Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 211a2fff authored by Tsung-Mao Fang's avatar Tsung-Mao Fang
Browse files

Fix security issue 

Settings#CredentialStorage could be overlaid to
trick user into clearing all credentials.

Disallow non-system overlay on activity.

Test: Trigger the debug apk again, and no overlay
Bug: 176753731
Change-Id: I657de039d667f5aee0941336e9361ae04f056c33
Merged-In: I657de039d667f5aee0941336e9361ae04f056c33
parent 6ec886a0

src/com/android/settings/security/CredentialStorage.java

+2 −0
Original line number Diff line number Diff line
@@ -44,6 +44,7 @@ import androidx.fragment.app.FragmentActivity; 


import com.android.internal.widget.LockPatternUtils;

import com.android.settings.R;

import com.android.settings.core.HideNonSystemOverlayMixin;

import com.android.settings.password.ChooseLockSettingsHelper;

import com.android.settings.vpn2.VpnUtils;
@@ -75,6 +76,7 @@ public final class CredentialStorage extends FragmentActivity { 
    protected void onCreate(Bundle savedState) {

        super.onCreate(savedState);

        mUtils = new LockPatternUtils(this);

        getLifecycle().addObserver(new HideNonSystemOverlayMixin(this));

    }



    @Override