commit c36f207f99054867d17222e2184eca557a488111
author Prashantsinh Parmar <prashantsinh.parmar@fairphone.com> Thu Dec 05 22:59:01 2024 +0530
committer Prashantsinh Parmar <prashantsinh.parmar@fairphone.com> Thu Dec 05 22:59:01 2024 +0530
tree c8f863813719d8206c4c17cdf40bf61126f7837d
parent 5d6abbdae202dab399b5c6c5a5a03db65b0e9b6b
parent c59f46f1047c6bd45c04bda2899d1bcffdc1a443

Merge tag 'android-security-13.0.0_r24' into int/13/fp3

Android Security 13.0.0 Release 24 (12496786)

* tag 'android-security-13.0.0_r24':
  Prevent clickjacking attack in DocsUi.

Change-Id: I6d5f8d28701092288151010af7362e432d1ca675

AndroidManifest.xml

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index e15805e..9dbbb70 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -32,6 +32,7 @@
     <uses-permission android:name="android.permission.MODIFY_QUIET_MODE" />
     <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES" />
     <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
+    <uses-permission android:name="android.permission.HIDE_OVERLAY_WINDOWS"/>
 
     <!-- Permissions required for reading and logging compat changes -->
     <uses-permission android:name="android.permission.LOG_COMPAT_CHANGE"/>

src/com/android/documentsui/BaseActivity.java

diff --git a/src/com/android/documentsui/BaseActivity.java b/src/com/android/documentsui/BaseActivity.java
index c6cbc19..5af3314 100644
--- a/src/com/android/documentsui/BaseActivity.java
+++ b/src/com/android/documentsui/BaseActivity.java
@@ -74,6 +74,7 @@
 import com.android.documentsui.sidebar.RootsFragment;
 import com.android.documentsui.sorting.SortController;
 import com.android.documentsui.sorting.SortModel;
+import com.android.modules.utils.build.SdkLevel;
 
 import com.android.documentsui.util.VersionUtils;
 import com.google.android.material.appbar.AppBarLayout;
@@ -135,6 +136,10 @@
         // Record the time when onCreate is invoked for metric.
         mStartTime = new Date().getTime();
 
+        if (SdkLevel.isAtLeastS()) {
+            getWindow().setHideOverlayWindows(true);
+        }
+
         // ToDo Create tool to check resource version before applyStyle for the theme
         // If version code is not match, we should reset overlay package to default,
         // in case Activity continueusly encounter resource not found exception

src/com/android/documentsui/picker/ConfirmFragment.java

diff --git a/src/com/android/documentsui/picker/ConfirmFragment.java b/src/com/android/documentsui/picker/ConfirmFragment.java
index 94015e9..e1af281 100644
--- a/src/com/android/documentsui/picker/ConfirmFragment.java
+++ b/src/com/android/documentsui/picker/ConfirmFragment.java
@@ -32,6 +32,7 @@
 import com.android.documentsui.R;
 import com.android.documentsui.base.DocumentInfo;
 import com.android.documentsui.base.Shared;
+import com.android.modules.utils.build.SdkLevel;
 
 import com.google.android.material.dialog.MaterialAlertDialogBuilder;
 
@@ -102,7 +103,11 @@
         builder.setNegativeButton(android.R.string.cancel,
                 (DialogInterface dialog, int id) -> pickResult.increaseActionCount());
 
-        return builder.create();
+        Dialog dialog = builder.create();
+        if (SdkLevel.isAtLeastS()) {
+            dialog.getWindow().setHideOverlayWindows(true);
+        }
+        return dialog;
     }
 
     @Override