[RESTRICT AUTOMERGE] Add hide-non-system-overlay flag for HarmfulAppWarningActivity

A malicious application could overlay the activity. The overlay is
able to be tapped through, which can trick the user into starting a
harmful activity.

The CL added the flag SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS for
the activity to prevent the tapjacking/overlay attack.

Bug: 205595291
Test: atest CtsHarmfulAppWarningHostTestCases
Change-Id: Ia1a1ae0dc451e04bf5c31e3cb8cf30a0d8e32991
(cherry picked from commit a04b3666b8619e09e08646c6d5c529d016cbfb47)

1 files changed, 4 insertions, 0 deletions

diff --git a/core/java/com/android/internal/app/HarmfulAppWarningActivity.java b/core/java/com/android/internal/app/HarmfulAppWarningActivity.java
index ce2d229d41b3..33209e110123 100644
--- a/core/java/com/android/internal/app/HarmfulAppWarningActivity.java
+++ b/core/java/com/android/internal/app/HarmfulAppWarningActivity.java
@@ -16,6 +16,8 @@
 
 package com.android.internal.app;
 
+import static android.view.WindowManager.LayoutParams.SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS;
+
 import android.content.Context;
 import android.content.DialogInterface;
 import android.content.Intent;
@@ -27,6 +29,7 @@ import android.os.Bundle;
 import android.util.Log;
 import android.view.View;
 import android.widget.TextView;
+
 import com.android.internal.R;
 
 /**
@@ -48,6 +51,7 @@ public class HarmfulAppWarningActivity extends AlertActivity implements
     protected void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
 
+        getWindow().addSystemFlags(SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS);
         final Intent intent = getIntent();
         mPackageName = intent.getStringExtra(Intent.EXTRA_PACKAGE_NAME);
         mTarget = intent.getParcelableExtra(Intent.EXTRA_INTENT);