Google Git
Sign in
android / platform / frameworks / base / 6ac8376cd79f^! / .
commit6ac8376cd79ff485dd5531fca3dff2b093c5ea15[log] [tgz]
authorVishnu Nair <vishnun@google.com>Thu Jan 27 23:29:32 2022 +0000
committerVishnu Nair <vishnun@google.com>Fri Feb 04 02:14:42 2022 +0000
tree259926ec34af591cbb49d7d4cff1889b79a0bff6
parenta84612483f2fce702ed8272320d5cff576e65e6f [diff]
Drop input for toast and child surfaces

Toasts that do not have the trustedOverlay flag should not receive input.
These windows should not have any children, so force this hierarchy of
windows to drop all input by setting a flag on the toast window state
which will apply the DROP_INPUT flag on all windows with an input
channel. This is to prevent malicious apps from parenting surfaces with
input channels to the toast window.

Test: show toast and check if input feature flag DROP_INPUT id set via dumpsys
Bug: b/197296414

Merged-In: I316b76b685ca5030fd8aa91283555efcce4d6994
Change-Id: I316b76b685ca5030fd8aa91283555efcce4d6994

diff --git a/services/core/java/com/android/server/wm/DisplayPolicy.java b/services/core/java/com/android/server/wm/DisplayPolicy.java
index 73d31bf..1eb7281 100644
--- a/services/core/java/com/android/server/wm/DisplayPolicy.java
+++ b/services/core/java/com/android/server/wm/DisplayPolicy.java

@@ -124,6 +124,7 @@
 import android.graphics.PixelFormat;
 import android.graphics.Rect;
 import android.graphics.Region;
+import android.gui.DropInputMode;
 import android.hardware.power.Boost;
 import android.os.Handler;
 import android.os.IBinder;
@@ -928,6 +929,20 @@
     }
 
     /**
+     * Add additional policy if needed to ensure the window or its children should not receive any
+     * input.
+     */
+    public void setDropInputModePolicy(WindowState win, LayoutParams attrs) {
+        if (attrs.type == TYPE_TOAST
+                && (attrs.privateFlags & PRIVATE_FLAG_TRUSTED_OVERLAY) == 0) {
+            // Toasts should not receive input. These windows should not have any children, so
+            // force this hierarchy of windows to drop all input.
+            mService.mTransactionFactory.get()
+                    .setDropInputMode(win.getSurfaceControl(), DropInputMode.ALL).apply();
+        }
+    }
+
+    /**
      * Check if a window can be added to the system.
      *
      * Currently enforces that two window types are singletons per display:

diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java
index 4281568..fac9539 100644
--- a/services/core/java/com/android/server/wm/WindowManagerService.java
+++ b/services/core/java/com/android/server/wm/WindowManagerService.java

@@ -1780,6 +1780,7 @@
 
             win.mToken.addWindow(win);
             displayPolicy.addWindowLw(win, attrs);
+            displayPolicy.setDropInputModePolicy(win, win.mAttrs);
             if (type == TYPE_INPUT_METHOD) {
                 displayContent.setInputMethodWindowLocked(win);
                 imMayMove = false;