diff options
| author | 2022-01-26 10:49:18 -0800 | |
|---|---|---|
| committer | 2022-01-26 11:50:55 -0800 | |
| commit | 501ee91b957eab6feb05832168573f51573efced (patch) | |
| tree | 8aac5b86b62fbedaaf0f513b7ad4abfeadeec5f0 | |
| parent | 2d7b60e99cc35b48d4f69791c500a0071e1489b6 (diff) | |
Reland "SurfaceControlViewHost: Restrict disclosure of input token""
The original CL only updated one of the two implementations of
grantEmbeddedWindowFocus, and for as of yet unknown reasons
presubmit did not detect the failure until after it landed.
Bug: 215912712
Test: SurfaceControlViewHostTests
Change-Id: Ie278f678f12f50c32f142a4260ff7d1c2a9ca57c
6 files changed, 60 insertions, 21 deletions
diff --git a/core/java/android/view/IWindowSession.aidl b/core/java/android/view/IWindowSession.aidl index ccf1e44f8b6d..32054b1cdc13 100644 --- a/core/java/android/view/IWindowSession.aidl +++ b/core/java/android/view/IWindowSession.aidl @@ -298,7 +298,7 @@ interface IWindowSession { */ void grantInputChannel(int displayId, in SurfaceControl surface, in IWindow window, in IBinder hostInputToken, int flags, int privateFlags, int type, - out InputChannel outInputChannel); + in IBinder focusGrantToken, out InputChannel outInputChannel); /** * Update the flags on an input channel associated with a particular surface. diff --git a/core/java/android/view/SurfaceControlViewHost.java b/core/java/android/view/SurfaceControlViewHost.java index 85a9dbd736ed..22baa692428a 100644 --- a/core/java/android/view/SurfaceControlViewHost.java +++ b/core/java/android/view/SurfaceControlViewHost.java @@ -274,7 +274,7 @@ public class SurfaceControlViewHost { public @Nullable SurfacePackage getSurfacePackage() { if (mSurfaceControl != null && mAccessibilityEmbeddedConnection != null) { return new SurfacePackage(mSurfaceControl, mAccessibilityEmbeddedConnection, - mViewRoot.getInputToken(), mRemoteInterface); + mWm.getFocusGrantToken(), mRemoteInterface); } else { return null; } diff --git a/core/java/android/view/WindowlessWindowManager.java b/core/java/android/view/WindowlessWindowManager.java index 3392edce479d..5ec9654d5b1c 100644 --- a/core/java/android/view/WindowlessWindowManager.java +++ b/core/java/android/view/WindowlessWindowManager.java @@ -21,6 +21,7 @@ import android.content.res.Configuration; import android.graphics.PixelFormat; import android.graphics.Rect; import android.graphics.Region; +import android.os.Binder; import android.os.IBinder; import android.os.RemoteCallback; import android.os.RemoteException; @@ -75,6 +76,7 @@ public class WindowlessWindowManager implements IWindowSession { private final Configuration mConfiguration; private final IWindowSession mRealWm; private final IBinder mHostInputToken; + private final IBinder mFocusGrantToken = new Binder(); private int mForceHeight = -1; private int mForceWidth = -1; @@ -91,6 +93,10 @@ public class WindowlessWindowManager implements IWindowSession { mConfiguration.setTo(configuration); } + IBinder getFocusGrantToken() { + return mFocusGrantToken; + } + /** * Utility API. */ @@ -153,10 +159,10 @@ public class WindowlessWindowManager implements IWindowSession { mRealWm.grantInputChannel(displayId, new SurfaceControl(sc, "WindowlessWindowManager.addToDisplay"), window, mHostInputToken, attrs.flags, attrs.privateFlags, attrs.type, - outInputChannel); + mFocusGrantToken, outInputChannel); } else { mRealWm.grantInputChannel(displayId, sc, window, mHostInputToken, attrs.flags, - attrs.privateFlags, attrs.type, outInputChannel); + attrs.privateFlags, attrs.type, mFocusGrantToken, outInputChannel); } } catch (RemoteException e) { Log.e(TAG, "Failed to grant input to surface: ", e); @@ -469,7 +475,7 @@ public class WindowlessWindowManager implements IWindowSession { @Override public void grantInputChannel(int displayId, SurfaceControl surface, IWindow window, - IBinder hostInputToken, int flags, int privateFlags, int type, + IBinder hostInputToken, int flags, int privateFlags, int type, IBinder focusGrantToken, InputChannel outInputChannel) { } diff --git a/services/core/java/com/android/server/wm/EmbeddedWindowController.java b/services/core/java/com/android/server/wm/EmbeddedWindowController.java index 0e2d84779602..8db43066eae5 100644 --- a/services/core/java/com/android/server/wm/EmbeddedWindowController.java +++ b/services/core/java/com/android/server/wm/EmbeddedWindowController.java @@ -41,6 +41,8 @@ class EmbeddedWindowController { private static final String TAG = TAG_WITH_CLASS_NAME ? "EmbeddedWindowController" : TAG_WM; /* maps input token to an embedded window */ private ArrayMap<IBinder /*input token */, EmbeddedWindow> mWindows = new ArrayMap<>(); + private ArrayMap<IBinder /*focus grant token */, EmbeddedWindow> mWindowsByFocusToken = + new ArrayMap<>(); private final Object mGlobalLock; private final ActivityTaskManagerService mAtmService; @@ -59,10 +61,13 @@ class EmbeddedWindowController { void add(IBinder inputToken, EmbeddedWindow window) { try { mWindows.put(inputToken, window); + final IBinder focusToken = window.getFocusGrantToken(); + mWindowsByFocusToken.put(focusToken, window); updateProcessController(window); window.mClient.asBinder().linkToDeath(()-> { synchronized (mGlobalLock) { mWindows.remove(inputToken); + mWindowsByFocusToken.remove(focusToken); } }, 0); } catch (RemoteException e) { @@ -98,8 +103,8 @@ class EmbeddedWindowController { return embeddedWindow != null ? embeddedWindow.getIsOverlay() : false; } - void setIsOverlay(IBinder inputToken) { - EmbeddedWindow embeddedWindow = mWindows.get(inputToken); + void setIsOverlay(IBinder focusGrantToken) { + EmbeddedWindow embeddedWindow = mWindowsByFocusToken.get(focusGrantToken); if (embeddedWindow != null) { embeddedWindow.setIsOverlay(); } @@ -107,8 +112,10 @@ class EmbeddedWindowController { void remove(IWindow client) { for (int i = mWindows.size() - 1; i >= 0; i--) { - if (mWindows.valueAt(i).mClient.asBinder() == client.asBinder()) { + EmbeddedWindow ew = mWindows.valueAt(i); + if (ew.mClient.asBinder() == client.asBinder()) { mWindows.removeAt(i).onRemoved(); + mWindowsByFocusToken.remove(ew.getFocusGrantToken()); return; } } @@ -116,8 +123,10 @@ class EmbeddedWindowController { void onWindowRemoved(WindowState host) { for (int i = mWindows.size() - 1; i >= 0; i--) { - if (mWindows.valueAt(i).mHostWindowState == host) { + EmbeddedWindow ew = mWindows.valueAt(i); + if (ew.mHostWindowState == host) { mWindows.removeAt(i).onRemoved(); + mWindowsByFocusToken.remove(ew.getFocusGrantToken()); } } } @@ -126,6 +135,10 @@ class EmbeddedWindowController { return mWindows.get(inputToken); } + EmbeddedWindow getByFocusToken(IBinder focusGrantToken) { + return mWindowsByFocusToken.get(focusGrantToken); + } + void onActivityRemoved(ActivityRecord activityRecord) { for (int i = mWindows.size() - 1; i >= 0; i--) { final EmbeddedWindow window = mWindows.valueAt(i); @@ -157,6 +170,8 @@ class EmbeddedWindowController { // and this variable is mostly used for tracking that. boolean mIsOverlay = false; + private IBinder mFocusGrantToken; + /** * @param session calling session to check ownership of the window * @param clientToken client token used to clean up the map if the embedding process dies @@ -171,7 +186,7 @@ class EmbeddedWindowController { */ EmbeddedWindow(Session session, WindowManagerService service, IWindow clientToken, WindowState hostWindowState, int ownerUid, int ownerPid, int windowType, - int displayId) { + int displayId, IBinder focusGrantToken) { mSession = session; mWmService = service; mClient = clientToken; @@ -182,6 +197,7 @@ class EmbeddedWindowController { mOwnerPid = ownerPid; mWindowType = windowType; mDisplayId = displayId; + mFocusGrantToken = focusGrantToken; } @Override @@ -242,6 +258,17 @@ class EmbeddedWindowController { return mIsOverlay; } + IBinder getFocusGrantToken() { + return mFocusGrantToken; + } + + IBinder getInputChannelToken() { + if (mInputChannel != null) { + return mInputChannel.getToken(); + } + return null; + } + /** * System hosted overlays need the WM to invoke grantEmbeddedWindowFocus and * so we need to participate inside handlePointerDownOutsideFocus logic @@ -255,7 +282,7 @@ class EmbeddedWindowController { private void handleTap(boolean grantFocus) { if (mInputChannel != null) { - mWmService.grantEmbeddedWindowFocus(mSession, mInputChannel.getToken(), grantFocus); + mWmService.grantEmbeddedWindowFocus(mSession, mFocusGrantToken, grantFocus); } } diff --git a/services/core/java/com/android/server/wm/Session.java b/services/core/java/com/android/server/wm/Session.java index 9b94f44be714..98acc4607d18 100644 --- a/services/core/java/com/android/server/wm/Session.java +++ b/services/core/java/com/android/server/wm/Session.java @@ -813,7 +813,7 @@ class Session extends IWindowSession.Stub implements IBinder.DeathRecipient { @Override public void grantInputChannel(int displayId, SurfaceControl surface, IWindow window, IBinder hostInputToken, int flags, int