Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b0bace1d authored by Yohei Yukawa's avatar Yohei Yukawa
Browse files

Simplify permission checks in ime shell command 

To verify WRITE_SECURE_SETTINGS for ime shell commands,
Context#enforceCallingPermission() would be much simpler and better
because those methods should never be called outside IPCs.

If components inside the system server process need those
functionality, InputMethodManagerInternal should be used instead.

Bug: 34886274
Test: Manually tested as follows.
  1. make -j SoftKeyboard
  2. adb install -r $OUT/system/app/SoftKeyboard/SoftKeyboard.apk
  3. adb shell ime enable com.example.android.softkeyboard/.SoftKeyboard
  4. adb shell ime set com.example.android.softkeyboard/.SoftKeyboard
  5. Make sure that SoftKeyboard is enabled and selected
  6. adb shell ime reset
  7. Make sure that SoftKeyboard is no longer enabled and selected
Change-Id: I556ad844b9f7d62dda40fc18b3ca7d8736660898
parent 0b346295

services/core/java/com/android/server/inputmethod/InputMethodManagerService.java

+2 −19
Original line number Diff line number Diff line
@@ -4754,16 +4754,7 @@ public class InputMethodManagerService extends IInputMethodManager.Stub 
                        + " with INTERACT_ACROSS_USERS_FULL");

                return ShellCommandResult.FAILURE;

            }

            if (mContext.checkCallingOrSelfPermission(

                    android.Manifest.permission.WRITE_SECURE_SETTINGS)

                    != PackageManager.PERMISSION_GRANTED) {

                shellCommand.getErrPrintWriter().print(

                        "Caller must have WRITE_SECURE_SETTINGS permission");

                throw new SecurityException(

                        "Requires permission "

                                + android.Manifest.permission.WRITE_SECURE_SETTINGS);

            }



            mContext.enforceCallingPermission(Manifest.permission.WRITE_SECURE_SETTINGS, null);

            final long ident = Binder.clearCallingIdentity();

            try {

                previouslyEnabled = setInputMethodEnabledLocked(id, enabled);
@@ -4812,15 +4803,7 @@ public class InputMethodManagerService extends IInputMethodManager.Stub 
                        + " with INTERACT_ACROSS_USERS_FULL");

                return ShellCommandResult.FAILURE;

            }

            if (mContext.checkCallingOrSelfPermission(

                    android.Manifest.permission.WRITE_SECURE_SETTINGS)

                    != PackageManager.PERMISSION_GRANTED) {

                shellCommand.getErrPrintWriter().print(

                        "Caller must have WRITE_SECURE_SETTINGS permission");

                throw new SecurityException(

                        "Requires permission "

                                + android.Manifest.permission.WRITE_SECURE_SETTINGS);

            }

            mContext.enforceCallingPermission(Manifest.permission.WRITE_SECURE_SETTINGS, null);

            final String nextIme;

            final List<InputMethodInfo> nextEnabledImes;

            final long ident = Binder.clearCallingIdentity();