How to prevent PendingIntent from being fired?

L

locisvv2015-03-12 13:30:35

Java

locisvv, 2015-03-12 13:30:35

The Android Settings app (Android ~4.0 - 4.4) has a vulnerability that allows you to run illegal tasks, such as MASTER_CLEAR, send SMS, without the necessary permissions.
I want to write a small module for the XPosed Framework (a framework that can manipulate system java classes) that should prevent a PendingIntent from being launched from system rights.
Vulnerability robot principle:
seclists.org/fulldisclosure/2014/Nov/81
Code that fires a PendingIntent that can perform a malicious action:

private void addAccount(String accountType) {
        Bundle addAccountOptions = new Bundle();
        mPendingIntent = PendingIntent.getBroadcast(this, 0, new Intent(), 0);
        addAccountOptions.putParcelable(KEY_CALLER_IDENTITY, mPendingIntent);
        addAccountOptions.putBoolean(EXTRA_HAS_MULTIPLE_USERS, Utils.hasMultipleUsers(this));
        AccountManager.get(this).addAccount(
                accountType,
                null, /* authTokenType */
                null, /* requiredFeatures */
                addAccountOptions,
                null,
                mCallback,
                null /* handler */);
        mAddAccountCalled  = true;
    }

This is how I want to cancel the launched PendingIntent

//Вытаскиваю Context и переменную mPendingIntent
                Context context = (Context) param.thisObject;
                Field field = findField(param.thisObject.getClass(), "mPendingIntent");

                PendingIntent mPendingIntent = (PendingIntent) field.get(context);
                //отменяю её 
                mPendingIntent.cancel();

               //.... остальной код

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

S

Sergey Chuprin, 2015-03-12
@creati8e

You need to create a new PendingIntent with the same requestCode and flag as the started PendingIntent you want to cancel. And cancel the newly created PeningIntent.