From f610f77098d5311d4423ff17836dc65627375307 Mon Sep 17 00:00:00 2001
From: Sec0xEd <82934995+Sec0xEd@users.noreply.github.com>
Date: Wed, 17 Dec 2025 16:10:41 -0800
Subject: [PATCH] security: add FLAG_IMMUTABLE to PendingIntents Add
 FLAG_IMMUTABLE to PendingIntents in ActionServiceImpl and UIIntentsImpl to
 prevent potential PendingIntent hijacking attacks. Starting from Android 12,
 PendingIntents should specify mutability explicitly. These PendingIntents
 don't require modification by external apps, so FLAG_IMMUTABLE is the
 appropriate choice. References: -
 https://developer.android.com/reference/android/app/PendingIntent#FLAG_IMMUTABLE
 -
 https://developer.android.com/about/versions/12/behavior-changes-12#pending-intent-mutability

---
 .../messaging/datamodel/action/ActionServiceImpl.java        | 5 ++++-
 src/com/android/messaging/ui/UIIntentsImpl.java              | 4 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/com/android/messaging/datamodel/action/ActionServiceImpl.java b/src/com/android/messaging/datamodel/action/ActionServiceImpl.java
index 0447d389..8c8aad10 100644
--- a/src/com/android/messaging/datamodel/action/ActionServiceImpl.java
+++ b/src/com/android/messaging/datamodel/action/ActionServiceImpl.java
@@ -201,8 +201,11 @@ public static PendingIntent makeStartActionPendingIntent(final Context context,
         if (launchesAnActivity) {
             intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
         }
+        // Use FLAG_IMMUTABLE since this PendingIntent doesn't require modification.
+        // This prevents potential PendingIntent hijacking attacks.
+        // Reference: https://developer.android.com/reference/android/app/PendingIntent#FLAG_IMMUTABLE
         return PendingIntent.getBroadcast(context, requestCode, intent,
-                PendingIntent.FLAG_UPDATE_CURRENT);
+                PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE);
     }
 
     /**
diff --git a/src/com/android/messaging/ui/UIIntentsImpl.java b/src/com/android/messaging/ui/UIIntentsImpl.java
index 9c5d18f0..d78c6f5d 100644
--- a/src/com/android/messaging/ui/UIIntentsImpl.java
+++ b/src/com/android/messaging/ui/UIIntentsImpl.java
@@ -483,8 +483,10 @@ public PendingIntent getPendingIntentForLowStorageNotifications(final Context co
         taskStackBuilder.addNextIntentWithParentStack(
                 getSmsStorageLowWarningActivityIntent(context));
 
+        // Use FLAG_IMMUTABLE since this PendingIntent launches a fixed activity
+        // and doesn't require modification by external apps.
         return taskStackBuilder.getPendingIntent(
-                0, PendingIntent.FLAG_UPDATE_CURRENT);
+                0, PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE);
     }
 
     @Override