fix(QSTile): Avoid implicit intent hijacking - platform/frameworks/base

diff options

author	Menghan Li <menghanli@google.com>	2024-12-10 08:02:20 +0000
committer	Menghan Li <menghanli@google.com>	2024-12-27 09:47:12 +0000
commit	e5d59b7c51045560e0296d137f1cc465980e0ae0 (patch)
tree	d4539a3b15b4997c4697af2cdc1f341e504f52f8 /libs/androidfw/ApkParsing.cpp
parent	b012242117fc852069753b404c59dcfd32133694 (diff)

fix(QSTile): Avoid implicit intent hijacking

Root cause: The implicit intent hijacking vulnerability occurs when an application does not specify a fully-qualified component class name or package when invoking an intent. Solution: Unless the application requires it, make intentions explicit by calling setPackage(). This allows the intent to be interpreted only by a specific component preventing untrusted applications from intercepting the data sent along with the intent. Bug: 383000948 Flag: EXEMPT bugfix Test: atest ColorCorrectionTileTest ColorCorrectionTileUserActionInteractorTest ColorInversionTileTest ColorInversionUserActionInteractorTest FontScalingTileTest FontScalingUserActionInteractorTest QSSettingsPackageRepositoryTest Change-Id: Id4f56ec6e434e318b84b7c651963b5fc8afe4e36

Diffstat (limited to 'libs/androidfw/ApkParsing.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: