diff options
| author | 2022-04-11 17:31:41 +0000 | |
|---|---|---|
| committer | 2022-05-04 14:53:14 +0000 | |
| commit | 98a74051df6b8819a39b24b596bee55297ae4ccc (patch) | |
| tree | ce082d8fb43dd69f6f2804aa4562e0c7fb6c61bb /libs/androidfw/StringPool.cpp | |
| parent | 6f6989f05e2a5d0eacd8023219733d4ca64dd0a9 (diff) | |
Reland: Change input injection security model
This reverts commit 6b3c6cae3ff558a0f452f39060af559a19669dd5.
Changes from revert:
- Explicitly maintain the same behavior as previous versions of Android,
where injection is allowed into all window if the caller has the
INJECT_EVENTS permission, even if it is targeting a certain uid. This
fallback will be removed separately in b/228161340.
- Clear the calling identity before checking if the injection source has
a permisssion to avoid hitting blanket-checks in PackageManager that
denys permissions in some cases, such as if the permission check call
is coming from an instant app (b/228319794).
- Leave the existing IInputManager#injectInputEvent method signature
unchanged, and add a new input method injectInputEventToTarget to
perform targeted injection. This makes it so that tools or apps
relying on the @UnsupportedAppUsage injection method will not be
broken by a change in the method's signature (b/228583652).
Bug: 207667844
Bug: 194952792
Test: Run tests affected by b/228319794 and its duplicates using
cts-tradefed, so that they are also run as instant apps.
Test: Test scrcpy tool works locally
Change-Id: I503e4f087501e3aecf2c18b4b1d27e51ecda59ac
Diffstat (limited to 'libs/androidfw/StringPool.cpp')
0 files changed, 0 insertions, 0 deletions