Make low storage notification PendingIntent immutable

zezeozue · zezeozue · commit 166d683ea416 · 2020-12-16T15:02:25.000Z
Malicious apps, especially NotificationListeners can hijack such
intents and grant themselves access to sensitive URIs by relying on
the OS URI granting mechanism. This change mitigates the security
issue and also adheres to the new enforcement requiring Android S+
targeting apps to explicitly specifiy a mutability flag.

Test: Manual
Bug: 153466381
Change-Id: If478386d68cf25c8f93c2685824700679e6b9ea9
(cherry picked from commit df9a44e1fb3968c6e3121aa76515a58f5e69fbee)
diff --git a/services/core/java/com/android/server/storage/DeviceStorageMonitorService.java b/services/core/java/com/android/server/storage/DeviceStorageMonitorService.java
@@ -491,8 +491,8 @@ private void updateNotifications(VolumeInfo vol, int oldLevel, int newLevel) {
                         com.android.internal.R.string.low_internal_storage_view_text);
             }
 
-            PendingIntent intent = PendingIntent.getActivityAsUser(context, 0, lowMemIntent, 0,
-                    null, UserHandle.CURRENT);
+            PendingIntent intent = PendingIntent.getActivityAsUser(context, 0, lowMemIntent,
+                    PendingIntent.FLAG_IMMUTABLE, null, UserHandle.CURRENT);
             Notification notification =
                     new Notification.Builder(context, SystemNotificationChannels.ALERTS)
                             .setSmallIcon(com.android.internal.R.drawable.stat_notify_disk_full)
