From 3d993de0d1ada8065d1fe561f690c8f82b6a7d4b Mon Sep 17 00:00:00 2001
From: Josep del Rio <joseprio@google.com>
Date: Mon, 26 Jun 2023 09:30:06 +0000
Subject: Do not share key mappings with JNI object

The key mapping information between the native key mappings and
the KeyCharacterMap object available in Java is currently shared,
which means that a read can be attempted while it's being modified.

Bug: 274058082
Test: Patch tested by Oppo
Change-Id: I745008a0a8ea30830660c45dcebee917b3913d13
---
 core/jni/android_view_InputDevice.cpp | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/core/jni/android_view_InputDevice.cpp b/core/jni/android_view_InputDevice.cpp
index 9cc72437a023..f7c770e0bffb 100644
--- a/core/jni/android_view_InputDevice.cpp
+++ b/core/jni/android_view_InputDevice.cpp
@@ -42,6 +42,13 @@ jobject android_view_InputDevice_create(JNIEnv* env, const InputDeviceInfo& devi
         return NULL;
     }
 
+    // b/274058082: Pass a copy of the key character map to avoid concurrent
+    // access
+    std::shared_ptr<KeyCharacterMap> map = deviceInfo.getKeyCharacterMap();
+    if (map != nullptr) {
+        map = std::make_shared<KeyCharacterMap>(*map);
+    }
+
     ScopedLocalRef<jstring> descriptorObj(env,
             env->NewStringUTF(deviceInfo.getIdentifier().descriptor.c_str()));
     if (!descriptorObj.get()) {
@@ -49,8 +56,8 @@ jobject android_view_InputDevice_create(JNIEnv* env, const InputDeviceInfo& devi
     }
 
     ScopedLocalRef<jobject> kcmObj(env,
-            android_view_KeyCharacterMap_create(env, deviceInfo.getId(),
-            deviceInfo.getKeyCharacterMap()));
+                                   android_view_KeyCharacterMap_create(env, deviceInfo.getId(),
+                                                                       map));
     if (!kcmObj.get()) {
         return NULL;
     }
-- 
cgit v1.2.3-59-g8ed1b