PendingIntent in MediaOutputIndicatorSlice could be Hijacked

-Add setPackage() to prevent local information disclosure Bug: 151645695 Test: make -j42 RunSettingsRoboTests Change-Id: I74c058a381fceb85695dd76d354fb49f878f9142
2020-03-30 10:51:57 +08:00
parent ddd8a8fa92
commit e4ccbbec67
2 changed files with 6 additions and 0 deletions
--- a/src/com/android/settings/media/MediaOutputIndicatorSlice.java
+++ b/src/com/android/settings/media/MediaOutputIndicatorSlice.java
@@ -106,6 +106,7 @@ public class MediaOutputIndicatorSlice implements CustomSliceable {
    public void onNotifyChange(Intent i) {
        final MediaController mediaController = getWorker().getActiveLocalMediaController();
        final Intent intent = new Intent()
+                .setPackage(Utils.SETTINGS_PACKAGE_NAME)
                .setAction(MediaOutputSliceConstants.ACTION_MEDIA_OUTPUT)
                .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
        if (mediaController != null) {