tag f3a4d173b70b0cfb9f055db268b7a3741139e0c6
tagger The Android Open Source Project <initial-contribution@android.com> Tue Jan 04 16:50:48 2022 -0800
object 55bb97e67011aa784dcc5ec31de5cc999db248b0

Android security 9.0.0 release 76

commit 55bb97e67011aa784dcc5ec31de5cc999db248b0
author Hall Liu <hallliu@google.com> Thu Aug 20 19:06:57 2020 -0700
committer Anis Assi <anisassi@google.com> Thu Sep 10 13:51:23 2020 -0700
tree 3b60582449173536597f031383caa2c7a63380a2
parent a6e09d4db7708077bd5cb355ac5620d4f65917bc

RESTRICT AUTOMERGE Fix exported broadcast receiver vulnerability

CellBroadcastReceiver was declared as exported in the manifest and
therefore allowed any app to send a MARK_AS_READ intent, even though
it's only supposed to be called from an internal PendingIntent. Fix this
by creating a new non-exported receiver and using that to handle the
mark-as-read intent instead.

Fixes: 162741784
Test: atest GoogleCellBroadcastReceiverUnitTests
Change-Id: I03c8163c22a6fbc92613ca2ccd2ac191fc0084a4
(cherry picked from commit e514bc6a01fdd36a519fd4fefffa45f166911c97)
(cherry picked from commit 0b6f996489dfa4e0b6d15ac32541de9bcb353dc9)