commit b722e6d0bef5bdcf3cf7368b765ed08a98bdee1c
author Shuo Qian <shuoq@google.com> Fri Apr 24 19:19:31 2020 -0700
committer Shuo Qian <shuoq@google.com> Thu May 14 16:57:12 2020 +0000
tree fd8c8a278f240a7d30c834becec62c2f9a041c0d
parent c3c58abf138f90d4233b6360609af14c52f5d8bc

Use PendingIntent.FLAG_IMMUTABLE in PendingIntent in NotificationMgr

Require that the PendingIntent be immutable so that a malicious app is
 not able to hijack and mutate any of the details.

Test: Android builds
Bug: 153356561
Change-Id: Ib278926f4327b3fcbec25795b78643774911d1dc
Merged-In: Ib278926f4327b3fcbec25795b78643774911d1dc

src/com/android/phone/NotificationMgr.java

diff --git a/src/com/android/phone/NotificationMgr.java b/src/com/android/phone/NotificationMgr.java
index 942c1e2..3a404de 100644
--- a/src/com/android/phone/NotificationMgr.java
+++ b/src/com/android/phone/NotificationMgr.java
@@ -350,7 +350,8 @@
             }
 
             PendingIntent pendingIntent =
-                    PendingIntent.getActivity(mContext, subId /* requestCode */, intent, 0);
+                    PendingIntent.getActivity(mContext, subId /* requestCode */, intent,
+                            PendingIntent.FLAG_IMMUTABLE);
 
             Resources res = mContext.getResources();
             PersistableBundle carrierConfig = PhoneGlobals.getInstance().getCarrierConfigForSubId(
@@ -539,7 +540,7 @@
             SubscriptionInfoHelper.addExtrasToIntent(
                     intent, mSubscriptionManager.getActiveSubscriptionInfo(subId));
             builder.setContentIntent(PendingIntent.getActivity(mContext, subId /* requestCode */,
-                    intent, 0));
+                    intent, PendingIntent.FLAG_IMMUTABLE));
             mNotificationManager.notifyAsUser(
                     Integer.toString(subId) /* tag */,
                     CALL_FORWARD_NOTIFICATION,
@@ -571,7 +572,8 @@
         // "Mobile network settings" screen / dialog
         Intent intent = new Intent(Settings.ACTION_DATA_ROAMING_SETTINGS);
         intent.putExtra(Settings.EXTRA_SUB_ID, subId);
-        PendingIntent contentIntent = PendingIntent.getActivity(mContext, subId, intent, 0);
+        PendingIntent contentIntent = PendingIntent.getActivity(
+                mContext, subId, intent, PendingIntent.FLAG_IMMUTABLE);
 
         final CharSequence contentText = mContext.getText(R.string.roaming_reenable_message);
 
@@ -625,7 +627,8 @@
                 mContext.getString(R.string.mobile_network_settings_package),
                 mContext.getString(R.string.mobile_network_settings_class)));
         intent.putExtra(GsmUmtsOptions.EXTRA_SUB_ID, subId);
-        builder.setContentIntent(PendingIntent.getActivity(mContext, 0, intent, 0));
+        builder.setContentIntent(PendingIntent.getActivity(
+                mContext, 0, intent, PendingIntent.FLAG_IMMUTABLE));
         mNotificationManager.notifyAsUser(
                 Integer.toString(subId) /* tag */,
                 SELECTED_OPERATOR_FAIL_NOTIFICATION,