Loading services/accessibility/java/com/android/server/accessibility/AbstractAccessibilityServiceConnection.java +9 −0 Original line number Diff line number Diff line Loading @@ -34,6 +34,7 @@ import static android.view.accessibility.AccessibilityNodeInfo.ACTION_CLEAR_ACCE import static android.view.accessibility.AccessibilityNodeInfo.ACTION_CLICK; import static android.view.accessibility.AccessibilityNodeInfo.ACTION_LONG_CLICK; import static com.android.server.pm.UserManagerService.enforceCurrentUserIfVisibleBackgroundEnabled; import static com.android.window.flags.Flags.deleteCaptureDisplay; import android.accessibilityservice.AccessibilityGestureEvent; Loading Loading @@ -1100,11 +1101,14 @@ abstract class AbstractAccessibilityServiceConnection extends IAccessibilityServ if (svcConnTracingEnabled()) { logTraceSvcConn("performGlobalAction", "action=" + action); } int currentUserId; synchronized (mLock) { if (!hasRightsToCurrentUserLocked()) { return false; } currentUserId = mSystemSupport.getCurrentUserIdLocked(); } enforceCurrentUserIfVisibleBackgroundEnabled(currentUserId); final long identity = Binder.clearCallingIdentity(); try { return mSystemActionPerformer.performSystemAction(action); Loading Loading @@ -2750,6 +2754,11 @@ abstract class AbstractAccessibilityServiceConnection extends IAccessibilityServ @RequiresNoPermission @Override public void setAnimationScale(float scale) { int currentUserId; synchronized (mLock) { currentUserId = mSystemSupport.getCurrentUserIdLocked(); } enforceCurrentUserIfVisibleBackgroundEnabled(currentUserId); final long identity = Binder.clearCallingIdentity(); try { Settings.Global.putFloat( Loading services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java +42 −6 Original line number Diff line number Diff line Loading @@ -63,6 +63,7 @@ import static com.android.internal.accessibility.util.AccessibilityUtils.isUserS import static com.android.internal.util.FunctionalUtils.ignoreRemoteException; import static com.android.internal.util.function.pooled.PooledLambda.obtainMessage; import static com.android.server.accessibility.AccessibilityUserState.doesShortcutTargetsStringContain; import static com.android.server.pm.UserManagerService.enforceCurrentUserIfVisibleBackgroundEnabled; import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin; import android.accessibilityservice.AccessibilityGestureEvent; Loading Loading @@ -309,6 +310,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub private final PowerManager mPowerManager; private final UserManager mUserManager; private final WindowManagerInternal mWindowManagerService; private final AccessibilitySecurityPolicy mSecurityPolicy; Loading Loading @@ -507,6 +510,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub super(permissionEnforcer); mContext = context; mPowerManager = (PowerManager) mContext.getSystemService(Context.POWER_SERVICE); mUserManager = mContext.getSystemService(UserManager.class); mWindowManagerService = LocalServices.getService(WindowManagerInternal.class); mTraceManager = AccessibilityTraceManager.getInstance( mWindowManagerService.getAccessibilityController(), this, mLock); Loading Loading @@ -542,6 +546,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub super(PermissionEnforcer.fromContext(context)); mContext = context; mPowerManager = context.getSystemService(PowerManager.class); mUserManager = context.getSystemService(UserManager.class); mWindowManagerService = LocalServices.getService(WindowManagerInternal.class); mTraceManager = AccessibilityTraceManager.getInstance( mWindowManagerService.getAccessibilityController(), this, mLock); Loading Loading @@ -1263,6 +1268,11 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub @EnforcePermission(MANAGE_ACCESSIBILITY) public void registerSystemAction(RemoteAction action, int actionId) { registerSystemAction_enforcePermission(); int currentUserId; synchronized (mLock) { currentUserId = mCurrentUserId; } enforceCurrentUserIfVisibleBackgroundEnabled(currentUserId); if (mTraceManager.isA11yTracingEnabledForTypes(FLAGS_ACCESSIBILITY_MANAGER)) { mTraceManager.logTrace(LOG_TAG + ".registerSystemAction", FLAGS_ACCESSIBILITY_MANAGER, "action=" + action + ";actionId=" + actionId); Loading @@ -1279,6 +1289,11 