diff options
author | Eran Messeri <eranm@google.com> | 2019-10-18 14:15:10 +0100 |
---|---|---|
committer | Manjae Park <manjaepark@google.com> | 2019-12-16 13:10:14 -0800 |
commit | 18554fd8adc8995ad84b231455eb65d0f3ada6d2 (patch) | |
tree | 00880e6adfae27258476aaf454f29423bd0628ab | |
parent | 675b0f784b3556af37f485c42fc8c7093f6f9c0d (diff) | |
download | CertInstaller-18554fd8adc8995ad84b231455eb65d0f3ada6d2.tar.gz |
KeyChain: Do not allow hiding Cert Install dialogandroid-security-9.0.0_r76android-security-9.0.0_r75android-security-9.0.0_r74android-security-9.0.0_r73android-security-9.0.0_r72android-security-9.0.0_r71android-security-9.0.0_r70android-security-9.0.0_r69android-security-9.0.0_r68android-security-9.0.0_r67android-security-9.0.0_r66android-security-9.0.0_r65android-security-9.0.0_r64android-security-9.0.0_r63android-security-9.0.0_r62android-9.0.0_r61android-9.0.0_r60android-9.0.0_r59android-9.0.0_r58android-9.0.0_r57android-9.0.0_r56android-9.0.0_r55android-9.0.0_r54android-9.0.0_r53security-pi-releasepie-security-release
Do not allow apps to float a window on top of the certificate
installation / naming dialog.
This obscures the CA certificate installation dialog and could be used
to trick a user into installing a CA certificate.
This is fixed by adding the HIDE_NON_SYSTEM_OVERLAY_WINDOWS system
flag when the activity is created (onCreate), so that another activity
starting in the foreground would not be able to obscure the dialog.
Bug: 139017101
Test: Manual, with an app that floats a window.
Change-Id: I637974d2179d6cd266d3762a1464184d2be35bf4
Merged-In: Iff8e678743c3883cf1f7f64390097a768ca00856
(cherry picked from commit 6afaf1846cc28af1ea048ebd55770cb38f77fb19)
-rw-r--r-- | AndroidManifest.xml | 1 | ||||
-rw-r--r-- | src/com/android/certinstaller/CertInstaller.java | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/AndroidManifest.xml b/AndroidManifest.xml index 56ac884..df73092 100644 --- a/AndroidManifest.xml +++ b/AndroidManifest.xml @@ -9,6 +9,7 @@ <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" /> <uses-permission android:name="android.permission.MANAGE_USERS" /> <uses-permission android:name="android.permission.ACCESS_ALL_DOWNLOADS" /> + <uses-permission android:name="android.permission.HIDE_NON_SYSTEM_OVERLAY_WINDOWS" /> <application android:label="@string/app_name" android:allowBackup="false"> diff --git a/src/com/android/certinstaller/CertInstaller.java b/src/com/android/certinstaller/CertInstaller.java index 0ec1ce5..f5a72ad 100644 --- a/src/com/android/certinstaller/CertInstaller.java +++ b/src/com/android/certinstaller/CertInstaller.java @@ -16,6 +16,8 @@ package com.android.certinstaller; +import static android.view.WindowManager.LayoutParams.PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS; + import android.app.Activity; import android.app.AlertDialog; import android.app.Dialog; @@ -94,6 +96,7 @@ public class CertInstaller extends Activity { @Override protected void onCreate(Bundle savedStates) { super.onCreate(savedStates); + getWindow().addPrivateFlags(PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS); mCredentials = createCredentialHelper(getIntent()); |