From 5f811bdb009ab8ce3e07b17d8488ec155c5da7e8 Mon Sep 17 00:00:00 2001
From: Tom Taylor <tomtaylor@google.com>
Date: Fri, 26 Sep 2014 14:36:36 -0700
Subject: [PATCH] Externally Reported Low Severity Security Vulnerability: SMS
 Resend Vulnerability in Android

Bug 17671795

Require SEND_SMS permission so apps without it won't be able to trick
the messaging app into sending messages.

Change-Id: Ibb1bc8ac33cdc2df956b79ba3dd16b37c44b955d
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
---
 AndroidManifest.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 6712d4b..d8e6d68 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -250,7 +250,8 @@
         </receiver>
 
         <!-- Catch-all receiver for broadcasts that don't have associated security -->
-        <receiver android:name=".transaction.SmsReceiver">
+        <receiver android:name=".transaction.SmsReceiver"
+             android:permission="android.permission.SEND_SMS">
             <intent-filter>
                 <action android:name="android.intent.action.BOOT_COMPLETED" />
             </intent-filter>
-- 
2.1.4