diff options
author | Beverly Tai <beverlyt@google.com> | 2017-09-14 14:18:07 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2017-09-14 14:18:07 +0000 |
commit | 8150eb82eedbb90ba8c8915a338ddd16e7fa4f61 (patch) | |
tree | 1c98143edf0128035caf15691e1544614828f0e1 | |
parent | d0d0fea3d6b032c460dc26e5b250b61bed88718c (diff) | |
parent | fafea6ab911543afe8f94ee3b746972a7d75f585 (diff) | |
download | base-8150eb82eedbb90ba8c8915a338ddd16e7fa4f61.tar.gz |
Merge "DO NOT MERGE Backporting potential usb tapjacking precaution." into mnc-dr-dev
-rw-r--r-- | packages/SystemUI/res/values/strings.xml | 5 | ||||
-rw-r--r-- | packages/SystemUI/src/com/android/systemui/usb/UsbDebuggingActivity.java | 26 |
2 files changed, 31 insertions, 0 deletions
diff --git a/packages/SystemUI/res/values/strings.xml b/packages/SystemUI/res/values/strings.xml index dc9c9fd06e1b..1f9b9c0edd75 100644 --- a/packages/SystemUI/res/values/strings.xml +++ b/packages/SystemUI/res/values/strings.xml @@ -1136,4 +1136,9 @@ <!-- Bluetooth enablement ok text [CHAR LIMIT=40] --> <string name="enable_bluetooth_confirmation_ok">Turn on</string> + <!-- Warning shown when user input has been blocked due to another app overlaying screen + content. Since we don't know what the app is showing on top of the input target, we + can't verify user consent. [CHAR LIMIT=NONE] --> + <string name="touch_filtered_warning">Because an app is obscuring a permission request, Settings + can’t verify your response.</string> </resources> diff --git a/packages/SystemUI/src/com/android/systemui/usb/UsbDebuggingActivity.java b/packages/SystemUI/src/com/android/systemui/usb/UsbDebuggingActivity.java index f5447a293503..28e98e4c0071 100644 --- a/packages/SystemUI/src/com/android/systemui/usb/UsbDebuggingActivity.java +++ b/packages/SystemUI/src/com/android/systemui/usb/UsbDebuggingActivity.java @@ -31,8 +31,12 @@ import android.os.ServiceManager; import android.os.SystemProperties; import android.util.Log; import android.view.LayoutInflater; +import android.view.MotionEvent; import android.view.View; +import android.view.Window; +import android.view.WindowManager; import android.widget.CheckBox; +import android.widget.Toast; import com.android.internal.app.AlertActivity; import com.android.internal.app.AlertController; @@ -48,6 +52,10 @@ public class UsbDebuggingActivity extends AlertActivity @Override public void onCreate(Bundle icicle) { + Window window = getWindow(); + window.addPrivateFlags(WindowManager.LayoutParams.PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS); + window.setType(WindowManager.LayoutParams.TYPE_SYSTEM_DIALOG); + super.onCreate(icicle); if (SystemProperties.getInt("service.adb.tcp.port", 0) == 0) { @@ -79,6 +87,24 @@ public class UsbDebuggingActivity extends AlertActivity ap.mView = checkbox; setupAlert(); + // adding touch listener on affirmative button - checks if window is obscured + // if obscured, do not let user give permissions (could be tapjacking involved) + final View.OnTouchListener filterTouchListener = new View.OnTouchListener() { + public boolean onTouch(View v, MotionEvent event) { + // Filter obscured touches by consuming them. + if (((event.getFlags() & MotionEvent.FLAG_WINDOW_IS_OBSCURED) != 0) + || ((event.getFlags() & MotionEvent.FLAG_WINDOW_IS_PARTIALLY_OBSCURED) != 0)) { + if (event.getAction() == MotionEvent.ACTION_UP) { + Toast.makeText(v.getContext(), + R.string.touch_filtered_warning, + Toast.LENGTH_SHORT).show(); + } + return true; + } + return false; + } + }; + mAlert.getButton(BUTTON_POSITIVE).setOnTouchListener(filterTouchListener); } private class UsbDisconnectedReceiver extends BroadcastReceiver { |