KeyChain: Do not allow hiding Cert Install dialogandroid-security-9.0.0_r76 android-security-9.0.0_r75 android-security-9.0.0_r74 android-security-9.0.0_r73 android-security-9.0.0_r72 android-security-9.0.0_r71 android-security-9.0.0_r70 android-security-9.0.0_r69 android-security-9.0.0_r68 android-security-9.0.0_r67 android-security-9.0.0_r66 android-security-9.0.0_r65 android-security-9.0.0_r64 android-security-9.0.0_r63 android-security-9.0.0_r62 android-9.0.0_r61 android-9.0.0_r60 android-9.0.0_r59 android-9.0.0_r58 android-9.0.0_r57 android-9.0.0_r56 android-9.0.0_r55 android-9.0.0_r54 android-9.0.0_r53 security-pi-release pie-security-release

Do not allow apps to float a window on top of the certificate installation / naming dialog. This obscures the CA certificate installation dialog and could be used to trick a user into installing a CA certificate. This is fixed by adding the HIDE_NON_SYSTEM_OVERLAY_WINDOWS system flag when the activity is created (onCreate), so that another activity starting in the foreground would not be able to obscure the dialog. Bug: 139017101 Test: Manual, with an app that floats a window. Change-Id: I637974d2179d6cd266d3762a1464184d2be35bf4 Merged-In: Iff8e678743c3883cf1f7f64390097a768ca00856 (cherry picked from commit 6afaf1846cc28af1ea048ebd55770cb38f77fb19)
author: Eran Messeri <eranm@google.com> 2019-10-18 14:15:10 +0100
committer: Manjae Park <manjaepark@google.com> 2019-12-16 13:10:14 -0800
commit: 18554fd8adc8995ad84b231455eb65d0f3ada6d2 (patch)
tree: 00880e6adfae27258476aaf454f29423bd0628ab
parent: 675b0f784b3556af37f485c42fc8c7093f6f9c0d (diff)
download: CertInstaller-18554fd8adc8995ad84b231455eb65d0f3ada6d2.tar.gz
2 files changed, 4 insertions, 0 deletions
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 56ac884..df73092 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -9,6 +9,7 @@
     <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
     <uses-permission android:name="android.permission.MANAGE_USERS" />
     <uses-permission android:name="android.permission.ACCESS_ALL_DOWNLOADS" />
+    <uses-permission android:name="android.permission.HIDE_NON_SYSTEM_OVERLAY_WINDOWS" />
 
     <application android:label="@string/app_name"
                  android:allowBackup="false">
diff --git a/src/com/android/certinstaller/CertInstaller.java b/src/com/android/certinstaller/CertInstaller.java
index 0ec1ce5..f5a72ad 100644
--- a/src/com/android/certinstaller/CertInstaller.java
+++ b/src/com/android/certinstaller/CertInstaller.java
@@ -16,6 +16,8 @@
 
 package com.android.certinstaller;
 
+import static android.view.WindowManager.LayoutParams.PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS;
+
 import android.app.Activity;
 import android.app.AlertDialog;
 import android.app.Dialog;
@@ -94,6 +96,7 @@ public class CertInstaller extends Activity {
     @Override
     protected void onCreate(Bundle savedStates) {
         super.onCreate(savedStates);
+        getWindow().addPrivateFlags(PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS);
 
         mCredentials = createCredentialHelper(getIntent());
author	Eran Messeri <eranm@google.com>	2019-10-18 14:15:10 +0100
committer	Manjae Park <manjaepark@google.com>	2019-12-16 13:10:14 -0800
commit	18554fd8adc8995ad84b231455eb65d0f3ada6d2 (patch)
tree	00880e6adfae27258476aaf454f29423bd0628ab
parent	675b0f784b3556af37f485c42fc8c7093f6f9c0d (diff)
download	CertInstaller-18554fd8adc8995ad84b231455eb65d0f3ada6d2.tar.gz