Only allow root/system UIDs to send broadcast to unexported receiver
Android T introduced new flags to specify whether a runtime receiver
should be exported to other apps on the device. Initially, an unexported
runtime receiver could receive broadcasts from any app with a UID
that passed the Process#isCoreUid check, but this behavior differs
from that of unexported manifest receivers which can only receive
broadcasts from the system and root UIDs. This commit updates the
behavior of runtime receivers registered with the RECEIVER_NOT_EXPORTED
flag to only allow broadcasts to be sent from the local app, system, and
root UIDs.
Bug: 225999840
Test: atest ContextTest
Change-Id: Idc2c42dda58d54859e9beb8bd8baf3810aeabefc
1 file changed