From 985a1b2d7974265ef7ec57fd2a3f96089abf2d2e Mon Sep 17 00:00:00 2001 From: Prabir Pradhan Date: Tue, 8 Mar 2022 21:05:57 +0000 Subject: Change input injection security model to require INJECT_EVENTS permission Previously, any app could inject input events into the system via the IInputManager#injectInputEvent API. The injection was only allowed if the input event targeted a window owned by the same UID as that of the process calling the API. This had drawbacks metioned in the bug. Here, we change the input injection security model so that the signature permission INJECT_EVENTS is required to inject events. This permission is given to the system and the shell, so input injection can still be done through the 'adb shell input' command. We also allow injection from instrumeted processes where the instrumentation source has the permission. For exmaple, running a test from the shell allows for the test to inject events. We also add support for a targeted injection mode, where the input injection succeeds only if the target window for the event is owned by the provided UID. This allows us to support injection from the Instrumentation class, which only allows for injection into windows owned by the same UID. In contrast to this, injection from the UiAutomation class will target all windows, including system and spy windows. Bug: 207667844 Bug: 194952792 Test: atest inputflinger_tests Test: atest WindowInputTests Test: manual with test app: app cannot inject navigation gestures Change-Id: Ie2d8d0c3d784d389335401e148bf394d817bfd60 --- libs/input/android/os/InputEventInjectionResult.aidl | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'libs') diff --git a/libs/input/android/os/InputEventInjectionResult.aidl b/libs/input/android/os/InputEventInjectionResult.aidl index 34f10ec00e..3bc7068f3c 100644 --- a/libs/input/android/os/InputEventInjectionResult.aidl +++ b/libs/input/android/os/InputEventInjectionResult.aidl @@ -29,9 +29,8 @@ enum InputEventInjectionResult { /* Injection succeeded. */ SUCCEEDED = 0, - /* Injection failed because the injector did not have permission to inject - * into the application with input focus. */ - PERMISSION_DENIED = 1, + /* Injection failed because the injected event did not target the appropriate window. */ + TARGET_MISMATCH = 1, /* Injection failed because there were no available input targets. */ FAILED = 2, -- cgit v1.2.3-59-g8ed1b