From 9d46bca1b92143259413c0262bb87bc9dbad45b8 Mon Sep 17 00:00:00 2001
From: Christophe Pinelli <cpinelli@google.com>
Date: Wed, 11 Jan 2023 19:43:41 +0000
Subject: [PATCH] Make mutable PendingIntent explicit

Starting from target SDK U, we will block creation of mutable
PendingIntents with implicit Intents because attackers can mutate the
Intent object within and launch altered behavior on behalf of victim
apps. For more details on the vulnerability, see go/pendingintent-rca.

From a quick analysis, we concluded that the PendingIntent here was only
destined to the test app/to the app, so it was made explicit. Reviewers,
please call out if this is not the case.

Bug: 236704164
Test: atest NexusLauncherTests:com.android.quickstep.DigitalWellBeingToastTest
Test: atest RequestPinItemTest
Change-Id: I81311b0588b7b712c97de6cb016a62bb91c7a77c
---
 .../src/com/android/quickstep/DigitalWellBeingToastTest.java   | 3 ++-
 .../com/android/launcher3/ui/widget/RequestPinItemTest.java    | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/quickstep/tests/src/com/android/quickstep/DigitalWellBeingToastTest.java b/quickstep/tests/src/com/android/quickstep/DigitalWellBeingToastTest.java
index 5c2e14f119..1129a337e3 100644
--- a/quickstep/tests/src/com/android/quickstep/DigitalWellBeingToastTest.java
+++ b/quickstep/tests/src/com/android/quickstep/DigitalWellBeingToastTest.java
@@ -46,7 +46,8 @@ public class DigitalWellBeingToastTest extends AbstractQuickStepTest {
             runWithShellPermission(() ->
                     usageStatsManager.registerAppUsageLimitObserver(observerId, packages,
                             Duration.ofSeconds(600), Duration.ofSeconds(300),
-                            PendingIntent.getActivity(mTargetContext, -1, new Intent(),
+                            PendingIntent.getActivity(mTargetContext, -1, new Intent()
+                                            .setPackage(mTargetContext.getPackageName()),
                                     PendingIntent.FLAG_MUTABLE)));
 
             mLauncher.goHome();
diff --git a/tests/src/com/android/launcher3/ui/widget/RequestPinItemTest.java b/tests/src/com/android/launcher3/ui/widget/RequestPinItemTest.java
index 0db719e349..96690102d4 100644
--- a/tests/src/com/android/launcher3/ui/widget/RequestPinItemTest.java
+++ b/tests/src/com/android/launcher3/ui/widget/RequestPinItemTest.java
@@ -147,7 +147,8 @@ public class RequestPinItemTest extends AbstractLauncherUiTest {
 
         // Set callback
         PendingIntent callback = PendingIntent.getBroadcast(mTargetContext, 0,
-                new Intent(mCallbackAction), FLAG_ONE_SHOT | FLAG_MUTABLE);
+                new Intent(mCallbackAction).setPackage(mTargetContext.getPackageName()),
+                FLAG_ONE_SHOT | FLAG_MUTABLE);
         mTargetContext.sendBroadcast(RequestPinItemActivity.getCommandIntent(
                 RequestPinItemActivity.class, "setCallback").putExtra(
                 RequestPinItemActivity.EXTRA_PARAM + "0", callback));