diff options
author | Michael Wright <michaelwr@google.com> | 2016-04-18 19:02:40 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2016-04-18 19:02:40 +0000 |
commit | 7a43bba37948402bbdbe7f58c8df677c0e1bf0c3 (patch) | |
tree | f2bc2ed4943c2e5afb6af7dd66c921e5e176cc01 | |
parent | 6f23a1b1bbb07f08ec56ec1d854c703758c56368 (diff) | |
parent | ac5a29e577fe9d5491f2acfdcf49093a00b531b0 (diff) | |
download | android_packages_apps_PackageInstaller-7a43bba37948402bbdbe7f58c8df677c0e1bf0c3.tar.gz android_packages_apps_PackageInstaller-7a43bba37948402bbdbe7f58c8df677c0e1bf0c3.tar.bz2 android_packages_apps_PackageInstaller-7a43bba37948402bbdbe7f58c8df677c0e1bf0c3.zip |
DO NOT MERGE Take advantage of new MotionEvent flag to prevent tapjacking. am: b431433 am: ae0dc4e
am: ac5a29e
* commit 'ac5a29e577fe9d5491f2acfdcf49093a00b531b0':
DO NOT MERGE Take advantage of new MotionEvent flag to prevent tapjacking.
Change-Id: I1be0df4aae2a9f64fc9dd199b158b21aec3d04d2
-rw-r--r-- | res/layout/grant_permissions.xml | 4 | ||||
-rw-r--r-- | src/com/android/packageinstaller/permission/ui/SecureButtonView.java | 56 |
2 files changed, 58 insertions, 2 deletions
diff --git a/res/layout/grant_permissions.xml b/res/layout/grant_permissions.xml index 463f0ccd..fe6389fe 100644 --- a/res/layout/grant_permissions.xml +++ b/res/layout/grant_permissions.xml @@ -91,14 +91,14 @@ android:text="@string/grant_dialog_button_deny" > </Button> - <Button + <com.android.packageinstaller.permission.ui.SecureButtonView android:id="@+id/permission_allow_button" android:layout_width="wrap_content" android:layout_height="wrap_content" style="?android:attr/buttonBarButtonStyle" android:layout_marginStart="8dip" android:text="@string/grant_dialog_button_allow" > - </Button> + </com.android.packageinstaller.permission.ui.SecureButtonView> </LinearLayout> diff --git a/src/com/android/packageinstaller/permission/ui/SecureButtonView.java b/src/com/android/packageinstaller/permission/ui/SecureButtonView.java new file mode 100644 index 00000000..624744e5 --- /dev/null +++ b/src/com/android/packageinstaller/permission/ui/SecureButtonView.java @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2016 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.packageinstaller.permission.ui; + +import android.content.Context; +import android.util.AttributeSet; +import android.view.MotionEvent; +import android.widget.Button; + +/** + * Extension of Button that uses the hidden MotionEvent flag for partially obscured windows to + * prevent tapjacking attacks. + */ +public class SecureButtonView extends Button { + + public SecureButtonView(Context context) { + this(context, null); + } + + public SecureButtonView(Context context, AttributeSet attrs) { + this(context, attrs, 0); + } + + public SecureButtonView(Context context, AttributeSet attrs, int defStyleAttr) { + this(context, attrs, defStyleAttr, 0); + } + + public SecureButtonView(Context context, AttributeSet attrs, int defStyleAttr, + int defStyleRes) { + super(context, attrs, defStyleAttr, defStyleRes); + } + + @Override + public boolean onFilterTouchEventForSecurity(MotionEvent event) { + if ((event.getFlags() & MotionEvent.FLAG_WINDOW_IS_OBSCURED) != 0 + || (event.getFlags() & MotionEvent.FLAG_WINDOW_IS_PARTIALLY_OBSCURED) != 0) { + // Window is obscured, drop this touch. + return false; + } + return true; + } +} |