diff options
| author | Joshua Duong <joshuaduong@google.com> | 2020-04-14 10:56:49 -0700 |
|---|---|---|
| committer | Joshua Duong <joshuaduong@google.com> | 2020-04-17 16:08:39 +0000 |
| commit | ec1980f86b686497c373e6bd30812526808387a9 (patch) | |
| tree | 78dadba01210d37bc23b73999c4d14eddc3cd0b5 /services/usb | |
| parent | d53e8618cc5be38e006f0949c1423ab572fddcf2 (diff) | |
Fix PendingIntent hijacking for adb notifications.
Use an explicit intent and set PendingIntent.FLAG_IMMUTABLE to prevent
someone from modifying the intent from PendingIntent.send(...).
Bug: 153356209
Test: atest AdbNotificationsTest
Test: In bug, install and launch the PoC apk and give it notification
permissions. Then, with USB/Wifi debugging enabled, disconnect and connect
the device to create the adb notification. the PoC apk should not have
permission to display information from
content://com.android.settings.files/my_cache/NOTICE.html.
Change-Id: Ie49aa3cf9b33168cf1435fc2427e95aac7f4609b
(cherry picked from commit 2c038814591d7e3d73b2b277db504a5555732456)
Exempt-From-Owner-Approval: approved in master
Diffstat (limited to 'services/usb')
| -rw-r--r-- | services/usb/java/com/android/server/usb/UsbDeviceManager.java | 36 |
1 files changed, 4 insertions, 32 deletions
diff --git a/services/usb/java/com/android/server/usb/UsbDeviceManager.java b/services/usb/java/com/android/server/usb/UsbDeviceManager.java index 747c8d9d0890..7595e3f249ce 100644 --- a/services/usb/java/com/android/server/usb/UsbDeviceManager.java +++ b/services/usb/java/com/android/server/usb/UsbDeviceManager.java @@ -41,6 +41,7 @@ import android.content.SharedPreferences; import android.content.pm.PackageManager; import android.content.res.Resources; import android.debug.AdbManagerInternal; +import android.debug.AdbNotifications; import android.debug.AdbTransportType; import android.debug.IAdbTransport; import android.hardware.usb.ParcelableUsbPort; @@ -1180,7 +1181,6 @@ public class UsbDeviceManager implements ActivityTaskManagerInternal.ScreenObser protected void updateAdbNotification(boolean force) { if (mNotificationManager == null) return; final int id = SystemMessage.NOTE_ADB_ACTIVE; - final int titleRes = com.android.internal.R.string.adb_active_notification_title; if (isAdbEnabled() && mConnected) { if ("0".equals(getSystemProperty("persist.adb.notify", ""))) return; @@ -1191,38 +1191,10 @@ public class UsbDeviceManager implements ActivityTaskManagerInternal.ScreenObser } if (!mAdbNotificationShown) { - Resources r = mContext.getResources(); - CharSequence title = r.getText(titleRes); - CharSequence message = r.getText( - com.android.internal.R.string.adb_active_notification_message); - - Intent intent = new Intent(Settings.ACTION_APPLICATION_DEVELOPMENT_SETTINGS); - intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK - | Intent.FLAG_ACTIVITY_CLEAR_TASK); - PendingIntent pi = PendingIntent.getActivityAsUser(mContext, 0, - intent, 0, null, UserHandle.CURRENT); - - Notification notification = - new Notification.Builder(mContext, - SystemNotificationChannels.DEVELOPER_IMPORTANT) - .setSmallIcon(com.android.internal.R.drawable.stat_sys_adb) - .setWhen(0) - .setOngoing(true) - .setTicker(title) - .setDefaults(0) // please be quiet - .setColor(mContext.getColor( - com.android.internal.R.color - .system_notification_accent_color)) - .setContentTitle(title) - .setContentText(message) - .setContentIntent(pi) - .setVisibility(Notification.VISIBILITY_PUBLIC) - .extend(new Notification.TvExtender() - .setChannelId(ADB_NOTIFICATION_CHANNEL_ID_TV)) - .build(); + Notification notification = AdbNotifications.createNotification(mContext, + AdbTransportType.USB); mAdbNotificationShown = true; - mNotificationManager.notifyAsUser(null, id, notification, - UserHandle.ALL); + mNotificationManager.notifyAsUser(null, id, notification, UserHandle.ALL); } } else if (mAdbNotificationShown) { mAdbNotificationShown = false; |