From cb120169923f3ad6d59ffac59550b68d68dabaeb Mon Sep 17 00:00:00 2001 From: Torsten Grote Date: Tue, 7 Mar 2023 11:20:44 -0300 Subject: [PATCH] [app] Mark all PendingIntents as FLAG_IMMUTABLE for now Some might need to be mutable, but we find this out later. --- .../fdroid/fdroid/AppUpdateStatusManager.java | 8 +++++--- .../org/fdroid/fdroid/NotificationHelper.java | 18 ++++++++++++------ .../fdroid/installer/DefaultInstaller.java | 4 ++-- .../fdroid/fdroid/installer/FileInstaller.java | 4 ++-- .../installer/InstallManagerService.java | 3 ++- 5 files changed, 23 insertions(+), 14 deletions(-) diff --git a/app/src/main/java/org/fdroid/fdroid/AppUpdateStatusManager.java b/app/src/main/java/org/fdroid/fdroid/AppUpdateStatusManager.java index 2ac897941..b3c98cc28 100644 --- a/app/src/main/java/org/fdroid/fdroid/AppUpdateStatusManager.java +++ b/app/src/main/java/org/fdroid/fdroid/AppUpdateStatusManager.java @@ -615,7 +615,8 @@ public final class AppUpdateStatusManager { PackageManager pm = context.getPackageManager(); Intent intentObject = pm.getLaunchIntentForPackage(entry.app.packageName); if (intentObject != null) { - entry.intent = PendingIntent.getActivity(context, 0, intentObject, 0); + entry.intent = PendingIntent.getActivity(context, 0, intentObject, + PendingIntent.FLAG_IMMUTABLE); } else { entry.intent = getAppDetailsIntent(entry.apk); } @@ -636,7 +637,8 @@ public final class AppUpdateStatusManager { return TaskStackBuilder.create(context) .addParentStack(AppDetailsActivity.class) .addNextIntent(notifyIntent) - .getPendingIntent(apk.packageName.hashCode(), PendingIntent.FLAG_UPDATE_CURRENT); + .getPendingIntent(apk.packageName.hashCode(), PendingIntent.FLAG_UPDATE_CURRENT | + PendingIntent.FLAG_IMMUTABLE); } private PendingIntent getAppErrorIntent(AppUpdateStatus entry) { @@ -650,6 +652,6 @@ public final class AppUpdateStatusManager { context, 0, errorDialogIntent, - PendingIntent.FLAG_UPDATE_CURRENT); + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); } } \ No newline at end of file diff --git a/app/src/main/java/org/fdroid/fdroid/NotificationHelper.java b/app/src/main/java/org/fdroid/fdroid/NotificationHelper.java index dd14a2e1a..14f115d16 100644 --- a/app/src/main/java/org/fdroid/fdroid/NotificationHelper.java +++ b/app/src/main/java/org/fdroid/fdroid/NotificationHelper.java @@ -367,7 +367,8 @@ public class NotificationHelper { Intent intentDeleted = new Intent(BROADCAST_NOTIFICATIONS_UPDATE_CLEARED); intentDeleted.putExtra(DownloaderService.EXTRA_CANONICAL_URL, entry.getCanonicalUrl()); intentDeleted.setClass(context, NotificationBroadcastReceiver.class); - PendingIntent piDeleted = PendingIntent.getBroadcast(context, 0, intentDeleted, PendingIntent.FLAG_UPDATE_CURRENT); + PendingIntent piDeleted = PendingIntent.getBroadcast(context, 0, intentDeleted, + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); builder.setDeleteIntent(piDeleted); loadLargeIconForEntry(entry, builder, NOTIFY_ID_UPDATES, entry.getCanonicalUrl()); return builder.build(); @@ -408,7 +409,8 @@ public class NotificationHelper { // Intent to open main app list Intent intentObject = new Intent(context, MainActivity.class); intentObject.putExtra(MainActivity.EXTRA_VIEW_UPDATES, true); - PendingIntent piAction = PendingIntent.getActivity(context, 0, intentObject, PendingIntent.FLAG_UPDATE_CURRENT); + PendingIntent piAction = PendingIntent.getActivity(context, 0, intentObject, + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); NotificationCompat.Builder builder = new NotificationCompat.Builder(context, CHANNEL_UPDATES) @@ -429,7 +431,8 @@ public class NotificationHelper { Intent intentDeleted = new Intent(BROADCAST_NOTIFICATIONS_ALL_UPDATES_CLEARED); intentDeleted.setClass(context, NotificationBroadcastReceiver.class); - PendingIntent piDeleted = PendingIntent.getBroadcast(context, 0, intentDeleted, PendingIntent.FLAG_UPDATE_CURRENT); + PendingIntent piDeleted = PendingIntent.getBroadcast(context, 0, intentDeleted, + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); builder.setDeleteIntent(piDeleted); return builder.build(); } @@ -455,7 +458,8 @@ public class NotificationHelper { Intent intentDeleted = new Intent(BROADCAST_NOTIFICATIONS_INSTALLED_CLEARED); intentDeleted.putExtra(DownloaderService.EXTRA_CANONICAL_URL, entry.getCanonicalUrl()); intentDeleted.setClass(context, NotificationBroadcastReceiver.class); - PendingIntent