From ee76c372f58cce87d863333ad46c04b219c05566 Mon Sep 17 00:00:00 2001 From: Prabir Pradhan Date: Mon, 1 Apr 2024 18:40:05 +0000 Subject: Move check for secure windows to InputTracer We have a requirement where all windows that use FLAG_SECURE must use InputConfig::SENSITIVE_FOR_TRACING. However, it only makes sense to enforce this condition on windows that can receive input. There are many conditions that determine whether a window is configured to receive input (e.g. touchable region, NOT_TOUCHABLE, NOT_FOCUSABLE, NO_INPUT_CHANNEL, PAUSE_DISPATCHING, NOT_VISIBLE, etc.), so it is not straightforward to tell when this condition should be enforced. Instead of enforcing it when we receive WindowInfos from SF, enforce it in the InputTracer so that we crash if we're trying to trace an event going to a FLAG_SECURE window that isn't marked as senstive for tracing. Bug: 332032185 Test: None Change-Id: I56161c92cb95f775235695128ebdf6d2c7e9884f --- services/inputflinger/dispatcher/InputDispatcher.cpp | 7 ------- services/inputflinger/dispatcher/trace/InputTracer.cpp | 12 ++++++++++-- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/services/inputflinger/dispatcher/InputDispatcher.cpp b/services/inputflinger/dispatcher/InputDispatcher.cpp index 48219bdb04..589e694178 100644 --- a/services/inputflinger/dispatcher/InputDispatcher.cpp +++ b/services/inputflinger/dispatcher/InputDispatcher.cpp @@ -838,13 +838,6 @@ Result validateWindowInfosUpdate(const gui::WindowInfosUpdate& update) { if (!inserted) { return Error() << "Duplicate entry for " << info; } - if (info.layoutParamsFlags.test(WindowInfo::Flag::SECURE) && - !info.inputConfig.test(WindowInfo::InputConfig::NOT_VISIBLE) && - !info.inputConfig.test(WindowInfo::InputConfig::SENSITIVE_FOR_TRACING)) { - return Error() - << "Window with FLAG_SECURE does not set InputConfig::SENSITIVE_FOR_TRACING: " - << info; - } } return {}; } diff --git a/services/inputflinger/dispatcher/trace/InputTracer.cpp b/services/inputflinger/dispatcher/trace/InputTracer.cpp index f8ee95fa9a..415b696e93 100644 --- a/services/inputflinger/dispatcher/trace/InputTracer.cpp +++ b/services/inputflinger/dispatcher/trace/InputTracer.cpp @@ -86,8 +86,16 @@ InputTargetInfo getTargetInfo(const InputTarget& target) { // This is a global monitor, assume its target is the system. return {.uid = gui::Uid{AID_SYSTEM}, .isSecureWindow = false}; } - const bool isSensitiveTarget = target.windowHandle->getInfo()->inputConfig.test( - gui::WindowInfo::InputConfig::SENSITIVE_FOR_TRACING); + const auto& info = *target.windowHandle->getInfo(); + const bool isSensitiveTarget = + info.inputConfig.test(gui::WindowInfo::InputConfig::SENSITIVE_FOR_TRACING); + + // All FLAG_SECURE targets must be marked as sensitive for tracing. + if (info.layoutParamsFlags.test(gui::WindowInfo::Flag::SECURE) && !isSensitiveTarget) { + LOG(FATAL) + << "Input target with FLAG_SECURE does not set InputConfig::SENSITIVE_FOR_TRACING: " + << info; + } return {target.windowHandle->getInfo()->ownerUid, isSensitiveTarget}; } -- cgit v1.2.3-59-g8ed1b