SurfaceControlViewHost: Restrict disclosure of input token (131444d5) · Commits · e / os / android_frameworks_base

core/java/android/view/IWindowSession.aidl

+1 −1

Original line number	Diff line number	Diff line
		@@ -295,7 +295,7 @@ interface IWindowSession {
		*/
		void grantInputChannel(int displayId, in SurfaceControl surface, in IWindow window,
		in IBinder hostInputToken, int flags, int privateFlags, int type,
		out InputChannel outInputChannel);
		in IBinder focusGrantToken, out InputChannel outInputChannel);

		/**
		* Update the flags on an input channel associated with a particular surface.

core/java/android/view/SurfaceControlViewHost.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -274,7 +274,7 @@ public class SurfaceControlViewHost {
		public @Nullable SurfacePackage getSurfacePackage() {
		if (mSurfaceControl != null && mAccessibilityEmbeddedConnection != null) {
		return new SurfacePackage(mSurfaceControl, mAccessibilityEmbeddedConnection,
		mViewRoot.getInputToken(), mRemoteInterface);
		mWm.getFocusGrantToken(), mRemoteInterface);
		} else {
		return null;
		}

core/java/android/view/WindowlessWindowManager.java

+9 −3

Original line number	Diff line number	Diff line
		@@ -22,6 +22,7 @@ import android.graphics.PixelFormat;
		import android.graphics.Point;
		import android.graphics.Rect;
		import android.graphics.Region;
		import android.os.Binder;
		import android.os.IBinder;
		import android.os.RemoteCallback;
		import android.os.RemoteException;
		@@ -75,6 +76,7 @@ public class WindowlessWindowManager implements IWindowSession {
		private final Configuration mConfiguration;
		private final IWindowSession mRealWm;
		private final IBinder mHostInputToken;
		private final IBinder mFocusGrantToken = new Binder();

		private int mForceHeight = -1;
		private int mForceWidth = -1;
		@@ -91,6 +93,10 @@ public class WindowlessWindowManager implements IWindowSession {
		mConfiguration.setTo(configuration);
		}

		IBinder getFocusGrantToken() {
		return mFocusGrantToken;
		}

		/**
		* Utility API.
		*/
		@@ -153,10 +159,10 @@ public class WindowlessWindowManager implements IWindowSession {
		mRealWm.grantInputChannel(displayId,
		new SurfaceControl(sc, "WindowlessWindowManager.addToDisplay"),
		window, mHostInputToken, attrs.flags, attrs.privateFlags, attrs.type,
		outInputChannel);
		mFocusGrantToken, outInputChannel);
		} else {
		mRealWm.grantInputChannel(displayId, sc, window, mHostInputToken, attrs.flags,
		attrs.privateFlags, attrs.type, outInputChannel);
		attrs.privateFlags, attrs.type, mFocusGrantToken, outInputChannel);
		}
		} catch (RemoteException e) {
		Log.e(TAG, "Failed to grant input to surface: ", e);
		@@ -460,7 +466,7 @@ public class WindowlessWindowManager implements IWindowSession {

		@Override
		public void grantInputChannel(int displayId, SurfaceControl surface, IWindow window,
		IBinder hostInputToken, int flags, int privateFlags, int type,
		IBinder hostInputToken, int flags, int privateFlags, int type, IBinder focusGrantToken,
		InputChannel outInputChannel) {
		}

services/core/java/com/android/server/wm/EmbeddedWindowController.java

+31 −4

Original line number	Diff line number	Diff line
		@@ -41,6 +41,8 @@ class EmbeddedWindowController {
		private static final String TAG = TAG_WITH_CLASS_NAME ? "EmbeddedWindowController" : TAG_WM;
		/* maps input token to an embedded window */
		private ArrayMap<IBinder /input token /, EmbeddedWindow> mWindows = new ArrayMap<>();
		private ArrayMap<IBinder /focus grant token /, EmbeddedWindow> mWindowsByFocusToken =
		new ArrayMap<>();
		private final Object mGlobalLock;
		private final ActivityTaskManagerService mAtmService;

