Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c7052c9c authored by Siarhei Vishniakou's avatar Siarhei Vishniakou
Browse files

Only allow trusted overlays to specify FLAG_SLIPPERY am: 07e7aaff 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/16190719

Change-Id: If208e3c8b5a9d43034b4764d678a1a33ea2729c6
Merged-In: Ia30f1c38d5ddb351c90b748ea76448a76a9dde7b
Bug: 157929241
Bug: 205996845
parents b075e50a 07e7aaff

services/core/java/com/android/server/wm/DisplayPolicy.java

+17 −0
Original line number Diff line number Diff line
@@ -65,6 +65,7 @@ import static android.view.WindowManager.LayoutParams.FLAG_LAYOUT_INSET_DECOR; 
import static android.view.WindowManager.LayoutParams.FLAG_LAYOUT_IN_SCREEN;

import static android.view.WindowManager.LayoutParams.FLAG_LAYOUT_NO_LIMITS;

import static android.view.WindowManager.LayoutParams.FLAG_NOT_TOUCHABLE;

import static android.view.WindowManager.LayoutParams.FLAG_SLIPPERY;

import static android.view.WindowManager.LayoutParams.FLAG_TRANSLUCENT_NAVIGATION;

import static android.view.WindowManager.LayoutParams.FLAG_TRANSLUCENT_STATUS;

import static android.view.WindowManager.LayoutParams.LAST_APPLICATION_WINDOW;
@@ -867,6 +868,20 @@ public class DisplayPolicy { 
                == PackageManager.PERMISSION_GRANTED;

    }



    /**

     * Only trusted overlays are allowed to use FLAG_SLIPPERY.

     */

    static int sanitizeFlagSlippery(int flags, int privateFlags, String name) {

        if ((flags & FLAG_SLIPPERY) == 0) {

            return flags;

        }

        if ((privateFlags & PRIVATE_FLAG_TRUSTED_OVERLAY) != 0) {

            return flags;

        }

        Slog.w(TAG, "Removing FLAG_SLIPPERY for non-trusted overlay " + name);

        return flags & ~FLAG_SLIPPERY;

    }



    /**

     * Sanitize the layout parameters coming from a client.  Allows the policy

     * to do things like ensure that windows of a specific type can't take
@@ -964,6 +979,8 @@ public class DisplayPolicy { 
        if (mExtraNavBarAlt == win) {

            mExtraNavBarAltPosition = getAltBarPosition(attrs);

        }



        attrs.flags = sanitizeFlagSlippery(attrs.flags, attrs.privateFlags, win.getName());

    }



    /**

services/core/java/com/android/server/wm/WindowManagerService.java

+4 −2
Original line number Diff line number Diff line
@@ -56,6 +56,7 @@ import static android.view.WindowManager.LayoutParams.FLAG_NOT_FOCUSABLE; 
import static android.view.WindowManager.LayoutParams.FLAG_SECURE;

import static android.view.WindowManager.LayoutParams.FLAG_SHOW_WALLPAPER;

import static android.view.WindowManager.LayoutParams.FLAG_SHOW_WHEN_LOCKED;

import static android.view.WindowManager.LayoutParams.FLAG_SLIPPERY;

import static android.view.WindowManager.LayoutParams.INPUT_FEATURE_NO_INPUT_CHANNEL;

import static android.view.WindowManager.LayoutParams.LAST_APPLICATION_WINDOW;

import static android.view.WindowManager.LayoutParams.LAST_SUB_WINDOW;
@@ -8088,8 +8089,9 @@ public class WindowManagerService extends IWindowManager.Stub 
        h.token = channelToken;

        h.name = name;



        final int sanitizedFlags = flags & (LayoutParams.FLAG_NOT_TOUCHABLE

                | LayoutParams.FLAG_SLIPPERY);

        flags = DisplayPolicy.sanitizeFlagSlippery(flags, privateFlags, name);



        final int sanitizedFlags = flags & (LayoutParams.FLAG_NOT_TOUCHABLE | FLAG_SLIPPERY);

        h.layoutParamsFlags = WindowManager.LayoutParams.FLAG_NOT_TOUCH_MODAL | sanitizedFlags;

        h.layoutParamsType = type;

        h.dispatchingTimeoutNanos = DEFAULT_INPUT_DISPATCHING_TIMEOUT_NANOS;