Skip to content

Commit

Permalink
LatinIME: Fix Implicit PendingIntent Vulnerability
Browse files Browse the repository at this point in the history
* checkTimeAndMaybeSetupUpdateAlarm method created an Implicit PendingIntent vulnerability, which may cause security threats in the form of denial-of-service, private data theft, and privilege escalation.

* PendingIntents are Intents delegated to another app to be delivered at some future time. Creating an implicit intent wrapped under a PendingIntent is a security vulnerability that might lead to denial-of-service, private data theft, and privilege escalation.

* We've used FLAG_IMMUTABLE (added in SDK 23) to create PendingIntents for SDK > 23, This prevents apps that receive the PendingIntent from filling in unpopulated properties & Ensures that PendingIntent is only delivered to trusted components.

Test: m
Google: 3019664
Change-Id: I68a1f3f2d81138e42092cc201d36e5d29853a86e
Signed-off-by: techyminati <[email protected]>
Signed-off-by: Pranav Vashi <[email protected]>
Signed-off-by: Pranav Temkar <[email protected]>
  • Loading branch information
techyminati authored and PptO07 committed Dec 2, 2024
1 parent 390fffd commit a74b9f6
Showing 1 changed file with 7 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -229,8 +229,14 @@ private static void checkTimeAndMaybeSetupUpdateAlarm(final Context context) {
final long now = System.currentTimeMillis();
final long alarmTime = now + new Random().nextInt(MAX_ALARM_DELAY_MILLIS);
final Intent updateIntent = new Intent(DictionaryPackConstants.UPDATE_NOW_INTENT_ACTION);
// Set the package name to ensure the PendingIntent is only delivered to trusted components
updateIntent.setPackage(context.getPackageName());
int pendingIntentFlags = PendingIntent.FLAG_CANCEL_CURRENT;
if (android.os.Build.VERSION.SDK_INT >= 23) {
pendingIntentFlags |= PendingIntent.FLAG_IMMUTABLE;
}
final PendingIntent pendingIntent = PendingIntent.getBroadcast(context, 0,
updateIntent, PendingIntent.FLAG_CANCEL_CURRENT);
updateIntent, pendingIntentFlags);

// We set the alarm in the type that doesn't forcefully wake the device
// from sleep, but fires the next time the device actually wakes for any
Expand Down

0 comments on commit a74b9f6

Please sign in to comment.