[tbb-bugs] #26826 [Applications/Tor Browser]: TBA - Does the app need the SYSTEM_ALERT_WINDOW permission?

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Aug 3 21:11:37 UTC 2018

#26826: TBA - Does the app need the SYSTEM_ALERT_WINDOW permission?
 Reporter:  sysrqb                    |          Owner:  tbb-team
     Type:  task                      |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-mobile                |  Actual Points:
Parent ID:  #24796                    |         Points:
 Reviewer:                            |        Sponsor:

Comment (by sysrqb):

 This is used by the TabQueue subsystem. Quoting the TabQueueService
 The SYSTEM_ALERT_WINDOW permission is used to allow us to insert a View
 this Service which responds to user interaction, whilst still allowing
 is in the background to be seen and interacted with.

 So, this is used when Fennec's `Tab queue` is enabled (`false` by
 default). If a user enables Tab queue in Fennec's Settings->General menu,
 then they are prompted for allowing the SYSTEM_ALERT_WINDOW permission at
 run-time. If the user grants this permission, then whenever the user
 chooses opening a link from another app in Fennec/Tor Browser, that link
 is queued in the tab queue. This additional permission is required because
 the UI presented in the other app when the user performs this action is a
 custom toast popup created by the browser. This toast popup is translucent
 and appears over the origin activity.

 See https://bugzilla.mozilla.org/show_bug.cgi?id=1130368 and a mockup

 and see https://bugzilla.mozilla.org/show_bug.cgi?id=1130368#c4 and
 [https://bugzilla.mozilla.org/show_bug.cgi?id=1130368#c5 c#5] for more
 context. But the reasoning was:

 > Why use a Service here rather than an Activity? If we're the foreground
 > Activity, we can draw over the other application if we don't take up the
 > full-screen (think share overlay [1]). That way we don't need to take
 > SYSTEM_ALERT_WINDOW. Services are typically reserved for background work
 > (i.e. non-drawing).

 This is the main difference between this and the share overlay is that
 this will
 allow the user to ignore the toast and carry on using the application in

 I tried a fair few approaches on this before opting to go down the current
 The issue with using an activity to display the toast is that although we
 can set
 the background of the acitvity to invisible so the user can see the
 behind it, that application is now in a background state which means that
 doesn't respond to touch events and there's no way that I can route touch
 from our activity to the application behind.  This method is the same as
 FB us
 to do their chatheads (http://stackoverflow.com/questions/15975988/what-

 In this context, the share overlay was implemented in Bug 1044947 - mock

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26826#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list