diff options
author | Joshua Duong <joshuaduong@google.com> | 2020-04-14 10:56:49 -0700 |
---|---|---|
committer | Joshua Duong <joshuaduong@google.com> | 2020-04-17 16:08:39 +0000 |
commit | ec1980f86b686497c373e6bd30812526808387a9 (patch) | |
tree | 78dadba01210d37bc23b73999c4d14eddc3cd0b5 /docs/html/sdk/api_diff/24/changes | |
parent | d53e8618cc5be38e006f0949c1423ab572fddcf2 (diff) |
Fix PendingIntent hijacking for adb notifications.
Use an explicit intent and set PendingIntent.FLAG_IMMUTABLE to prevent
someone from modifying the intent from PendingIntent.send(...).
Bug: 153356209
Test: atest AdbNotificationsTest
Test: In bug, install and launch the PoC apk and give it notification
permissions. Then, with USB/Wifi debugging enabled, disconnect and connect
the device to create the adb notification. the PoC apk should not have
permission to display information from
content://com.android.settings.files/my_cache/NOTICE.html.
Change-Id: Ie49aa3cf9b33168cf1435fc2427e95aac7f4609b
(cherry picked from commit 2c038814591d7e3d73b2b277db504a5555732456)
Exempt-From-Owner-Approval: approved in master
Diffstat (limited to 'docs/html/sdk/api_diff/24/changes')
0 files changed, 0 insertions, 0 deletions