Project-1CE/frameworks_base - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Yohei Yukawa <yukawa@google.com>	2018-08-16 15:33:10 -0700
committer	Yohei Yukawa <yukawa@google.com>	2018-08-16 15:33:10 -0700
commit	6efd55e7b592eb8b04554d6060754d45fe6b80bc (patch)
tree	efc6496b45dab57275b39e5fb8d3797ddc6339da /tools/aapt2/java/JavaClassGenerator_test.cpp
parent	b4fff5c90c89cdf71222a05ffd88c2ff432cae1d (diff)

Lock down IInputMethodManger.{add,remove}Client()

User mode processes are mistakenly allowed to call IInputMethodManger.{add,remove}Client(), which may allow malicious apps to register fake IInputMethodClient binder endpoints to InputMethodManagerService (IMMS). Luckily IMMS also checks whether the client process has a focused window or not by calling IWindowManager.inputMethodClientHasFocus() before doing some critical operations such as establishing a new InputConnection between the client app and the current IME. With this CL, IInputMethodManger.{add,remove}Client() start correctly checking the caller process ID so that only the system process can use those internal callbacks. Bug: 112670859 Test: atest CtsInputMethodTestCases CtsInputMethodServiceHostTestCases Change-Id: Ib9b588d11bd4017e431e3d494863987dd67384fc

Diffstat (limited to 'tools/aapt2/java/JavaClassGenerator_test.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: