create all pending intents with FLAG_IMMUTABLE

2022-12-22 14:47:04 +01:00
parent 84b84760a2
commit 8e4b248acf
5 changed files with 24 additions and 33 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java
@@ -21,6 +21,8 @@ package org.sufficientlysecure.keychain;
 import java.io.File;
 import java.net.Proxy;
 import android.app.PendingIntent;
 import android.os.Build;
 import android.os.Environment;
 import org.bouncycastle.bcpg.sig.KeyFlags;
@@ -97,6 +99,9 @@ public final class Constants {
        public static final File APP_DIR = new File(Environment.getExternalStorageDirectory(), "OpenKeychain");
    }
    public static final int FLAG_IMMUTABLE_COMPAT =
            Build.VERSION.SDK_INT >= Build.VERSION_CODES.M ? PendingIntent.FLAG_IMMUTABLE : 0;
    public static final class NotificationIds {
        public static final int PASSPHRASE_CACHE = 1;
        public static final int KEYSERVER_SYNC_FAIL_ORBOT = 2;
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPendingIntentFactory.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPendingIntentFactory.java
@@ -23,8 +23,8 @@ import java.util.ArrayList;
 import android.app.PendingIntent;
 import android.content.Context;
 import android.content.Intent;
 import android.os.Build;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.pgp.DecryptVerifySecurityProblem;
 import org.sufficientlysecure.keychain.remote.ui.RemoteBackupActivity;
 import org.sufficientlysecure.keychain.remote.ui.RemoteDisplayTransferCodeActivity;
@@ -186,13 +186,8 @@ public class ApiPendingIntentFactory {
        intent.putExtra(RemoteSecurityProblemDialogActivity.EXTRA_SECURITY_PROBLEM, securityProblem);
        intent.putExtra(RemoteSecurityProblemDialogActivity.EXTRA_SUPPORT_OVERRIDE, supportOverride);
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+        return PendingIntent.getActivity(mContext, 0, intent,
-            //noinspection ResourceType, looks like lint is missing FLAG_IMMUTABLE
+                PendingIntent.FLAG_CANCEL_CURRENT | Constants.FLAG_IMMUTABLE_COMPAT);
            return PendingIntent.getActivity(mContext, 0, intent,
                    PendingIntent.FLAG_CANCEL_CURRENT | PendingIntent.FLAG_IMMUTABLE);
        } else {
            return PendingIntent.getActivity(mContext, 0, intent, PendingIntent.FLAG_CANCEL_CURRENT);
        }
    }
    public PendingIntent createDisplayTransferCodePendingIntent(Passphrase autocryptTransferCode) {
@@ -208,16 +203,10 @@ public class ApiPendingIntentFactory {
            intent.putExtra(RemoteSecurityTokenOperationActivity.EXTRA_DATA, data);
        }
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+        return PendingIntent.getActivity(mContext, 0,
-            //noinspection ResourceType, looks like lint is missing FLAG_IMMUTABLE
+                intent,
-            return PendingIntent.getActivity(mContext, 0,
+                PendingIntent.FLAG_CANCEL_CURRENT | Constants.FLAG_IMMUTABLE_COMPAT
-                    intent,
+        );
                    PendingIntent.FLAG_CANCEL_CURRENT | PendingIntent.FLAG_IMMUTABLE);
        } else {
            return PendingIntent.getActivity(mContext, 0,
                    intent,
                    PendingIntent.FLAG_CANCEL_CURRENT);
        }
    }
    public PendingIntent createRegisterPendingIntent(Intent data, String packageName, byte[] packageCertificate) {
@@ -226,16 +215,9 @@ public class ApiPendingIntentFactory {
        intent.putExtra(RemoteRegisterActivity.EXTRA_PACKAGE_SIGNATURE, packageCertificate);
        intent.putExtra(RemoteRegisterActivity.EXTRA_DATA, data);
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+        return PendingIntent.getActivity(mContext, 0,
