Disable PendingIntent background activity launch
Set BroadcastOptions to explicitly disallow the receiver from
starting activities, to prevent apps from utilizing the
PendingIntent as a backdoor to do this.
Bug: 230866011
Test: Test with PoC app to verify app does not be launched
Test: atest FrameworksNetTests
Ignore-AOSP-First: security patch
Change-Id: Ie795d5c40a3fa2d8f30c1d0f6530be554ececb61
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index b535fa9..0a6c2bd 100644
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -8349,7 +8349,15 @@
mPendingIntentWakeLock.acquire();
try {
if (DBG) log("Sending " + pendingIntent);
- pendingIntent.send(mContext, 0, intent, this /* onFinished */, null /* Handler */);
+ final BroadcastOptions options = BroadcastOptions.makeBasic();
+ if (SdkLevel.isAtLeastT()) {
+ // Explicitly disallow the receiver from starting activities, to prevent apps from
+ // utilizing the PendingIntent as a backdoor to do this.
+ options.setPendingIntentBackgroundActivityLaunchAllowed(false);
+ }
+ pendingIntent.send(mContext, 0, intent, this /* onFinished */, null /* Handler */,
+ null /* requiredPermission */,
+ SdkLevel.isAtLeastT() ? options.toBundle() : null);
} catch (PendingIntent.CanceledException e) {
if (DBG) log(pendingIntent + " was not sent, it had been canceled.");
mPendingIntentWakeLock.release();