PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix security issue

Browse Source 
Settings#CredentialStorage could be overlaid to
trick user into clearing all credentials.

Disallow non-system overlay on activity.

Test: Trigger the debug apk again, and no overlay
Bug: 176753731
Change-Id: I657de039d667f5aee0941336e9361ae04f056c33
Merged-In: I657de039d667f5aee0941336e9361ae04f056c33
This commit is contained in:
Tsung-Mao Fang
2021-02-01 17:34:46 +08:00
parent 6ec886a0e3
commit 211a2fff0d
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/com/android/settings/security/CredentialStorage.java
View File

@@ -44,6 +44,7 @@ import androidx.fragment.app.FragmentActivity;
import com.android.internal.widget.LockPatternUtils; import com.android.internal.widget.LockPatternUtils;
import com.android.settings.R; import com.android.settings.R;
import com.android.settings.core.HideNonSystemOverlayMixin;
import com.android.settings.password.ChooseLockSettingsHelper; import com.android.settings.password.ChooseLockSettingsHelper;
import com.android.settings.vpn2.VpnUtils; import com.android.settings.vpn2.VpnUtils;
@@ -75,6 +76,7 @@ public final class CredentialStorage extends FragmentActivity {
protected void onCreate(Bundle savedState) { protected void onCreate(Bundle savedState) {
super.onCreate(savedState); super.onCreate(savedState);
mUtils = new LockPatternUtils(this); mUtils = new LockPatternUtils(this);
getLifecycle().addObserver(new HideNonSystemOverlayMixin(this));
} }
@Override @Override