Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 257483e6 authored by Iván Budnik's avatar Iván Budnik Committed by Android Build Coastguard Worker
Browse files

Prevent media button receivers targeting activities 

This enforcement prevents a bypass of background activity launches. For
versions before Android V, the enforcement just ignores the request and
logs a warning.

This change is a backport of ag/23810567.

Test: Manually.
Bug: 272737196
Bug: 272024837
Bug: 317203980
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d455e21711c167223f7d0696809a4e411683182c)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:039ead905eb66d37154fe6bbf16b87863ad79265)
Merged-In: I2412633c0b3afda6776244c72043d0dd78a4c8a1
Change-Id: I2412633c0b3afda6776244c72043d0dd78a4c8a1
parent 445b348d

media/java/android/media/session/MediaSession.java

+14 −9
Original line number Diff line number Diff line
@@ -270,17 +270,22 @@ public final class MediaSession { 
    }



    /**

     * Set a pending intent for your media button receiver to allow restarting

     * playback after the session has been stopped. If your app is started in

     * this way an {@link Intent#ACTION_MEDIA_BUTTON} intent will be sent via

     * the pending intent.

     * <p>

     * The pending intent is recommended to be explicit to follow the security recommendation of

     * {@link PendingIntent#getActivity}.

     * Set a pending intent for your media button receiver to allow restarting playback after the

     * session has been stopped.

     *

     * <p>If your app is started in this way an {@link Intent#ACTION_MEDIA_BUTTON} intent will be

     * sent via the pending intent.

     *

     * <p>The provided {@link PendingIntent} must not target an activity. Passing an activity

     * pending intent will cause the call to be ignored. Refer to this <a

     * href="https://developer.android.com/guide/components/activities/background-starts">guide</a>

     * for more information.

     *

     * <p>The pending intent is recommended to be explicit to follow the security recommendation of

     * {@link PendingIntent#getService}.

     *

     * @param mbr The {@link PendingIntent} to send the media button event to.

     * @see PendingIntent#getActivity

     *

     * @deprecated Use {@link #setMediaButtonBroadcastReceiver(ComponentName)} instead.

     */

    @Deprecated
@@ -288,7 +293,7 @@ public final class MediaSession { 
        try {

            mBinder.setMediaButtonReceiver(mbr);

        } catch (RemoteException e) {

            Log.wtf(TAG, "Failure in setMediaButtonReceiver.", e);

            e.rethrowFromSystemServer();

        }

    }

services/core/java/com/android/server/media/MediaSessionRecord.java

+8 −0
Original line number Diff line number Diff line
@@ -978,6 +978,14 @@ public class MediaSessionRecord implements IBinder.DeathRecipient, MediaSessionR 
                        != 0) {

                    return;

                }



                if (pi != null && pi.isActivity()) {

                    Log.w(

                            TAG,

                            "Ignoring invalid media button receiver targeting an activity: " + pi);

                    return;

                }



                mMediaButtonReceiverHolder =

                        MediaButtonReceiverHolder.create(mUserId, pi, mPackageName);

                mService.onMediaButtonReceiverChanged(MediaSessionRecord.this);