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub @EnforcePermission(MANAGE_ACCESSIBILITY) public void unregisterSystemAction(int actionId) { unregisterSystemAction_enforcePermission(); int currentUserId; synchronized (mLock) { currentUserId = mCurrentUserId; } enforceCurrentUserIfVisibleBackgroundEnabled(currentUserId); if (mTraceManager.isA11yTracingEnabledForTypes(FLAGS_ACCESSIBILITY_MANAGER)) { mTraceManager.logTrace(LOG_TAG + ".unregisterSystemAction", FLAGS_ACCESSIBILITY_MANAGER, "actionId=" + actionId); Loading Loading @@ -1606,6 +1621,11 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub @EnforcePermission(STATUS_BAR_SERVICE) public void notifyAccessibilityButtonClicked(int displayId, String targetName) { notifyAccessibilityButtonClicked_enforcePermission(); int currentUserId; synchronized (mLock) { currentUserId = mCurrentUserId; } enforceCurrentUserIfVisibleBackgroundEnabled(currentUserId); if (mTraceManager.isA11yTracingEnabledForTypes(FLAGS_ACCESSIBILITY_MANAGER)) { mTraceManager.logTrace(LOG_TAG + ".notifyAccessibilityButtonClicked", FLAGS_ACCESSIBILITY_MANAGER, Loading Loading @@ -1634,6 +1654,11 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub @EnforcePermission(STATUS_BAR_SERVICE) public void notifyAccessibilityButtonVisibilityChanged(boolean shown) { notifyAccessibilityButtonVisibilityChanged_enforcePermission(); int currentUserId; synchronized (mLock) { currentUserId = mCurrentUserId; } enforceCurrentUserIfVisibleBackgroundEnabled(currentUserId); if (mTraceManager.isA11yTracingEnabledForTypes(FLAGS_ACCESSIBILITY_MANAGER)) { mTraceManager.logTrace(LOG_TAG + ".notifyAccessibilityButtonVisibilityChanged", FLAGS_ACCESSIBILITY_MANAGER, "shown=" + shown); Loading Loading @@ -1974,9 +1999,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub this, 0, oldUserState.mUserId)); } // Announce user changes only if more that one exist. UserManager userManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE); final boolean announceNewUser = userManager.getUsers().size() > 1; // Announce user changes only if more than one exist. final boolean announceNewUser = mUserManager.getUsers().size() > 1; // The user changed. mCurrentUserId = userId; Loading Loading @@ -2017,10 +2041,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub synchronized (mLock) { AccessibilityUserState userState = getCurrentUserStateLocked(); if (userState.isHandlingAccessibilityEventsLocked()) { UserManager userManager = (UserManager) mContext.getSystemService( Context.USER_SERVICE); String message = mContext.getString(R.string.user_switched, userManager.getUserInfo(mCurrentUserId).name); mUserManager.getUserInfo(mCurrentUserId).name); AccessibilityEvent event = AccessibilityEvent.obtain( AccessibilityEvent.TYPE_ANNOUNCEMENT); event.getText().add(message); Loading Loading @@ -3185,6 +3207,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub } } @GuardedBy("mLock") private void updateWindowsForAccessibilityCallbackLocked(AccessibilityUserState userState) { // We observe windows for accessibility only if there is at least // one bound service that can retrieve window content that specified Loading @@ -3211,6 +3234,14 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub for (int i = 0; i < displays.size(); i++) { final Display display = displays.get(i); if (display != null) { // When supporting visible background users, only track windows on the display // assigned to the current user. The proxy displays are registered only to the // current user. if (UserManager.isVisibleBackgroundUsersEnabled() && !mProxyManager.isProxyedDisplay(display.getDisplayId()) && !mUmi.isUserVisible(mCurrentUserId, display.getDisplayId())) { continue; } if (observingWindows) { mA11yWindowManager.startTrackingWindows(display.getDisplayId(), mProxyManager.isProxyedDisplay(display.getDisplayId())); Loading Loading @@ -4799,6 +4830,11 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub throws RemoteException { registerProxyForDisplay_enforcePermission(); mSecurityPolicy.checkForAccessibilityPermissionOrRole(); int currentUserId; synchronized (mLock) { currentUserId = mCurrentUserId; } enforceCurrentUserIfVisibleBackgroundEnabled(currentUserId); if (client == null) { return false; } Loading