mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
d42c8f033d
- Fixup CVE-2020-36386 breakage - Move some cherrypicks in tree (gerrit down right now, pulled from reflog) - Update cherrypicks
60 lines
2.7 KiB
Diff
60 lines
2.7 KiB
Diff
From 653c059e47ea39766d7ab62f6408351d9fc7e9d7 Mon Sep 17 00:00:00 2001
|
|
From: Bruno Martins <bgcngm@gmail.com>
|
|
Date: Sun, 6 Jun 2021 14:18:24 +0100
|
|
Subject: [PATCH] profiles: Add FLAG_IMMUTABLE flag for security purposes
|
|
|
|
Prevent the intent to be altered by a malicious app.
|
|
|
|
Change-Id: Id5144fb3f11fc98380de0188df0f32330e976398
|
|
---
|
|
.../lineageos/lineageparts/profiles/NFCProfileWriter.java | 5 +++--
|
|
.../lineageparts/profiles/triggers/NfcTriggerFragment.java | 4 ++--
|
|
2 files changed, 5 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/src/org/lineageos/lineageparts/profiles/NFCProfileWriter.java b/src/org/lineageos/lineageparts/profiles/NFCProfileWriter.java
|
|
index d477d69..d651e9b 100644
|
|
--- a/src/org/lineageos/lineageparts/profiles/NFCProfileWriter.java
|
|
+++ b/src/org/lineageos/lineageparts/profiles/NFCProfileWriter.java
|
|
@@ -1,6 +1,6 @@
|
|
/*
|
|
* Copyright (C) 2012 The CyanogenMod Project
|
|
- * 2017-2018 The LineageOS Project
|
|
+ * 2017-2018,2021 The LineageOS Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
@@ -84,7 +84,8 @@ public class NFCProfileWriter extends Activity {
|
|
|
|
private PendingIntent getPendingIntent() {
|
|
return PendingIntent.getActivity(this, 0,
|
|
- new Intent(this, getClass()).addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP), 0);
|
|
+ new Intent(this, getClass()).addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP),
|
|
+ PendingIntent.FLAG_IMMUTABLE);
|
|
}
|
|
|
|
private void disableTagWriteMode() {
|
|
diff --git a/src/org/lineageos/lineageparts/profiles/triggers/NfcTriggerFragment.java b/src/org/lineageos/lineageparts/profiles/triggers/NfcTriggerFragment.java
|
|
index adb684c..aac9839 100644
|
|
--- a/src/org/lineageos/lineageparts/profiles/triggers/NfcTriggerFragment.java
|
|
+++ b/src/org/lineageos/lineageparts/profiles/triggers/NfcTriggerFragment.java
|
|
@@ -1,6 +1,6 @@
|
|
/*
|
|
* Copyright (C) 2014 The CyanogenMod Project
|
|
- * 2017 The LineageOS Project
|
|
+ * 2017,2021 The LineageOS Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
@@ -89,7 +89,7 @@ public class NfcTriggerFragment extends Fragment implements NFCProfileTagCallbac
|
|
private PendingIntent getPendingIntent() {
|
|
Intent intent = new Intent(getActivity(), getActivity().getClass())
|
|
.addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP);
|
|
- return PendingIntent.getActivity(getActivity(), 0, intent, 0);
|
|
+ return PendingIntent.getActivity(getActivity(), 0, intent, PendingIntent.FLAG_IMMUTABLE);
|
|
}
|
|
|
|
private void disableTagWriteMode() {
|
|
--
|
|
2.31.1
|
|
|