tree ddff80942ca87ec316162c461d8895d9c0d06482
parent 185131442ba9f2356e12ee66f2048f8d91316d34
author Svet Ganov <svetoslavganov@google.com> 1468537689 -0700
committer Svetoslav Ganov <svetoslavganov@google.com> 1468549002 -0700

Prevent apps to overlay other apps via toast windows

It was possible for apps to put toast type windows
that overlay other apps which toast winodws aren't
removed after a timeout like toasts are.

Now to add a toast window one needs to have a special
token. The token is added by the notificatoion manager
service only for the lifetime of the shown toast and
is then removed including all windows associated with
this token.

This prevents apps to add arbitrary toast windows. The
token is passed in the app domain in the request to
construt and add the toast window which allows a bad
app to add arbitrary toast windows. However, this is
fine since the token will be invalided and all of its
windows removed after the toast for which it was
create times out.

We do not care of braking apps that add toast windows
directly due to the security and privacy implications
of arbitrary UI redressing. Also we have dedicated
Toast APIs which are the way to add this time of UI.

bug:30150688

Change-Id: I65372c81a791489de89fb2886cc96392c28680bb