Google Git
Sign in
android / platform / packages / apps / CellBroadcastReceiver / refs/tags/android-security-11.0.0_r63
tag8560e230e424e038b2e85f4289584ee26ccdb35e
taggerThe Android Open Source Project <initial-contribution@android.com>Tue Jan 03 21:07:35 2023 -0800
objecta3cab30269998ccdf6890f0aa16ddd37cf477773 
Android security 11.0.0 release 63
commita3cab30269998ccdf6890f0aa16ddd37cf477773[log] [tgz]
authorHall Liu <hallliu@google.com>Thu Aug 20 19:06:57 2020 -0700
committerAnis Assi <anisassi@google.com>Tue Sep 15 20:43:57 2020 -0700
tree12a82123eaddc4e46a374e920da2def75679fce3
parentdb4e05e246dc83f0f215429072d5173c389c5827 [diff]
Fix exported broadcast receiver vulnerability

CellBroadcastReceiver was declared as exported in the manifest and
therefore allowed any app to send a MARK_AS_READ intent, even though
it's only supposed to be called from an internal PendingIntent. Fix this
by creating a new non-exported receiver and using that to handle the
mark-as-read intent instead.

Fixes: 162741784
Test: atest GoogleCellBroadcastReceiverUnitTests
Change-Id: I03c8163c22a6fbc92613ca2ccd2ac191fc0084a4
Merged-In: I03c8163c22a6fbc92613ca2ccd2ac191fc0084a4
(cherry picked from commit e514bc6a01fdd36a519fd4fefffa45f166911c97)
(cherry picked from commit db3208b69c1debcc0746df99a4c7cab02c3c52f0)
(cherry picked from commit e2a3f5f51bf6723d54599e5fa81577f6b9465116)
7 files changed
tree: 12a82123eaddc4e46a374e920da2def75679fce3
  1. apex/
  2. legacy/
  3. res/
  4. RROSampleTestApp/
  5. src/
  6. tests/
  7. Android.bp
  8. AndroidManifest.xml
  9. AndroidManifest_Platform.xml
  10. CleanSpec.mk
  11. MODULE_LICENSE_APACHE2
  12. NOTICE
  13. OWNERS
  14. PREUPLOAD.cfg
  15. proguard.flags
  16. TEST_MAPPING