diff options
| author | Bernardo Rufino <brufino@google.com> | 2019-10-22 11:53:42 +0100 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2019-12-18 06:24:18 +0000 |
| commit | 9d06d85670788e309d05163edc2ccec0a39855bd (patch) | |
| tree | 186682a44275fedbc109a2a7b5259823f3ea8476 | |
| parent | 1c59ff2afcf075e17ae743074dc9bd73f70d2654 (diff) | |
| download | base-9d06d85670788e309d05163edc2ccec0a39855bd.tar.gz | |
RESTRICT AUTOMERGE
Make toasts non-clickable
Since enforcement was only on client-side, in Toast class, an app could
use reflection (or other means) to make the Toast clickable. This is a
security vulnerability since it allows tapjacking, that is, intercept touch
events and do stuff like steal PINs and passwords.
This CL brings the enforcement to the system by applying flag
FLAG_NOT_TOUCHABLE.
Test: atest CtsWindowManagerDeviceTestCases:ToastTest
Test: Construct app that uses reflection to remove flag FLAG_NOT_TOUCHABLE and
log click events. Then:
1) Observe click events are logged without this CL.
2) Observer click events are not logged with this CL.
Bug: 128674520
Change-Id: Ic36585bc4f186e0224f5b687c49c0b3d9266838c
(cherry picked from commit b81f269ae2afb446b9d4a909fc2bcf038af00c41)
| -rw-r--r-- | services/core/java/com/android/server/wm/DisplayPolicy.java | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/wm/DisplayPolicy.java b/services/core/java/com/android/server/wm/DisplayPolicy.java index 99a9db316c63..d4a462822ff3 100644 --- a/services/core/java/com/android/server/wm/DisplayPolicy.java +++ b/services/core/java/com/android/server/wm/DisplayPolicy.java @@ -865,6 +865,8 @@ public class DisplayPolicy { if (canToastShowWhenLocked(callingPid)) { attrs.flags |= WindowManager.LayoutParams.FLAG_SHOW_WHEN_LOCKED; } + // Toasts can't be clickable + attrs.flags |= WindowManager.LayoutParams.FLAG_NOT_TOUCHABLE; break; } |