Backport overlay security fix (c510ecb3) · Commits · e / os / android_frameworks_base

api/system-current.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -120,6 +120,7 @@ package android {
		field public static final java.lang.String GRANT_RUNTIME_PERMISSIONS = "android.permission.GRANT_RUNTIME_PERMISSIONS";
		field public static final java.lang.String HARDWARE_TEST = "android.permission.HARDWARE_TEST";
		field public static final java.lang.String HDMI_CEC = "android.permission.HDMI_CEC";
		field public static final java.lang.String HIDE_NON_SYSTEM_OVERLAY_WINDOWS = "android.permission.HIDE_NON_SYSTEM_OVERLAY_WINDOWS";
		field public static final java.lang.String INJECT_EVENTS = "android.permission.INJECT_EVENTS";
		field public static final java.lang.String INSTALL_GRANT_RUNTIME_PERMISSIONS = "android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS";
		field public static final java.lang.String INSTALL_LOCATION_PROVIDER = "android.permission.INSTALL_LOCATION_PROVIDER";

+5 −7

Original line number	Diff line number	Diff line
		@@ -1380,15 +1380,13 @@ public interface WindowManager extends ViewManager {
		public static final int PRIVATE_FLAG_SUSTAINED_PERFORMANCE_MODE = 0x00040000;

		/**
		* Flag to indicate that this window is used as a task snapshot window. A task snapshot
		* window is a starting window that gets shown with a screenshot from the previous state
		* that is active until the app has drawn its first frame.
		*
		* <p>If this flag is set, SystemUI flags are ignored such that the real window behind can
		* set the SystemUI flags.
		* Flag to indicate that any window added by an application process that is of type
		* {@link #TYPE_TOAST} or that requires
		* {@link android.app.AppOpsManager#OP_SYSTEM_ALERT_WINDOW} permission should be hidden when
		* this window is visible.
		* @hide
		*/
		public static final int PRIVATE_FLAG_TASK_SNAPSHOT = 0x00080000;
		public static final int PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS = 0x00080000;

		/**
		* Control flags that are private to the platform.

+9 −0

Original line number	Diff line number	Diff line
		@@ -2333,6 +2333,15 @@
		<permission android:name="android.permission.INTERNAL_SYSTEM_WINDOW"
		android:protectionLevel="signature" />

		<!-- @SystemApi Allows an application to use
		{@link android.view.WindowManager.LayoutsParams#PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS}
		to hide non-system-overlay windows.
		<p>Not for use by third-party applications.
		@hide
		-->
		<permission android:name="android.permission.HIDE_NON_SYSTEM_OVERLAY_WINDOWS"
		android:protectionLevel="signature\|installer" />

		<!-- @SystemApi Allows an application to manage (create, destroy,
		Z-order) application tokens in the window manager.
		<p>Not for use by third-party applications.

+4 −0

Original line number	Diff line number	Diff line
		@@ -16,6 +16,7 @@

		package com.android.server.wm;

		import static android.Manifest.permission.HIDE_NON_SYSTEM_OVERLAY_WINDOWS;
		import static android.Manifest.permission.INTERNAL_SYSTEM_WINDOW;
		import static android.content.pm.PackageManager.PERMISSION_GRANTED;
		import static android.os.Trace.TRACE_TAG_WINDOW_MANAGER;
		@@ -82,6 +83,7 @@ public class Session extends IWindowSession.Stub
		// Set of visible alert window surfaces connected to this session.
		private final Set<WindowSurfaceController> mAlertWindowSurfaces = new HashSet<>();
		final boolean mCanAddInternalSystemWindow;
		final boolean mCanHideNonSystemOverlayWindows;
		private AlertWindowNotification mAlertWindowNotification;
		private boolean mShowingAlertWindowNotificationAllowed;
		private boolean mClientDead = false;
		@@ -99,6 +101,8 @@ public class Session extends IWindowSession.Stub
		mLastReportedAnimatorScale = service.getCurrentAnimatorScale();
		mCanAddInternalSystemWindow = service.mContext.checkCallingOrSelfPermission(
		INTERNAL_SYSTEM_WINDOW) == PERMISSION_GRANTED;
		mCanHideNonSystemOverlayWindows = service.mContext.checkCallingOrSelfPermission(
		HIDE_NON_SYSTEM_OVERLAY_WINDOWS) == PERMISSION_GRANTED;
		mShowingAlertWindowNotificationAllowed = mService.mShowAlertWindowNotifications;
		StringBuilder sb = new StringBuilder();
		sb.append("Session{");

+1 −3

Original line number	Diff line number	Diff line
		@@ -32,7 +32,6 @@ import static android.view.WindowManager.LayoutParams.FLAG_SLIPPERY;
		import static android.view.WindowManager.LayoutParams.FLAG_SPLIT_TOUCH;
		import static android.view.WindowManager.LayoutParams.FLAG_WATCH_OUTSIDE_TOUCH;
		import static android.view.WindowManager.LayoutParams.PRIVATE_FLAG_FORCE_DRAW_STATUS_BAR_BACKGROUND;
		import static android.view.WindowManager.LayoutParams.PRIVATE_FLAG_TASK_SNAPSHOT;
		import static android.view.WindowManager.LayoutParams.TYPE_APPLICATION_STARTING;
		import static com.android.internal.policy.DecorView.NAVIGATION_BAR_COLOR_VIEW_ATTRIBUTES;
		import static com.android.internal.policy.DecorView.STATUS_BAR_COLOR_VIEW_ATTRIBUTES;
		@@ -164,8 +163,7 @@ class TaskSnapshotSurface implements StartingSurface {
		layoutParams.flags = (windowFlags & ~FLAG_INHERIT_EXCLUDES)
		\| FLAG_NOT_FOCUSABLE
		\| FLAG_NOT_TOUCHABLE;
		layoutParams.privateFlags = PRIVATE_FLAG_TASK_SNAPSHOT
		\| (windowPrivateFlags & PRIVATE_FLAG_INHERITS);
		layoutParams.privateFlags = windowPrivateFlags & PRIVATE_FLAG_INHERITS;
		layoutParams.token = token.token;
		layoutParams.width = LayoutParams.MATCH_PARENT;
		layoutParams.height = LayoutParams.MATCH_PARENT;