diff options
| author | 2023-01-11 16:35:51 +0000 | |
|---|---|---|
| committer | 2023-01-11 16:58:34 +0000 | |
| commit | 17394f3dbf671b6b0abe385bcdfc65cb889826c9 (patch) | |
| tree | 5de3f4c4dcc950a27164b15862933b07db4c6fcc | |
| parent | 397065c0f1c40b907c3fab6396d654c4a5b71341 (diff) | |
Make implicit mutable PendingIntents immutable
Starting from target SDK U, we will block creation of mutable
PendingIntents with implicit Intents because attackers can mutate the
Intent object within and launch altered behavior on behalf of victim
apps. For more details on the vulnerability, see go/pendingintent-rca.
From a quick analysis, we concluded that the PendingIntents here are not
mutated, so they can be immutable.
Reviewers, please call out if this is not the case.
Bug: 236704164
Bug: 229362273
Test: make -j
Test: make checkapi
Test: adb shell cmd package list libraries |\
grep com.android.media.remotedisplay
And check the com.android.media.remotedisplay library
Test: atest NotificationAssistantServiceTest
Test: m StatusBarTest
Change-Id: Ibf1cbe6b5636ef3b02cfcf24d44ed3d4a4357d82
3 files changed, 6 insertions, 6 deletions
diff --git a/media/lib/remotedisplay/java/com/android/media/remotedisplay/RemoteDisplayProvider.java b/media/lib/remotedisplay/java/com/android/media/remotedisplay/RemoteDisplayProvider.java index 2cba03bc5c57..8752e3d40b02 100644 --- a/media/lib/remotedisplay/java/com/android/media/remotedisplay/RemoteDisplayProvider.java +++ b/media/lib/remotedisplay/java/com/android/media/remotedisplay/RemoteDisplayProvider.java @@ -312,7 +312,7 @@ public abstract class RemoteDisplayProvider { | Intent.FLAG_ACTIVITY_RESET_TASK_IF_NEEDED | Intent.FLAG_ACTIVITY_CLEAR_TOP); mSettingsPendingIntent = PendingIntent.getActivity( - mContext, 0, settingsIntent, PendingIntent.FLAG_MUTABLE_UNAUDITED, null); + mContext, 0, settingsIntent, PendingIntent.FLAG_IMMUTABLE, null); } return mSettingsPendingIntent; } diff --git a/services/core/java/com/android/server/notification/NotificationShellCmd.java b/services/core/java/com/android/server/notification/NotificationShellCmd.java index 628a322bf8cd..dc0cf4e09207 100644 --- a/services/core/java/com/android/server/notification/NotificationShellCmd.java +++ b/services/core/java/com/android/server/notification/NotificationShellCmd.java @@ -540,16 +540,16 @@ public class NotificationShellCmd extends ShellCommand { if ("broadcast".equals(intentKind)) { pi = PendingIntent.getBroadcastAsUser( context, 0, intent, PendingIntent.FLAG_UPDATE_CURRENT - | PendingIntent.FLAG_MUTABLE_UNAUDITED, + | PendingIntent.FLAG_IMMUTABLE, UserHandle.CURRENT); } else if ("service".equals(intentKind)) { pi = PendingIntent.getService( context, 0, intent, PendingIntent.FLAG_UPDATE_CURRENT - | PendingIntent.FLAG_MUTABLE_UNAUDITED); + | PendingIntent.FLAG_IMMUTABLE); } else { pi = PendingIntent.getActivityAsUser( context, 0, intent, PendingIntent.FLAG_UPDATE_CURRENT - | PendingIntent.FLAG_MUTABLE_UNAUDITED, null, + | PendingIntent.FLAG_IMMUTABLE, null, UserHandle.CURRENT); } builder.setContentIntent(pi); diff --git a/tests/StatusBar/src/com/android/statusbartest/NotificationTestList.java b/tests/StatusBar/src/com/android/statusbartest/NotificationTestList.java index ef324e7c1377..6c89e49a0e6e 100644 --- a/tests/StatusBar/src/com/android/statusbartest/NotificationTestList.java +++ b/tests/StatusBar/src/com/android/statusbartest/NotificationTestList.java @@ -1156,12 +1156,12 @@ public class NotificationTestList extends TestActivity private PendingIntent makeIntent() { Intent intent = new Intent(Intent.ACTION_MAIN); intent.addCategory(Intent.CATEGORY_HOME); - return PendingIntent.getActivity(this, 0, intent, PendingIntent.FLAG_MUTABLE_UNAUDITED); + return PendingIntent.getActivity(this, 0, intent, PendingIntent.FLAG_IMMUTABLE); } private PendingIntent makeIntent2() { Intent intent = new Intent(this, StatusBarTest.class); - return PendingIntent.getActivity(this, 0, intent, PendingIntent.FLAG_MUTABLE_UNAUDITED); + return PendingIntent.getActivity(this, 0, intent, PendingIntent.FLAG_IMMUTABLE); } |