 +00:00
parent 95b9ca6573
commit 8327dbaeed
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/robotests/src/com/android/settings/notification/MediaVolumePreferenceControllerTest.java
View File

@@ -216,12 +216,12 @@ public class MediaVolumePreferenceControllerTest {
final Intent intent = new Intent(action);
intent.setPackage(MediaOutputConstants.SYSTEMUI_PACKAGE_NAME);
return PendingIntent.getBroadcast(mContext, 0 /* requestCode */, intent,
PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE);
PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE);
}
private PendingIntent getActivityIntent(String action) {
final Intent intent = new Intent(action);
return PendingIntent.getActivity(mContext, 0 /* requestCode */, intent,
PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE);
PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE);
}
}