In several functions of inputDispatcher.cpp, there is a possible way to make toasts clickable due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
android.googlesource.com/platform/frameworks/base/+/3b8aa02ba51f26161519f6465515f619e663bbbf
android.googlesource.com/platform/frameworks/base/+/d100067fd62adb4648e966b3306b9a2f3b1fd38e
android.googlesource.com/platform/frameworks/native/+/062a867e94dbf811ccca02e7a6a0f0e36465694a
android.googlesource.com/platform/frameworks/native/+/9cf4a4d4e57d059a4e4119f0a8f2a8be237f28c2
android.googlesource.com/platform/frameworks/native/+/a066d908f6fe28e63ae49327b57fcd31d63fba2d
source.android.com/security/bulletin/2023-05-01