		@@ -59,10 +61,13 @@ class EmbeddedWindowController {
		void add(IBinder inputToken, EmbeddedWindow window) {
		try {
		mWindows.put(inputToken, window);
		final IBinder focusToken = window.getFocusGrantToken();
		mWindowsByFocusToken.put(focusToken, window);
		updateProcessController(window);
		window.mClient.asBinder().linkToDeath(()-> {
		synchronized (mGlobalLock) {
		mWindows.remove(inputToken);
		mWindowsByFocusToken.remove(focusToken);
		}
		}, 0);
		} catch (RemoteException e) {
		@@ -107,8 +112,10 @@ class EmbeddedWindowController {

		void remove(IWindow client) {
		for (int i = mWindows.size() - 1; i >= 0; i--) {
		if (mWindows.valueAt(i).mClient.asBinder() == client.asBinder()) {
		EmbeddedWindow ew = mWindows.valueAt(i);
		if (ew.mClient.asBinder() == client.asBinder()) {
		mWindows.removeAt(i).onRemoved();
		mWindowsByFocusToken.remove(ew.getFocusGrantToken());
		return;
		}
		}
		@@ -116,8 +123,10 @@ class EmbeddedWindowController {

		void onWindowRemoved(WindowState host) {
		for (int i = mWindows.size() - 1; i >= 0; i--) {
		if (mWindows.valueAt(i).mHostWindowState == host) {
		EmbeddedWindow ew = mWindows.valueAt(i);
		if (ew.mHostWindowState == host) {
		mWindows.removeAt(i).onRemoved();
		mWindowsByFocusToken.remove(ew.getFocusGrantToken());
		}
		}
		}
		@@ -126,6 +135,10 @@ class EmbeddedWindowController {
		return mWindows.get(inputToken);
		}

		EmbeddedWindow getByFocusToken(IBinder focusGrantToken) {
		return mWindowsByFocusToken.get(focusGrantToken);
		}

		void onActivityRemoved(ActivityRecord activityRecord) {
		for (int i = mWindows.size() - 1; i >= 0; i--) {
		final EmbeddedWindow window = mWindows.valueAt(i);
		@@ -157,6 +170,8 @@ class EmbeddedWindowController {
		// and this variable is mostly used for tracking that.
		boolean mIsOverlay = false;

		private IBinder mFocusGrantToken;

		/**
		* @param session calling session to check ownership of the window
		* @param clientToken client token used to clean up the map if the embedding process dies
		@@ -171,7 +186,7 @@ class EmbeddedWindowController {
		*/
		EmbeddedWindow(Session session, WindowManagerService service, IWindow clientToken,
		WindowState hostWindowState, int ownerUid, int ownerPid, int windowType,
		int displayId) {
		int displayId, IBinder focusGrantToken) {
		mSession = session;
		mWmService = service;
		mClient = clientToken;
		@@ -182,6 +197,7 @@ class EmbeddedWindowController {
		mOwnerPid = ownerPid;
		mWindowType = windowType;
		mDisplayId = displayId;
		mFocusGrantToken = focusGrantToken;
		}

		@Override
		@@ -242,6 +258,17 @@ class EmbeddedWindowController {
		return mIsOverlay;
		}

		IBinder getFocusGrantToken() {
		return mFocusGrantToken;
		}

		IBinder getInputChannelToken() {
		if (mInputChannel != null) {
		return mInputChannel.getToken();
		}
		return null;
		}

		/**
		* System hosted overlays need the WM to invoke grantEmbeddedWindowFocus and
		* so we need to participate inside handlePointerDownOutsideFocus logic
		@@ -255,7 +282,7 @@ class EmbeddedWindowController {

		private void handleTap(boolean grantFocus) {
		if (mInputChannel != null) {
		mWmService.grantEmbeddedWindowFocus(mSession, mInputChannel.getToken(), grantFocus);
		mWmService.grantEmbeddedWindowFocus(mSession, mFocusGrantToken, grantFocus);
		}
		}

services/core/java/com/android/server/wm/Session.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -798,7 +798,7 @@ class Session extends IWindowSession.Stub implements IBinder.DeathRecipient {
		@Override
		public void grantInputChannel(int displayId, SurfaceControl surface,
		IWindow window, IBinder hostInputToken, int flags, int privateFlags, int type,
		InputChannel outInputChannel) {
		IBinder focusGrantToken, InputChannel outInputChannel) {
		if (hostInputToken == null && !mCanAddInternalSystemWindow) {
		// Callers without INTERNAL_SYSTEM_WINDOW permission cannot grant input channel to
		// embedded windows without providing a host window input token
		@@ -814,7 +814,7 @@ class Session extends IWindowSession.Stub implements IBinder.DeathRecipient {
		try {
		mService.grantInputChannel(this, mUid, mPid, displayId, surface, window, hostInputToken,
		flags, mCanAddInternalSystemWindow ? privateFlags : 0,
		mCanAddInternalSystemWindow ? type : 0, outInputChannel);
		mCanAddInternalSystemWindow ? type : 0, focusGrantToken, outInputChannel);
		} finally {
		Binder.restoreCallingIdentity(identity);
		}