summaryrefslogtreecommitdiff
path: root/services/java/com/android/server/WindowManagerService.java
diff options
context:
space:
mode:
authorDianne Hackborn <hackbod@google.com>2009-06-15 14:24:44 -0700
committerDianne Hackborn <hackbod@google.com>2009-06-15 14:35:07 -0700
commitcfaef699e1dfb3a75d5b51f3b15816f13670fd51 (patch)
tree594192d551bfad6569f415c0a4371899ec480fdd /services/java/com/android/server/WindowManagerService.java
parent3adf7678cdf8fa955627e096bb5c27b94adc3079 (diff)
Implement permission test for activity, window, service manager.
This also includes some changes to the window manager permission checks. Almost all of these are to make it most testable (through an exception on a permission failure), though there is one permission check that needed to be added: updateOrientationFromAppTokens().
Diffstat (limited to 'services/java/com/android/server/WindowManagerService.java')
-rw-r--r--services/java/com/android/server/WindowManagerService.java152
1 files changed, 95 insertions, 57 deletions
diff --git a/services/java/com/android/server/WindowManagerService.java b/services/java/com/android/server/WindowManagerService.java
index 828b8aabf33c..3b47ae7f2182 100644
--- a/services/java/com/android/server/WindowManagerService.java
+++ b/services/java/com/android/server/WindowManagerService.java
@@ -174,6 +174,10 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
*/
static final int DIM_DURATION_MULTIPLIER = 6;
+ static final int INJECT_FAILED = 0;
+ static final int INJECT_SUCCEEDED = 1;
+ static final int INJECT_NO_PERMISSION = -1;
+
static final int UPDATE_FOCUS_NORMAL = 0;
static final int UPDATE_FOCUS_WILL_ASSIGN_LAYERS = 1;
static final int UPDATE_FOCUS_PLACING_SURFACES = 2;
@@ -1317,7 +1321,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
// Update Orientation after adding a window, only if the window needs to be
// displayed right away
if (win.isVisibleOrAdding()) {
- if (updateOrientationFromAppTokens(null, null) != null) {
+ if (updateOrientationFromAppTokensUnchecked(null, null) != null) {
sendNewConfiguration();
}
}
@@ -1956,7 +1960,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void addWindowToken(IBinder token, int type) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"addWindowToken()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
synchronized(mWindowMap) {
@@ -1974,7 +1978,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void removeWindowToken(IBinder token) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"removeWindowToken()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
final long origId = Binder.clearCallingIdentity();
@@ -2027,7 +2031,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
int groupId, int requestedOrientation, boolean fullscreen) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"addAppToken()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
synchronized(mWindowMap) {
@@ -2056,7 +2060,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void setAppGroupId(IBinder token, int groupId) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"setAppStartingIcon()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
synchronized(mWindowMap) {
@@ -2154,8 +2158,22 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public Configuration updateOrientationFromAppTokens(
Configuration currentConfig, IBinder freezeThisOneIfNeeded) {
+ if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
+ "updateOrientationFromAppTokens()")) {
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
+ }
+
Configuration config;
long ident = Binder.clearCallingIdentity();
+ config = updateOrientationFromAppTokensUnchecked(currentConfig,
+ freezeThisOneIfNeeded);
+ Binder.restoreCallingIdentity(ident);
+ return config;
+ }
+
+ Configuration updateOrientationFromAppTokensUnchecked(
+ Configuration currentConfig, IBinder freezeThisOneIfNeeded) {
+ Configuration config;
synchronized(mWindowMap) {
config = updateOrientationFromAppTokensLocked(currentConfig, freezeThisOneIfNeeded);
}
@@ -2163,7 +2181,6 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
mLayoutNeeded = true;
performLayoutAndPlaceSurfacesLocked();
}
- Binder.restoreCallingIdentity(ident);
return config;
}
@@ -2235,7 +2252,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void setAppOrientation(IApplicationToken token, int requestedOrientation) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"setAppOrientation()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
synchronized(mWindowMap) {
@@ -2263,7 +2280,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void setFocusedApp(IBinder token, boolean moveFocusNow) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"setFocusedApp()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
