Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit e5d59b7c authored by Menghan Li's avatar Menghan Li
Browse files

fix(QSTile): Avoid implicit intent hijacking 

Root cause: The implicit intent hijacking vulnerability occurs when an
application does not specify a fully-qualified component class name or
package when invoking an intent.

Solution: Unless the application requires it, make intentions explicit
by calling setPackage(). This allows the intent to be interpreted only
by a specific component preventing untrusted applications from
intercepting the data sent along with the intent.

Bug: 383000948
Flag: EXEMPT bugfix
Test: atest ColorCorrectionTileTest
            ColorCorrectionTileUserActionInteractorTest
            ColorInversionTileTest
            ColorInversionUserActionInteractorTest
            FontScalingTileTest
            FontScalingUserActionInteractorTest
            QSSettingsPackageRepositoryTest
Change-Id: Id4f56ec6e434e318b84b7c651963b5fc8afe4e36
parent b0122421
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment