summaryrefslogtreecommitdiffstats
path: root/MODULE_LICENSE_APACHE2
diff options
context:
space:
mode:
authorCarlos Valdivia <carlosvaldivia@google.com>2014-09-07 17:45:58 -0700
committerPaul Kocialkowski <contact@paulk.fr>2015-08-30 23:03:22 +0200
commit329603fd3b62ef5bb06c2c3612471edd30fd431a (patch)
treed3dc14defe2bc69b6204812547d0c0cc09d38d27 /MODULE_LICENSE_APACHE2
parent04994e322b88df30ce711c59f2a2975c2aae5612 (diff)
downloadpackages_apps_settings-replicant-4.2.zip
packages_apps_settings-replicant-4.2.tar.gz
packages_apps_settings-replicant-4.2.tar.bz2
SECURITY: Don't pass a usable Pending Intent to 3rd parties.HEADreplicant-4.2-0004replicant-4.2
Unfortunately the Settings app has super powers. We shouldn't let untrusted 3rd party authenticators re-purpose those powers to their own nefarious ends. This means that we shouldn't pass along PendingIntents that can have addressing information (component, action, category) filled in by third parties. Bug: 17356824 Change-Id: I397d26c5f465ddfb0e58bbc66cd44756e58cc507 (cherry picked from commit f5d3e74ecc2b973941d8adbe40c6b23094b5abb7) Signed-off-by: Carlos Valdivia <carlosvaldivia@google.com> Tested-by: Moritz Bandemer <replicant@posteo.mx>
Diffstat (limited to 'MODULE_LICENSE_APACHE2')
0 files changed, 0 insertions, 0 deletions