mirror of
https://github.com/oxen-io/session-android.git
synced 2025-01-13 04:43:39 +00:00
Guard against tapjacking
This commit is contained in:
parent
540a657965
commit
6482f16445
@ -30,7 +30,7 @@
|
|||||||
android:textColor="@color/text"
|
android:textColor="@color/text"
|
||||||
android:text="@string/activity_register_explanation" />
|
android:text="@string/activity_register_explanation" />
|
||||||
|
|
||||||
<TextView
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
|
||||||
style="@style/SessionIDTextView"
|
style="@style/SessionIDTextView"
|
||||||
android:id="@+id/publicKeyTextView"
|
android:id="@+id/publicKeyTextView"
|
||||||
android:layout_width="match_parent"
|
android:layout_width="match_parent"
|
||||||
@ -54,7 +54,7 @@
|
|||||||
android:layout_marginRight="@dimen/massive_spacing"
|
android:layout_marginRight="@dimen/massive_spacing"
|
||||||
android:text="@string/continue_2" />
|
android:text="@string/continue_2" />
|
||||||
|
|
||||||
<Button
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
|
||||||
style="@style/Widget.Session.Button.Common.ProminentOutline"
|
style="@style/Widget.Session.Button.Common.ProminentOutline"
|
||||||
android:id="@+id/copyButton"
|
android:id="@+id/copyButton"
|
||||||
android:layout_width="match_parent"
|
android:layout_width="match_parent"
|
||||||
|
@ -36,7 +36,7 @@
|
|||||||
android:textColor="@color/text"
|
android:textColor="@color/text"
|
||||||
android:text="@string/activity_seed_explanation" />
|
android:text="@string/activity_seed_explanation" />
|
||||||
|
|
||||||
<TextView
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
|
||||||
style="@style/SessionIDTextView"
|
style="@style/SessionIDTextView"
|
||||||
android:id="@+id/seedTextView"
|
android:id="@+id/seedTextView"
|
||||||
android:layout_width="match_parent"
|
android:layout_width="match_parent"
|
||||||
@ -49,7 +49,7 @@
|
|||||||
android:textAlignment="center"
|
android:textAlignment="center"
|
||||||
android:text="nautical novelty populate onion awkward bent etiquette plant submarine itches vipers september axis maximum populate" />
|
android:text="nautical novelty populate onion awkward bent etiquette plant submarine itches vipers september axis maximum populate" />
|
||||||
|
|
||||||
<TextView
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
|
||||||
android:id="@+id/revealButton"
|
android:id="@+id/revealButton"
|
||||||
android:layout_width="match_parent"
|
android:layout_width="match_parent"
|
||||||
android:layout_height="wrap_content"
|
android:layout_height="wrap_content"
|
||||||
@ -65,7 +65,7 @@
|
|||||||
android:layout_height="0dp"
|
android:layout_height="0dp"
|
||||||
android:layout_weight="1"/>
|
android:layout_weight="1"/>
|
||||||
|
|
||||||
<Button
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
|
||||||
style="@style/Widget.Session.Button.Common.ProminentOutline"
|
style="@style/Widget.Session.Button.Common.ProminentOutline"
|
||||||
android:id="@+id/copyButton"
|
android:id="@+id/copyButton"
|
||||||
android:layout_width="196dp"
|
android:layout_width="196dp"
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
android:background="?android:dividerHorizontal"
|
android:background="?android:dividerHorizontal"
|
||||||
android:elevation="1dp" />
|
android:elevation="1dp" />
|
||||||
|
|
||||||
<EditText
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofEditText
|
||||||
style="@style/SessionEditText"
|
style="@style/SessionEditText"
|
||||||
android:id="@+id/publicKeyEditText"
|
android:id="@+id/publicKeyEditText"
|
||||||
android:layout_width="match_parent"
|
android:layout_width="match_parent"
|
||||||
@ -50,7 +50,7 @@
|
|||||||
android:layout_marginTop="@dimen/large_spacing"
|
