Merge "Check permissions of URI inside of Autofill Slices" into main

import android.app.assist.AssistStructure;

import android.app.assist.AssistStructure.ViewNode;

import android.app.assist.AssistStructure.WindowNode;

import android.app.slice.Slice;

import android.app.slice.SliceItem;

import android.content.ComponentName;

import android.content.Context;

import android.graphics.drawable.Icon;

import android.hardware.display.DisplayManager;

import android.metrics.LogMaker;

import android.os.UserHandle;

            @UserIdInt int userId, @NonNull RemoteViews rView) {

        final AtomicBoolean permissionsOk = new AtomicBoolean(true);

        rView.visitUris(uri -> {

            int uriOwnerId = android.content.ContentProvider.getUserIdFromUri(uri);

        rView.visitUris(

                uri -> {

                    int uriOwnerId = android.content.ContentProvider.getUserIdFromUri(uri, userId);

                    boolean allowed = uriOwnerId == userId;

                    permissionsOk.set(allowed & permissionsOk.get());

                });

        return (ok ? rView : null);

    }

    /**

     * Checks the URI permissions of the icon in the slice, to see if the current userId is able to

     * access it.

     *

     * <p>Returns null if slice contains user inaccessible icons

     *

     * <p>TODO: instead of returning a null Slice when the current userId cannot access an icon,

     * return a reconstructed Slice without the icons. This is currently non-trivial since there are

     * no public methods to generically add SliceItems to Slices

     */

    public static @Nullable Slice sanitizeSlice(Slice slice) {

        if (slice == null) {

            return null;

        }

        int userId = ActivityManager.getCurrentUser();

        // Recontruct the Slice, filtering out bad icons

        for (SliceItem sliceItem : slice.getItems()) {

            if (!sliceItem.getFormat().equals(SliceItem.FORMAT_IMAGE)) {

                // Not an image slice

                continue;

            }

            Icon icon = sliceItem.getIcon();

            if (icon.getType() != Icon.TYPE_URI

                    && icon.getType() != Icon.TYPE_URI_ADAPTIVE_BITMAP) {

                // No URIs to sanitize

                continue;

            }

            int iconUriId = android.content.ContentProvider.getUserIdFromUri(icon.getUri(), userId);

            if (iconUriId != userId) {

                Slog.w(TAG, "sanitizeSlice() user: " + userId + " cannot access icons in Slice");

                return null;

            }

        }

        return slice;

    }

    @Nullable

    static AutofillId[] toArray(@Nullable ArraySet<AutofillId> set) {

import android.util.Slog;

import com.android.server.LocalServices;

import com.android.server.autofill.Helper;

import com.android.server.autofill.RemoteInlineSuggestionRenderService;

import com.android.server.inputmethod.InputMethodManagerInternal;

     */

    public boolean renderSuggestion(int width, int height,

            @NonNull IInlineSuggestionUiCallback callback) {

        if (Helper.sanitizeSlice(mInlinePresentation.getSlice()) == null) {

            if (sDebug) Slog.d(TAG, "Skipped rendering inline suggestion.");

            return false;

        }

        if (mRemoteRenderService != null) {

            if (sDebug) Slog.d(TAG, "Request to recreate the UI");

            mRemoteRenderService.renderSuggestion(callback, mInlinePresentation, width, height,