Introduce INPUT_CONSUMER permission for InputConsumer
Add the permission protect to createInputConsumer/destoryInputConsumer
in WindowManagerService to prevent it is possible for an app to consume
all the touch events and deny them from even reaching System UI.
Also fix the wallpaper inputconsumer should only show when we found a
visible wallpaper window.
Also limit 'createInputConsumer' to the defined types.
Test: atest PermissionPolicyTest
Test: ceate/destory an inputconsumer and test input
Fix: 162324374
Merged-In: I7a4c2c4cba7ea670873ab2ac49b9880d9a65cd86
Change-Id: I7a4c2c4cba7ea670873ab2ac49b9880d9a65cd86
(cherry picked from commit 0d0ad1b60b3d9ed08b1df0b3a903af332568cd04)
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index d0ca0a8..6a92a83 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -5036,6 +5036,10 @@
<permission android:name="android.permission.ACCESS_LOCUS_ID_USAGE_STATS"
android:protectionLevel="signature|appPredictor" />
+ <!-- @hide Allows an application to create/destroy input consumer. -->
+ <permission android:name="android.permission.INPUT_CONSUMER"
+ android:protectionLevel="signature" />
+
<!-- Attribution for Country Detector. -->
<attribution android:tag="CountryDetector" android:label="@string/country_detector"/>
<!-- Attribution for Location service. -->
diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml
index 7b8aba4..c4cf45f 100644
--- a/packages/SystemUI/AndroidManifest.xml
+++ b/packages/SystemUI/AndroidManifest.xml
@@ -113,6 +113,7 @@
<uses-permission android:name="android.permission.SET_ORIENTATION" />
<uses-permission android:name="android.permission.DISABLE_KEYGUARD" />
<uses-permission android:name="android.permission.MONITOR_INPUT" />
+ <uses-permission android:name="android.permission.INPUT_CONSUMER" />
<!-- DreamManager -->
<uses-permission android:name="android.permission.READ_DREAM_STATE" />
diff --git a/services/core/java/com/android/server/wm/InputMonitor.java b/services/core/java/com/android/server/wm/InputMonitor.java
index 0216db4..3663ee1 100644
--- a/services/core/java/com/android/server/wm/InputMonitor.java
+++ b/services/core/java/com/android/server/wm/InputMonitor.java
@@ -219,6 +219,11 @@
WindowManagerPolicy.InputConsumer createInputConsumer(Looper looper, String name,
InputEventReceiver.Factory inputEventReceiverFactory) {
+ if (!name.contentEquals(INPUT_CONSUMER_NAVIGATION)) {
+ throw new IllegalArgumentException("Illegal input consumer : " + name
+ + ", display: " + mDisplayId);
+ }
+
if (mInputConsumers.containsKey(name)) {
throw new IllegalStateException("Existing input consumer found with name: " + name
+ ", display: " + mDisplayId);
@@ -248,6 +253,11 @@
// stack, and we need FLAG_NOT_TOUCH_MODAL to ensure other events fall through
consumer.mWindowHandle.layoutParamsFlags |= FLAG_NOT_TOUCH_MODAL;
break;
+ case INPUT_CONSUMER_RECENTS_ANIMATION:
+ break;
+ default:
+ throw new IllegalArgumentException("Illegal input consumer : " + name
+ + ", display: " + mDisplayId);
}
addInputConsumer(name, consumer);
}
@@ -459,9 +469,6 @@
mDisplayContent.forAllWindows(this,
true /* traverseTopToBottom */);
- if (mAddWallpaperInputConsumerHandle) {
- mWallpaperInputConsumer.show(mInputTransaction, 0);
- }
if (!mUpdateInputWindowsImmediately) {
mDisplayContent.getPendingTransaction().merge(mInputTransaction);
mDisplayContent.scheduleAnimation();
diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java
index b7ac54f..ea71ed1 100644
--- a/services/core/java/com/android/server/wm/WindowManagerService.java
+++ b/services/core/java/com/android/server/wm/WindowManagerService.java
@@ -17,6 +17,7 @@
package com.android.server.wm;
import static android.Manifest.permission.CONTROL_REMOTE_APP_TRANSITION_ANIMATIONS;
+import static android.Manifest.permission.INPUT_CONSUMER;
import static android.Manifest.permission.INTERNAL_SYSTEM_WINDOW;
import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS;
import static android.Manifest.permission.MANAGE_APP_TOKENS;
@@ -5869,6 +5870,11 @@
@Override
public void createInputConsumer(IBinder token, String name, int displayId,
InputChannel inputChannel) {
+ if (!mAtmInternal.isCallerRecents(Binder.getCallingUid())
+ && mContext.checkCallingOrSelfPermission(INPUT_CONSUMER) != PERMISSION_GRANTED) {
+ throw new SecurityException("createInputConsumer requires INPUT_CONSUMER permission");
+ }
+
synchronized (mGlobalLock) {
DisplayContent display = mRoot.getDisplayContent(displayId);
if (display != null) {
@@ -5880,6 +5886,11 @@
@Override
public boolean destroyInputConsumer(String name, int displayId) {
+ if (!mAtmInternal.isCallerRecents(Binder.getCallingUid())
+ && mContext.checkCallingOrSelfPermission(INPUT_CONSUMER) != PERMISSION_GRANTED) {
+ throw new SecurityException("destroyInputConsumer requires INPUT_CONSUMER permission");
+ }
+
synchronized (mGlobalLock) {
DisplayContent display = mRoot.getDisplayContent(displayId);
if (display != null) {
