Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 19db42b1 authored by Yohei Yukawa's avatar Yohei Yukawa
Browse files

Also require INTERACT_ACROSS_USERS_FULL in some IMM IPCs 

With this CL the following 3 IPC methods, which are all intended to be
used only from the SystemUI process, start also requiring

  INTERACT_ACROSS_USERS_FULL

permission as they are effectively affecting current IME user for
single user mode and IME user associated with the display ID for
multi-user IME mode.

This is just to keep permission checks to be consist with that these
IPC methods actually do. There must be no observable behavior change
in expected use cases.

Fix: 356182907
Test: presubmit
Test: manually verified that the IME switcher icon still works
Flag: android.view.inputmethod.concurrent_input_methods
Change-Id: I32911530650b4b2330b2bdb6b964393a9729dd71
parent a9b60624

core/java/android/view/inputmethod/IInputMethodManagerGlobalInvoker.java

+9 −3
Original line number Diff line number Diff line
@@ -201,7 +201,9 @@ final class IInputMethodManagerGlobalInvoker { 
     * @param exceptionHandler an optional {@link RemoteException} handler

     */

    @AnyThread

    @RequiresPermission(Manifest.permission.INTERNAL_SYSTEM_WINDOW)

    @RequiresPermission(allOf = {

            Manifest.permission.INTERNAL_SYSTEM_WINDOW,

            Manifest.permission.INTERACT_ACROSS_USERS_FULL})

    static void removeImeSurface(int displayId,

            @Nullable Consumer<RemoteException> exceptionHandler) {

        final IInputMethodManager service = getService();
@@ -441,7 +443,9 @@ final class IInputMethodManagerGlobalInvoker { 
    }



    @AnyThread

    @RequiresPermission(Manifest.permission.WRITE_SECURE_SETTINGS)

    @RequiresPermission(allOf = {

            Manifest.permission.WRITE_SECURE_SETTINGS,

            Manifest.permission.INTERACT_ACROSS_USERS_FULL})

    static void showInputMethodPickerFromSystem(int auxiliarySubtypeMode, int displayId) {

        final IInputMethodManager service = getService();

        if (service == null) {
@@ -469,7 +473,9 @@ final class IInputMethodManagerGlobalInvoker { 
    }



    @AnyThread

    @RequiresPermission(Manifest.permission.WRITE_SECURE_SETTINGS)

    @RequiresPermission(allOf = {

            Manifest.permission.WRITE_SECURE_SETTINGS,

            Manifest.permission.INTERACT_ACROSS_USERS_FULL})

    static void onImeSwitchButtonClickFromSystem(int displayId) {

        final IInputMethodManager service = getService();

        if (service == null) {

core/java/com/android/internal/view/IInputMethodManager.aidl

+9 −9
Original line number Diff line number Diff line
@@ -125,9 +125,9 @@ interface IInputMethodManager { 
    void showInputMethodPickerFromClient(in IInputMethodClient client,

            int auxiliarySubtypeMode);



    @EnforcePermission("WRITE_SECURE_SETTINGS")

    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(value = "

            + "android.Manifest.permission.WRITE_SECURE_SETTINGS)")

    @EnforcePermission(allOf = {"WRITE_SECURE_SETTINGS", "INTERACT_ACROSS_USERS_FULL"})

    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(allOf = {android.Manifest."

    + "permission.WRITE_SECURE_SETTINGS, android.Manifest.permission.INTERACT_ACROSS_USERS_FULL})")

    void showInputMethodPickerFromSystem(int auxiliarySubtypeMode, int displayId);



    @EnforcePermission("TEST_INPUT_METHOD")
@@ -143,9 +143,9 @@ interface IInputMethodManager { 
     * @param displayId The ID of the display where the input method picker dialog should be shown.

     * @param userId    The ID of the user that triggered the click.

     */

    @EnforcePermission("WRITE_SECURE_SETTINGS")

    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(value = "

            + "android.Manifest.permission.WRITE_SECURE_SETTINGS)")

    @EnforcePermission(allOf = {"WRITE_SECURE_SETTINGS" ,"INTERACT_ACROSS_USERS_FULL"})

    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(allOf = {android.Manifest."

    + "permission.WRITE_SECURE_SETTINGS, android.Manifest.permission.INTERACT_ACROSS_USERS_FULL})")

    oneway void onImeSwitchButtonClickFromSystem(int displayId);



    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(value = "
@@ -168,9 +168,9 @@ interface IInputMethodManager { 


    oneway void reportPerceptibleAsync(in IBinder windowToken, boolean perceptible);



    @EnforcePermission("INTERNAL_SYSTEM_WINDOW")

    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(value = "

            + "android.Manifest.permission.INTERNAL_SYSTEM_WINDOW)")

    @EnforcePermission(allOf = {"INTERNAL_SYSTEM_WINDOW", "INTERACT_ACROSS_USERS_FULL"})

    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(allOf = {android.Manifest."

