From e83d6c801bb4f97b9b4b54280ac9e1486e622313 Mon Sep 17 00:00:00 2001 From: Daniel Norman Date: Fri, 17 Nov 2023 20:53:05 +0000 Subject: Enforce permission INJECT_EVENTS for injecting to input filter. Bug: 309426390 Test: atest CtsAccessibilityTestCases:AccessibilityManagerTest Change-Id: I4a63583dcd1c7a7c388fb278ec1c1c53c135e934 --- core/java/android/app/UiAutomationConnection.java | 5 +++++ .../android/server/accessibility/AccessibilityManagerService.java | 2 ++ 2 files changed, 7 insertions(+) diff --git a/core/java/android/app/UiAutomationConnection.java b/core/java/android/app/UiAutomationConnection.java index 34f0964cf823..9831885f291d 100644 --- a/core/java/android/app/UiAutomationConnection.java +++ b/core/java/android/app/UiAutomationConnection.java @@ -183,6 +183,11 @@ public final class UiAutomationConnection extends IUiAutomationConnection.Stub { @Override public void injectInputEventToInputFilter(InputEvent event) throws RemoteException { + synchronized (mLock) { + throwIfCalledByNotTrustedUidLocked(); + throwIfShutdownLocked(); + throwIfNotConnectedLocked(); + } mAccessibilityManager.injectInputEventToInputFilter(event); } diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java index fdb28ba9103e..531227947ba0 100644 --- a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java +++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java @@ -5232,6 +5232,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub @Override public void injectInputEventToInputFilter(InputEvent event) { + mSecurityPolicy.enforceCallingPermission(Manifest.permission.INJECT_EVENTS, + "injectInputEventToInputFilter"); synchronized (mLock) { final long endMillis = SystemClock.uptimeMillis() + WAIT_INPUT_FILTER_INSTALL_TIMEOUT_MS; -- cgit v1.2.3-59-g8ed1b