From f363525b733f2f40dca79fad7f8dce293a4ea05f Mon Sep 17 00:00:00 2001 From: Joanne Chung Date: Mon, 2 Nov 2020 23:13:44 +0800 Subject: [PATCH] Use the flag FLAG_MUTABLE when creating the PendingIntent Starting with S, any app targeting S+ will need to specify explicitly either FLAG_MUTABLE or FLAG_IMMUTABLE when creating PendingIntents. This change helps mitigate against implicit PendingIntent reuse. At present, all PendingIntents are mutable by default unless FLAG_IMMUTABLE is explicitly set when creating them. This often leads to developers accidentally making the PendingIntents mutable and thus handing their receivers powers to fill in critical fields. Because the autofill system server will need to update it, the PendingIntent from the service provider (AwG, AiAi etc) should be mutable. Bug: 170771150 Test: manual. Make sure the function works normal. Change-Id: I52e7e0924103447ff8e4bad553539c7b1dba34af --- .../example/android/inlinefillservice/AuthActivity.java | 2 +- .../android/inlinefillservice/InlineRequestHelper.java | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/samples/InlineFillService/src/com/example/android/inlinefillservice/AuthActivity.java b/samples/InlineFillService/src/com/example/android/inlinefillservice/AuthActivity.java index cb9cf880e..9d9ed7aa3 100644 --- a/samples/InlineFillService/src/com/example/android/inlinefillservice/AuthActivity.java +++ b/samples/InlineFillService/src/com/example/android/inlinefillservice/AuthActivity.java @@ -114,6 +114,6 @@ public class AuthActivity extends Activity { } return PendingIntent.getActivity(context, ++sPendingIntentId, intent, - PendingIntent.FLAG_CANCEL_CURRENT).getIntentSender(); + PendingIntent.FLAG_CANCEL_CURRENT | PendingIntent.FLAG_MUTABLE).getIntentSender(); } } diff --git a/samples/InlineFillService/src/com/example/android/inlinefillservice/InlineRequestHelper.java b/samples/InlineFillService/src/com/example/android/inlinefillservice/InlineRequestHelper.java index c93771af6..0aff9d226 100644 --- a/samples/InlineFillService/src/com/example/android/inlinefillservice/InlineRequestHelper.java +++ b/samples/InlineFillService/src/com/example/android/inlinefillservice/InlineRequestHelper.java @@ -79,7 +79,7 @@ public class InlineRequestHelper { InlineSuggestionsRequest inlineRequest, int drawable) { PendingIntent pendingIntent = PendingIntent.getActivity(context, 0, new Intent(context, SettingsActivity.class), - PendingIntent.FLAG_UPDATE_CURRENT); + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE); Dataset.Builder builder = new Dataset.Builder() @@ -126,9 +126,8 @@ public class InlineRequestHelper { Intent intent = new Intent(context, AttributionDialogActivity.class); intent.putExtra(AttributionDialogActivity.KEY_MSG, msg); // Should use different request code to avoid the new intent overriding the old one. - PendingIntent pendingIntent = - PendingIntent.getActivity( - context, msg.hashCode(), intent, PendingIntent.FLAG_UPDATE_CURRENT); + PendingIntent pendingIntent = PendingIntent.getActivity(context, msg.hashCode(), intent, + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE); return pendingIntent; }