    + "permission.INTERNAL_SYSTEM_WINDOW, android.Manifest.permission.INTERACT_ACROSS_USERS_FULL})")

    void removeImeSurface(int displayId);



    /** Remove the IME surface. Requires passing the currently focused window. */

services/core/java/com/android/server/inputmethod/IInputMethodManagerImpl.java

+31 −7
Original line number Diff line number Diff line
@@ -71,7 +71,20 @@ final class IInputMethodManagerImpl extends IInputMethodManager.Stub { 
    @Retention(SOURCE)

    @Target({METHOD})

    @interface PermissionVerified {

        /**

         * The name of the permission that is verified, if precisely one permission is required.

         * If more than one permission is required, specify either {@link #allOf()} instead.

         *

         * <p>If specified, {@link #allOf()} must both be {@code null}.</p>

         */

        String value() default "";



        /**

         * Specifies a list of permission names that are all required.

         *

         * <p>If specified, {@link #value()} must both be {@code null}.</p>

         */

        String[] allOf() default {};

    }



    @BinderThread
@@ -132,13 +145,17 @@ final class IInputMethodManagerImpl extends IInputMethodManager.Stub { 


        void showInputMethodPickerFromClient(IInputMethodClient client, int auxiliarySubtypeMode);



        @PermissionVerified(Manifest.permission.WRITE_SECURE_SETTINGS)

        @PermissionVerified(allOf = {

                Manifest.permission.INTERACT_ACROSS_USERS_FULL,

                Manifest.permission.WRITE_SECURE_SETTINGS})

        void showInputMethodPickerFromSystem(int auxiliarySubtypeMode, int displayId);



        @PermissionVerified(Manifest.permission.TEST_INPUT_METHOD)

        boolean isInputMethodPickerShownForTest();



        @PermissionVerified(Manifest.permission.WRITE_SECURE_SETTINGS)

        @PermissionVerified(allOf = {

                Manifest.permission.INTERACT_ACROSS_USERS_FULL,

                Manifest.permission.WRITE_SECURE_SETTINGS})

        void onImeSwitchButtonClickFromSystem(int displayId);



        InputMethodSubtype getCurrentInputMethodSubtype(@UserIdInt int userId);
@@ -153,7 +170,9 @@ final class IInputMethodManagerImpl extends IInputMethodManager.Stub { 


        void reportPerceptibleAsync(IBinder windowToken, boolean perceptible);



        @PermissionVerified(Manifest.permission.INTERNAL_SYSTEM_WINDOW)

        @PermissionVerified(allOf = {

                Manifest.permission.INTERACT_ACROSS_USERS_FULL,

                Manifest.permission.INTERNAL_SYSTEM_WINDOW})

        void removeImeSurface(int displayId);



        void removeImeSurfaceFromWindowAsync(IBinder windowToken);
@@ -330,13 +349,14 @@ final class IInputMethodManagerImpl extends IInputMethodManager.Stub { 
        mCallback.showInputMethodPickerFromClient(client, auxiliarySubtypeMode);

    }



    @EnforcePermission(Manifest.permission.WRITE_SECURE_SETTINGS)

    @EnforcePermission(allOf = {

            Manifest.permission.WRITE_SECURE_SETTINGS,

            Manifest.permission.INTERACT_ACROSS_USERS_FULL})

    @Override

    public void showInputMethodPickerFromSystem(int auxiliarySubtypeMode, int displayId) {

        super.showInputMethodPickerFromSystem_enforcePermission();



        mCallback.showInputMethodPickerFromSystem(auxiliarySubtypeMode, displayId);



    }



    @EnforcePermission(Manifest.permission.TEST_INPUT_METHOD)
@@ -347,7 +367,9 @@ final class IInputMethodManagerImpl extends IInputMethodManager.Stub { 
        return mCallback.isInputMethodPickerShownForTest();

    }



    @EnforcePermission(Manifest.permission.WRITE_SECURE_SETTINGS)

    @EnforcePermission(allOf = {

            Manifest.permission.WRITE_SECURE_SETTINGS,

            Manifest.permission.INTERACT_ACROSS_USERS_FULL})

    @Override

    public void onImeSwitchButtonClickFromSystem(int displayId) {

        super.onImeSwitchButtonClickFromSystem_enforcePermission();
@@ -382,7 +404,9 @@ final class IInputMethodManagerImpl extends IInputMethodManager.Stub { 
        mCallback.reportPerceptibleAsync(windowToken, perceptible);

