diff options
| author | 2023-01-11 18:41:54 +0000 | |
|---|---|---|
| committer | 2023-01-16 17:25:20 +0000 | |
| commit | cb419edfb72fefb183727f6d7ff78eeea9d8b4ed (patch) | |
| tree | b98d3718f1abb39c5eea2f61e4a2a47614b10962 /libs/androidfw/ConfigDescription.cpp | |
| parent | 397065c0f1c40b907c3fab6396d654c4a5b71341 (diff) | |
Make mutable implicit PendingIntent immutable
Starting from target SDK U, we will block creation of mutable
PendingIntents with implicit Intents because attackers can mutate the
Intent object within and launch altered behavior on behalf of victim
apps. For more details on the vulnerability, see go/pendingintent-rca.
From a quick analysis, we concluded that the PendingIntent here is only
mutated with flags from fillInIntent, so we added them to the intent
inside and made the PendingIntent immutable.
Reviewers, please call out if this is not the case.
Bug: 236704164
Bug: 229362273
Test: CtsVerifier: Bubble Notification Tests
Test: atest frameworks/base/libs/WindowManager/Shell/tests/unittest/src/com/android/wm/shell/bubbles
Change-Id: Idda5868f193070908afd435cedac72a03b6c4439
Diffstat (limited to 'libs/androidfw/ConfigDescription.cpp')
0 files changed, 0 insertions, 0 deletions