commit | 76decc9e24f07f82af8953c80d2873020a771658 | [log] [tgz] |
---|---|---|
author | Shuo Qian <shuoq@google.com> | Thu May 14 15:03:36 2020 -0700 |
committer | Shuo Qian <shuoq@google.com> | Thu May 14 22:07:11 2020 +0000 |
tree | 633c285101fb3f419ee5e8e5cb8e13f8246d131e | |
parent | abd2e6056a57aba0f55b8f2b8ae6f0ce5a8ab2f3 [diff] |
Use FLAG_IMMUTABLE for InstallCarrierAppUtils Require that the PendingIntent be immutable so that a malicious app is not able to hijack and mutate any of the details. Test: Android builds Bug: 155094269 Change-Id: I8ac155bf53e33474e1fcdb2466743a1e05b92399 Merged-In: I8ac155bf53e33474e1fcdb2466743a1e05b92399
diff --git a/src/java/com/android/internal/telephony/uicc/InstallCarrierAppUtils.java b/src/java/com/android/internal/telephony/uicc/InstallCarrierAppUtils.java index 325b3c6..109f72e 100644 --- a/src/java/com/android/internal/telephony/uicc/InstallCarrierAppUtils.java +++ b/src/java/com/android/internal/telephony/uicc/InstallCarrierAppUtils.java
@@ -68,7 +68,8 @@ Settings.Global.INSTALL_CARRIER_APP_NOTIFICATION_PERSISTENT, 1) == 1; PendingIntent goToStore = PendingIntent.getActivity(context, 0, - getPlayStoreIntent(pkgName), PendingIntent.FLAG_UPDATE_CURRENT); + getPlayStoreIntent(pkgName), PendingIntent.FLAG_UPDATE_CURRENT + | PendingIntent.FLAG_IMMUTABLE); Notification.Action goToStoreAction = new Notification.Action.Builder(null, downloadButtonText, goToStore).build();