summaryrefslogtreecommitdiff
path: root/rs/java/android/renderscript/ProgramVertexFixedFunction.java
diff options
context:
space:
mode:
authorSterling Huber <hubers@google.com>2019-11-07 11:04:03 -0800
committerSterling Huber <hubers@google.com>2019-12-09 18:17:53 +0000
commit54e6a3c4fbf2eb70541932074ed650dcf22113ed (patch)
tree88201f3875a0cbdc5a6594748bd76ff372c632f6 /rs/java/android/renderscript/ProgramVertexFixedFunction.java
parentff797c3ba35bbdb79ef3d167fdf48795093fcb9a (diff)
RESTRICT AUTOMERGE
Make toasts non-clickable Since enforcement was only on client-side, in Toast class, an app could use reflection (or other means) to make the Toast clickable. This is a security vulnerability since it allows tapjacking, that is, intercept touch events and do stuff like steal PINs and passwords. This CL brings the enforcement to the system by applying flag FLAG_NOT_TOUCHABLE. Test: Construct app that uses reflection to remove flag FLAG_NOT_TOUCHABLE and log click events. Then: 1) Observe click events are logged without this CL. 2) Observer click events are not logged with this CL. Bug: 128674520 Change-Id: Ica346c853dcb9a1e494f7143ba1c38d22c0003d0
Diffstat (limited to 'rs/java/android/renderscript/ProgramVertexFixedFunction.java')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-05 02:54:06 +0000