Validate that the system ui proxy calls are from current user (ffb1737c) · Commits · e / os / android_frameworks_base

packages/SystemUI/src/com/android/systemui/OverviewProxyService.java

+37 −0

Original line number	Original line	Diff line number	Diff line
	@@ -81,11 +81,15 @@ public class OverviewProxyService implements CallbackController<OverviewProxyLis
	private int mConnectionBackoffAttempts;		private int mConnectionBackoffAttempts;
	private @InteractionType int mInteractionFlags;		private @InteractionType int mInteractionFlags;
	private boolean mIsEnabled;		private boolean mIsEnabled;
			private int mCurrentBoundedUserId = -1;

	private ISystemUiProxy mSysUiProxy = new ISystemUiProxy.Stub() {		private ISystemUiProxy mSysUiProxy = new ISystemUiProxy.Stub() {

	public GraphicBufferCompat screenshot(Rect sourceCrop, int width, int height, int minLayer,		public GraphicBufferCompat screenshot(Rect sourceCrop, int width, int height, int minLayer,
	int maxLayer, boolean useIdentityTransform, int rotation) {		int maxLayer, boolean useIdentityTransform, int rotation) {
			if (!verifyCaller("screenshot")) {
			return null;
			}
	long token = Binder.clearCallingIdentity();		long token = Binder.clearCallingIdentity();
	try {		try {
	return new GraphicBufferCompat(SurfaceControl.screenshotToBuffer(sourceCrop, width,		return new GraphicBufferCompat(SurfaceControl.screenshotToBuffer(sourceCrop, width,
	@@ -96,6 +100,9 @@ public class OverviewProxyService implements CallbackController<OverviewProxyLis
	}		}

	public void startScreenPinning(int taskId) {		public void startScreenPinning(int taskId) {
			if (!verifyCaller("startScreenPinning")) {
			return;
			}
	long token = Binder.clearCallingIdentity();		long token = Binder.clearCallingIdentity();
	try {		try {
	mHandler.post(() -> {		mHandler.post(() -> {
	@@ -111,6 +118,9 @@ public class OverviewProxyService implements CallbackController<OverviewProxyLis
	}		}

	public void onSplitScreenInvoked() {		public void onSplitScreenInvoked() {
			if (!verifyCaller("onSplitScreenInvoked")) {
			return;
			}
	long token = Binder.clearCallingIdentity();		long token = Binder.clearCallingIdentity();
	try {		try {
	EventBus.getDefault().post(new DockedFirstAnimationFrameEvent());		EventBus.getDefault().post(new DockedFirstAnimationFrameEvent());
	@@ -120,6 +130,9 @@ public class OverviewProxyService implements CallbackController<OverviewProxyLis
	}		}

	public void onOverviewShown(boolean fromHome) {		public void onOverviewShown(boolean fromHome) {
			if (!verifyCaller("onOverviewShown")) {
			return;
			}
	long token = Binder.clearCallingIdentity();		long token = Binder.clearCallingIdentity();
	try {		try {
	mHandler.post(() -> {		mHandler.post(() -> {
	@@ -133,6 +146,9 @@ public class OverviewProxyService implements CallbackController<OverviewProxyLis
	}		}

	public void setInteractionState(@InteractionType int flags) {		public void setInteractionState(@InteractionType int flags) {
			if (!verifyCaller("setInteractionState")) {
			return;
			}
	long token = Binder.clearCallingIdentity();		long token = Binder.clearCallingIdentity();
	try {		try {
	if (mInteractionFlags != flags) {		if (mInteractionFlags != flags) {
	@@ -150,6 +166,9 @@ public class OverviewProxyService implements CallbackController<OverviewProxyLis
	}		}

	public Rect getNonMinimizedSplitScreenSecondaryBounds() {		public Rect getNonMinimizedSplitScreenSecondaryBounds() {
			if (!verifyCaller("getNonMinimizedSplitScreenSecondaryBounds")) {
			return null;
			}
	long token = Binder.clearCallingIdentity();		long token = Binder.clearCallingIdentity();
	try {		try {
	Divider divider = SysUiServiceProvider.getComponent(mContext, Divider.class);		Divider divider = SysUiServiceProvider.getComponent(mContext, Divider.class);
	@@ -163,6 +182,9 @@ public class OverviewProxyService implements CallbackController<OverviewProxyLis
	}		}

	public void setBackButtonAlpha(float alpha, boolean animate) {		public void setBackButtonAlpha(float alpha, boolean animate) {
			if (!verifyCaller("setBackButtonAlpha")) {
			return;
			}
	long token = Binder.clearCallingIdentity();		long token = Binder.clearCallingIdentity();
	try {		try {
	mHandler.post(() -> {		mHandler.post(() -> {
	@@ -172,6 +194,16 @@ public class OverviewProxyService implements CallbackController<OverviewProxyLis
	Binder.restoreCallingIdentity(token);		Binder.restoreCallingIdentity(token);
	}		}
	}		}

			private boolean verifyCaller(String reason) {
			final int callerId = Binder.getCallingUserHandle().getIdentifier();
			if (callerId != mCurrentBoundedUserId) {
			Log.w(TAG_OPS, "Launcher called sysui with invalid user: " + callerId + ", reason: "
			+ reason);
			return false;
			}
			return true;
			}
	};		};

	private final Runnable mDeferredConnectionCallback = () -> {		private final Runnable mDeferredConnectionCallback = () -> {
	@@ -210,7 +242,9 @@ public class OverviewProxyService implements CallbackController<OverviewProxyLis
	}		}
	try {		try {
	mOverviewProxy.onBind(mSysUiProxy);		mOverviewProxy.onBind(mSysUiProxy);
			mCurrentBoundedUserId = mDeviceProvisionedController.getCurrentUser();
	} catch (RemoteException e) {		} catch (RemoteException e) {
			mCurrentBoundedUserId = -1;
	Log.e(TAG_OPS, "Failed to call onBind()", e);		Log.e(TAG_OPS, "Failed to call onBind()", e);
	}		}
	notifyConnectionChanged();		notifyConnectionChanged();
	@@ -219,18 +253,21 @@ public class OverviewProxyService implements CallbackController<OverviewProxyLis
	@Override		@Override
	public void onNullBinding(ComponentName name) {		public void onNullBinding(ComponentName name) {
	Log.w(TAG_OPS, "Null binding of '" + name + "', try reconnecting");		Log.w(TAG_OPS, "Null binding of '" + name + "', try reconnecting");
			mCurrentBoundedUserId = -1;
	internalConnectToCurrentUser();		internalConnectToCurrentUser();
	}		}

	@Override		@Override
	public void onBindingDied(ComponentName name) {		public void onBindingDied(ComponentName name) {
	Log.w(TAG_OPS, "Binding died of '" + name + "', try reconnecting");		Log.w(TAG_OPS, "Binding died of '" + name + "', try reconnecting");
			mCurrentBoundedUserId = -1;
	internalConnectToCurrentUser();		internalConnectToCurrentUser();
	}		}

	@Override		@Override
	public void onServiceDisconnected(ComponentName name) {		public void onServiceDisconnected(ComponentName name) {
	// Do nothing		// Do nothing
			mCurrentBoundedUserId = -1;
	}		}
	};		};