diff options
| author | Iván Budnik <ivanbuper@google.com> | 2023-08-16 16:32:55 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-09-15 21:16:24 +0000 |
| commit | 6bc31b2a95679f00f57ccb27cd385673c912ba6e (patch) | |
| tree | 2a75658b0017991401910d9d9291d350f1122fce | |
| parent | b63dfe98ae9160a706c663190aae5355409b4fac (diff) | |
| download | base-6bc31b2a95679f00f57ccb27cd385673c912ba6e.tar.gz | |
Prevent media button receivers targeting activities
This enforcement prevents a bypass of background activity launches. For
Android U, the enforcement just ignores the request and logs a warning.
This change is a backport of ag/23810567.
Test: Manually.
Bug: 272737196
Bug: 272024837
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d455e21711c167223f7d0696809a4e411683182c)
Merged-In: I2412633c0b3afda6776244c72043d0dd78a4c8a1
Change-Id: I2412633c0b3afda6776244c72043d0dd78a4c8a1
| -rw-r--r-- | media/java/android/media/session/MediaSession.java | 23 | ||||
| -rw-r--r-- | services/core/java/com/android/server/media/MediaSessionRecord.java | 8 |
2 files changed, 22 insertions, 9 deletions
diff --git a/media/java/android/media/session/MediaSession.java b/media/java/android/media/session/MediaSession.java index 29e8716f08ac..6121b8837f4f 100644 --- a/media/java/android/media/session/MediaSession.java +++ b/media/java/android/media/session/MediaSession.java @@ -267,17 +267,22 @@ public final class MediaSession { } /** - * Set a pending intent for your media button receiver to allow restarting - * playback after the session has been stopped. If your app is started in - * this way an {@link Intent#ACTION_MEDIA_BUTTON} intent will be sent via - * the pending intent. - * <p> - * The pending intent is recommended to be explicit to follow the security recommendation of - * {@link PendingIntent#getActivity}. + * Set a pending intent for your media button receiver to allow restarting playback after the + * session has been stopped. + * + * <p>If your app is started in this way an {@link Intent#ACTION_MEDIA_BUTTON} intent will be + * sent via the pending intent. + * + * <p>The provided {@link PendingIntent} must not target an activity. Passing an activity + * pending intent will cause the call to be ignored. Refer to this <a + * href="https://developer.android.com/guide/components/activities/background-starts">guide</a> + * for more information. + * + * <p>The pending intent is recommended to be explicit to follow the security recommendation of + * {@link PendingIntent#getService}. * * @param mbr The {@link PendingIntent} to send the media button event to. * @see PendingIntent#getActivity - * * @deprecated Use {@link #setMediaButtonBroadcastReceiver(ComponentName)} instead. */ @Deprecated @@ -285,7 +290,7 @@ public final class MediaSession { try { mBinder.setMediaButtonReceiver(mbr); } catch (RemoteException e) { - Log.wtf(TAG, "Failure in setMediaButtonReceiver.", e); + e.rethrowFromSystemServer(); } } diff --git a/services/core/java/com/android/server/media/MediaSessionRecord.java b/services/core/java/com/android/server/media/MediaSessionRecord.java index 9185a00da570..4084462d3f28 100644 --- a/services/core/java/com/android/server/media/MediaSessionRecord.java +++ b/services/core/java/com/android/server/media/MediaSessionRecord.java @@ -1062,6 +1062,14 @@ public class MediaSessionRecord implements IBinder.DeathRecipient, MediaSessionR != 0) { return; } + + if (pi != null && pi.isActivity()) { + Log.w( + TAG, + "Ignoring invalid media button receiver targeting an activity: " + pi); + return; + } + mMediaButtonReceiverHolder = MediaButtonReceiverHolder.create(mUserId, pi, mPackageName); mService.onMediaButtonReceiverChanged(MediaSessionRecord.this); |