android:layout_marginTop="@dimen/large_spacing"
|
||||||
android:layout_marginRight="@dimen/large_spacing" />
|
android:layout_marginRight="@dimen/large_spacing" />
|
||||||
|
|
||||||
<TextView
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
|
||||||
android:id="@+id/publicKeyTextView"
|
android:id="@+id/publicKeyTextView"
|
||||||
android:layout_width="match_parent"
|
android:layout_width="match_parent"
|
||||||
android:layout_height="wrap_content"
|
android:layout_height="wrap_content"
|
||||||
@ -71,7 +71,7 @@
|
|||||||
android:layout_marginRight="@dimen/large_spacing"
|
android:layout_marginRight="@dimen/large_spacing"
|
||||||
android:orientation="horizontal">
|
android:orientation="horizontal">
|
||||||
|
|
||||||
<Button
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
|
||||||
style="@style/Widget.Session.Button.Common.UnimportantFilled"
|
style="@style/Widget.Session.Button.Common.UnimportantFilled"
|
||||||
android:id="@+id/copyButton"
|
android:id="@+id/copyButton"
|
||||||
android:layout_width="0dp"
|
android:layout_width="0dp"
|
||||||
@ -79,7 +79,7 @@
|
|||||||
android:layout_weight="1"
|
android:layout_weight="1"
|
||||||
android:text="@string/copy" />
|
android:text="@string/copy" />
|
||||||
|
|
||||||
<Button
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
|
||||||
style="@style/Widget.Session.Button.Common.UnimportantFilled"
|
style="@style/Widget.Session.Button.Common.UnimportantFilled"
|
||||||
android:id="@+id/shareButton"
|
android:id="@+id/shareButton"
|
||||||
android:layout_width="0dp"
|
android:layout_width="0dp"
|
||||||
|
@ -30,7 +30,7 @@
|
|||||||
android:textColor="@color/text"
|
android:textColor="@color/text"
|
||||||
android:text="@string/activity_register_explanation" />
|
android:text="@string/activity_register_explanation" />
|
||||||
|
|
||||||
<TextView
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
|
||||||
style="@style/SessionIDTextView"
|
style="@style/SessionIDTextView"
|
||||||
android:id="@+id/publicKeyTextView"
|
android:id="@+id/publicKeyTextView"
|
||||||
android:layout_width="match_parent"
|
android:layout_width="match_parent"
|
||||||
@ -55,7 +55,7 @@
|
|||||||
android:layout_marginRight="@dimen/massive_spacing"
|
android:layout_marginRight="@dimen/massive_spacing"
|
||||||
android:text="@string/continue_2" />
|
android:text="@string/continue_2" />
|
||||||
|
|
||||||
<Button
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
|
||||||
style="@style/Widget.Session.Button.Common.ProminentOutline"
|
style="@style/Widget.Session.Button.Common.ProminentOutline"
|
||||||
android:id="@+id/copyButton"
|
android:id="@+id/copyButton"
|
||||||
android:layout_width="match_parent"
|
android:layout_width="match_parent"
|
||||||
|
@ -36,7 +36,7 @@
|
|||||||
android:textColor="@color/text"
|
android:textColor="@color/text"
|
||||||
android:text="@string/activity_seed_explanation" />
|
android:text="@string/activity_seed_explanation" />
|
||||||
|
|
||||||
<TextView
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
|
||||||
style="@style/SessionIDTextView"
|
style="@style/SessionIDTextView"
|
||||||
android:id="@+id/seedTextView"
|
android:id="@+id/seedTextView"
|
||||||
android:layout_width="match_parent"
|
android:layout_width="match_parent"
|
||||||
@ -49,7 +49,7 @@
|
|||||||
android:textAlignment="center"
|
android:textAlignment="center"
|
||||||
android:text="nautical novelty populate onion awkward bent etiquette plant submarine itches vipers september axis maximum populate" />
|
android:text="nautical novelty populate onion awkward bent etiquette plant submarine itches vipers september axis maximum populate" />
|
||||||
|
|
||||||
<TextView
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