    }



    @EnforcePermission(Manifest.permission.INTERNAL_SYSTEM_WINDOW)

    @EnforcePermission(allOf = {

            Manifest.permission.INTERNAL_SYSTEM_WINDOW,

            Manifest.permission.INTERACT_ACROSS_USERS_FULL})

    @Override

    public void removeImeSurface(int displayId) {

        super.removeImeSurface_enforcePermission();

services/core/java/com/android/server/inputmethod/InputMethodManagerService.java

+9 −3
Original line number Diff line number Diff line
@@ -3987,7 +3987,9 @@ public final class InputMethodManagerService implements IInputMethodManagerImpl. 
        }

    }



    @IInputMethodManagerImpl.PermissionVerified(Manifest.permission.WRITE_SECURE_SETTINGS)

    @IInputMethodManagerImpl.PermissionVerified(allOf = {

            Manifest.permission.INTERACT_ACROSS_USERS_FULL,

            Manifest.permission.WRITE_SECURE_SETTINGS})

    @Override

    public void showInputMethodPickerFromSystem(int auxiliarySubtypeMode, int displayId) {

        // Always call subtype picker, because subtype picker is a superset of input method
@@ -4081,7 +4083,9 @@ public final class InputMethodManagerService implements IInputMethodManagerImpl. 
        }

    }



    @IInputMethodManagerImpl.PermissionVerified(Manifest.permission.WRITE_SECURE_SETTINGS)

    @IInputMethodManagerImpl.PermissionVerified(allOf = {

            Manifest.permission.INTERACT_ACROSS_USERS_FULL,

            Manifest.permission.WRITE_SECURE_SETTINGS})

    @Override

    public void onImeSwitchButtonClickFromSystem(int displayId) {

        synchronized (ImfLock.class) {
@@ -4423,7 +4427,9 @@ public final class InputMethodManagerService implements IInputMethodManagerImpl. 
        });

    }



    @IInputMethodManagerImpl.PermissionVerified(Manifest.permission.INTERNAL_SYSTEM_WINDOW)

    @IInputMethodManagerImpl.PermissionVerified(allOf = {

            Manifest.permission.INTERACT_ACROSS_USERS_FULL,

            Manifest.permission.INTERNAL_SYSTEM_WINDOW})

    @Override

    public void removeImeSurface(int displayId) {

        mHandler.obtainMessage(MSG_REMOVE_IME_SURFACE).sendToTarget();

services/core/java/com/android/server/inputmethod/ZeroJankProxy.java

+9 −3
Original line number Diff line number Diff line
@@ -252,7 +252,9 @@ final class ZeroJankProxy implements IInputMethodManagerImpl.Callback { 
        offload(() -> mInner.showInputMethodPickerFromClient(client, auxiliarySubtypeMode));

    }



    @IInputMethodManagerImpl.PermissionVerified(Manifest.permission.WRITE_SECURE_SETTINGS)

    @IInputMethodManagerImpl.PermissionVerified(allOf = {

            Manifest.permission.INTERACT_ACROSS_USERS_FULL,

            Manifest.permission.WRITE_SECURE_SETTINGS})

    @Override

    public void showInputMethodPickerFromSystem(int auxiliarySubtypeMode, int displayId) {

        mInner.showInputMethodPickerFromSystem(auxiliarySubtypeMode, displayId);
@@ -264,7 +266,9 @@ final class ZeroJankProxy implements IInputMethodManagerImpl.Callback { 
        return mInner.isInputMethodPickerShownForTest();

    }



    @IInputMethodManagerImpl.PermissionVerified(Manifest.permission.WRITE_SECURE_SETTINGS)

    @IInputMethodManagerImpl.PermissionVerified(allOf = {

            Manifest.permission.INTERACT_ACROSS_USERS_FULL,

            Manifest.permission.WRITE_SECURE_SETTINGS})

    @Override

    public void onImeSwitchButtonClickFromSystem(int displayId) {

        mInner.onImeSwitchButtonClickFromSystem(displayId);
@@ -298,7 +302,9 @@ final class ZeroJankProxy implements IInputMethodManagerImpl.Callback { 
        mInner.reportPerceptibleAsync(windowToken, perceptible);

    }



    @IInputMethodManagerImpl.PermissionVerified(Manifest.permission.INTERNAL_SYSTEM_WINDOW)

    @IInputMethodManagerImpl.PermissionVerified(allOf = {

            Manifest.permission.INTERACT_ACROSS_USERS_FULL,

            Manifest.permission.INTERNAL_SYSTEM_WINDOW})

    @Override

    public void removeImeSurface(int displayId) {

        mInner.removeImeSurface(displayId);