synchronized(mWindowMap) {
@@ -2296,7 +2313,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void prepareAppTransition(int transit) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"prepareAppTransition()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
synchronized(mWindowMap) {
@@ -2325,7 +2342,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void executeAppTransition() {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"executeAppTransition()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
synchronized(mWindowMap) {
@@ -2345,7 +2362,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
IBinder transferFrom, boolean createIfNeeded) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"setAppStartingIcon()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
synchronized(mWindowMap) {
@@ -2479,7 +2496,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void setAppWillBeHidden(IBinder token) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"setAppWillBeHidden()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
AppWindowToken wtoken;
@@ -2590,7 +2607,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void setAppVisibility(IBinder token, boolean visible) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"setAppVisibility()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
AppWindowToken wtoken;
@@ -2720,7 +2737,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void startAppFreezingScreen(IBinder token, int configChanges) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"setAppFreezingScreen()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
synchronized(mWindowMap) {
@@ -2743,7 +2760,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void stopAppFreezingScreen(IBinder token, boolean force) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"setAppFreezingScreen()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
synchronized(mWindowMap) {
@@ -2762,7 +2779,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void removeAppToken(IBinder token) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"removeAppToken()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
AppWindowToken wtoken = null;
@@ -2930,7 +2947,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void moveAppToken(int index, IBinder token) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"moveAppToken()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
synchronized(mWindowMap) {
@@ -3012,7 +3029,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void moveAppTokensToTop(List<IBinder> tokens) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"moveAppTokensToTop()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
final long origId = Binder.clearCallingIdentity();
@@ -3033,7 +3050,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void moveAppTokensToBottom(List<IBinder> tokens) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"moveAppTokensToBottom()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
final long origId = Binder.clearCallingIdentity();
@@ -3120,7 +3137,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void setAnimationScale(int which, float scale) {
if (!checkCallingPermission(android.Manifest.permission.SET_ANIMATION_SCALE,
"setAnimationScale()")) {
- return;
+ throw new SecurityException("Requires SET_ANIMATION_SCALE permission");
}
if (scale < 0) scale = 0;
@@ -3138,7 +3155,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void setAnimationScales(float[] scales) {
if (!checkCallingPermission(android.Manifest.permission.SET_ANIMATION_SCALE,
"setAnimationScale()")) {
- return;
+ throw new SecurityException("Requires SET_ANIMATION_SCALE permission");
}
if (scales != null) {
@@ -3169,7 +3186,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public int getSwitchState(int sw) {
if (!checkCallingPermission(android.Manifest.permission.READ_INPUT_STATE,
"getSwitchState()")) {
- return -1;
+ throw new SecurityException("Requires READ_INPUT_STATE permission");
}
return KeyInputQueue.getSwitchState(sw);
}
@@ -3177,7 +3194,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public int getSwitchStateForDevice(int devid, int sw) {
if (!checkCallingPermission(android.Manifest.permission.READ_INPUT_STATE,
"getSwitchStateForDevice()")) {
- return -1;
+ throw new SecurityException("Requires READ_INPUT_STATE permission");
}
return KeyInputQueue.getSwitchState(devid, sw);
}
@@ -3185,7 +3202,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public int getScancodeState(int sw) {