|
||||||
android:id="@+id/revealButton"
|
android:id="@+id/revealButton"
|
||||||
android:layout_width="match_parent"
|
android:layout_width="match_parent"
|
||||||
android:layout_height="wrap_content"
|
android:layout_height="wrap_content"
|
||||||
@ -66,7 +66,7 @@
|
|||||||
android:layout_height="0dp"
|
android:layout_height="0dp"
|
||||||
android:layout_weight="1"/>
|
android:layout_weight="1"/>
|
||||||
|
|
||||||
<Button
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
|
||||||
style="@style/Widget.Session.Button.Common.ProminentOutline"
|
style="@style/Widget.Session.Button.Common.ProminentOutline"
|
||||||
android:id="@+id/copyButton"
|
android:id="@+id/copyButton"
|
||||||
android:layout_width="196dp"
|
android:layout_width="196dp"
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
android:textAlignment="center"
|
android:textAlignment="center"
|
||||||
android:textSize="@dimen/medium_font_size" />
|
android:textSize="@dimen/medium_font_size" />
|
||||||
|
|
||||||
<TextView
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
|
||||||
style="@style/SessionIDTextView"
|
style="@style/SessionIDTextView"
|
||||||
android:id="@+id/seedTextView"
|
android:id="@+id/seedTextView"
|
||||||
android:layout_width="wrap_content"
|
android:layout_width="wrap_content"
|
||||||
@ -56,7 +56,7 @@
|
|||||||
android:layout_weight="1"
|
android:layout_weight="1"
|
||||||
android:text="@string/cancel" />
|
android:text="@string/cancel" />
|
||||||
|
|
||||||
<Button
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
|
||||||
style="@style/Widget.Session.Button.Dialog.Unimportant"
|
style="@style/Widget.Session.Button.Dialog.Unimportant"
|
||||||
android:id="@+id/copyButton"
|
android:id="@+id/copyButton"
|
||||||
android:layout_width="0dp"
|
android:layout_width="0dp"
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
android:background="?android:dividerHorizontal"
|
android:background="?android:dividerHorizontal"
|
||||||
android:elevation="1dp" />
|
android:elevation="1dp" />
|
||||||
|
|
||||||
<EditText
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofEditText
|
||||||
style="@style/SmallSessionEditText"
|
style="@style/SmallSessionEditText"
|
||||||
android:id="@+id/publicKeyEditText"
|
android:id="@+id/publicKeyEditText"
|
||||||
android:layout_width="match_parent"
|
android:layout_width="match_parent"
|
||||||
@ -49,7 +49,7 @@
|
|||||||
android:layout_marginTop="@dimen/large_spacing"
|
android:layout_marginTop="@dimen/large_spacing"
|
||||||
android:layout_marginRight="@dimen/large_spacing" />
|
android:layout_marginRight="@dimen/large_spacing" />
|
||||||
|
|
||||||
<TextView
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
|
||||||
android:id="@+id/publicKeyTextView"
|
android:id="@+id/publicKeyTextView"
|
||||||
android:layout_width="match_parent"
|
android:layout_width="match_parent"
|
||||||
android:layout_height="wrap_content"
|
android:layout_height="wrap_content"
|
||||||
@ -70,7 +70,7 @@
|
|||||||
android:layout_marginRight="@dimen/large_spacing"
|
android:layout_marginRight="@dimen/large_spacing"
|
||||||
android:orientation="horizontal">
|
android:orientation="horizontal">
|
||||||
|
|
||||||
<Button
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
|
||||||
style="@style/Widget.Session.Button.Common.UnimportantFilled"
|
style="@style/Widget.Session.Button.Common.UnimportantFilled"
|
||||||
android:id="@+id/copyButton"
|
android:id="@+id/copyButton"
|
||||||
android:layout_width="0dp"
|
android:layout_width="0dp"
|
||||||
@ -78,7 +78,7 @@
|
|||||||
android:layout_weight="1"
|
android:layout_weight="1"
|
||||||
android:text="@string/copy" />
|
android:text="@string/copy" />
|
||||||
|
|
