From 211a2fff0d7da5fb460b395c4fea4d5b66a399ab Mon Sep 17 00:00:00 2001
From: Tsung-Mao Fang <tmfang@google.com>
Date: Mon, 1 Feb 2021 17:34:46 +0800
Subject: [PATCH] Fix security issue

Settings#CredentialStorage could be overlaid to
trick user into clearing all credentials.

Disallow non-system overlay on activity.

Test: Trigger the debug apk again, and no overlay
Bug: 176753731
Change-Id: I657de039d667f5aee0941336e9361ae04f056c33
Merged-In: I657de039d667f5aee0941336e9361ae04f056c33
---
 src/com/android/settings/security/CredentialStorage.java | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/com/android/settings/security/CredentialStorage.java b/src/com/android/settings/security/CredentialStorage.java
index 5e647230852..e0daaaa8fd9 100644
--- a/src/com/android/settings/security/CredentialStorage.java
+++ b/src/com/android/settings/security/CredentialStorage.java
@@ -44,6 +44,7 @@ import androidx.fragment.app.FragmentActivity;
 
 import com.android.internal.widget.LockPatternUtils;
 import com.android.settings.R;
+import com.android.settings.core.HideNonSystemOverlayMixin;
 import com.android.settings.password.ChooseLockSettingsHelper;
 import com.android.settings.vpn2.VpnUtils;
 
@@ -75,6 +76,7 @@ public final class CredentialStorage extends FragmentActivity {
     protected void onCreate(Bundle savedState) {
         super.onCreate(savedState);
         mUtils = new LockPatternUtils(this);
+        getLifecycle().addObserver(new HideNonSystemOverlayMixin(this));
     }
 
     @Override