services/core/java/com/android/server/pm/UserManagerService.java +33 −0 Original line number Diff line number Diff line Loading @@ -25,6 +25,7 @@ import static android.content.pm.PackageManager.FEATURE_AUTOMOTIVE; import static android.content.pm.PackageManager.FEATURE_EMBEDDED; import static android.content.pm.PackageManager.FEATURE_LEANBACK; import static android.content.pm.PackageManager.FEATURE_WATCH; import static android.os.UserHandle.USER_SYSTEM; import static android.os.UserManager.DEV_CREATE_OVERRIDE_PROPERTY; import static android.os.UserManager.DISALLOW_USER_SWITCH; import static android.os.UserManager.SYSTEM_USER_MODE_EMULATION_PROPERTY; Loading Loading @@ -2517,6 +2518,38 @@ public class UserManagerService extends IUserManager.Stub { return mUserVisibilityMediator.isUserVisible(userId); } /** * This method validates whether calling user is valid in visible background users feature. * Valid user is the current user or the system or in the same profile group as the current * user. Visible background users are not valid calling users. */ public static void enforceCurrentUserIfVisibleBackgroundEnabled(@UserIdInt int currentUserId) { if (!UserManager.isVisibleBackgroundUsersEnabled()) { return; } final int callingUserId = UserHandle.getCallingUserId(); if (DBG) { Slog.d(LOG_TAG, "enforceValidCallingUser: callingUserId=" + callingUserId + " isSystemUser=" + (callingUserId == USER_SYSTEM) + " currentUserId=" + currentUserId + " callingPid=" + Binder.getCallingPid() + " callingUid=" + Binder.getCallingUid()); } final long ident = Binder.clearCallingIdentity(); try { if (callingUserId != USER_SYSTEM && callingUserId != currentUserId && !UserManagerService.getInstance() .isSameProfileGroup(callingUserId, currentUserId)) { throw new SecurityException( "Invalid calling user on devices that enable visible background users. " + "callingUserId=" + callingUserId + " currentUserId=" + currentUserId); } } finally { Binder.restoreCallingIdentity(ident); } } /** * Gets the current and target user ids as a {@link Pair}, calling * {@link ActivityManagerInternal} directly (and without performing any permission check). Loading Loading
services/accessibility/java/com/android/server/accessibility/AbstractAccessibilityServiceConnection.java +9 −0 Original line number Diff line number Diff line Loading @@ -34,6 +34,7 @@ import static android.view.accessibility.AccessibilityNodeInfo.ACTION_CLEAR_ACCE import static android.view.accessibility.AccessibilityNodeInfo.ACTION_CLICK; import static android.view.accessibility.AccessibilityNodeInfo.ACTION_LONG_CLICK; import static com.android.server.pm.UserManagerService.enforceCurrentUserIfVisibleBackgroundEnabled; import static com.android.window.flags.Flags.deleteCaptureDisplay; import android.accessibilityservice.AccessibilityGestureEvent; Loading Loading @@ -1100,11 +1101,14 @@ abstract class AbstractAccessibilityServiceConnection extends IAccessibilityServ if (svcConnTracingEnabled()) { logTraceSvcConn("performGlobalAction", "action=" + action); } int currentUserId; synchronized (mLock) { if (!hasRightsToCurrentUserLocked()) { return false; } currentUserId = mSystemSupport.getCurrentUserIdLocked(); } enforceCurrentUserIfVisibleBackgroundEnabled(currentUserId); final long identity = Binder.clearCallingIdentity(); try { return mSystemActionPerformer.performSystemAction(action); Loading Loading @@ -2750,6 +2754,11 @@ abstract class AbstractAccessibilityServiceConnection extends IAccessibilityServ @RequiresNoPermission @Override public void setAnimationScale(float scale) { int currentUserId; synchronized (mLock) { currentUserId = mSystemSupport.getCurrentUserIdLocked(); } enforceCurrentUserIfVisibleBackgroundEnabled(currentUserId); final long identity = Binder.clearCallingIdentity(); try { Settings.Global.putFloat( Loading
