From 05c8eb5fd0e2dfe902217a3f6ffe570f8fb5af9f Mon Sep 17 00:00:00 2001 From: Suprabh Shukla Date: Mon, 22 May 2017 15:20:06 -0700 Subject: [PATCH] Disabling the activate button when paused This revises the previous attempt to drop taps when another window is obscuring the device admin details. Any system alert windows or toasts are disabled when the activity is in focus, otherwise the button is disabled so no floating activities can obscure it and delegate taps back to the security sensitive "Activate" button. Test: CtsVerifier -> Device Administration -> Device Admin Tapjacking Test Bug: 35056974 Change-Id: I292a44e713ea4a4b0305ca3b3b21f1c82fd73c2b --- src/com/android/settings/DeviceAdminAdd.java | 28 ++++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/src/com/android/settings/DeviceAdminAdd.java b/src/com/android/settings/DeviceAdminAdd.java index fb2f29f5054..5978f5eded9 100644 --- a/src/com/android/settings/DeviceAdminAdd.java +++ b/src/com/android/settings/DeviceAdminAdd.java @@ -40,6 +40,7 @@ import android.net.Uri; import android.os.Binder; import android.os.Bundle; import android.os.Handler; +import android.os.IBinder; import android.os.RemoteCallback; import android.os.RemoteException; import android.os.UserHandle; @@ -90,6 +91,7 @@ public class DeviceAdminAdd extends Activity { public static final String EXTRA_CALLED_FROM_SUPPORT_DIALOG = "android.app.extra.CALLED_FROM_SUPPORT_DIALOG"; + private final IBinder mToken = new Binder(); Handler mHandler; DevicePolicyManager mDPM; @@ -118,8 +120,6 @@ public class DeviceAdminAdd extends Activity { boolean mWaitingForRemoveMsg; boolean mAddingProfileOwner; boolean mAdminPoliciesInitialized; - int mCurSysAppOpMode; - int mCurToastAppOpMode; boolean mIsCalledFromSupportDialog = false; @@ -352,6 +352,9 @@ public class DeviceAdminAdd extends Activity { restrictedAction.setFilterTouchesWhenObscured(true); restrictedAction.setOnClickListener(new View.OnClickListener() { public void onClick(View v) { + if (!mActionButton.isEnabled()) { + return; + } if (mAdding) { addAndFinish(); } else if (isManagedProfile(mDeviceAdmin) @@ -473,24 +476,21 @@ public class DeviceAdminAdd extends Activity { @Override protected void onResume() { super.onResume(); + mActionButton.setEnabled(true); updateInterface(); - // As long as we are running, don't let this admin overlay stuff on top of the screen. - final int uid = mDeviceAdmin.getActivityInfo().applicationInfo.uid; - final String pkg = mDeviceAdmin.getActivityInfo().applicationInfo.packageName; - mCurSysAppOpMode = mAppOps.checkOp(AppOpsManager.OP_SYSTEM_ALERT_WINDOW, uid, pkg); - mCurToastAppOpMode = mAppOps.checkOp(AppOpsManager.OP_TOAST_WINDOW, uid, pkg); - mAppOps.setMode(AppOpsManager.OP_SYSTEM_ALERT_WINDOW, uid, pkg, AppOpsManager.MODE_IGNORED); - mAppOps.setMode(AppOpsManager.OP_TOAST_WINDOW, uid, pkg, AppOpsManager.MODE_IGNORED); + // As long as we are running, don't let anyone overlay stuff on top of the screen. + mAppOps.setUserRestriction(AppOpsManager.OP_SYSTEM_ALERT_WINDOW, true, mToken); + mAppOps.setUserRestriction(AppOpsManager.OP_TOAST_WINDOW, true, mToken); + } @Override protected void onPause() { super.onPause(); - // As long as we are running, don't let this admin overlay stuff on top of the screen. - final int uid = mDeviceAdmin.getActivityInfo().applicationInfo.uid; - final String pkg = mDeviceAdmin.getActivityInfo().applicationInfo.packageName; - mAppOps.setMode(AppOpsManager.OP_SYSTEM_ALERT_WINDOW, uid, pkg, mCurSysAppOpMode); - mAppOps.setMode(AppOpsManager.OP_TOAST_WINDOW, uid, pkg, mCurToastAppOpMode); + // This just greys out the button. The actual listener is attached to R.id.restricted_action + mActionButton.setEnabled(false); + mAppOps.setUserRestriction(AppOpsManager.OP_SYSTEM_ALERT_WINDOW, false, mToken); + mAppOps.setUserRestriction(AppOpsManager.OP_TOAST_WINDOW, false, mToken); try { ActivityManager.getService().resumeAppSwitches(); } catch (RemoteException e) {