diff options
| author | Raman Tenneti <rtenneti@google.com> | 2021-09-10 21:40:57 +0000 |
|---|---|---|
| committer | Raman Tenneti <rtenneti@google.com> | 2021-09-21 20:27:42 +0000 |
| commit | ae2c873754cd8c54ce8a76aacbc0e1a0bf827188 (patch) | |
| tree | e42c5fca32c66548baa7d35bdafafe16a3017dba | |
| parent | 0963bdff5bd89f3f1174d80ab9995df1649db1a2 (diff) | |
| download | QuickSearchBox-ae2c873754cd8c54ce8a76aacbc0e1a0bf827188.tar.gz | |
Secure the pendingIntent in SearchWidgetProvider.
Fixes - "PendingIntent in QuickSearchBox Widget ..." security bug.
This change is similar to the fix to Settings changes.
+ Assign the package name for pending intent, so that the intent
only can launch the QuicSearchBox app.
https://googleplex-android-review.git.corp.google.com/c/platform/packages/apps/Settings/+/10526147/2/src/com/android/settings/slices/SettingsSliceProvider.java
git_qt-dev:
https://android-build.googleplex.com/builds/abtd/run/L35800000951088353
git_rvc-dev:
https://android-build.googleplex.com/builds/abtd/run/L61000000951079598
git_sc-dev:
https://android-build.googleplex.com/builds/abtd/run/L60400000951091431
+ Assign the package name for pending intent, so that the intent
only can launch the QuicSearchBox app.
Original aosp-master cl: aosp/1818517
Fix: 184046278
Test: manual
+ Verified the above bug is fixes the above bug,
+ Installed the app and verified search is working.
$ m
$ ls -l ./out/target/product/bonito/product/app/QuickSearchBox/QuickSearchBox.apk-rw-r--r-- 1 rtenneti primarygroup 701136 Sep 3 14:52 ./out/target/product/bonito/product/app/QuickSearchBox/QuickSearchBox.apk
$ adb install -t ./out/target/product/bonito/product/app/QuickSearchBox/QuickSearchBox.apk
Performing Streamed Install
Success
$ make QuickSearchBoxTests
$ ls -l out/target/product/bonito/testcases/QuickSearchBoxTests/arm64/QuickSearchBox*
-rw-r--r-- 1 rtenneti primarygroup 33175 Sep 3 16:40 out/target/product/bonito/testcases/QuickSearchBoxTests/arm64/QuickSearchBoxTests.apk
$ adb shell am instrument -w com.android.quicksearchbox.tests
com.android.quicksearchbox.CachingIconLoaderTest:.
com.android.quicksearchbox.LevenshteinFormatterTest:.........................
com.android.quicksearchbox.PackageIconLoaderTest:..
com.android.quicksearchbox.SuggestionUtilsTest:......
com.android.quicksearchbox.util.CachedLaterTest:......
com.android.quicksearchbox.util.LevenshteinDistanceTest:.....
com.android.quicksearchbox.util.PerNameExecutorTest:...
com.android.quicksearchbox.util.PriorityThreadFactoryTest:.
com.android.quicksearchbox.util.SingleThreadNamedTaskExecutorTest:.
Test results for InstrumentationTestRunner=.........................................
.........
Time: 0.277
OK (50 tests)
Bug: 184046278
Change-Id: Idf5592b14967c6567e898b0b23a5e18f8209f639
| -rw-r--r-- | src/com/android/quicksearchbox/SearchWidgetProvider.java | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/com/android/quicksearchbox/SearchWidgetProvider.java b/src/com/android/quicksearchbox/SearchWidgetProvider.java index 205e7cc..fdd8cf3 100644 --- a/src/com/android/quicksearchbox/SearchWidgetProvider.java +++ b/src/com/android/quicksearchbox/SearchWidgetProvider.java @@ -178,6 +178,7 @@ public class SearchWidgetProvider extends BroadcastReceiver { private void setOnClickActivityIntent(Context context, RemoteViews views, int viewId, Intent intent) { + intent.setPackage(context.getPackageName()); PendingIntent pendingIntent = PendingIntent.getActivity(context, 0, intent, 0); views.setOnClickPendingIntent(viewId, pendingIntent); } |