diff options
| author | Tom Taylor <tomtaylor@google.com> | 2013-12-03 10:29:16 -0800 |
|---|---|---|
| committer | The Android Automerger <android-build@google.com> | 2013-12-03 15:55:26 -0800 |
| commit | d00f7cd4e92f5c4b86a0827184390a71373f268e (patch) | |
| tree | 01277165408f07e3a171b61123ba99785b83bcad | |
| parent | 3b8380a0840509bd7e56c7118be54e6d5cfb6189 (diff) | |
| download | Mms-kitkat-mr1-release.tar.gz | |
Android denial of service attack using class 0 SMS messagesandroid-4.4.2_r1.0.1android-4.4.2_r1kitkat-mr1-release
Bug 9702645
Bug 11970403 - Change to ClassZeroActivity to singleTask
Cherry pick the change from master.
Making every AlertDialog immediately visible can lead to exhaustion
of graphics-related resources, typically memory, resulting in a
broken bufferqueue/hw renderer, and subsequent system crash.
Make ClassZeroActivity a singleTask activity, and queue incoming
messages if one is already being displayed.
Change-Id: I0aef7b857364acc404e79581ba5e503571065483
| -rw-r--r-- | AndroidManifest.xml | 2 | ||||
| -rw-r--r-- | src/com/android/mms/ui/ClassZeroActivity.java | 80 |
2 files changed, 62 insertions, 20 deletions
diff --git a/AndroidManifest.xml b/AndroidManifest.xml index a34ff9fc..13a84d8c 100644 --- a/AndroidManifest.xml +++ b/AndroidManifest.xml @@ -181,6 +181,8 @@ <activity android:name=".ui.ClassZeroActivity" android:label="@string/class_0_message_activity" android:theme="@android:style/Theme.Translucent" + android:configChanges="orientation|screenSize|keyboardHidden" + android:launchMode="singleTask" android:excludeFromRecents="true"> </activity> diff --git a/src/com/android/mms/ui/ClassZeroActivity.java b/src/com/android/mms/ui/ClassZeroActivity.java index 0abcdda1..126e7376 100644 --- a/src/com/android/mms/ui/ClassZeroActivity.java +++ b/src/com/android/mms/ui/ClassZeroActivity.java @@ -24,6 +24,7 @@ import android.content.ContentUris; import android.content.ContentValues; import android.content.DialogInterface; import android.content.DialogInterface.OnClickListener; +import android.content.Intent; import android.database.Cursor; import android.database.sqlite.SqliteWrapper; import android.net.Uri; @@ -41,6 +42,8 @@ import android.view.Window; import com.android.mms.R; import com.android.mms.transaction.MessagingNotification; +import java.util.ArrayList; + /** * Display a class-zero SMS message to the user. Wait for the user to dismiss * it. @@ -69,6 +72,8 @@ public class ClassZeroActivity extends Activity { private long mTimerSet = 0; private AlertDialog mDialog = null; + private ArrayList<SmsMessage> mMessageQueue = null; + private Handler mHandler = new Handler() { @Override public void handleMessage(Message msg) { @@ -77,11 +82,35 @@ public class ClassZeroActivity extends Activity { mRead = false; mDialog.dismiss(); saveMessage(); - finish(); + processNextMessage(); } } }; + private boolean queueMsgFromIntent(Intent msgIntent) { + byte[] pdu = msgIntent.getByteArrayExtra("pdu"); + String format = msgIntent.getStringExtra("format"); + SmsMessage rawMessage = SmsMessage.createFromPdu(pdu, format); + String message = rawMessage.getMessageBody(); + if (TextUtils.isEmpty(message)) { + if (mMessageQueue.size() == 0) { + finish(); + } + return false; + } + mMessageQueue.add(rawMessage); + return true; + } + + private void processNextMessage() { + mMessageQueue.remove(0); + if (mMessageQueue.size() == 0) { + finish(); + } else { + displayZeroMessage(mMessageQueue.get(0)); + } + } + private void saveMessage() { Uri messageUri = null; if (mMessage.isReplace()) { @@ -98,35 +127,46 @@ public class ClassZeroActivity extends Activity { } @Override + protected void onNewIntent(Intent msgIntent) { + /* Running with another visible message, queue this one */ + queueMsgFromIntent(msgIntent); + } + + @Override protected void onCreate(Bundle icicle) { super.onCreate(icicle); requestWindowFeature(Window.FEATURE_NO_TITLE); getWindow().setBackgroundDrawableResource( R.drawable.class_zero_background); - byte[] pdu = getIntent().getByteArrayExtra("pdu"); - String format = getIntent().getStringExtra("format"); - mMessage = SmsMessage.createFromPdu(pdu, format); - CharSequence messageChars = mMessage.getMessageBody(); - String message = messageChars.toString(); - if (TextUtils.isEmpty(message)) { - finish(); + if (mMessageQueue == null) { + mMessageQueue = new ArrayList<SmsMessage>(); + } + + if (!queueMsgFromIntent(getIntent())) { return; } - // TODO: The following line adds an emptry string before and after a message. - // This is not the correct way to layout a message. This is more of a hack - // to work-around a bug in AlertDialog. This needs to be fixed later when - // Android fixes the bug in AlertDialog. - if (message.length() < BUFFER_OFFSET) messageChars = BUFFER + message + BUFFER; - long now = SystemClock.uptimeMillis(); - mDialog = new AlertDialog.Builder(this).setMessage(messageChars) + + if (mMessageQueue.size() == 1) { + displayZeroMessage(mMessageQueue.get(0)); + } + + if (icicle != null) { + mTimerSet = icicle.getLong(TIMER_FIRE, mTimerSet); + } + } + + private void displayZeroMessage(SmsMessage rawMessage) { + String message = rawMessage.getMessageBody(); + /* This'll be used by the save action */ + mMessage = rawMessage; + + mDialog = new AlertDialog.Builder(this, AlertDialog.THEME_HOLO_DARK).setMessage(message) .setPositiveButton(R.string.save, mSaveListener) .setNegativeButton(android.R.string.cancel, mCancelListener) .setCancelable(false).show(); + long now = SystemClock.uptimeMillis(); mTimerSet = now + DEFAULT_TIMER; - if (icicle != null) { - mTimerSet = icicle.getLong(TIMER_FIRE, mTimerSet); - } } @Override @@ -168,7 +208,7 @@ public class ClassZeroActivity extends Activity { private final OnClickListener mCancelListener = new OnClickListener() { public void onClick(DialogInterface dialog, int whichButton) { dialog.dismiss(); - finish(); + processNextMessage(); } }; @@ -177,7 +217,7 @@ public class ClassZeroActivity extends Activity { mRead = true; saveMessage(); dialog.dismiss(); - finish(); + processNextMessage(); } }; |