Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 20afa0fd authored by Treehugger Robot's avatar Treehugger Robot Committed by Android (Google) Code Review
Browse files

Merge "Clarify userId in IMMS#createInputContentUriToken()" into main

parents e96fbcc4 23705f5c

services/core/java/com/android/server/inputmethod/InputMethodManagerService.java

+18 −9
Original line number Diff line number Diff line
@@ -5905,27 +5905,36 @@ public final class InputMethodManagerService implements IInputMethodManagerImpl. 


        synchronized (ImfLock.class) {

            final int uid = Binder.getCallingUid();

            if (getSelectedMethodIdLocked() == null) {

            final int imeUserId = UserHandle.getUserId(uid);

            if (imeUserId != mCurrentUserId) {

                // Currently concurrent multi-user is not supported here due to the remaining

                // dependency on mCurEditorInfo and mCurClient.

                // TODO(b/341558132): Remove this early-exit once it becomes multi-user ready.

                Slog.i(TAG, "Ignoring createInputContentUriToken due to user ID mismatch."

                        + " imeUserId=" + imeUserId + " mCurrentUserId=" + mCurrentUserId);

                return null;

            }

            if (getCurTokenLocked() != token) {

                Slog.e(TAG, "Ignoring createInputContentUriToken mCurToken=" + getCurTokenLocked()

                        + " token=" + token);

            final var bindingController = getInputMethodBindingController(imeUserId);

            if (bindingController.getSelectedMethodId() == null) {

                return null;

            }

            if (bindingController.getCurToken() != token) {

                Slog.e(TAG, "Ignoring createInputContentUriToken mCurToken="

                        + bindingController.getCurToken() + " token=" + token);

                return null;

            }

            // We cannot simply distinguish a bad IME that reports an arbitrary package name from

            // an unfortunate IME whose internal state is already obsolete due to the asynchronous

            // nature of our system.  Let's compare it with our internal record.

            final var curPackageName = mCurEditorInfo != null

                    ? mCurEditorInfo.packageName : null;

            // TODO(b/341558132): Use "imeUserId" to query per-user "curEditorInfo"

            final var curPackageName = mCurEditorInfo != null ? mCurEditorInfo.packageName : null;

            if (!TextUtils.equals(curPackageName, packageName)) {

                Slog.e(TAG, "Ignoring createInputContentUriToken mCurEditorInfo.packageName="

                        + curPackageName + " packageName=" + packageName);

                return null;

            }

            // This user ID can never bee spoofed.

            final int imeUserId = UserHandle.getUserId(uid);

            // This user ID can never bee spoofed.

            // This user ID can never be spoofed.

            // TODO(b/341558132): Use "imeUserId" to query per-user "curClient"

            final int appUserId = UserHandle.getUserId(mCurClient.mUid);

            // This user ID may be invalid if "contentUri" embedded an invalid user ID.

            final int contentUriOwnerUserId = ContentProvider.getUserIdFromUri(contentUri,