tag a93b7397df0fcf8cfac6798b8969055d5bd8e322
tagger The Android Open Source Project <initial-contribution@android.com> Mon Jan 04 14:31:19 2021 -0800
object d7f6487bf58844d9bde32c2e22dfed99041c18a7

Android security 8.0.0 release 54

commit d7f6487bf58844d9bde32c2e22dfed99041c18a7
author Hall Liu <hallliu@google.com> Thu Aug 20 19:06:57 2020 -0700
committer Anis Assi <anisassi@google.com> Thu Sep 10 13:50:18 2020 -0700
tree 9396d4c86ea4bc4d481b978b7bbdb8fdf0801bea
parent 06bc6a18dddc0963bbcc51c2bd0b0c68c221136d

RESTRICT AUTOMERGE Fix exported broadcast receiver vulnerability

CellBroadcastReceiver was declared as exported in the manifest and
therefore allowed any app to send a MARK_AS_READ intent, even though
it's only supposed to be called from an internal PendingIntent. Fix this
by creating a new non-exported receiver and using that to handle the
mark-as-read intent instead.

Fixes: 162741784
Test: atest GoogleCellBroadcastReceiverUnitTests
Change-Id: I03c8163c22a6fbc92613ca2ccd2ac191fc0084a4
(cherry picked from commit e514bc6a01fdd36a519fd4fefffa45f166911c97)
(cherry picked from commit c41e7acd2c289b3dcef42d2e88d21dcac61b2f86)