Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f7bbf68f authored by Christophe Pinelli's avatar Christophe Pinelli
Browse files

Make mutable PendingIntent explicit 

Starting from target SDK U, we will block creation of mutable
PendingIntents with implicit Intents because attackers can mutate the
Intent object within and launch altered behavior on behalf of victim
apps. For more details on the vulnerability, see go/pendingintent-rca.

From a quick analysis, we concluded that the PendingIntent here was only
destined to the test app/to the app, so it was made explicit. Reviewers,
please call out if this is not the case.

Bug: 236704164
Test: atest AccessibilityManagerServiceTest
Test: atest SystemActionPerformerTest
Change-Id: I6fb8ff75c05d2bc631586fb1e14ea6820c213807
parent df667b48

services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java

+2 −1
Original line number Diff line number Diff line
@@ -106,7 +106,8 @@ public class AccessibilityManagerServiceTest { 
    private static final String INTENT_ACTION = "TESTACTION";

    private static final String DESCRIPTION = "description";

    private static final PendingIntent TEST_PENDING_INTENT = PendingIntent.getBroadcast(

            ApplicationProvider.getApplicationContext(), 0, new Intent(INTENT_ACTION),

            ApplicationProvider.getApplicationContext(), 0, new Intent(INTENT_ACTION)

                    .setPackage(ApplicationProvider.getApplicationContext().getPackageName()),

            PendingIntent.FLAG_MUTABLE_UNAUDITED);

    private static final RemoteAction TEST_ACTION = new RemoteAction(

            Icon.createWithContentUri("content://test"),

services/tests/servicestests/src/com/android/server/accessibility/SystemActionPerformerTest.java

+6 −2
Original line number Diff line number Diff line
@@ -76,14 +76,18 @@ public class SystemActionPerformerTest { 
    private static final String DESCRIPTION1 = "description1";

    private static final String DESCRIPTION2 = "description2";

    private static final PendingIntent TEST_PENDING_INTENT_1 = PendingIntent.getBroadcast(

            InstrumentationRegistry.getTargetContext(), 0, new Intent(INTENT_ACTION1), PendingIntent.FLAG_MUTABLE_UNAUDITED);

            InstrumentationRegistry.getTargetContext(), 0, new Intent(INTENT_ACTION1)

                    .setPackage(InstrumentationRegistry.getTargetContext().getPackageName()),

            PendingIntent.FLAG_MUTABLE_UNAUDITED);

    private static final RemoteAction NEW_TEST_ACTION_1 = new RemoteAction(

            Icon.createWithContentUri("content://test"),

            LABEL_1,

            DESCRIPTION1,

            TEST_PENDING_INTENT_1);

    private static final PendingIntent TEST_PENDING_INTENT_2 = PendingIntent.getBroadcast(

            InstrumentationRegistry.getTargetContext(), 0, new Intent(INTENT_ACTION2), PendingIntent.FLAG_MUTABLE_UNAUDITED);

            InstrumentationRegistry.getTargetContext(), 0, new Intent(INTENT_ACTION2)

                    .setPackage(InstrumentationRegistry.getTargetContext().getPackageName()),

            PendingIntent.FLAG_MUTABLE_UNAUDITED);

    private static final RemoteAction NEW_TEST_ACTION_2 = new RemoteAction(

            Icon.createWithContentUri("content://test"),

            LABEL_2,