if (!checkCallingPermission(android.Manifest.permission.READ_INPUT_STATE,
"getScancodeState()")) {
- return -1;
+ throw new SecurityException("Requires READ_INPUT_STATE permission");
}
return KeyInputQueue.getScancodeState(sw);
}
@@ -3193,7 +3210,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public int getScancodeStateForDevice(int devid, int sw) {
if (!checkCallingPermission(android.Manifest.permission.READ_INPUT_STATE,
"getScancodeStateForDevice()")) {
- return -1;
+ throw new SecurityException("Requires READ_INPUT_STATE permission");
}
return KeyInputQueue.getScancodeState(devid, sw);
}
@@ -3201,7 +3218,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public int getKeycodeState(int sw) {
if (!checkCallingPermission(android.Manifest.permission.READ_INPUT_STATE,
"getKeycodeState()")) {
- return -1;
+ throw new SecurityException("Requires READ_INPUT_STATE permission");
}
return KeyInputQueue.getKeycodeState(sw);
}
@@ -3209,7 +3226,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public int getKeycodeStateForDevice(int devid, int sw) {
if (!checkCallingPermission(android.Manifest.permission.READ_INPUT_STATE,
"getKeycodeStateForDevice()")) {
- return -1;
+ throw new SecurityException("Requires READ_INPUT_STATE permission");
}
return KeyInputQueue.getKeycodeState(devid, sw);
}
@@ -3298,7 +3315,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
boolean alwaysSendConfiguration, int animFlags) {
if (!checkCallingPermission(android.Manifest.permission.SET_ORIENTATION,
"setRotation()")) {
- return;
+ throw new SecurityException("Requires SET_ORIENTATION permission");
}
setRotationUnchecked(rotation, alwaysSendConfiguration, animFlags);
@@ -3776,7 +3793,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
/**
* @return Returns true if event was dispatched, false if it was dropped for any reason
*/
- private boolean dispatchPointer(QueuedEvent qev, MotionEvent ev, int pid, int uid) {
+ private int dispatchPointer(QueuedEvent qev, MotionEvent ev, int pid, int uid) {
if (DEBUG_INPUT || WindowManagerPolicy.WATCH_POINTER) Log.v(TAG,
"dispatchPointer " + ev);
@@ -3806,14 +3823,14 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
mQueue.recycleEvent(qev);
}
ev.recycle();
- return false;
+ return INJECT_FAILED;
}
if (targetObj == mKeyWaiter.CONSUMED_EVENT_TOKEN) {
if (qev != null) {
mQueue.recycleEvent(qev);
}
ev.recycle();
- return true;
+ return INJECT_SUCCEEDED;
}
WindowState target = (WindowState)targetObj;
@@ -3833,7 +3850,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
mQueue.recycleEvent(qev);
}
ev.recycle();
- return false;
+ return INJECT_NO_PERMISSION;
}
}
@@ -3883,7 +3900,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
mQueue.recycleEvent(qev);
}
ev.recycle();
- return false;
+ return INJECT_FAILED;
}
} //end if target
@@ -3957,7 +3974,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
Log.v(TAG, "Delivering pointer " + qev + " to " + target);
}
target.mClient.dispatchPointer(ev, eventTime);
- return true;
+ return INJECT_SUCCEEDED;
} catch (android.os.RemoteException e) {
Log.i(TAG, "WINDOW DIED during motion dispatch: " + target);
mKeyWaiter.mMotionTarget = null;
@@ -3968,13 +3985,13 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
// removed.
}
}
- return false;
+ return INJECT_FAILED;
}
/**
* @return Returns true if event was dispatched, false if it was dropped for any reason
*/
- private boolean dispatchTrackball(QueuedEvent qev, MotionEvent ev, int pid, int uid) {
+ private int dispatchTrackball(QueuedEvent qev, MotionEvent ev, int pid, int uid) {
if (DEBUG_INPUT) Log.v(
TAG, "dispatchTrackball [" + ev.getAction() +"] <" + ev.getX() + ", " + ev.getY() + ">");
@@ -3986,14 +4003,14 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
mQueue.recycleEvent(qev);
}
ev.recycle();
- return false;
+ return INJECT_FAILED;
}
if (focusObj == mKeyWaiter.CONSUMED_EVENT_TOKEN) {
if (qev != null) {
mQueue.recycleEvent(qev);
}
ev.recycle();
- return true;
+ return INJECT_SUCCEEDED;
}
WindowState focus = (WindowState)focusObj;
@@ -4009,7 +4026,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
mQueue.recycleEvent(qev);
}
ev.recycle();
- return false;
+ return INJECT_NO_PERMISSION;
}
}
@@ -4029,7 +4046,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
try {
focus.mClient.dispatchTrackball(ev, eventTime);
- return true;
+ return INJECT_SUCCEEDED;
} catch (android.os.RemoteException e) {
Log.i(TAG, "WINDOW DIED during key dispatch: " + focus);
try {
@@ -4040,23 +4057,23 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
}
}
- return false;
+ return INJECT_FAILED;
}
/**
* @return Returns true if event was dispatched, false if it was dropped for any reason
