Refrain from returning mutable pending intent in getShortcutIntent
Mutable PendingIntent leads to potential security vulnerabilities, this
CL makes the returning PendingIntent immutable | update current. The
recipeint cannot change the content of the PendingIntent directly, but
the owner can still update the extras of the PendingIntent.
Note: PendingIntent is internally cached in PendingIntentController, so
the owner process do have access to the PendingIntent since
LauncherAppServices called
ActivityManagerService#getPendingIntentActivityAsApp to retrieve the
PendingIntent.
Bug: 190732424
Test: atest ShortcutManagerClientApiTest
Change-Id: Ife8ad7824f061e9e20d31c96f76ceed4edb547cd
diff --git a/services/core/java/com/android/server/pm/LauncherAppsService.java b/services/core/java/com/android/server/pm/LauncherAppsService.java
index 5b2c809..419b726 100644
--- a/services/core/java/com/android/server/pm/LauncherAppsService.java
+++ b/services/core/java/com/android/server/pm/LauncherAppsService.java
@@ -18,7 +18,7 @@
import static android.app.ActivityOptions.KEY_SPLASH_SCREEN_THEME;
import static android.app.PendingIntent.FLAG_IMMUTABLE;
-import static android.app.PendingIntent.FLAG_MUTABLE;
+import static android.app.PendingIntent.FLAG_UPDATE_CURRENT;
import static android.content.Intent.FLAG_ACTIVITY_MULTIPLE_TASK;
import static android.content.Intent.FLAG_ACTIVITY_NEW_DOCUMENT;
import static android.content.pm.LauncherApps.FLAG_CACHE_BUBBLE_SHORTCUTS;
@@ -699,7 +699,8 @@
final long ident = Binder.clearCallingIdentity();
try {
return injectCreatePendingIntent(0 /* requestCode */, intents,
- FLAG_MUTABLE, opts, packageName, mPackageManagerInternal.getPackageUid(
+ FLAG_IMMUTABLE | FLAG_UPDATE_CURRENT, opts, packageName,
+ mPackageManagerInternal.getPackageUid(
packageName, PackageManager.MATCH_DIRECT_BOOT_AUTO,
user.getIdentifier()));
} finally {
