Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit ede566e0 authored by Azhara Assanova's avatar Azhara Assanova
Browse files

Log creation of mutable implicit PendingIntent 

Starting from target SDK U, we want to block creation of mutable
PendingIntents with implicit Intents because attackers can mutate the
Intent object within and launch altered behavior on behalf of victim
apps. For more details on the vulnerability, see go/pendingintent-rca.
This change is planned to be part of the Safer Intents and Components
feature b/229362273.

Since the change is small, we're seeking buy-in and
code review, let me know if there are concerns with the feature.

Details:

- Apps can still retrieve existing mutable implicit PendingIntents if
  they pass FLAG_NO_CREATE.
- The check happens on the client side with Log.wtfStack() to aid with
  migrating to safer PendingIntents across the platform/apps. We plan to
  move the block to ActivityManagerService for future Westworld logging
  b/262253127.
- We also Log.w() in the client if the app doesn't target U to prepare
  for it.

Bug: 236704164
Bug: 229362273
Test: atest PendingIntentTest
Change-Id: Ib235e7ee9709e7b6577c1d2a0e06a136670b4870
parent c868e22d
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment