From 39e7cdc2b9a019bede6be69868258e52bf32a3f6 Mon Sep 17 00:00:00 2001 From: Jacky Kao Date: Thu, 4 Jun 2020 15:18:49 +0800 Subject: [PATCH] Make A11yServiceConnection PendingIntent immutable. Require that the PendingIntent be immutable so that a malicious app is not able to hijack and mutate any of the details. Bug: 154913130 Test: a11y CTS & unit tests Change-Id: Ib794fa9e80b2a6c5562c66a0c17ea7c92c500e19 (cherry picked from commit a0b630075a36ce7d39b8b7ad656ca690953b445f) --- .../server/accessibility/AccessibilityServiceConnection.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityServiceConnection.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityServiceConnection.java index 0f98992d1ea0c..fea2e7b841e02 100644 --- a/services/accessibility/java/com/android/server/accessibility/AccessibilityServiceConnection.java +++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityServiceConnection.java @@ -21,6 +21,7 @@ import static com.android.internal.util.function.pooled.PooledLambda.obtainMessa import android.Manifest; import android.accessibilityservice.AccessibilityServiceInfo; import android.accessibilityservice.IAccessibilityServiceClient; +import android.app.PendingIntent; import android.content.ComponentName; import android.content.Context; import android.content.Intent; @@ -83,7 +84,8 @@ class AccessibilityServiceConnection extends AbstractAccessibilityServiceConnect final long identity = Binder.clearCallingIdentity(); try { mIntent.putExtra(Intent.EXTRA_CLIENT_INTENT, mSystemSupport.getPendingIntentActivity( - mContext, 0, new Intent(Settings.ACTION_ACCESSIBILITY_SETTINGS), 0)); + mContext, 0, new Intent(Settings.ACTION_ACCESSIBILITY_SETTINGS), + PendingIntent.FLAG_IMMUTABLE)); } finally { Binder.restoreCallingIdentity(identity); }