Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8a78fd4d authored by Svetoslav Ganov's avatar Svetoslav Ganov
Browse files

AccessibilityEvent/AccessibilityNodeInfo class name property should be set to... 

AccessibilityEvent/AccessibilityNodeInfo class name property should be set to only framework classes.

AccessibilityEvent and AccessibilityNodeInfo have a property className which is set to the source
Java class. This is problematic since leads to leaking private classes which would allow an
accessibility service to load classes from other packages. This is strongly undesirable since
not trusted code can be loaded, and hence executed, in the accessibility service. To address
that the class name is set to the most concrete framework class extended by the info/event
source.

bug:5878943

Change-Id: I7b3114ece8772ea2773f5151e21b8a6f2006882a
parent 32313b16

core/java/android/view/View.java

+2 −2
Original line number Diff line number Diff line
@@ -4107,7 +4107,7 @@ public class View implements Drawable.Callback, Drawable.Callback2, KeyEvent.Cal 
     */

    void onInitializeAccessibilityEventInternal(AccessibilityEvent event) {

        event.setSource(this);

        event.setClassName(getClass().getName());

        event.setClassName(View.class.getName());

        event.setPackageName(getContext().getPackageName());

        event.setEnabled(isEnabled());

        event.setContentDescription(mContentDescription);
@@ -4212,7 +4212,7 @@ public class View implements Drawable.Callback, Drawable.Callback2, KeyEvent.Cal 
        }















        info.setPackageName(mContext.getPackageName());













        info.setClassName(getClass().getName());













        info.setClassName(View.class.getName());















        info.setContentDescription(getContentDescription());





























        info.setEnabled(isEnabled());

































core/java/android/view/ViewGroup.java



+7
−0






























Original line number
Diff line number
Diff line








@@ -2229,6 +2229,7 @@ public abstract class ViewGroup extends View implements ViewParent, ViewManager













    @Override















    void onInitializeAccessibilityNodeInfoInternal(AccessibilityNodeInfo info) {















        super.onInitializeAccessibilityNodeInfoInternal(info);













        info.setClassName(ViewGroup.class.getName());















        for (int i = 0, count = mChildrenCount; i < count; i++) {















            View child = mChildren[i];















            if ((child.mViewFlags & VISIBILITY_MASK) == VISIBLE









@@ -2238,6 +2239,12 @@ public abstract class ViewGroup extends View implements ViewParent, ViewManager













        }















    }





























    @Override













    void onInitializeAccessibilityEventInternal(AccessibilityEvent event) {













        super.onInitializeAccessibilityEventInternal(event);













        event.setClassName(ViewGroup.class.getName());













    }





























    /**















     * {@inheritDoc}















     */

































core/java/android/widget/AbsListView.java



+12
−1






























Original line number
Diff line number
Diff line








@@ -20,7 +20,6 @@ import com.android.internal.R;





























import android.content.Context;















import android.content.Intent;













import android.content.res.Resources;















import android.content.res.TypedArray;















import android.graphics.Canvas;















import android.graphics.Rect;










@@ -1297,6 +1296,18 @@ public abstract class AbsListView extends AdapterView<ListAdapter> implements Te













        super.sendAccessibilityEvent(eventType);















    }





























    @Override













    public void onInitializeAccessibilityEvent(AccessibilityEvent event) {













        super.onInitializeAccessibilityEvent(event);













        event.setClassName(AbsListView.class.getName());













    }



























    @Override













    public void onInitializeAccessibilityNodeInfo(AccessibilityNodeInfo info) {













        super.onInitializeAccessibilityNodeInfo(info);













        info.setClassName(AbsListView.class.getName());













    }





























    /**















     * Indicates whether the children's drawing cache is used during a scroll.















     * By default, the drawing cache is enabled but this will consume more memory.

































core/java/android/widget/AbsSeekBar.java



+13
−0






























Original line number
Diff line number
Diff line








@@ -25,6 +25,8 @@ import android.util.AttributeSet;













import android.view.KeyEvent;















import android.view.MotionEvent;















import android.view.ViewConfiguration;













import android.view.accessibility.AccessibilityEvent;













import android.view.accessibility.AccessibilityNodeInfo;































public abstract class AbsSeekBar extends ProgressBar {















    private Drawable mThumb;










@@ -464,4 +466,15 @@ public abstract class AbsSeekBar extends ProgressBar {













        return super.onKeyDown(keyCode, event);















    }





























    @Override













    public void onInitializeAccessibilityEvent(AccessibilityEvent event) {













        super.onInitializeAccessibilityEvent(event);













        event.setClassName(AbsSeekBar.class.getName());













    }



























    @Override













    public void onInitializeAccessibilityNodeInfo(AccessibilityNodeInfo info) {













        super.onInitializeAccessibilityNodeInfo(info);













        info.setClassName(AbsSeekBar.class.getName());













    }















}
























core/java/android/widget/AbsSpinner.java



+14
−1






























Original line number
Diff line number
Diff line








@@ -28,6 +28,8 @@ import android.util.AttributeSet;













import android.util.SparseArray;















import android.view.View;















import android.view.ViewGroup;













import android.view.accessibility.AccessibilityEvent;













import android.view.accessibility.AccessibilityNodeInfo;































/**















 * An abstract base class for spinner widgets. SDK users will probably not









@@ -40,7 +42,6 @@ public abstract class AbsSpinner extends AdapterView<SpinnerAdapter> {





























    int mHeightMeasureSpec;















    int mWidthMeasureSpec;













    boolean mBlockLayoutRequests;































    int mSelectionLeftPadding = 0;















    int mSelectionTopPadding = 0;










@@ -463,4 +464,16 @@ public abstract class AbsSpinner extends AdapterView<SpinnerAdapter> {













            scrapHeap.clear();















        }















    }



























    @Override













    public void onInitializeAccessibilityEvent(AccessibilityEvent event) {













        super.onInitializeAccessibilityEvent(event);













        event.setClassName(AbsSpinner.class.getName());













    }



























    @Override













    public void onInitializeAccessibilityNodeInfo(AccessibilityNodeInfo info) {













        super.onInitializeAccessibilityNodeInfo(info);













        info.setClassName(AbsSpinner.class.getName());













    }















}