From 0fed2d8e7e2b9757c7c40cd445772d52398478b1 Mon Sep 17 00:00:00 2001 From: Robert Carr Date: Fri, 11 Dec 2020 12:59:08 -0800 Subject: DO NOT MERGE: WM: Only allow system to use NO_INPUT_CHANNEL. NO_INPUT_CHANNEL is a hidden WM flag that allows creation of a window without an input channel. Unfortunately in releases prior to Android R this would allow creation of a Window which will not be known to the InputDispatcher at all. This means that the logic generating FLAG_OBSCURED will work and a window will be able to overlay another window without the overlayed window being notified. In Android R and later this isn't a problem as the InputDispatcher is informed of all windows, input channel or not. For past Android releases, this patch disables NO_INPUT_CHANNEL for use outside of the WM. Bug: 152064592 Test: Existing tests pass Change-Id: I7e1f45cba139eab92e7df88d1e052baba0ae2cc6 --- core/java/android/view/InputChannel.java | 7 +++++++ core/java/android/view/ViewRootImpl.java | 7 ++----- .../core/java/com/android/server/wm/WindowManagerService.java | 9 +++++++-- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/core/java/android/view/InputChannel.java b/core/java/android/view/InputChannel.java index de195ae524c8..6223bc10222c 100644 --- a/core/java/android/view/InputChannel.java +++ b/core/java/android/view/InputChannel.java @@ -103,6 +103,13 @@ public final class InputChannel implements Parcelable { return name != null ? name : "uninitialized"; } + /** + * @hide + */ + public boolean isValid() { + return mPtr != 0; + } + /** * Disposes the input channel. * Explicitly releases the reference this object is holding on the input channel. diff --git a/core/java/android/view/ViewRootImpl.java b/core/java/android/view/ViewRootImpl.java index a1c0967f0ab1..950fb125366f 100644 --- a/core/java/android/view/ViewRootImpl.java +++ b/core/java/android/view/ViewRootImpl.java @@ -745,10 +745,7 @@ public final class ViewRootImpl implements ViewParent, // manager, to make sure we do the relayout before receiving // any other events from the system. requestLayout(); - if ((mWindowAttributes.inputFeatures - & WindowManager.LayoutParams.INPUT_FEATURE_NO_INPUT_CHANNEL) == 0) { - mInputChannel = new InputChannel(); - } + mInputChannel = new InputChannel(); mForceDecorViewVisibility = (mWindowAttributes.privateFlags & PRIVATE_FLAG_FORCE_DECOR_VIEW_VISIBILITY) != 0; try { @@ -838,7 +835,7 @@ public final class ViewRootImpl implements ViewParent, mInputQueueCallback = ((RootViewSurfaceTaker)view).willYouTakeTheInputQueue(); } - if (mInputChannel != null) { + if (mInputChannel.isValid()) { if (mInputQueueCallback != null) { mInputQueue = new InputQueue(); mInputQueueCallback.onInputQueueCreated(mInputQueue); diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java index b438d044d102..96379488ba68 100644 --- a/services/core/java/com/android/server/wm/WindowManagerService.java +++ b/services/core/java/com/android/server/wm/WindowManagerService.java @@ -1348,8 +1348,13 @@ public class WindowManagerService extends IWindowManager.Stub return res; } - final boolean openInputChannels = (outInputChannel != null - && (attrs.inputFeatures & INPUT_FEATURE_NO_INPUT_CHANNEL) == 0); + boolean openInputChannels = (outInputChannel != null + && (attrs.inputFeatures & INPUT_FEATURE_NO_INPUT_CHANNEL) == 0); + if (callingUid != SYSTEM_UID) { + Slog.e(TAG_WM, + "App trying to use insecure INPUT_FEATURE_NO_INPUT_CHANNEL flag. Ignoring"); + openInputChannels = true; + } if (openInputChannels) { win.openInputChannel(outInputChannel); } -- cgit v1.2.3-59-g8ed1b