Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7b1f2131 authored by Sarah Chin's avatar Sarah Chin
Browse files

Validate notification canceled intent before processing 

Intent can be sent by a malicious app, so validate it before processing.

Test: atest CarrierDefaultAppUnitTests
Bug: 300188231
Change-Id: I66659ae8777bc0f2563b7998aa81a9811745cfc5
parent 00e45419

packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/SlicePurchaseBroadcastReceiver.java

+4 −0
Original line number Diff line number Diff line
@@ -494,6 +494,10 @@ public class SlicePurchaseBroadcastReceiver extends BroadcastReceiver{ 
    }



    private void onUserCanceled(@NonNull Context context, @NonNull Intent intent) {

        if (!isIntentValid(intent)) {

            loge("Ignoring onUserCanceled called with invalid intent.");

            return;

        }

        int capability = intent.getIntExtra(SlicePurchaseController.EXTRA_PREMIUM_CAPABILITY,

                SlicePurchaseController.PREMIUM_CAPABILITY_INVALID);

        logd("onUserCanceled: " + TelephonyManager.convertPremiumCapabilityToString(capability));

packages/CarrierDefaultApp/tests/unit/src/com/android/carrierdefaultapp/SlicePurchaseBroadcastReceiverTest.java

+4 −4
Original line number Diff line number Diff line
@@ -262,10 +262,10 @@ public class SlicePurchaseBroadcastReceiverTest { 


    @Test

    public void testNotificationCanceled() {

        displayPerformanceBoostNotification();



        // send ACTION_NOTIFICATION_CANCELED

        doReturn("com.android.phone.slice.action.NOTIFICATION_CANCELED").when(mIntent).getAction();

        doReturn(TelephonyManager.PREMIUM_CAPABILITY_PRIORITIZE_LATENCY).when(mIntent).getIntExtra(

                eq(SlicePurchaseController.EXTRA_PREMIUM_CAPABILITY), anyInt());

        mSlicePurchaseBroadcastReceiver.onReceive(mContext, mIntent);



        // verify notification was canceled
@@ -276,7 +276,7 @@ public class SlicePurchaseBroadcastReceiverTest { 
    }



    @Test

    public void testNotificationTimeout() throws Exception {

    public void testNotificationTimeout() {

        displayPerformanceBoostNotification();



        // send ACTION_SLICE_PURCHASE_APP_RESPONSE_TIMEOUT
@@ -353,7 +353,7 @@ public class SlicePurchaseBroadcastReceiverTest { 
        verify(mNotificationManager, never()).notifyAsUser(

                eq(SlicePurchaseBroadcastReceiver.PERFORMANCE_BOOST_NOTIFICATION_TAG),

                eq(TelephonyManager.PREMIUM_CAPABILITY_PRIORITIZE_LATENCY),

                any(),

                any(Notification.class),

                eq(UserHandle.ALL));

        verify(mNotificationShownIntent, never()).send();