diff options
author | TreeHugger Robot <treehugger-gerrit@google.com> | 2016-05-16 13:51:48 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2016-05-16 13:51:48 +0000 |
commit | 1be5a77aaa3bfba81063cbba38422dfe30c4ce40 (patch) | |
tree | 577d3ac9febf8dd65a2f4e71d876801306380659 | |
parent | 55dbb25ae341353ef10312d89a248d4e658be9ee (diff) | |
parent | c8eda3e20a95b2c96ef4ccd0213347ea1e4887ae (diff) | |
download | android_packages_apps_PackageInstaller-1be5a77aaa3bfba81063cbba38422dfe30c4ce40.tar.gz android_packages_apps_PackageInstaller-1be5a77aaa3bfba81063cbba38422dfe30c4ce40.tar.bz2 android_packages_apps_PackageInstaller-1be5a77aaa3bfba81063cbba38422dfe30c4ce40.zip |
Merge "Take advantage of new MotionEvent flag to prevent tapjacking." into nyc-dev
-rw-r--r-- | res/layout/grant_permissions.xml | 4 | ||||
-rw-r--r-- | src/com/android/packageinstaller/permission/ui/SecureButtonView.java | 56 |
2 files changed, 58 insertions, 2 deletions
diff --git a/res/layout/grant_permissions.xml b/res/layout/grant_permissions.xml index dfbfb47f..19ec5a80 100644 --- a/res/layout/grant_permissions.xml +++ b/res/layout/grant_permissions.xml @@ -97,13 +97,13 @@ android:text="@string/grant_dialog_button_deny" > </Button> - <Button + <com.android.packageinstaller.permission.ui.SecureButtonView android:id="@+id/permission_allow_button" android:layout_width="wrap_content" android:layout_height="wrap_content" style="?android:attr/buttonBarButtonStyle" android:text="@string/grant_dialog_button_allow" > - </Button> + </com.android.packageinstaller.permission.ui.SecureButtonView> </com.android.packageinstaller.permission.ui.ButtonBarLayout> diff --git a/src/com/android/packageinstaller/permission/ui/SecureButtonView.java b/src/com/android/packageinstaller/permission/ui/SecureButtonView.java new file mode 100644 index 00000000..624744e5 --- /dev/null +++ b/src/com/android/packageinstaller/permission/ui/SecureButtonView.java @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2016 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.packageinstaller.permission.ui; + +import android.content.Context; +import android.util.AttributeSet; +import android.view.MotionEvent; +import android.widget.Button; + +/** + * Extension of Button that uses the hidden MotionEvent flag for partially obscured windows to + * prevent tapjacking attacks. + */ +public class SecureButtonView extends Button { + + public SecureButtonView(Context context) { + this(context, null); + } + + public SecureButtonView(Context context, AttributeSet attrs) { + this(context, attrs, 0); + } + + public SecureButtonView(Context context, AttributeSet attrs, int defStyleAttr) { + this(context, attrs, defStyleAttr, 0); + } + + public SecureButtonView(Context context, AttributeSet attrs, int defStyleAttr, + int defStyleRes) { + super(context, attrs, defStyleAttr, defStyleRes); + } + + @Override + public boolean onFilterTouchEventForSecurity(MotionEvent event) { + if ((event.getFlags() & MotionEvent.FLAG_WINDOW_IS_OBSCURED) != 0 + || (event.getFlags() & MotionEvent.FLAG_WINDOW_IS_PARTIALLY_OBSCURED) != 0) { + // Window is obscured, drop this touch. + return false; + } + return true; + } +} |