diff options
| author | 2018-08-16 15:33:10 -0700 | |
|---|---|---|
| committer | 2018-08-16 15:33:10 -0700 | |
| commit | 6efd55e7b592eb8b04554d6060754d45fe6b80bc (patch) | |
| tree | efc6496b45dab57275b39e5fb8d3797ddc6339da /cmds/bootanimation/BootAnimation.cpp | |
| parent | b4fff5c90c89cdf71222a05ffd88c2ff432cae1d (diff) | |
Lock down IInputMethodManger.{add,remove}Client()
User mode processes are mistakenly allowed to call
IInputMethodManger.{add,remove}Client(), which may allow malicious
apps to register fake IInputMethodClient binder endpoints to
InputMethodManagerService (IMMS).
Luckily IMMS also checks whether the client process has a focused
window or not by calling IWindowManager.inputMethodClientHasFocus()
before doing some critical operations such as establishing a new
InputConnection between the client app and the current IME.
With this CL, IInputMethodManger.{add,remove}Client() start correctly
checking the caller process ID so that only the system process can
use those internal callbacks.
Bug: 112670859
Test: atest CtsInputMethodTestCases CtsInputMethodServiceHostTestCases
Change-Id: Ib9b588d11bd4017e431e3d494863987dd67384fc
Diffstat (limited to 'cmds/bootanimation/BootAnimation.cpp')
0 files changed, 0 insertions, 0 deletions