From 296a60acc3d67cea23bae167dbcb51c0d0d60b23 Mon Sep 17 00:00:00 2001
From: Svet Ganov <svetoslavganov@google.com>
Date: Mon, 5 Dec 2016 09:03:24 -0800
Subject: [PATCH] [DO NOT MERGE] Allow multiple toasts for the focused app

We don't allow apps to add multiple toast windows to
prevent an attacker to keep adding the same toast as
a workaround for our measure to ensure toast windows
are removed after a timeout. The may cause backwards
compatibility issue for apps that add multiple toasts.
While we need to fix the security vulnerability it is
desirable to make the fix as backwards compatible as
possible. This change allows the focused app to add
as many toast windows as it wants since they will be
removed after the timeout and once the app is not the
one the user uses it will lose the multiple toast add
capability.

bug:30150688

Change-Id: I2d9295926cb49b5bb80c7af2546872ff8ca22c64
---
 .../com/android/server/wm/DisplayContent.java   | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/services/core/java/com/android/server/wm/DisplayContent.java b/services/core/java/com/android/server/wm/DisplayContent.java
index e8104c4c93770..1015a20687c8d 100644
--- a/services/core/java/com/android/server/wm/DisplayContent.java
+++ b/services/core/java/com/android/server/wm/DisplayContent.java
@@ -719,16 +719,21 @@ class DisplayContent {
 
     boolean canAddToastWindowForUid(int uid) {
         // We allow one toast window per UID being shown at a time.
-        WindowList windows = getWindowList();
-        final int windowCount = windows.size();
+        // Also if the app is focused adding more than one toast at
+        // a time for better backwards compatibility.
+        boolean alreadyHasToastWindow = false;
+        final int windowCount = mWindows.size();
         for (int i = 0; i < windowCount; i++) {
-            WindowState window = windows.get(i);
-            if (window.mAttrs.type == TYPE_TOAST && window.mOwnerUid == uid
+            final WindowState window = mWindows.get(i);
+            if (window.isFocused() && window.getOwningUid() == uid) {
+                return true;
+            }
+            if (window.mAttrs.type == TYPE_TOAST && window.getOwningUid() == uid
                     && !window.isRemovedOrHidden()) {
-                return false;
+                alreadyHasToastWindow = true;
             }
         }
-        return true;
+        return !alreadyHasToastWindow;
     }
 
     void scheduleToastWindowsTimeoutIfNeededLocked(WindowState oldFocus,