piDeleted = PendingIntent.getBroadcast(context, 0, intentDeleted, PendingIntent.FLAG_UPDATE_CURRENT); + PendingIntent piDeleted = PendingIntent.getBroadcast(context, 0, intentDeleted, + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); builder.setDeleteIntent(piDeleted); loadLargeIconForEntry(entry, builder, NOTIFY_ID_INSTALLED, entry.getCanonicalUrl()); @@ -487,7 +491,8 @@ public class NotificationHelper { // Intent to open main app list Intent intentObject = new Intent(context, MainActivity.class); - PendingIntent piAction = PendingIntent.getActivity(context, 0, intentObject, PendingIntent.FLAG_UPDATE_CURRENT); + PendingIntent piAction = PendingIntent.getActivity(context, 0, intentObject, + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); NotificationCompat.Builder builder = new NotificationCompat.Builder(context, CHANNEL_INSTALLS) @@ -505,7 +510,8 @@ public class NotificationHelper { } Intent intentDeleted = new Intent(BROADCAST_NOTIFICATIONS_ALL_INSTALLED_CLEARED); intentDeleted.setClass(context, NotificationBroadcastReceiver.class); - PendingIntent piDeleted = PendingIntent.getBroadcast(context, 0, intentDeleted, PendingIntent.FLAG_UPDATE_CURRENT); + PendingIntent piDeleted = PendingIntent.getBroadcast(context, 0, intentDeleted, + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); builder.setDeleteIntent(piDeleted); return builder.build(); } diff --git a/app/src/main/java/org/fdroid/fdroid/installer/DefaultInstaller.java b/app/src/main/java/org/fdroid/fdroid/installer/DefaultInstaller.java index d8b011b5f..5bd91400a 100644 --- a/app/src/main/java/org/fdroid/fdroid/installer/DefaultInstaller.java +++ b/app/src/main/java/org/fdroid/fdroid/installer/DefaultInstaller.java @@ -60,7 +60,7 @@ public class DefaultInstaller extends Installer { context.getApplicationContext(), localApkUri.hashCode(), installIntent, - PendingIntent.FLAG_UPDATE_CURRENT); + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); sendBroadcastInstall(canonicalUri, Installer.ACTION_INSTALL_USER_INTERACTION, installPendingIntent); @@ -76,7 +76,7 @@ public class DefaultInstaller extends Installer { context.getApplicationContext(), apk.packageName.hashCode(), uninstallIntent, - PendingIntent.FLAG_UPDATE_CURRENT); + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); sendBroadcastUninstall(Installer.ACTION_UNINSTALL_USER_INTERACTION, uninstallPendingIntent); } diff --git a/app/src/main/java/org/fdroid/fdroid/installer/FileInstaller.java b/app/src/main/java/org/fdroid/fdroid/installer/FileInstaller.java index a285ae6c9..327186a92 100644 --- a/app/src/main/java/org/fdroid/fdroid/installer/FileInstaller.java +++ b/app/src/main/java/org/fdroid/fdroid/installer/FileInstaller.java @@ -64,7 +64,7 @@ public class FileInstaller extends Installer { context.getApplicationContext(), localApkUri.hashCode(), installIntent, - PendingIntent.FLAG_UPDATE_CURRENT); + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); sendBroadcastInstall(canonicalUri, Installer.ACTION_INSTALL_USER_INTERACTION, installPendingIntent); @@ -80,7 +80,7 @@ public class FileInstaller extends Installer { context.getApplicationContext(), apk.packageName.hashCode(), uninstallIntent, - PendingIntent.FLAG_UPDATE_CURRENT); + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); sendBroadcastUninstall(Installer.ACTION_UNINSTALL_USER_INTERACTION, uninstallPendingIntent); } diff --git a/app/src/main/java/org/fdroid/fdroid/installer/InstallManagerService.java b/app/src/main/java/org/fdroid/fdroid/installer/InstallManagerService.java index 6282f2341..3e8f2c9cc 100644 --- a/app/src/main/java/org/fdroid/fdroid/installer/InstallManagerService.java +++ b/app/src/main/java/org/fdroid/fdroid/installer/InstallManagerService.java @@ -333,7 +333,8 @@ public class InstallManagerService extends Service { Intent intentObject = new Intent(context, InstallManagerService.class); intentObject.setAction(ACTION_CANCEL); intentObject.setData(canonicalUri); - PendingIntent action = PendingIntent.getService(context, 0, intentObject, 0); + PendingIntent action = + PendingIntent.getService(context, 0, intentObject, PendingIntent.FLAG_IMMUTABLE); appUpdateStatusManager.updateApk(canonicalUrl, AppUpdateStatusManager.Status.Downloading, action); break;