diff options
| author | 2023-01-11 15:38:31 +0000 | |
|---|---|---|
| committer | 2023-01-11 16:10:41 +0000 | |
| commit | 1efd9a0405c6b8d5ec0b00f327b588b9eb69ac0a (patch) | |
| tree | 362cc1e1a6cbd2182788bef52a622ad3a564ab0e /api/api.go | |
| parent | 397065c0f1c40b907c3fab6396d654c4a5b71341 (diff) | |
Make mutable PendingIntent explicit
Starting from target SDK U, we will block creation of mutable
PendingIntents with implicit Intents because attackers can mutate the
Intent object within and launch altered behavior on behalf of victim
apps. For more details on the vulnerability, see go/pendingintent-rca.
From a quick analysis, we concluded that the PendingIntent here was only
destined to the test app/to the app, so it was made explicit. Reviewers,
please call out if this is not the case.
Bug: 236704164
Bug: 229362273
Test: atest OverlayManagerPerfTest
Test: atest CtsPackageInstallTestCases
Test: atest NotificationManagerServiceTest
Change-Id: I56cc8c1852caffadae424e08d7719f58779bab11
Diffstat (limited to 'api/api.go')
0 files changed, 0 insertions, 0 deletions