Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e4ccbbec authored by Tim Peng's avatar Tim Peng Committed by tim peng
Browse files

PendingIntent in MediaOutputIndicatorSlice could be Hijacked 

-Add setPackage() to prevent local information disclosure

Bug: 151645695
Test: make -j42 RunSettingsRoboTests
Change-Id: I74c058a381fceb85695dd76d354fb49f878f9142
parent ddd8a8fa

src/com/android/settings/media/MediaOutputIndicatorSlice.java

+1 −0
Original line number Diff line number Diff line
@@ -106,6 +106,7 @@ public class MediaOutputIndicatorSlice implements CustomSliceable { 
    public void onNotifyChange(Intent i) {

        final MediaController mediaController = getWorker().getActiveLocalMediaController();

        final Intent intent = new Intent()

                .setPackage(Utils.SETTINGS_PACKAGE_NAME)

                .setAction(MediaOutputSliceConstants.ACTION_MEDIA_OUTPUT)

                .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);

        if (mediaController != null) {

tests/robotests/src/com/android/settings/media/MediaOutputIndicatorSliceTest.java

+5 −0
Original line number Diff line number Diff line
@@ -42,6 +42,7 @@ import androidx.slice.SliceProvider; 
import androidx.slice.widget.SliceLiveData;



import com.android.settings.R;

import com.android.settings.Utils;

import com.android.settings.slices.SliceBackgroundWorker;

import com.android.settings.testutils.shadow.ShadowBluetoothUtils;

import com.android.settingslib.bluetooth.LocalBluetoothManager;
@@ -202,6 +203,8 @@ public class MediaOutputIndicatorSliceTest { 


        assertThat(TextUtils.equals(TEST_PACKAGE_NAME, intentCaptor.getValue().getStringExtra(

                MediaOutputSliceConstants.EXTRA_PACKAGE_NAME))).isTrue();

        assertThat(TextUtils.equals(Utils.SETTINGS_PACKAGE_NAME, intentCaptor.getValue()

                .getPackage())).isTrue();

        assertThat(mToken == intentCaptor.getValue().getExtras().getParcelable(

                MediaOutputSliceConstants.KEY_MEDIA_SESSION_TOKEN)).isTrue();

    }
@@ -217,6 +220,8 @@ public class MediaOutputIndicatorSliceTest { 


        assertThat(TextUtils.isEmpty(intentCaptor.getValue().getStringExtra(

                MediaOutputSliceConstants.EXTRA_PACKAGE_NAME))).isTrue();

        assertThat(TextUtils.equals(Utils.SETTINGS_PACKAGE_NAME, intentCaptor.getValue()

                .getPackage())).isTrue();

        assertThat(intentCaptor.getValue().getExtras().getParcelable(

                MediaOutputSliceConstants.KEY_MEDIA_SESSION_TOKEN) == null).isTrue();

    }