services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java +42 −6 Original line number Diff line number Diff line Loading @@ -63,6 +63,7 @@ import static com.android.internal.accessibility.util.AccessibilityUtils.isUserS import static com.android.internal.util.FunctionalUtils.ignoreRemoteException; import static com.android.internal.util.function.pooled.PooledLambda.obtainMessage; import static com.android.server.accessibility.AccessibilityUserState.doesShortcutTargetsStringContain; import static com.android.server.pm.UserManagerService.enforceCurrentUserIfVisibleBackgroundEnabled; import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin; import android.accessibilityservice.AccessibilityGestureEvent; Loading Loading @@ -309,6 +310,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub private final PowerManager mPowerManager; private final UserManager mUserManager; private final WindowManagerInternal mWindowManagerService; private final AccessibilitySecurityPolicy mSecurityPolicy; Loading Loading @@ -507,6 +510,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub super(permissionEnforcer); mContext = context; mPowerManager = (PowerManager) mContext.getSystemService(Context.POWER_SERVICE); mUserManager = mContext.getSystemService(UserManager.class); mWindowManagerService = LocalServices.getService(WindowManagerInternal.class); mTraceManager = AccessibilityTraceManager.getInstance( mWindowManagerService.getAccessibilityController(), this, mLock); Loading Loading @@ -542,6 +546,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub super(PermissionEnforcer.fromContext(context)); mContext = context; mPowerManager = context.getSystemService(PowerManager.class); mUserManager = context.getSystemService(UserManager.class); mWindowManagerService = LocalServices.getService(WindowManagerInternal.class); mTraceManager = AccessibilityTraceManager.getInstance( mWindowManagerService.getAccessibilityController(), this, mLock); Loading Loading @@ -1263,6 +1268,11 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub @EnforcePermission(MANAGE_ACCESSIBILITY) public void registerSystemAction(RemoteAction action, int actionId) { registerSystemAction_enforcePermission(); int currentUserId; synchronized (mLock) { currentUserId = mCurrentUserId; } enforceCurrentUserIfVisibleBackgroundEnabled(currentUserId); if (mTraceManager.isA11yTracingEnabledForTypes(FLAGS_ACCESSIBILITY_MANAGER)) { mTraceManager.logTrace(LOG_TAG + ".registerSystemAction", FLAGS_ACCESSIBILITY_MANAGER, "action=" + action + ";actionId=" + actionId); Loading @@ -1279,6 +1289,11 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub @EnforcePermission(MANAGE_ACCESSIBILITY) public void unregisterSystemAction(int actionId) { unregisterSystemAction_enforcePermission(); int currentUserId; synchronized (mLock) { currentUserId = mCurrentUserId; } enforceCurrentUserIfVisibleBackgroundEnabled(currentUserId); if (mTraceManager.isA11yTracingEnabledForTypes(FLAGS_ACCESSIBILITY_MANAGER)) { mTraceManager.logTrace(LOG_TAG + ".unregisterSystemAction", FLAGS_ACCESSIBILITY_MANAGER, "actionId=" + actionId); Loading Loading @@ -1606,6 +1621,11 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub @EnforcePermission(STATUS_BAR_SERVICE) public void notifyAccessibilityButtonClicked(int displayId, String targetName) { notifyAccessibilityButtonClicked_enforcePermission(); int currentUserId; synchronized (mLock) { currentUserId = mCurrentUserId; } enforceCurrentUserIfVisibleBackgroundEnabled(currentUserId); if (mTraceManager.isA11yTracingEnabledForTypes(FLAGS_ACCESSIBILITY_MANAGER)) { mTraceManager.logTrace(LOG_TAG + ".notifyAccessibilityButtonClicked", FLAGS_ACCESSIBILITY_MANAGER, Loading Loading @@ -1634,6 +1654,11 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub @EnforcePermission(STATUS_BAR_SERVICE) public void notifyAccessibilityButtonVisibilityChanged(boolean shown) { notifyAccessibilityButtonVisibilityChanged_enforcePermission(); int currentUserId; synchronized (mLock) { currentUserId = mCurrentUserId; } enforceCurrentUserIfVisibleBackgroundEnabled(currentUserId); if (mTraceManager.isA11yTracingEnabledForTypes(FLAGS_ACCESSIBILITY_MANAGER)) { mTraceManager.logTrace(LOG_TAG + ".notifyAccessibilityButtonVisibilityChanged", FLAGS_ACCESSIBILITY_MANAGER, "shown=" + shown); Loading Loading @@ -1974,9 +1999,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub this, 0, oldUserState.mUserId)); } // Announce user changes only if more that one exist. UserManager userManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE); final boolean announceNewUser = userManager.getUsers().size() > 1; // Announce user changes only if more than one exist. final boolean announceNewUser = mUserManager.getUsers().size() > 