Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 580fb3af authored by Siarhei Vishniakou's avatar Siarhei Vishniakou
Browse files

Prevent targeted injection into non-owned windows 

Before this CL, it was possible to send ACTION_OUTSIDE events to
non-owned windows even during targeted injection.

However:
1) It's not clear why we actually need this behaviour, and it requires
   extra work to support this
2) The block of code that we used to "support" this didn't actually do
   anything.
3) During targeted injection, you should only be allowed to affect owned
   windows. If you want to affect the entire system, you:
   a) Should use global rather than targeted injection
   b) Must be very careful to clean up any remaining state that you
   cause

In this CL, we remove the block of code that did nothing, and also add
an explicit target pass to remove any non-owned windows.

This should allow further future refactors.

Bug: 211379801
Fixes: 281091008
Test: m inputflinger_tests && $ANDROID_HOST_OUT/nativetest64/inputflinger_tests/inputflinger_tests
Change-Id: Ib065d39ab162188bf2f6e73601e2bb7e2c5d0409
parent e632c7cb

services/inputflinger/dispatcher/InputDispatcher.cpp

+13 −6
Original line number Diff line number Diff line
@@ -2579,11 +2579,6 @@ std::vector<InputTarget> InputDispatcher::findTouchedWindowTargetsLocked( 
    if (entry.injectionState != nullptr) {

        std::string errs;

        for (const TouchedWindow& touchedWindow : tempTouchState.windows) {

            if (touchedWindow.targetFlags.test(InputTarget::Flags::DISPATCH_AS_OUTSIDE)) {

                // Allow ACTION_OUTSIDE events generated by targeted injection to be

                // dispatched to any uid, since the coords will be zeroed out later.

                continue;

            }

            const auto err = verifyTargetedInjection(touchedWindow.windowHandle, entry);

            if (err) errs += "\n  - " + *err;

        }
@@ -2636,6 +2631,18 @@ std::vector<InputTarget> InputDispatcher::findTouchedWindowTargetsLocked( 
                              targets);

    }



    // During targeted injection, only allow owned targets to receive events

    std::erase_if(targets, [&](const InputTarget& target) {

        LOG_ALWAYS_FATAL_IF(target.windowHandle == nullptr);

        const auto err = verifyTargetedInjection(target.windowHandle, entry);

        if (err) {

            LOG(WARNING) << "Dropping injected event from " << target.windowHandle->getName()

                         << ": " << (*err);

            return true;

        }

        return false;

    });



    if (targets.empty()) {

        LOG(INFO) << "Dropping event because no targets were found: " << entry.getDescription();

        outInjectionResult = InputEventInjectionResult::FAILED;
@@ -2838,7 +2845,7 @@ std::optional<InputTarget> InputDispatcher::createInputTargetLocked( 
    if (displayInfoIt != mDisplayInfos.end()) {

        inputTarget.displayTransform = displayInfoIt->second.transform;

    } else {

        // DisplayInfo not found for this window on display windowInfo->displayId.

        // DisplayInfo not found for this window on display windowHandle->getInfo()->displayId.

        // TODO(b/198444055): Make this an error message after 'setInputWindows' API is removed.

    }

    return inputTarget;

services/inputflinger/tests/InputDispatcher_test.cpp

+3 −3
Original line number Diff line number Diff line
@@ -9777,7 +9777,7 @@ TEST_F(InputDispatcherTargetedInjectionTest, CanInjectIntoAnyWindowWhenNotTarget 
    window->assertNoEvents();

}



TEST_F(InputDispatcherTargetedInjectionTest, CanGenerateActionOutsideToOtherUids) {

TEST_F(InputDispatcherTargetedInjectionTest, CannotGenerateActionOutsideToOtherUids) {

    auto owner = User(mDispatcher, 10, 11);

    auto window = owner.createWindow();
@@ -9787,11 +9787,11 @@ TEST_F(InputDispatcherTargetedInjectionTest, CanGenerateActionOutsideToOtherUids 
    randosWindow->setWatchOutsideTouch(true);

    mDispatcher->setInputWindows({{ADISPLAY_ID_DEFAULT, {randosWindow, window}}});



    // We allow generation of ACTION_OUTSIDE events into windows owned by different uids.

    // Do not allow generation of ACTION_OUTSIDE events into windows owned by different uids.

    EXPECT_EQ(InputEventInjectionResult::SUCCEEDED,

              owner.injectTargetedMotion(AMOTION_EVENT_ACTION_DOWN));

    window->consumeMotionDown();

    randosWindow->consumeMotionOutside();

    randosWindow->assertNoEvents();

}



} // namespace android::inputdispatcher