Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 07e7aaff authored by Siarhei Vishniakou's avatar Siarhei Vishniakou
Browse files

Only allow trusted overlays to specify FLAG_SLIPPERY 

For all other requests, drop this flag.

Test: atest FlagSlipperyTest
Bug: 157929241
Change-Id: Ia30f1c38d5ddb351c90b748ea76448a76a9dde7b
Merged-In: Ia30f1c38d5ddb351c90b748ea76448a76a9dde7b
parent bb3f22df

services/core/java/com/android/server/wm/DisplayPolicy.java

+16 −0
Original line number Diff line number Diff line
@@ -62,6 +62,7 @@ import static android.view.WindowManager.LayoutParams.FLAG_LAYOUT_INSET_DECOR; 
import static android.view.WindowManager.LayoutParams.FLAG_LAYOUT_IN_SCREEN;

import static android.view.WindowManager.LayoutParams.FLAG_LAYOUT_NO_LIMITS;

import static android.view.WindowManager.LayoutParams.FLAG_NOT_TOUCHABLE;

import static android.view.WindowManager.LayoutParams.FLAG_SLIPPERY;

import static android.view.WindowManager.LayoutParams.FLAG_TRANSLUCENT_NAVIGATION;

import static android.view.WindowManager.LayoutParams.FLAG_TRANSLUCENT_STATUS;

import static android.view.WindowManager.LayoutParams.LAST_APPLICATION_WINDOW;
@@ -833,6 +834,20 @@ public class DisplayPolicy { 
                == PackageManager.PERMISSION_GRANTED;

    }



    /**

     * Only trusted overlays are allowed to use FLAG_SLIPPERY.

     */

    static int sanitizeFlagSlippery(int flags, int privateFlags, String name) {

        if ((flags & FLAG_SLIPPERY) == 0) {

            return flags;

        }

        if ((privateFlags & PRIVATE_FLAG_TRUSTED_OVERLAY) != 0) {

            return flags;

        }

        Slog.w(TAG, "Removing FLAG_SLIPPERY for non-trusted overlay " + name);

        return flags & ~FLAG_SLIPPERY;

    }



    /**

     * Sanitize the layout parameters coming from a client.  Allows the policy

     * to do things like ensure that windows of a specific type can't take
@@ -916,6 +931,7 @@ public class DisplayPolicy { 
                }

                break;

        }

        attrs.flags = sanitizeFlagSlippery(attrs.flags, attrs.privateFlags, win.getName());

    }



    /**

services/core/java/com/android/server/wm/WindowManagerService.java

+4 −2
Original line number Diff line number Diff line
@@ -55,6 +55,7 @@ import static android.view.WindowManager.LayoutParams.FLAG_NOT_FOCUSABLE; 
import static android.view.WindowManager.LayoutParams.FLAG_SECURE;

import static android.view.WindowManager.LayoutParams.FLAG_SHOW_WALLPAPER;

import static android.view.WindowManager.LayoutParams.FLAG_SHOW_WHEN_LOCKED;

import static android.view.WindowManager.LayoutParams.FLAG_SLIPPERY;

import static android.view.WindowManager.LayoutParams.INPUT_FEATURE_NO_INPUT_CHANNEL;

import static android.view.WindowManager.LayoutParams.LAST_APPLICATION_WINDOW;

import static android.view.WindowManager.LayoutParams.LAST_SUB_WINDOW;
@@ -8086,8 +8087,9 @@ public class WindowManagerService extends IWindowManager.Stub 
        h.token = channelToken;

        h.name = name;



        final int sanitizedFlags = flags & (LayoutParams.FLAG_NOT_TOUCHABLE

                | LayoutParams.FLAG_SLIPPERY);

        flags = DisplayPolicy.sanitizeFlagSlippery(flags, privateFlags, name);



        final int sanitizedFlags = flags & (LayoutParams.FLAG_NOT_TOUCHABLE | FLAG_SLIPPERY);

        h.layoutParamsFlags = WindowManager.LayoutParams.FLAG_NOT_TOUCH_MODAL | sanitizedFlags;

        h.layoutParamsType = type;

        h.dispatchingTimeoutNanos = DEFAULT_INPUT_DISPATCHING_TIMEOUT_NANOS;