git.osdn.net Git - android-x86/packages-apps-Settings.git/commit

(root) / android-x86 / packages-apps-Settings.git / commit

author	Carlos Valdivia <carlosvaldivia@google.com>
	Mon, 8 Sep 2014 00:45:58 +0000 (17:45 -0700)
committer	Carlos Valdivia <carlosvaldivia@google.com>
	Mon, 8 Sep 2014 00:45:58 +0000 (17:45 -0700)
commit	f5d3e74ecc2b973941d8adbe40c6b23094b5abb7
tree	61bff12de48e8a7860b883e98e2495f29cde9619	tree \| snapshot
parent	30c50b15d0d716567c71d590aa835dc4a27591d6	commit \| diff

SECURITY: Don't pass a usable Pending Intent to 3rd parties.

Unfortunately the Settings app has super powers. We shouldn't let
untrusted 3rd party authenticators re-purpose those powers to their own
nefarious ends. This means that we shouldn't pass along PendingIntents
that can have addressing information (component, action, category)
filled in by third parties.

Bug: 17356824
Change-Id: I397d26c5f465ddfb0e58bbc66cd44756e58cc507

src/com/android/settings/accounts/AddAccountSettings.java

diff | blob | history

packages/apps/Settings

RSS Atom

About OSDN

Find Software

Develop Software

Help