Make mutable PendingIntent explicit

Starting from target SDK U, we will block creation of mutable PendingIntents with implicit Intents because attackers can mutate the Intent object within and launch altered behavior on behalf of victim apps. For more details on the vulnerability, see go/pendingintent-rca. From a quick analysis, we concluded that the PendingIntent here was only destined to the test app/to the app, so it was made explicit. Reviewers, please call out if this is not the case. Bug: 236704164 Bug: 229362273 Test: TH passes Change-Id: I55f4cbf3824b988a164fb7087e99007f3d551833
author: Azhara Assanova <azharaa@google.com> 2023-01-11 16:17:43 +0000
committer: Azhara Assanova <azharaa@google.com> 2023-01-11 16:28:59 +0000
commit: a2526a0d3a49b629fdc7fa0a5a937534c08a5fc2 (patch)
tree: 8e26b17df49af0c32687729512c9ca8e914fd46e
parent: 397065c0f1c40b907c3fab6396d654c4a5b71341 (diff)
2 files changed, 4 insertions, 1 deletions
diff --git a/libs/usb/tests/AccessoryChat/src/com/android/accessorychat/AccessoryChat.java b/libs/usb/tests/AccessoryChat/src/com/android/accessorychat/AccessoryChat.java
index 18cfce528205..c019a8ce0b44 100644
--- a/libs/usb/tests/AccessoryChat/src/com/android/accessorychat/AccessoryChat.java
+++ b/libs/usb/tests/AccessoryChat/src/com/android/accessorychat/AccessoryChat.java
@@ -83,7 +83,9 @@ public class AccessoryChat extends Activity implements Runnable, TextView.OnEdit
         super.onCreate(savedInstanceState);
 
         mUsbManager = (UsbManager) getSystemService(Context.USB_SERVICE);
-        mPermissionIntent = PendingIntent.getBroadcast(this, 0, new Intent(ACTION_USB_PERMISSION), PendingIntent.FLAG_MUTABLE_UNAUDITED);
+        mPermissionIntent = PendingIntent.getBroadcast(this, 0,
+                new Intent(ACTION_USB_PERMISSION).setPackage(this.getPackageName()),
+                PendingIntent.FLAG_MUTABLE);
         IntentFilter filter = new IntentFilter(ACTION_USB_PERMISSION);
         registerReceiver(mUsbReceiver, filter);
 
diff --git a/tests/RollbackTest/SampleRollbackApp/src/com/android/sample/rollbackapp/MainActivity.java b/tests/RollbackTest/SampleRollbackApp/src/com/android/sample/rollbackapp/MainActivity.java
index 79a2f1f5f4de..157d19762925 100644
--- a/tests/RollbackTest/SampleRollbackApp/src/com/android/sample/rollbackapp/MainActivity.java
+++ b/tests/RollbackTest/SampleRollbackApp/src/com/android/sample/rollbackapp/MainActivity.java
@@ -89,6 +89,7 @@ public class MainActivity extends Activity {
             for (int i = 0; i < mIdsToRollback.size(); i++) {
                 Intent intent = new Intent(ACTION_NAME);
                 intent.putExtra(ROLLBACK_ID_EXTRA, mIdsToRollback.get(i));
+                intent.setPackage(getApplicationContext().getPackageName());
                 PendingIntent pendingIntent = PendingIntent.getBroadcast(
                         getApplicationContext(), 0, intent, FLAG_MUTABLE);
                 mRollbackManager.commitRollback(mIdsToRollback.get(i),
author	Azhara Assanova <azharaa@google.com>	2023-01-11 16:17:43 +0000
committer	Azhara Assanova <azharaa@google.com>	2023-01-11 16:28:59 +0000
commit	a2526a0d3a49b629fdc7fa0a5a937534c08a5fc2 (patch)
tree	8e26b17df49af0c32687729512c9ca8e914fd46e
parent	397065c0f1c40b907c3fab6396d654c4a5b71341 (diff)