[DO NOT MERGE] Allow multiple toasts for the focused app

We don't allow apps to add multiple toast windows to
prevent an attacker to keep adding the same toast as
a workaround for our measure to ensure toast windows
are removed after a timeout. The may cause backwards
compatibility issue for apps that add multiple toasts.
While we need to fix the security vulnerability it is
desirable to make the fix as backwards compatible as
possible. This change allows the focused app to add
as many toast windows as it wants since they will be
removed after the timeout and once the app is not the
one the user uses it will lose the multiple toast add
capability.

bug:30150688

Change-Id: I2d9295926cb49b5bb80c7af2546872ff8ca22c64

services/core/java/com/android/server/wm/DisplayContent.java

@@ -719,16 +719,21 @@ class DisplayContent {
 
     boolean canAddToastWindowForUid(int uid) {
         // We allow one toast window per UID being shown at a time.
-        WindowList windows = getWindowList();
-        final int windowCount = windows.size();
+        // Also if the app is focused adding more than one toast at
+        // a time for better backwards compatibility.
+        boolean alreadyHasToastWindow = false;
+        final int windowCount = mWindows.size();
         for (int i = 0; i < windowCount; i++) {
-            WindowState window = windows.get(i);
-            if (window.mAttrs.type == TYPE_TOAST && window.mOwnerUid == uid
+            final WindowState window = mWindows.get(i);
+            if (window.isFocused() && window.getOwningUid() == uid) {
+                return true;
+            }
+            if (window.mAttrs.type == TYPE_TOAST && window.getOwningUid() == uid
                     && !window.isRemovedOrHidden()) {
-                return false;
+                alreadyHasToastWindow = true;
             }
         }
-        return true;
+        return !alreadyHasToastWindow;
     }
 
     void scheduleToastWindowsTimeoutIfNeededLocked(WindowState oldFocus,