Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c354b194 authored by Yohei Yukawa's avatar Yohei Yukawa
Browse files

Remove IMMS#calledFromValidUserLocked() as it's unused 

This CL finally removes

  InputMethodManagerService#calledFromValidUserLocked(),

as it is no longer used.

This method was originally introduced for a minimum multi-user support
for IMMS [1][2].  The motivation was to allow SystemUI (this includes
the lock screen) and some special processes that always run user 0 to
call at least the following IPCs defined in IInputMethodManager.

 * addClient()
 * removeClient()
 * startInput()
 * windowGainedFocus()
 * showSoftInput()
 * hideSoftInput()
 * showInputMethodPickerFromClient()

As a result, we added the following allow-rules as a quick workaround.

 * callingUid == Process.SYSTEM_UID
 * INTERACT_ACROSS_USERS_FULL

The problem was that IMMS#calledFromValidUserLocked() had been called
not from those IPC entry points but also from other IPC entry points,
and it became really difficult to understand what IPCs must have had
such allow-rules, and what IPCs must have not.  This is basically why
we started an effort to deprecate IMMS#calledFromValidUserLocked for
better code readability.

Anyway we have finally finished the audit and migration, and
IMMS#calledFromValidUserLocked() is now ready to be removed.

This CL itself has no behavior change, since the method to be removed
is no longer used.

 [1]: Ib23849d352db33f0747aa9d5a178f00ac726c13b
      4e1ab15b
 [2]: I1620413578b9e8da6564664219f65bdc00d5ecfd
      135e5fb7

Fix: 34886274
Test: presubmit
Change-Id: I71a310eea393c8705dc0714a9a968647d76c81ac
parent 0b169d04

services/core/java/com/android/server/inputmethod/InputMethodManagerService.java

+0 −43
Original line number Diff line number Diff line
@@ -2016,49 +2016,6 @@ public final class InputMethodManagerService extends IInputMethodManager.Stub 
        }

    }



    // ---------------------------------------------------------------------------------------

    // Check whether or not this is a valid IPC. Assumes an IPC is valid when either

    // 1) it comes from the system process

    // 2) the calling process' user id is identical to the current user id IMMS thinks.

    @GuardedBy("ImfLock.class")

    private boolean calledFromValidUserLocked() {

        final int uid = Binder.getCallingUid();

        final int userId = UserHandle.getUserId(uid);

        if (DEBUG) {

            Slog.d(TAG, "--- calledFromForegroundUserOrSystemProcess ? "

                    + "calling uid = " + uid + " system uid = " + Process.SYSTEM_UID

                    + " calling userId = " + userId + ", foreground user id = "

                    + mSettings.getCurrentUserId() + ", calling pid = " + Binder.getCallingPid()

                    + InputMethodUtils.getApiCallStack());

        }

        if (uid == Process.SYSTEM_UID) {

            return true;

        }

        if (userId == mSettings.getCurrentUserId()) {

            return true;

        }



        // Caveat: A process which has INTERACT_ACROSS_USERS_FULL gets results for the

        // foreground user, not for the user of that process. Accordingly InputMethodManagerService

        // must not manage background users' states in any functions.

        // Note that privacy-sensitive IPCs, such as setInputMethod, are still securely guarded

        // by a token.

        if (mContext.checkCallingOrSelfPermission(

                android.Manifest.permission.INTERACT_ACROSS_USERS_FULL)

                == PackageManager.PERMISSION_GRANTED) {

            if (DEBUG) {

                Slog.d(TAG, "--- Access granted because the calling process has "

                        + "the INTERACT_ACROSS_USERS_FULL permission");

            }

            return true;

        }

        // TODO(b/34886274): The semantics of this verification is actually not well-defined.

        Slog.w(TAG, "--- IPC called from background users. Ignore. callers="

                + Debug.getCallers(10));

        return false;

    }





    /**

     * Returns true iff the caller is identified to be the current input method with the token.

     * @param token The window token given to the input method when it was started.