diff options
author | Svet Ganov <svetoslavganov@google.com> | 2016-07-14 16:08:09 -0700 |
---|---|---|
committer | Svetoslav Ganov <svetoslavganov@google.com> | 2016-07-14 19:16:42 -0700 |
commit | b3b22cba86dd6e010c5fac3d044990f155a33381 (patch) | |
tree | ddff80942ca87ec316162c461d8895d9c0d06482 /rs/java/android/renderscript/ProgramStore.java | |
parent | 185131442ba9f2356e12ee66f2048f8d91316d34 (diff) |
Prevent apps to overlay other apps via toast windows
It was possible for apps to put toast type windows
that overlay other apps which toast winodws aren't
removed after a timeout like toasts are.
Now to add a toast window one needs to have a special
token. The token is added by the notificatoion manager
service only for the lifetime of the shown toast and
is then removed including all windows associated with
this token.
This prevents apps to add arbitrary toast windows. The
token is passed in the app domain in the request to
construt and add the toast window which allows a bad
app to add arbitrary toast windows. However, this is
fine since the token will be invalided and all of its
windows removed after the toast for which it was
create times out.
We do not care of braking apps that add toast windows
directly due to the security and privacy implications
of arbitrary UI redressing. Also we have dedicated
Toast APIs which are the way to add this time of UI.
bug:30150688
Change-Id: I65372c81a791489de89fb2886cc96392c28680bb
Diffstat (limited to 'rs/java/android/renderscript/ProgramStore.java')
0 files changed, 0 insertions, 0 deletions