OSDN Git Service

(root) / android-x86 / packages-apps-Settings.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 90630f6) | patch
SECURITY: Don't pass a usable Pending Intent to 3rd parties.
authorCarlos Valdivia <carlosvaldivia@google.com>
Mon, 8 Sep 2014 00:45:58 +0000 (17:45 -0700)
committerJon Larimer <jlarimer@google.com>
Wed, 10 Sep 2014 21:13:10 +0000 (21:13 +0000)
commit37b58a420ff59254cbe9420c64685fdb7ea4e375
tree1d4e3345d8c0087a74e862177bb4c38e2ab647d0tree | snapshot
parent90630f6a6d19e169befb8ad8117d53200eb562c4commit | diff
SECURITY: Don't pass a usable Pending Intent to 3rd parties.

Unfortunately the Settings app has super powers. We shouldn't let
untrusted 3rd party authenticators re-purpose those powers to their own
nefarious ends.  This means that we shouldn't pass along PendingIntents
that can have addressing information (component, action, category)
filled in by third parties.

Bug: 17356824
Change-Id: I397d26c5f465ddfb0e58bbc66cd44756e58cc507
(cherry picked from commit f5d3e74ecc2b973941d8adbe40c6b23094b5abb7)
src/com/android/settings/accounts/AddAccountSettings.java diff | blob | history
packages/apps/Settings
About OSDN
Find Software
Develop Software
Help