diff options
author | Carlos Valdivia <carlosvaldivia@google.com> | 2014-09-07 17:45:58 -0700 |
---|---|---|
committer | Paul Kocialkowski <contact@paulk.fr> | 2015-08-30 23:03:22 +0200 |
commit | 329603fd3b62ef5bb06c2c3612471edd30fd431a (patch) | |
tree | d3dc14defe2bc69b6204812547d0c0cc09d38d27 /MODULE_LICENSE_APACHE2 | |
parent | 04994e322b88df30ce711c59f2a2975c2aae5612 (diff) | |
download | packages_apps_settings-replicant-4.2.zip packages_apps_settings-replicant-4.2.tar.gz packages_apps_settings-replicant-4.2.tar.bz2 |
SECURITY: Don't pass a usable Pending Intent to 3rd parties.HEADreplicant-4.2-0004replicant-4.2
Unfortunately the Settings app has super powers. We shouldn't let
untrusted 3rd party authenticators re-purpose those powers to their own
nefarious ends. This means that we shouldn't pass along PendingIntents
that can have addressing information (component, action, category)
filled in by third parties.
Bug: 17356824
Change-Id: I397d26c5f465ddfb0e58bbc66cd44756e58cc507
(cherry picked from commit f5d3e74ecc2b973941d8adbe40c6b23094b5abb7)
Signed-off-by: Carlos Valdivia <carlosvaldivia@google.com>
Tested-by: Moritz Bandemer <replicant@posteo.mx>
Diffstat (limited to 'MODULE_LICENSE_APACHE2')
0 files changed, 0 insertions, 0 deletions