-            //noinspection ResourceType, looks like lint is missing FLAG_IMMUTABLE
+                intent,
-            return PendingIntent.getActivity(mContext, 0,
+                PendingIntent.FLAG_CANCEL_CURRENT | PendingIntent.FLAG_ONE_SHOT
-                    intent,
+                        | Constants.FLAG_IMMUTABLE_COMPAT);
                    PendingIntent.FLAG_CANCEL_CURRENT | PendingIntent.FLAG_ONE_SHOT
                            | PendingIntent.FLAG_IMMUTABLE);
        } else {
            return PendingIntent.getActivity(mContext, 0,
                    intent,
                    PendingIntent.FLAG_CANCEL_CURRENT | PendingIntent.FLAG_ONE_SHOT);
        }
    }
 }
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/UsbConnectionDispatcher.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/UsbConnectionDispatcher.java
@@ -26,6 +26,7 @@ import android.hardware.usb.UsbDevice;
 import android.hardware.usb.UsbManager;
 import org.sufficientlysecure.keychain.BuildConfig;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo.TokenType;
 import org.sufficientlysecure.keychain.securitytoken.usb.UsbTransport;
 import timber.log.Timber;
@@ -123,7 +124,8 @@ public class UsbConnectionDispatcher {
        Intent answerBroadcastIntent = new Intent(ACTION_USB_PERMISSION);
        answerBroadcastIntent.setPackage(BuildConfig.APPLICATION_ID);
-        PendingIntent answerPendingIntent = PendingIntent.getBroadcast(context, 0, answerBroadcastIntent, 0);
+        PendingIntent answerPendingIntent = PendingIntent.getBroadcast(context, 0, answerBroadcastIntent,
                Constants.FLAG_IMMUTABLE_COMPAT);
        Timber.d("Requesting permission for " + usbDevice.getDeviceName());
        usbManager.requestPermission(usbDevice, answerPendingIntent);
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
@@ -330,7 +330,7 @@ public class PassphraseCacheService extends Service {
        intent.putExtra(EXTRA_KEY_ID, referenceKeyId);
        // request code should be unique for each PendingIntent, thus keyId is used
        return PendingIntent.getBroadcast(context, (int) referenceKeyId, intent,
-                PendingIntent.FLAG_CANCEL_CURRENT);
+                PendingIntent.FLAG_CANCEL_CURRENT | Constants.FLAG_IMMUTABLE_COMPAT);
    }
    /**
@@ -529,7 +529,7 @@ public class PassphraseCacheService extends Service {
                getApplicationContext(),
                0,
                intent,
-                PendingIntent.FLAG_UPDATE_CURRENT
+                PendingIntent.FLAG_UPDATE_CURRENT | Constants.FLAG_IMMUTABLE_COMPAT
        );
        // Add cache clear PI to normal touch
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/OrbotRequiredDialogActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/OrbotRequiredDialogActivity.java
@@ -32,6 +32,7 @@ import androidx.fragment.app.FragmentActivity;
 import androidx.core.app.NotificationCompat;
 import android.view.ContextThemeWrapper;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.Constants.NotificationIds;
 import org.sufficientlysecure.keychain.NotificationChannelManager;
 import org.sufficientlysecure.keychain.R;
@@ -199,7 +200,8 @@ public class OrbotRequiredDialogActivity extends FragmentActivity
        startOrbotIntent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
        startOrbotIntent.putExtra(OrbotRequiredDialogActivity.EXTRA_START_ORBOT, true);
        PendingIntent startOrbotPi = PendingIntent.getActivity(
-                context, 0, startOrbotIntent, PendingIntent.FLAG_CANCEL_CURRENT
+                context, 0, startOrbotIntent, PendingIntent.FLAG_CANCEL_CURRENT |
                        Constants.FLAG_IMMUTABLE_COMPAT
        );
        builder.addAction(R.drawable.ic_stat_tor,