commit 9a41a17ea4214ed6b1cefebae4b4b6081ee92309
author Shuo Qian <shuoq@google.com> Fri Apr 24 19:19:31 2020 -0700
committer Shuo Qian <shuoq@google.com> Sat Apr 25 02:21:18 2020 +0000
tree f4e03ddb0a11626d3f286e125efa4dee32dd32e6
parent 532f51c1db7fc359e53abbbd684013547a4ffbc9

Use PendingIntent.FLAG_IMMUTABLE in PendingIntent in NotificationMgr

Require that the PendingIntent be immutable so that a malicious app is
 not able to hijack and mutate any of the details.

Test: Android builds
Bug: 153356561
Change-Id: Ib278926f4327b3fcbec25795b78643774911d1dc

src/com/android/phone/NotificationMgr.java

diff --git a/src/com/android/phone/NotificationMgr.java b/src/com/android/phone/NotificationMgr.java
index 6f7022f..c2dece5 100644
--- a/src/com/android/phone/NotificationMgr.java
+++ b/src/com/android/phone/NotificationMgr.java
@@ -355,7 +355,8 @@
             }
 
             PendingIntent pendingIntent =
-                    PendingIntent.getActivity(mContext, subId /* requestCode */, intent, 0);
+                    PendingIntent.getActivity(mContext, subId /* requestCode */, intent,
+                            PendingIntent.FLAG_IMMUTABLE);
 
             Resources res = mContext.getResources();
             PersistableBundle carrierConfig = PhoneGlobals.getInstance().getCarrierConfigForSubId(
@@ -556,7 +557,7 @@
             SubscriptionInfoHelper.addExtrasToIntent(
                     intent, mSubscriptionManager.getActiveSubscriptionInfo(subId));
             builder.setContentIntent(PendingIntent.getActivity(mContext, subId /* requestCode */,
-                    intent, 0));
+                    intent, PendingIntent.FLAG_IMMUTABLE));
             notifyAsUser(
                     Integer.toString(subId) /* tag */,
                     CALL_FORWARD_NOTIFICATION,
@@ -598,7 +599,8 @@
         // "Mobile network settings" screen / dialog
         Intent intent = new Intent(Settings.ACTION_DATA_ROAMING_SETTINGS);
         intent.putExtra(Settings.EXTRA_SUB_ID, subId);
-        PendingIntent contentIntent = PendingIntent.getActivity(mContext, subId, intent, 0);
+        PendingIntent contentIntent = PendingIntent.getActivity(
+                mContext, subId, intent, PendingIntent.FLAG_IMMUTABLE);
 
         CharSequence contentTitle = mContext.getText(roamingOn
                 ? R.string.roaming_on_notification_title
@@ -672,7 +674,7 @@
         }
         // Navigate to "Network Selection Settings" which list all subscriptions.
         PendingIntent contentIntent = PendingIntent.getActivity(mContext, 0,
-                new Intent(ACTION_MOBILE_NETWORK_LIST), 0);
+                new Intent(ACTION_MOBILE_NETWORK_LIST), PendingIntent.FLAG_IMMUTABLE);
         // Display phone number from the other sub
         String line1Num = null;
         SubscriptionManager subMgr = (SubscriptionManager) mContext.getSystemService(
@@ -773,7 +775,8 @@
                 mContext.getString(R.string.mobile_network_settings_package),
                 mContext.getString(R.string.mobile_network_settings_class)));
         intent.putExtra(Settings.EXTRA_SUB_ID, subId);
-        builder.setContentIntent(PendingIntent.getActivity(mContext, 0, intent, 0));
+        builder.setContentIntent(
+                PendingIntent.getActivity(mContext, 0, intent, PendingIntent.FLAG_IMMUTABLE));
         notifyAsUser(
                 Integer.toString(subId) /* tag */,
                 SELECTED_OPERATOR_FAIL_NOTIFICATION,