diff options
| author | 2022-04-11 17:31:41 +0000 | |
|---|---|---|
| committer | 2022-05-10 18:40:32 +0000 | |
| commit | 0f9ea02be099947968936258e1f0746a43470a7c (patch) | |
| tree | b639fb756942ddbc7992600fe6fb80b5b400e633 /libs/androidfw/AttributeResolution.cpp | |
| parent | 0656f1c02a22a64ca76567fc9945d87ffbd1efed (diff) | |
Reland: Change input injection security model
This reverts commit 6b3c6cae3ff558a0f452f39060af559a19669dd5.
Changes from revert:
- Explicitly maintain the same behavior as previous versions of Android,
where injection is allowed into all window if the caller has the
INJECT_EVENTS permission, even if it is targeting a certain uid. This
fallback will be removed separately in b/228161340.
- Clear the calling identity before checking if the injection source has
a permisssion to avoid hitting blanket-checks in PackageManager that
denys permissions in some cases, such as if the permission check call
is coming from an instant app (b/228319794).
- Leave the existing IInputManager#injectInputEvent method signature
unchanged, and add a new input method injectInputEventToTarget to
perform targeted injection. This makes it so that tools or apps
relying on the @UnsupportedAppUsage injection method will not be
broken by a change in the method's signature (b/228583652).
Bug: 207667844
Bug: 194952792
Test: Run tests affected by b/228319794 and its duplicates using
cts-tradefed, so that they are also run as instant apps.
Test: Test scrcpy tool works locally
Change-Id: I503e4f087501e3aecf2c18b4b1d27e51ecda59ac
Merged-In: I503e4f087501e3aecf2c18b4b1d27e51ecda59ac
Diffstat (limited to 'libs/androidfw/AttributeResolution.cpp')
0 files changed, 0 insertions, 0 deletions