diff options
| author | 2018-08-24 10:28:33 -0700 | |
|---|---|---|
| committer | 2018-08-24 10:28:33 -0700 | |
| commit | 01c791539e710c68e326bbcda398fe8b662737c5 (patch) | |
| tree | ecf3c012dd2715a643931875164a160d27ad32b4 | |
| parent | 54cf4aea9f52f8449eee3aef3ae1fae9e3f71715 (diff) | |
Remove IInputMethodManager.{add,remove}Client() from greylist
Apps can never directly IInputMethodManager.{add,remove}Client() in a
meaningful way, because
1. These Binder methods are implemented in InputMethodManagerService
(IMMS) but unnecessarily exposed to application processes. The
only valid caller of these methods is WindowManagerService.
Actually with my recent change [1], any incoming call of these
methods from the application processes will always be rejected.
2. The purpose of these callbacks is maintaining a per-process
callback (IInputMethodClient) from each application process to
IMMS. Since WindowManagerService is responsible for dealing with
this step, there is no reason for app developers to call these
accidentally exposed hidden Binder methods. If there was an
application that was trying to call these methods via reflection,
it must be trying to bypass caller verification of some other IME
APIs by registering a fake IInputMethodClient callback.
3. However, even if an application succeeded to register a fake
IInputMethodClient to IMMS, IMMS still has additional verification
IWindowManager.inputMethodClientHasFocus(IInputMethodClient),
which cannot be spoofed with such a fake connection.
Therefore having these entries hiddenapi-light-greylist.txt must be
either a mistake or no-op.
[1]: Ib9b588d11bd4017e431e3d494863987dd67384fc
6efd55e7b592eb8b04554d6060754d45fe6b80bc
Bug: 112670859
Bug: 112722706
Test: compile
Test: atest CtsInputMethodTestCases CtsInputMethodServiceHostTestCases
Change-Id: I62aa27ceb97446059ce80b00a3369c81b1c70e23
| -rw-r--r-- | config/hiddenapi-light-greylist.txt | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/config/hiddenapi-light-greylist.txt b/config/hiddenapi-light-greylist.txt index 7bf506453a05..196f89cd69ee 100644 --- a/config/hiddenapi-light-greylist.txt +++ b/config/hiddenapi-light-greylist.txt @@ -2438,8 +2438,6 @@ Lcom/android/internal/view/IInputMethodManager$Stub$Proxy;-><init>(Landroid/os/I Lcom/android/internal/view/IInputMethodManager$Stub$Proxy;->getEnabledInputMethodList()Ljava/util/List; Lcom/android/internal/view/IInputMethodManager$Stub;-><init>()V Lcom/android/internal/view/IInputMethodManager$Stub;->asInterface(Landroid/os/IBinder;)Lcom/android/internal/view/IInputMethodManager; -Lcom/android/internal/view/IInputMethodManager;->addClient(Lcom/android/internal/view/IInputMethodClient;Lcom/android/internal/view/IInputContext;II)V -Lcom/android/internal/view/IInputMethodManager;->removeClient(Lcom/android/internal/view/IInputMethodClient;)V Lcom/android/internal/view/IInputMethodSession$Stub;->asInterface(Landroid/os/IBinder;)Lcom/android/internal/view/IInputMethodSession; Lcom/android/internal/widget/ILockSettings$Stub;->asInterface(Landroid/os/IBinder;)Lcom/android/internal/widget/ILockSettings; Lcom/android/internal/widget/ILockSettings;->getBoolean(Ljava/lang/String;ZI)Z |