diff options
| author | Sterling Huber <hubers@google.com> | 2019-11-07 11:04:03 -0800 |
|---|---|---|
| committer | Manjae Park <manjaepark@google.com> | 2019-12-16 12:47:00 -0800 |
| commit | 7df0c3c19b82d6c3ea72c0ba7bd723e444c30f54 (patch) | |
| tree | 354f3d9d7da8d5c6c5f4b82bde2d41c6b679f9cd | |
| parent | fb2c7e3b26f5393264f557584a03f8d6e8ae5e6c (diff) | |
| download | base-android-8.0.0_r43.tar.gz | |
RESTRICT AUTOMERGEandroid-8.0.0_r43
Make toasts non-clickable
Since enforcement was only on client-side, in Toast class, an app could
use reflection (or other means) to make the Toast clickable. This is a
security vulnerability since it allows tapjacking, that is, intercept touch
events and do stuff like steal PINs and passwords.
This CL brings the enforcement to the system by applying flag
FLAG_NOT_TOUCHABLE.
Test: Construct app that uses reflection to remove flag FLAG_NOT_TOUCHABLE and
log click events. Then:
1) Observe click events are logged without this CL.
2) Observer click events are not logged with this CL.
Bug: 128674520
Change-Id: Ica346c853dcb9a1e494f7143ba1c38d22c0003d0
Merged In: Ica346c853dcb9a1e494f7143ba1c38d22c0003d0
(cherry picked from commit fe4bf7926ed91661a39a08fabfc0eb55e2fb4f32)
| -rw-r--r-- | services/core/java/com/android/server/policy/PhoneWindowManager.java | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/policy/PhoneWindowManager.java b/services/core/java/com/android/server/policy/PhoneWindowManager.java index 595f86687c65..37fb070aa718 100644 --- a/services/core/java/com/android/server/policy/PhoneWindowManager.java +++ b/services/core/java/com/android/server/policy/PhoneWindowManager.java @@ -2598,6 +2598,8 @@ public class PhoneWindowManager implements WindowManagerPolicy { attrs.hideTimeoutMilliseconds = TOAST_WINDOW_TIMEOUT; } attrs.windowAnimations = com.android.internal.R.style.Animation_Toast; + // Toasts can't be clickable + attrs.flags |= WindowManager.LayoutParams.FLAG_NOT_TOUCHABLE; break; } |