Throw SecurityException in sanitizeInputFeatures (dbb36a15) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/wm/WindowManagerService.java

+3 −4

Original line number	Diff line number	Diff line
		@@ -9429,7 +9429,7 @@ public class WindowManagerService extends IWindowManager.Stub
		final int permissionResult = mContext.checkPermission(
		permission.MONITOR_INPUT, callingPid, callingUid);
		if (permissionResult != PackageManager.PERMISSION_GRANTED) {
		throw new IllegalArgumentException(
		throw new SecurityException(
		"Cannot use INPUT_FEATURE_SPY from '" + windowName
		+ "' because it doesn't the have MONITOR_INPUT permission");
		}
		@@ -9437,9 +9437,8 @@ public class WindowManagerService extends IWindowManager.Stub

		// You can only use INPUT_FEATURE_SENSITIVE_FOR_PRIVACY on a trusted overlay.
		if ((inputFeatures & INPUT_FEATURE_SENSITIVE_FOR_PRIVACY) != 0 && !isTrustedOverlay) {
		Slog.w(TAG, "Removing INPUT_FEATURE_SENSITIVE_FOR_PRIVACY from '" + windowName
		+ "' because it isn't a trusted overlay");
		return inputFeatures & ~INPUT_FEATURE_SENSITIVE_FOR_PRIVACY;
		throw new SecurityException("Cannot use INPUT_FEATURE_SENSITIVE_FOR_PRIVACY from '"
		+ windowName + "' because it isn't a trusted overlay");
		}

		if ((inputFeatures & INPUT_FEATURE_DISPLAY_TOPOLOGY_AWARE) != 0) {

services/tests/wmtests/src/com/android/server/wm/WindowManagerServiceTests.java

+9 −6

Original line number	Diff line number	Diff line
		@@ -1100,7 +1100,7 @@ public class WindowManagerServiceTests extends WindowTestsBase {
		final IBinder window = new Binder();
		final InputTransferToken inputTransferToken = mock(InputTransferToken.class);

		assertThrows(IllegalArgumentException.class, () ->
		assertThrows(SecurityException.class, () ->
		mWm.grantInputChannel(session, callingUid, callingPid, DEFAULT_DISPLAY,
		surfaceControl, window, null /* hostInputToken */, FLAG_NOT_FOCUSABLE,
		PRIVATE_FLAG_TRUSTED_OVERLAY, INPUT_FEATURE_SPY, TYPE_APPLICATION,
		@@ -1162,7 +1162,7 @@ public class WindowManagerServiceTests extends WindowTestsBase {
		eq(surfaceControl),
		argThat(h -> (h.inputConfig & InputConfig.SPY) == 0));

		assertThrows(IllegalArgumentException.class, () ->
		assertThrows(SecurityException.class, () ->
		mWm.updateInputChannel(inputChannel.getToken(), null /* hostInputToken */,
		DEFAULT_DISPLAY, surfaceControl,
		FLAG_NOT_FOCUSABLE, PRIVATE_FLAG_TRUSTED_OVERLAY, INPUT_FEATURE_SPY,
		@@ -1205,14 +1205,17 @@ public class WindowManagerServiceTests extends WindowTestsBase {
		final IBinder window = new Binder();
		final InputTransferToken inputTransferToken = mock(InputTransferToken.class);

		assertThrows(SecurityException.class, () -> mWm.grantInputChannel(session, callingUid,
		callingPid, DEFAULT_DISPLAY, surfaceControl,
		window, null /* hostInputToken /, FLAG_NOT_FOCUSABLE, 0 / privateFlags */,
		INPUT_FEATURE_SENSITIVE_FOR_PRIVACY, TYPE_APPLICATION, null /* windowToken */,
		inputTransferToken, "TestInputChannel"));

		final InputChannel inputChannel = mWm.grantInputChannel(session, callingUid, callingPid,
		DEFAULT_DISPLAY, surfaceControl,
		window, null /* hostInputToken /, FLAG_NOT_FOCUSABLE, 0 / privateFlags */,
		INPUT_FEATURE_SENSITIVE_FOR_PRIVACY, TYPE_APPLICATION, null /* windowToken */,
		0 /* inputFeatures /, TYPE_APPLICATION, null / windowToken */,
		inputTransferToken, "TestInputChannel");
		verify(mTransaction).setInputWindowInfo(
		eq(surfaceControl),
		argThat(h -> (h.inputConfig & InputConfig.SENSITIVE_FOR_PRIVACY) == 0));

		mWm.updateInputChannel(inputChannel.getToken(), null /* hostInputToken */,
		DEFAULT_DISPLAY, surfaceControl,