||||||
<Button
|
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
|
||||||
style="@style/Widget.Session.Button.Common.UnimportantFilled"
|
style="@style/Widget.Session.Button.Common.UnimportantFilled"
|
||||||
android:id="@+id/shareButton"
|
android:id="@+id/shareButton"
|
||||||
android:layout_width="0dp"
|
android:layout_width="0dp"
|
||||||
|
@ -89,6 +89,7 @@ import org.thoughtcrime.securesms.linkpreview.LinkPreviewUtil;
|
|||||||
import org.thoughtcrime.securesms.logging.Log;
|
import org.thoughtcrime.securesms.logging.Log;
|
||||||
import org.thoughtcrime.securesms.loki.utilities.MentionUtilities;
|
import org.thoughtcrime.securesms.loki.utilities.MentionUtilities;
|
||||||
import org.thoughtcrime.securesms.loki.views.ProfilePictureView;
|
import org.thoughtcrime.securesms.loki.views.ProfilePictureView;
|
||||||
|
import org.thoughtcrime.securesms.loki.views.TapJackingProofLinearLayout;
|
||||||
import org.thoughtcrime.securesms.mms.GlideRequests;
|
import org.thoughtcrime.securesms.mms.GlideRequests;
|
||||||
import org.thoughtcrime.securesms.mms.ImageSlide;
|
import org.thoughtcrime.securesms.mms.ImageSlide;
|
||||||
import org.thoughtcrime.securesms.mms.PartAuthority;
|
import org.thoughtcrime.securesms.mms.PartAuthority;
|
||||||
@ -129,7 +130,7 @@ import network.loki.messenger.R;
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public class ConversationItem extends LinearLayout
|
public class ConversationItem extends TapJackingProofLinearLayout
|
||||||
implements RecipientModifiedListener, BindableConversationItem
|
implements RecipientModifiedListener, BindableConversationItem
|
||||||
{
|
{
|
||||||
private static final String TAG = ConversationItem.class.getSimpleName();
|
private static final String TAG = ConversationItem.class.getSimpleName();
|
||||||
|
@ -134,10 +134,10 @@ class EnterPublicKeyFragment : Fragment() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private fun copyPublicKey() {
|
private fun copyPublicKey() {
|
||||||
val clipboard = activity!!.getSystemService(Context.CLIPBOARD_SERVICE) as ClipboardManager
|
val clipboard = requireActivity().getSystemService(Context.CLIPBOARD_SERVICE) as ClipboardManager
|
||||||
val clip = ClipData.newPlainText("Session ID", hexEncodedPublicKey)
|
val clip = ClipData.newPlainText("Session ID", hexEncodedPublicKey)
|
||||||
clipboard.setPrimaryClip(clip)
|
clipboard.setPrimaryClip(clip)
|
||||||
Toast.makeText(context!!, R.string.copied_to_clipboard, Toast.LENGTH_SHORT).show()
|
Toast.makeText(requireContext(), R.string.copied_to_clipboard, Toast.LENGTH_SHORT).show()
|
||||||
}
|
}
|
||||||
|
|
||||||
private fun sharePublicKey() {
|
private fun sharePublicKey() {
|
||||||
@ -149,8 +149,8 @@ class EnterPublicKeyFragment : Fragment() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private fun createPrivateChatIfPossible() {
|
private fun createPrivateChatIfPossible() {
|
||||||
val hexEncodedPublicKey = publicKeyEditText.text.trim().toString()
|
val hexEncodedPublicKey = publicKeyEditText.text?.trim().toString() ?: ""
|
||||||
(activity!! as CreatePrivateChatActivity).createPrivateChatIfPossible(hexEncodedPublicKey)
|
(requireActivity() as CreatePrivateChatActivity).createPrivateChatIfPossible(hexEncodedPublicKey)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// endregion
|
// endregion
|
||||||
|
79
src/org/thoughtcrime/securesms/loki/views/TapJacking.kt
Normal file
79
src/org/thoughtcrime/securesms/loki/views/TapJacking.kt
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
package org.thoughtcrime.securesms.loki.views
|
||||||
|
|
||||||
|
import android.content.Context
|
||||||
|
import android.util.AttributeSet
|
||||||
|
import android.view.MotionEvent
