Externally Reported Low Severity Security Vulnerability: SMS Resend Vulnerability in Android

Bug 17671795 Require SEND_SMS permission so apps without it won't be able to trick the messaging app into sending messages. Change-Id: I1486e8310f7b5634990cbe78e9c1144fde843414
author: Tom Taylor <tomtaylor@google.com> 2014-09-30 13:59:38 -0700
committer: Tom Taylor <tomtaylor@google.com> 2014-09-30 13:59:38 -0700
commit: 9da13d25ef52ce81f132f8229e13f1b02bfcb779 (patch)
tree: 96a774c55472358a8b56d63da771ee7d7ab2856a
parent: 0bd818f8c28e014bbb10f6ad0e9594bc40da1494 (diff)
download: Mms-9da13d25ef52ce81f132f8229e13f1b02bfcb779.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index a4b0bfb8..65f1a894 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -215,7 +215,8 @@
         </receiver>
 
         <!-- Catch-all receiver for broadcasts that don't have associated security -->
-        <receiver android:name=".transaction.SmsReceiver">
+        <receiver android:name=".transaction.SmsReceiver"
+             android:permission="android.permission.SEND_SMS">
             <intent-filter>
                 <action android:name="android.intent.action.BOOT_COMPLETED" />
             </intent-filter>
author	Tom Taylor <tomtaylor@google.com>	2014-09-30 13:59:38 -0700
committer	Tom Taylor <tomtaylor@google.com>	2014-09-30 13:59:38 -0700
commit	9da13d25ef52ce81f132f8229e13f1b02bfcb779 (patch)
tree	96a774c55472358a8b56d63da771ee7d7ab2856a
parent	0bd818f8c28e014bbb10f6ad0e9594bc40da1494 (diff)
download	Mms-9da13d25ef52ce81f132f8229e13f1b02bfcb779.tar.gz