Add intent verification to BroadcastReceiver classes

Update onReceive methods to check for correct action before proceeding. This prevents potential risk of third-party applications to send explicit intents to this receiver to cause a denial of service.

Author: jennantilla

OneSignalSDK/onesignal/notifications/src/main/java/com/onesignal/notifications/receivers/BootUpReceiver.kt

@@ -37,6 +37,10 @@ class BootUpReceiver : BroadcastReceiver() {
         context: Context,
         intent: Intent,
     ) {
+        // Return early if the action does not match expected action
+        if (intent.action != Intent.ACTION_BOOT_COMPLETED) {
+            return
+        }
         if (!OneSignal.initWithContext(context)) {
             return
         }

OneSignalSDK/onesignal/notifications/src/main/java/com/onesignal/notifications/receivers/UpgradeReceiver.kt

@@ -41,6 +41,10 @@ class UpgradeReceiver : BroadcastReceiver() {
         // TODO: Now that we arent restoring like we use to, think we can remove this? Ill do some
         //  testing and look at the issue but maybe someone has a answer or rems what directly
         //  was causing this issue
+        // Return early if the action does not match expected action
+        if (intent.action != Intent.ACTION_MY_PACKAGE_REPLACED) {
+            return
+        }
         // Return early if using Android 7.0 due to upgrade restore crash (#263)
         if (Build.VERSION.SDK_INT == Build.VERSION_CODES.N) {
             return