privateFlags, int type, - InputChannel outInputChannel) { + IBinder focusGrantToken, InputChannel outInputChannel) { if (hostInputToken == null && !mCanAddInternalSystemWindow) { // Callers without INTERNAL_SYSTEM_WINDOW permission cannot grant input channel to // embedded windows without providing a host window input token @@ -829,7 +829,7 @@ class Session extends IWindowSession.Stub implements IBinder.DeathRecipient { try { mService.grantInputChannel(this, mUid, mPid, displayId, surface, window, hostInputToken, flags, mCanAddInternalSystemWindow ? privateFlags : 0, - mCanAddInternalSystemWindow ? type : 0, outInputChannel); + mCanAddInternalSystemWindow ? type : 0, focusGrantToken, outInputChannel); } finally { Binder.restoreCallingIdentity(identity); } diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java index eb1274c18147..db022161e2c3 100644 --- a/services/core/java/com/android/server/wm/WindowManagerService.java +++ b/services/core/java/com/android/server/wm/WindowManagerService.java @@ -8276,7 +8276,8 @@ public class WindowManagerService extends IWindowManager.Stub */ void grantInputChannel(Session session, int callingUid, int callingPid, int displayId, SurfaceControl surface, IWindow window, IBinder hostInputToken, - int flags, int privateFlags, int type, InputChannel outInputChannel) { + int flags, int privateFlags, int type, IBinder focusGrantToken, + InputChannel outInputChannel) { final InputApplicationHandle applicationHandle; final String name; final InputChannel clientChannel; @@ -8284,7 +8285,7 @@ public class WindowManagerService extends IWindowManager.Stub EmbeddedWindowController.EmbeddedWindow win = new EmbeddedWindowController.EmbeddedWindow(session, this, window, mInputToWindowMap.get(hostInputToken), callingUid, callingPid, type, - displayId); + displayId, focusGrantToken); clientChannel = win.openInputChannel(); mEmbeddedWindowController.add(clientChannel.getToken(), win); applicationHandle = win.getApplicationHandle(); @@ -8563,10 +8564,10 @@ public class WindowManagerService extends IWindowManager.Stub } } - void grantEmbeddedWindowFocus(Session session, IBinder inputToken, boolean grantFocus) { + void grantEmbeddedWindowFocus(Session session, IBinder focusToken, boolean grantFocus) { synchronized (mGlobalLock) { final EmbeddedWindowController.EmbeddedWindow embeddedWindow = - mEmbeddedWindowController.get(inputToken); + mEmbeddedWindowController.getByFocusToken(focusToken); if (embeddedWindow == null) { Slog.e(TAG, "Embedded window not found"); return; @@ -8575,6 +8576,11 @@ public class WindowManagerService extends IWindowManager.Stub Slog.e(TAG, "Window not in session:" + session); return; } + IBinder inputToken = embeddedWindow.getInputChannelToken(); + if (inputToken == null) { + Slog.e(TAG, "Focus token found but input channel token not found"); + return; + } SurfaceControl.Transaction t = mTransactionFactory.get(); final int displayId = embeddedWindow.mDisplayId; if (grantFocus) { @@ -8604,7 +8610,7 @@ public class WindowManagerService extends IWindowManager.Stub } } - void grantEmbeddedWindowFocus(Session session, IWindow callingWindow, IBinder targetInputToken, + void grantEmbeddedWindowFocus(Session session, IWindow callingWindow, IBinder targetFocusToken, boolean grantFocus) { synchronized (mGlobalLock) { final WindowState hostWindow = @@ -8618,7 +8624,7 @@ public class WindowManagerService extends IWindowManager.Stub return; } final EmbeddedWindowController.EmbeddedWindow embeddedWindow = - mEmbeddedWindowController.get(targetInputToken); + mEmbeddedWindowController.getByFocusToken(targetFocusToken); if (embeddedWindow == null) { Slog.e(TAG, "Embedded window not found"); return; @@ -8629,7 +8635,7 @@ public class WindowManagerService extends IWindowManager.Stub } SurfaceControl.Transaction t = mTransactionFactory.get(); if (grantFocus) { - t.requestFocusTransfer(targetInputToken, embeddedWindow.toString(), + t.requestFocusTransfer(embeddedWindow.getInputChannelToken(), embeddedWindow.toString(), hostWindow.mInputChannel.getToken(), hostWindow.getName(), hostWindow.getDisplayId()).apply(); @@ -8638,7 +8644,7 @@ public class WindowManagerService extends IWindowManager.Stub "reason=grantEmbeddedWindowFocus(true)"); } else { t.requestFocusTransfer(hostWindow.mInputChannel.getToken(), hostWindow.getName(), - targetInputToken, + embeddedWindow.getInputChannelToken(), embeddedWindow.toString(), hostWindow.getDisplayId()).apply(); EventLog.writeEvent(LOGTAG_INPUT_FOCUS, |