*/
- private boolean dispatchKey(KeyEvent event, int pid, int uid) {
+ private int dispatchKey(KeyEvent event, int pid, int uid) {
if (DEBUG_INPUT) Log.v(TAG, "Dispatch key: " + event);
Object focusObj = mKeyWaiter.waitForNextEventTarget(event, null,
null, false, false);
if (focusObj == null) {
Log.w(TAG, "No focus window, dropping: " + event);
- return false;
+ return INJECT_FAILED;
}
if (focusObj == mKeyWaiter.CONSUMED_EVENT_TOKEN) {
- return true;
+ return INJECT_SUCCEEDED;
}
WindowState focus = (WindowState)focusObj;
@@ -4071,7 +4088,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
Log.w(TAG, "Permission denied: injecting key event from pid "
+ pid + " uid " + uid + " to window " + focus
+ " owned by uid " + focus.mSession.mUid);
- return false;
+ return INJECT_NO_PERMISSION;
}
}
@@ -4089,7 +4106,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
+ " to " + focus);
}
focus.mClient.dispatchKey(event);
- return true;
+ return INJECT_SUCCEEDED;
} catch (android.os.RemoteException e) {
Log.i(TAG, "WINDOW DIED during key dispatch: " + focus);
try {
@@ -4100,13 +4117,13 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
}
}
- return false;
+ return INJECT_FAILED;
}
public void pauseKeyDispatching(IBinder _token) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"pauseKeyDispatching()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
synchronized (mWindowMap) {
@@ -4120,7 +4137,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void resumeKeyDispatching(IBinder _token) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"resumeKeyDispatching()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
synchronized (mWindowMap) {
@@ -4134,7 +4151,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
public void setEventDispatching(boolean enabled) {
if (!checkCallingPermission(android.Manifest.permission.MANAGE_APP_TOKENS,
"resumeKeyDispatching()")) {
- return;
+ throw new SecurityException("Requires MANAGE_APP_TOKENS permission");
}
synchronized (mWindowMap) {
@@ -4167,11 +4184,18 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
KeyEvent newEvent = new KeyEvent(downTime, eventTime, action, code, repeatCount, metaState,
deviceId, scancode, KeyEvent.FLAG_FROM_SYSTEM);
- boolean result = dispatchKey(newEvent, Binder.getCallingPid(), Binder.getCallingUid());
+ int result = dispatchKey(newEvent, Binder.getCallingPid(), Binder.getCallingUid());
if (sync) {
mKeyWaiter.waitForNextEventTarget(null, null, null, false, true);
}
- return result;
+ switch (result) {
+ case INJECT_NO_PERMISSION:
+ throw new SecurityException(
+ "Injecting to another application requires INJECT_EVENT permission");
+ case INJECT_SUCCEEDED:
+ return true;
+ }
+ return false;
}
/**
@@ -4184,11 +4208,18 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
* @return Returns true if event was dispatched, false if it was dropped for any reason
*/
public boolean injectPointerEvent(MotionEvent ev, boolean sync) {
- boolean result = dispatchPointer(null, ev, Binder.getCallingPid(), Binder.getCallingUid());
+ int result = dispatchPointer(null, ev, Binder.getCallingPid(), Binder.getCallingUid());
if (sync) {
mKeyWaiter.waitForNextEventTarget(null, null, null, false, true);
}
- return result;
+ switch (result) {
+ case INJECT_NO_PERMISSION:
+ throw new SecurityException(
+ "Injecting to another application requires INJECT_EVENT permission");
+ case INJECT_SUCCEEDED:
+ return true;
+ }
+ return false;
}
/**
@@ -4201,11 +4232,18 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
* @return Returns true if event was dispatched, false if it was dropped for any reason
*/
public boolean injectTrackballEvent(MotionEvent ev, boolean sync) {
- boolean result = dispatchTrackball(null, ev, Binder.getCallingPid(), Binder.getCallingUid());
+ int result = dispatchTrackball(null, ev, Binder.getCallingPid(), Binder.getCallingUid());
if (sync) {
mKeyWaiter.waitForNextEventTarget(null, null, null, false, true);
}
- return result;
+ switch (result) {
+ case INJECT_NO_PERMISSION:
+ throw new SecurityException(
+ "Injecting to another application requires INJECT_EVENT permission");
+ case INJECT_SUCCEEDED:
+ return true;
+ }
+ return false;
}
private WindowState getFocusedWindow() {
@@ -7492,7 +7530,7 @@ public class WindowManagerService extends IWindowManager.Stub implements Watchdo
}
case COMPUTE_AND_SEND_NEW_CONFIGURATION: {
- if (updateOrientationFromAppTokens(null, null) != null) {
+ if (updateOrientationFromAppTokensUnchecked(null, null) != null) {
sendNewConfiguration();
}
break;
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-04 15:56:58 +0000