commit 20370a49ee895fa4ddebe3aa2bbf0d797c3ed05c
author Karsten Tausche <karsten@fairphone.com> Thu Dec 09 17:59:18 2021 +0100
committer Karsten Tausche <karsten@fairphone.com> Thu Dec 09 17:59:18 2021 +0100
tree a09d52327c9f2eea47ebaea9f60ecad33101f3ca
parent ddf403661314c4c3344bcbe8a14485b784047048
parent 7fb63afbef6c5b13835c655651724ced94cdc645

Merge tag 'android-security-11.0.0_r50' into int/11/fp3

Android security 11.0.0 release 50

* tag 'android-security-11.0.0_r50':
  DO NOT MERGE KeyChain protect against overlays.
  DO NOT MERGE Hide overlay on KeyChainActivity

Change-Id: I4a12bf049fccb84d092bddb696af71cda5f9defc

AndroidManifest.xml

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 9d1601f..44f5463 100755
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -6,6 +6,7 @@
     <!-- Needed so KeyChainService on non-system user can write 
          security logging events -->
     <uses-permission android:name="android.permission.READ_LOGS"/>
+    <uses-permission android:name="android.permission.HIDE_NON_SYSTEM_OVERLAY_WINDOWS"/>
 
     <application android:label="@string/app_name"
             android:allowBackup="false"

src/com/android/keychain/KeyChainActivity.java

diff --git a/src/com/android/keychain/KeyChainActivity.java b/src/com/android/keychain/KeyChainActivity.java
index 078e377..7165a09 100644
--- a/src/com/android/keychain/KeyChainActivity.java
+++ b/src/com/android/keychain/KeyChainActivity.java
@@ -28,6 +28,7 @@
 import android.content.res.Resources;
 import android.net.Uri;
 import android.os.AsyncTask;
+import android.os.Bundle;
 import android.os.RemoteException;
 import android.os.ServiceManager;
 import android.security.Credentials;
@@ -64,6 +65,8 @@
 
 import javax.security.auth.x500.X500Principal;
 
+import static android.view.WindowManager.LayoutParams.SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS;
+
 public class KeyChainActivity extends Activity {
     private static final String TAG = "KeyChain";
 
@@ -81,6 +84,13 @@
     // certificates.
     AlertDialog mLoadingDialog;
 
+
+    @Override
+    protected void onCreate(Bundle savedState) {
+        super.onCreate(savedState);
+        getWindow().addSystemFlags(SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS);
+    }
+
     @Override public void onResume() {
         super.onResume();
 
@@ -428,6 +438,9 @@
                 finish(null);
             }
         });
+        dialog.create();
+        // Prevents screen overlay attack.
+        dialog.getButton(DialogInterface.BUTTON_POSITIVE).setFilterTouchesWhenObscured(true);
         dialog.show();
     }