aa07653d2eea38a7a5bda5944c8a353586916ae9 |
|
02-Aug-2016 |
Svetoslav Ganov <svetoslavganov@google.com> |
Prevent apps to overlay other apps via toast windows It was possible for apps to put toast type windows that overlay other apps which toast winodws aren't removed after a timeout. Now for apps targeting SDK greater than N MR1 to add a toast window one needs to have a special token. The token is added by the notificatoion manager service only for the lifetime of the shown toast and is then removed including all windows associated with this token. This prevents apps to add arbitrary toast windows. Since legacy apps may rely on the ability to directly add toasts we mitigate by allowing these apps to still add such windows for unlimited duration if this app is the currently focused one, i.e. the user interacts with it then it can overlay itself, otherwise we make sure these toast windows are removed after a timeout like a toast would be. We don't allow more that one toast window per UID being added at a time which prevents 1) legacy apps to put the same toast after a timeout to go around our new policy of hiding toasts after a while; 2) modern apps to reuse the passed token to add more than one window; Note that the notification manager shows toasts one at a time. bug:30150688 Change-Id: Ia1dae626bd9e22541be46edb072aa288eb1ae414
/frameworks/base/core/java/android/app/ITransientNotification.aidl
|
2fc661a453c8dd0f62c4e567641ab282f2f2c5fe |
|
02-Aug-2016 |
Svetoslav Ganov <svetoslavganov@google.com> |
Revert "Prevent apps to overlay other apps via toast windows" bug:30150688 This reverts commit dc24f937b031f5f4e153dbfeaa51e96415a09b71. Change-Id: Id7e8ddbf82ab426f55a5296791f1e8ebb61514bc
/frameworks/base/core/java/android/app/ITransientNotification.aidl
|
dc24f937b031f5f4e153dbfeaa51e96415a09b71 |
|
26-Jul-2016 |
Svet Ganov <svetoslavganov@google.com> |
Prevent apps to overlay other apps via toast windows It was possible for apps to put toast type windows that overlay other apps which toast winodws aren't removed after a timeout. Now for apps targeting SDK greater than N MR1 to add a toast window one needs to have a special token. The token is added by the notificatoion manager service only for the lifetime of the shown toast and is then removed including all windows associated with this token. This prevents apps to add arbitrary toast windows. Since legacy apps may rely on the ability to directly add toasts we mitigate by allowing these apps to still add such windows for unlimited duration if this app is the currently focused one, i.e. the user interacts with it then it can overlay itself, otherwise we make sure these toast windows are removed after a timeout like a toast would be. We don't allow more that one toast window per UID being added at a time which prevents 1) legacy apps to put the same toast after a timeout to go around our new policy of hiding toasts after a while; 2) modern apps to reuse the passed token to add more than one window; Note that the notification manager shows toasts one at a time. bug:30150688 Change-Id: Icc8f8dbd060762ae1a7b1720e96c5afdb8aff3fd
/frameworks/base/core/java/android/app/ITransientNotification.aidl
|
f1395d730a499b6420ee7593f3a5236eca637bfb |
|
20-Jul-2016 |
Svetoslav Ganov <svetoslavganov@google.com> |
Revert "Prevent apps to overlay other apps via toast windows" This reverts commit b3b22cba86dd6e010c5fac3d044990f155a33381. Change-Id: I905e7435893fab49f03fdb708f4ab5a9d2c9cbae
/frameworks/base/core/java/android/app/ITransientNotification.aidl
|
b3b22cba86dd6e010c5fac3d044990f155a33381 |
|
15-Jul-2016 |
Svet Ganov <svetoslavganov@google.com> |
Prevent apps to overlay other apps via toast windows It was possible for apps to put toast type windows that overlay other apps which toast winodws aren't removed after a timeout like toasts are. Now to add a toast window one needs to have a special token. The token is added by the notificatoion manager service only for the lifetime of the shown toast and is then removed including all windows associated with this token. This prevents apps to add arbitrary toast windows. The token is passed in the app domain in the request to construt and add the toast window which allows a bad app to add arbitrary toast windows. However, this is fine since the token will be invalided and all of its windows removed after the toast for which it was create times out. We do not care of braking apps that add toast windows directly due to the security and privacy implications of arbitrary UI redressing. Also we have dedicated Toast APIs which are the way to add this time of UI. bug:30150688 Change-Id: I65372c81a791489de89fb2886cc96392c28680bb
/frameworks/base/core/java/android/app/ITransientNotification.aidl
|
9066cfe9886ac131c34d59ed0e2d287b0e3c0087 |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
/frameworks/base/core/java/android/app/ITransientNotification.aidl
|
d83a98f4ce9cfa908f5c54bbd70f03eec07e7553 |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
/frameworks/base/core/java/android/app/ITransientNotification.aidl
|
54b6cfa9a9e5b861a9930af873580d6dc20f773c |
|
21-Oct-2008 |
The Android Open Source Project <initial-contribution@android.com> |
Initial Contribution
/frameworks/base/core/java/android/app/ITransientNotification.aidl
|