Make mutable PendingIntent explicit - platform/frameworks/base

diff options

author	Azhara Assanova <azharaa@google.com>	2023-01-06 17:41:19 +0000
committer	Azhara Assanova <azharaa@google.com>	2023-01-11 11:11:46 +0000
commit	f929d5a5ca9a2a8d1f641714bfcbad4b84d21bbb (patch)
tree	744212c5e9bb9c8c3444d745ffd8a8b7d00e7221 /services/coverage/java
parent	397065c0f1c40b907c3fab6396d654c4a5b71341 (diff)

Make mutable PendingIntent explicit

Starting from target SDK U, we will block creation of mutable PendingIntents with implicit Intents because attackers can mutate the Intent object within and launch altered behavior on behalf of victim apps. For more details on the vulnerability, see go/pendingintent-rca. From a quick analysis, we concluded that the PendingIntent here was only destined to the test app/to the app, so it was made explicit. Reviewers, please call out if this is not the case. Bug: 236704164 Bug: 229362273 Test: atest IntentSenderTest Test: atest RemoteViewsTest Test: atest NotificationTest Test: atest SuggestionTest Test: atest NotificationStressTests Test: atest android.content.pm.PackageSessionTests Change-Id: I6721b52b63c406724855f5e3824281ef6965fa75

Diffstat (limited to 'services/coverage/java')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: