Android 剪切板敏感信息泄露漏洞解决:禁用EditText的复制粘贴功能
Android 中任何第三方软件都可访问剪切板内容,虽然高版本对剪切板做了访问限制,但是还是需要照顾一下低版本的,解决方法就是要禁用复制剪切选项。下边来看具体实现吧。
1、自定义NoMenuEditText 继承自AppCompatEditText
2、重写isSuggestionsEnabled方法并返回false
创建`canPaste()`方法并返回false。该方法是一个隐藏方法
3、实现ActionMode.Callback回调
private class ActionModeCallbackInterceptor implements ActionMode.Callback {public boolean onCreateActionMode(ActionMode mode, Menu menu) {//删除复制选项MenuItem itemCopy = menu.findItem(android.R.id.copy);if (itemCopy != null) {menu.removeItem(android.R.id.copy);}//删除剪切选项MenuItem itemCut = menu.findItem(android.R.id.cut);if (itemCut != null) {menu.removeItem(android.R.id.cut);}return true;}public boolean onPrepareActionMode(ActionMode mode, Menu menu) {return false;}public boolean onActionItemClicked(ActionMode mode, MenuItem item) {return false;}public void onDestroyActionMode(ActionMode mode) {}}
4、设置回调
this.setLongClickable(false);//this.setTextIsSelectable(false);this.setCustomSelectionActionModeCallback(new ActionModeCallbackInterceptor());//使用该方式基本可以实现禁用粘贴复制功能,6.0以上可用if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {this.setCustomInsertionActionModeCallback(new ActionModeCallbackInterceptor());}
使用以上方式即可禁用掉EditText的复制粘贴功能,但是长按EditTeit控件中的文本时光标会有变化,并且该方式只能在6.0以上版本中使用。如果以上方式不能满足你的需求,请看以下方式:
1、2、3步同上,修改第4步不再用 this.setCustomInsertionActionModeCallback(new ActionModeCallbackInterceptor())方法。
使用以下方式(反射)代替:
this.setOnTouchListener(new OnTouchListener() {@Overridepublic boolean onTouch(View v, MotionEvent event) {NoMenuEditText.this.clearFocus();return false;}});@SuppressLint("ClickableViewAccessibility")@Overridepublic boolean onTouchEvent(MotionEvent event) {if (event.getAction() == MotionEvent.ACTION_DOWN) {// setInsertionDisabled when user touches the viewthis.setInsertionDisabled();}return super.onTouchEvent(event);}private void setInsertionDisabled() {try {Field editorField = TextView.class.getDeclaredField("mEditor");editorField.setAccessible(true);Object editorObject = editorField.get(this);@SuppressLint("PrivateApi") Class editorClass = Class.forName("android.widget.Editor");Field mInsertionControllerEnabledField = editorClass.getDeclaredField("mInsertionControllerEnabled");mInsertionControllerEnabledField.setAccessible(true);mInsertionControllerEnabledField.set(editorObject, false);} catch (Exception ignored) {}}
使用这种方式即可解决第一种方式的版本兼容问题,并且长按EditText控件中的文本光标也不会有任何变化,完美解决剪切板敏感信息泄露问题。希望以上方案对你有所帮助。
完整代码(别忘了点个赞哦):
@SuppressLint("NewApi")public class NoMenuEditText extends AppCompatEditText {private final Context context;/*** 该方法为隐藏方法*/boolean canPaste() {return false;}@Overridepublic boolean isSuggestionsEnabled() {return false;}public NoMenuEditText(Context context) {super(context);this.context = context;init();}public NoMenuEditText(Context context, AttributeSet attrs) {super(context, attrs);this.context = context;init();}public NoMenuEditText(Context context, AttributeSet attrs, int defStyle) {super(context, attrs, defStyle);this.context = context;init();}@SuppressLint("ClickableViewAccessibility")private void init() {this.setLongClickable(false);//this.setTextIsSelectable(false);this.setCustomSelectionActionModeCallback(new ActionModeCallbackInterceptor());//使用该方式基本可以实现禁用粘贴复制功能,6.0以上可用// if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {// this.setCustomInsertionActionModeCallback(new ActionModeCallbackInterceptor());// }this.setOnTouchListener(new OnTouchListener() {@Overridepublic boolean onTouch(View v, MotionEvent event) {NoMenuEditText.this.clearFocus();return false;}});}@SuppressLint("ClickableViewAccessibility")@Overridepublic boolean onTouchEvent(MotionEvent event) {if (event.getAction() == MotionEvent.ACTION_DOWN) {// setInsertionDisabled when user touches the viewthis.setInsertionDisabled();}return super.onTouchEvent(event);}private void setInsertionDisabled() {try {Field editorField = TextView.class.getDeclaredField("mEditor");editorField.setAccessible(true);Object editorObject = editorField.get(this);@SuppressLint("PrivateApi") Class editorClass = Class.forName("android.widget.Editor");Field mInsertionControllerEnabledField = editorClass.getDeclaredField("mInsertionControllerEnabled");mInsertionControllerEnabledField.setAccessible(true);mInsertionControllerEnabledField.set(editorObject, false);} catch (Exception ignored) {}}/*** Prevents the action bar (top horizontal bar with cut,copy,paste,etc.)* from appearing by intercepting the callback that would cause it to be* created,and returning false.*/private class ActionModeCallbackInterceptor implements ActionMode.Callback {public boolean onCreateActionMode(ActionMode mode, Menu menu) {//删除复制选项MenuItem itemCopy = menu.findItem(android.R.id.copy);if (itemCopy != null) {menu.removeItem(android.R.id.copy);}//删除剪切选项MenuItem itemCut = menu.findItem(android.R.id.cut);if (itemCut != null) {menu.removeItem(android.R.id.cut);}return true;}public boolean onPrepareActionMode(ActionMode mode, Menu menu) {return false;}public boolean onActionItemClicked(ActionMode mode, MenuItem item) {return false;}public void onDestroyActionMode(ActionMode mode) {}}}
参考:https://stackoverflow.com/questions/41673185/disable-edittext-context-menu
蔚落
太过爱你忘了你带给我的痛
今天药忘吃喽~
「爱情、让人受尽委屈。」
爱被打了一巴掌
怼烎@
还没有评论,来说两句吧...