The BlueTooth address of the peer can be leaked.
A malicious application without any permission can steal the Bluetooth
address of the peer by listening to the broadcast with action
ACTION_CANCEL_HANDOVER_TRANSFER
Bug: 168712890
Test: build ok
Change-Id: I59cad8ae66a8a0c34c5db9fd908de7efe5f9b97e
diff --git a/src/com/android/nfc/beam/BeamTransferManager.java b/src/com/android/nfc/beam/BeamTransferManager.java
index c8a48a1..d728864 100644
--- a/src/com/android/nfc/beam/BeamTransferManager.java
+++ b/src/com/android/nfc/beam/BeamTransferManager.java
@@ -494,6 +494,7 @@
PendingIntent buildCancelIntent() {
Intent intent = new Intent(BeamStatusReceiver.ACTION_CANCEL_HANDOVER_TRANSFER);
+ intent.setPackage("com.android.nfc");
intent.putExtra(BeamStatusReceiver.EXTRA_ADDRESS, mRemoteDevice.getAddress());
intent.putExtra(BeamStatusReceiver.EXTRA_INCOMING, mIncoming ?
BeamStatusReceiver.DIRECTION_INCOMING : BeamStatusReceiver.DIRECTION_OUTGOING);