1; // The user changed. mCurrentUserId = userId; Loading Loading @@ -2017,10 +2041,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub synchronized (mLock) { AccessibilityUserState userState = getCurrentUserStateLocked(); if (userState.isHandlingAccessibilityEventsLocked()) { UserManager userManager = (UserManager) mContext.getSystemService( Context.USER_SERVICE); String message = mContext.getString(R.string.user_switched, userManager.getUserInfo(mCurrentUserId).name); mUserManager.getUserInfo(mCurrentUserId).name); AccessibilityEvent event = AccessibilityEvent.obtain( AccessibilityEvent.TYPE_ANNOUNCEMENT); event.getText().add(message); Loading Loading @@ -3185,6 +3207,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub } } @GuardedBy("mLock") private void updateWindowsForAccessibilityCallbackLocked(AccessibilityUserState userState) { // We observe windows for accessibility only if there is at least // one bound service that can retrieve window content that specified Loading @@ -3211,6 +3234,14 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub for (int i = 0; i < displays.size(); i++) { final Display display = displays.get(i); if (display != null) { // When supporting visible background users, only track windows on the display // assigned to the current user. The proxy displays are registered only to the // current user. if (UserManager.isVisibleBackgroundUsersEnabled() && !mProxyManager.isProxyedDisplay(display.getDisplayId()) && !mUmi.isUserVisible(mCurrentUserId, display.getDisplayId())) { continue; } if (observingWindows) { mA11yWindowManager.startTrackingWindows(display.getDisplayId(), mProxyManager.isProxyedDisplay(display.getDisplayId())); Loading Loading @@ -4799,6 +4830,11 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub throws RemoteException { registerProxyForDisplay_enforcePermission(); mSecurityPolicy.checkForAccessibilityPermissionOrRole(); int currentUserId; synchronized (mLock) { currentUserId = mCurrentUserId; } enforceCurrentUserIfVisibleBackgroundEnabled(currentUserId); if (client == null) { return false; } Loading
services/core/java/com/android/server/pm/UserManagerService.java +33 −0 Original line number Diff line number Diff line Loading @@ -25,6 +25,7 @@ import static android.content.pm.PackageManager.FEATURE_AUTOMOTIVE; import static android.content.pm.PackageManager.FEATURE_EMBEDDED; import static android.content.pm.PackageManager.FEATURE_LEANBACK; import static android.content.pm.PackageManager.FEATURE_WATCH; import static android.os.UserHandle.USER_SYSTEM; import static android.os.UserManager.DEV_CREATE_OVERRIDE_PROPERTY; import static android.os.UserManager.DISALLOW_USER_SWITCH; import static android.os.UserManager.SYSTEM_USER_MODE_EMULATION_PROPERTY; Loading Loading @@ -2517,6 +2518,38 @@ public class UserManagerService extends IUserManager.Stub { return mUserVisibilityMediator.isUserVisible(userId); } /** * This method validates whether calling user is valid in visible background users feature. * Valid user is the current user or the system or in the same profile group as the current * user. Visible background users are not valid calling users. */ public static void enforceCurrentUserIfVisibleBackgroundEnabled(@UserIdInt int currentUserId) { if (!UserManager.isVisibleBackgroundUsersEnabled()) { return; } final int callingUserId = UserHandle.getCallingUserId(); if (DBG) { Slog.d(LOG_TAG, "enforceValidCallingUser: callingUserId=" + callingUserId + " isSystemUser=" + (callingUserId == USER_SYSTEM) + " currentUserId=" + currentUserId + " callingPid=" + Binder.getCallingPid() + " callingUid=" + Binder.getCallingUid()); } final long ident = Binder.clearCallingIdentity(); try { if (callingUserId != USER_SYSTEM && callingUserId != currentUserId && !UserManagerService.getInstance() .isSameProfileGroup(callingUserId, currentUserId)) { throw new SecurityException( "Invalid calling user on devices that enable visible background users. " + "callingUserId=" + callingUserId + " currentUserId=" + currentUserId); } } finally { Binder.restoreCallingIdentity(ident); } } /** * Gets the current and target user ids as a {@link Pair}, calling * {@link ActivityManagerInternal} directly (and without performing any permission check). Loading
