diff options
| -rw-r--r-- | core/java/android/app/AppOpsManager.java | 12 | ||||
| -rw-r--r-- | services/accessibility/java/com/android/server/accessibility/AccessibilityClientConnection.java | 24 |
2 files changed, 35 insertions, 1 deletions
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java index ea22d332cc4e..50e3f0a9a133 100644 --- a/core/java/android/app/AppOpsManager.java +++ b/core/java/android/app/AppOpsManager.java @@ -260,8 +260,10 @@ public class AppOpsManager { public static final int OP_REQUEST_DELETE_PACKAGES = 72; /** @hide Bind an accessibility service. */ public static final int OP_BIND_ACCESSIBILITY_SERVICE = 73; + /** @hide Interact with the system UI via an Accessibility Service */ + public static final int OP_PERFORM_ACCESSIBILITY_ACTION = 74; /** @hide */ - public static final int _NUM_OP = 74; + public static final int _NUM_OP = 75; /** Access to coarse location information. */ public static final String OPSTR_COARSE_LOCATION = "android:coarse_location"; @@ -506,6 +508,7 @@ public class AppOpsManager { OP_CHANGE_WIFI_STATE, OP_REQUEST_DELETE_PACKAGES, OP_BIND_ACCESSIBILITY_SERVICE, + OP_PERFORM_ACCESSIBILITY_ACTION, }; /** @@ -587,6 +590,7 @@ public class AppOpsManager { null, // OP_CHANGE_WIFI_STATE null, // OP_REQUEST_DELETE_PACKAGES null, // OP_BIND_ACCESSIBILITY_SERVICE + null, // OP_PERFORM_ACCESSIBILITY_ACTION }; /** @@ -668,6 +672,7 @@ public class AppOpsManager { "CHANGE_WIFI_STATE", "REQUEST_DELETE_PACKAGES", "BIND_ACCESSIBILITY_SERVICE", + "OP_PERFORM_ACCESSIBILITY_ACTION", }; /** @@ -749,6 +754,7 @@ public class AppOpsManager { Manifest.permission.CHANGE_WIFI_STATE, Manifest.permission.REQUEST_DELETE_PACKAGES, Manifest.permission.BIND_ACCESSIBILITY_SERVICE, + null, // no permission for OP_PERFORM_ACCESSIBILITY_ACTION }; /** @@ -831,6 +837,7 @@ public class AppOpsManager { null, // OP_CHANGE_WIFI_STATE null, // REQUEST_DELETE_PACKAGES null, // OP_BIND_ACCESSIBILITY_SERVICE + null, // OP_PERFORM_ACCESSIBILITY_ACTION }; /** @@ -912,6 +919,7 @@ public class AppOpsManager { false, // OP_CHANGE_WIFI_STATE false, // OP_REQUEST_DELETE_PACKAGES false, // OP_BIND_ACCESSIBILITY_SERVICE + false, // OP_PERFORM_ACCESSIBILITY_ACTION }; /** @@ -992,6 +1000,7 @@ public class AppOpsManager { AppOpsManager.MODE_ALLOWED, // OP_CHANGE_WIFI_STATE AppOpsManager.MODE_ALLOWED, // REQUEST_DELETE_PACKAGES AppOpsManager.MODE_ALLOWED, // OP_BIND_ACCESSIBILITY_SERVICE + AppOpsManager.MODE_ALLOWED, // OP_PERFORM_ACCESSIBILITY_ACTION }; /** @@ -1076,6 +1085,7 @@ public class AppOpsManager { false, // OP_CHANGE_WIFI_STATE false, // OP_REQUEST_DELETE_PACKAGES false, // OP_BIND_ACCESSIBILITY_SERVICE + false, // OP_PERFORM_ACCESSIBILITY_ACTION }; /** diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityClientConnection.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityClientConnection.java index 01679ddad04b..ad31cc5e0c33 100644 --- a/services/accessibility/java/com/android/server/accessibility/AccessibilityClientConnection.java +++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityClientConnection.java @@ -25,6 +25,7 @@ import android.accessibilityservice.IAccessibilityServiceClient; import android.accessibilityservice.IAccessibilityServiceConnection; import android.annotation.NonNull; import android.annotation.Nullable; +import android.app.AppOpsManager; import android.app.PendingIntent; import android.content.ComponentName; import android.content.Context; @@ -39,7 +40,9 @@ import android.os.Handler; import android.os.IBinder; import android.os.Looper; import android.os.Message; +import android.os.Process; import android.os.RemoteException; +import android.os.UserHandle; import android.util.Slog; import android.util.SparseArray; import android.view.KeyEvent; @@ -93,6 +96,7 @@ abstract class AccessibilityClientConnection extends IAccessibilityServiceConnec protected final Object mLock; protected final SecurityPolicy mSecurityPolicy; + private final AppOpsManager mAppOpsManager; // The service that's bound to this instance. Whenever this value is non-null, this // object is registered as a death recipient @@ -250,6 +254,7 @@ abstract class AccessibilityClientConnection extends IAccessibilityServiceConnec mAccessibilityServiceInfo = accessibilityServiceInfo; mLock = lock; mSecurityPolicy = securityPolicy; + mAppOpsManager = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE); mGlobalActionPerformer = globalActionPerfomer; mSystemSupport = systemSupport; mInvocationHandler = new InvocationHandler(mainHandler.getLooper()); @@ -706,6 +711,16 @@ abstract class AccessibilityClientConnection extends IAccessibilityServiceConnec long accessibilityNodeId, int action, Bundle arguments, int interactionId, IAccessibilityInteractionConnectionCallback callback, long interrogatingTid) throws RemoteException { + + // Skip this if the caller is the Accessibility InteractionBridge. + if (UserHandle.getAppId(Binder.getCallingUid()) != Process.SYSTEM_UID) { + if (mAppOpsManager.noteOp(AppOpsManager.OP_PERFORM_ACCESSIBILITY_ACTION, + Binder.getCallingUid(), mComponentName.getPackageName()) + != AppOpsManager.MODE_ALLOWED) { + return false; + } + } + final int resolvedWindowId; IAccessibilityInteractionConnection connection = null; synchronized (mLock) { @@ -725,6 +740,15 @@ abstract class AccessibilityClientConnection extends IAccessibilityServiceConnec @Override public boolean performGlobalAction(int action) { + // Skip this if the caller is the Accessibility InteractionBridge. + if (UserHandle.getAppId(Binder.getCallingUid()) != Process.SYSTEM_UID) { + if (mAppOpsManager.noteOp(AppOpsManager.OP_PERFORM_ACCESSIBILITY_ACTION, + Binder.getCallingUid(), mComponentName.getPackageName()) + != AppOpsManager.MODE_ALLOWED) { + return false; + } + } + synchronized (mLock) { if (!isCalledForCurrentUserLocked()) { return false; |