diff options
| author | Svet Ganov <svetoslavganov@google.com> | 2016-07-26 11:41:42 -0700 |
|---|---|---|
| committer | Svetoslav Ganov <svetoslavganov@google.com> | 2016-08-01 11:46:02 -0700 |
| commit | dc24f937b031f5f4e153dbfeaa51e96415a09b71 (patch) | |
| tree | fdfddcf8359f3931bfd6a118bd6471d844916c79 /core/java/android/widget/Toast.java | |
| parent | 94ae1e739fd84a308609fff3b913d0963900ed6e (diff) | |
Prevent apps to overlay other apps via toast windows
It was possible for apps to put toast type windows
that overlay other apps which toast winodws aren't
removed after a timeout.
Now for apps targeting SDK greater than N MR1 to add a
toast window one needs to have a special token. The token
is added by the notificatoion manager service only for
the lifetime of the shown toast and is then removed
including all windows associated with this token. This
prevents apps to add arbitrary toast windows.
Since legacy apps may rely on the ability to directly
add toasts we mitigate by allowing these apps to still
add such windows for unlimited duration if this app is
the currently focused one, i.e. the user interacts with
it then it can overlay itself, otherwise we make sure
these toast windows are removed after a timeout like
a toast would be.
We don't allow more that one toast window per UID being
added at a time which prevents 1) legacy apps to put the
same toast after a timeout to go around our new policy
of hiding toasts after a while; 2) modern apps to reuse
the passed token to add more than one window; Note that
the notification manager shows toasts one at a time.
bug:30150688
Change-Id: Icc8f8dbd060762ae1a7b1720e96c5afdb8aff3fd
Diffstat (limited to 'core/java/android/widget/Toast.java')
| -rw-r--r-- | core/java/android/widget/Toast.java | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/core/java/android/widget/Toast.java b/core/java/android/widget/Toast.java index 77626754264f..eca10cb5e7fd 100644 --- a/core/java/android/widget/Toast.java +++ b/core/java/android/widget/Toast.java @@ -25,6 +25,8 @@ import android.content.res.Configuration; import android.content.res.Resources; import android.graphics.PixelFormat; import android.os.Handler; +import android.os.IBinder; +import android.os.Message; import android.os.RemoteException; import android.os.ServiceManager; import android.util.Log; @@ -326,13 +328,6 @@ public class Toast { } private static class TN extends ITransientNotification.Stub { - final Runnable mShow = new Runnable() { - @Override - public void run() { - handleShow(); - } - }; - final Runnable mHide = new Runnable() { @Override public void run() { @@ -343,7 +338,13 @@ public class Toast { }; private final WindowManager.LayoutParams mParams = new WindowManager.LayoutParams(); - final Handler mHandler = new Handler(); + final Handler mHandler = new Handler() { + @Override + public void handleMessage(Message msg) { + IBinder token = (IBinder) msg.obj; + handleShow(token); + } + }; int mGravity; int mX, mY; @@ -379,9 +380,9 @@ public class Toast { * schedule handleShow into the right thread */ @Override - public void show() { + public void show(IBinder windowToken) { if (localLOGV) Log.v(TAG, "SHOW: " + this); - mHandler.post(mShow); + mHandler.obtainMessage(0, windowToken).sendToTarget(); } /** @@ -393,7 +394,7 @@ public class Toast { mHandler.post(mHide); } - public void handleShow() { + public void handleShow(IBinder windowToken) { if (localLOGV) Log.v(TAG, "HANDLE SHOW: " + this + " mView=" + mView + " mNextView=" + mNextView); if (mView != mNextView) { @@ -422,8 +423,9 @@ public class Toast { mParams.verticalMargin = mVerticalMargin; mParams.horizontalMargin = mHorizontalMargin; mParams.packageName = packageName; - mParams.removeTimeoutMilliseconds = mDuration == + mParams.hideTimeoutMilliseconds = mDuration == Toast.LENGTH_LONG ? LONG_DURATION_TIMEOUT : SHORT_DURATION_TIMEOUT; + mParams.token = windowToken; if (mView.getParent() != null) { if (localLOGV) Log.v(TAG, "REMOVE! " + mView + " in " + this); mWM.removeView(mView); |