|
||||||
|
import android.widget.Button
|
||||||
|
import android.widget.LinearLayout
|
||||||
|
import android.widget.Toast
|
||||||
|
|
||||||
|
private fun isPotentialTapJack(event: MotionEvent): Boolean {
|
||||||
|
if (event.flags and MotionEvent.FLAG_WINDOW_IS_OBSCURED == MotionEvent.FLAG_WINDOW_IS_OBSCURED) { return true }
|
||||||
|
if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.Q &&
|
||||||
|
(event.flags and MotionEvent.FLAG_WINDOW_IS_PARTIALLY_OBSCURED == MotionEvent.FLAG_WINDOW_IS_PARTIALLY_OBSCURED)) { return true }
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
open class TapJackingProofButton : androidx.appcompat.widget.AppCompatButton {
|
||||||
|
|
||||||
|
constructor(context: Context) : super(context)
|
||||||
|
constructor(context: Context, attrs: AttributeSet) : super(context, attrs)
|
||||||
|
constructor(context: Context, attrs: AttributeSet, defStyleAttr: Int) : super(context, attrs, defStyleAttr)
|
||||||
|
|
||||||
|
override fun onFilterTouchEventForSecurity(event: MotionEvent): Boolean {
|
||||||
|
if (isPotentialTapJack(event)) {
|
||||||
|
Toast.makeText(context, "Interaction temporarily disabled for security purposes.", Toast.LENGTH_LONG).show()
|
||||||
|
return false
|
||||||
|
} else {
|
||||||
|
return super.onFilterTouchEventForSecurity(event)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
open class TapJackingProofEditText : androidx.appcompat.widget.AppCompatEditText {
|
||||||
|
|
||||||
|
constructor(context: Context) : super(context)
|
||||||
|
constructor(context: Context, attrs: AttributeSet) : super(context, attrs)
|
||||||
|
constructor(context: Context, attrs: AttributeSet, defStyleAttr: Int) : super(context, attrs, defStyleAttr)
|
||||||
|
|
||||||
|
override fun onFilterTouchEventForSecurity(event: MotionEvent): Boolean {
|
||||||
|
if (isPotentialTapJack(event)) {
|
||||||
|
Toast.makeText(context, "Interaction temporarily disabled for security purposes.", Toast.LENGTH_LONG).show()
|
||||||
|
return false
|
||||||
|
} else {
|
||||||
|
return super.onFilterTouchEventForSecurity(event)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
open class TapJackingProofTextView : androidx.appcompat.widget.AppCompatTextView {
|
||||||
|
|
||||||
|
constructor(context: Context) : super(context)
|
||||||
|
constructor(context: Context, attrs: AttributeSet) : super(context, attrs)
|
||||||
|
constructor(context: Context, attrs: AttributeSet, defStyleAttr: Int) : super(context, attrs, defStyleAttr)
|
||||||
|
|
||||||
|
override fun onFilterTouchEventForSecurity(event: MotionEvent): Boolean {
|
||||||
|
if (isPotentialTapJack(event)) {
|
||||||
|
Toast.makeText(context, "Interaction temporarily disabled for security purposes.", Toast.LENGTH_LONG).show()
|
||||||
|
return false
|
||||||
|
} else {
|
||||||
|
return super.onFilterTouchEventForSecurity(event)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
open class TapJackingProofLinearLayout : LinearLayout {
|
||||||
|
|
||||||
|
constructor(context: Context) : super(context)
|
||||||
|
constructor(context: Context, attrs: AttributeSet) : super(context, attrs)
|
||||||
|
constructor(context: Context, attrs: AttributeSet, defStyleAttr: Int) : super(context, attrs, defStyleAttr)
|
||||||
|
|
||||||
|
override fun onFilterTouchEventForSecurity(event: MotionEvent): Boolean {
|
||||||
|
if (isPotentialTapJack(event)) {
|
||||||
|
Toast.makeText(context, "Interaction temporarily disabled for security purposes.", Toast.LENGTH_LONG).show()
|
||||||
|
return false
|
||||||
|
} else {
|
||||||
|
return super.onFilterTouchEventForSecurity(event)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
x
Reference in New Issue
Block a user