frameworks/base
Revision | d888bf2d052fd89fbeb70c7829f9d0c6406c2cdd (tree) |
---|---|
Zeit | 2019-12-17 05:47:22 |
Autor | Yohei Yukawa <yukawa@goog...> |
Commiter | Manjae Park |
DO NOT MERGE back porting for fixing sysui direct reply
Root cause: systemui run as user 0 service to handle all of users'
notifications. And, the users can user the copy/cut/paste
functionality.
Solution: To crate @hide API in TextView let SystemUI to mark the
TextView instance should check if the power of
INTERACT_ACROSS_USER_FULL is needed to be restricted.
e.x. Keyguard password textview/Notificaiton entries
Bug: 123232892
Test: manual test
Reference: I6d11e4d6a84570bc2991a8552349e8b216b0d139
Reference: Ibabe13e5b85e5bb91f9f8af6ec07c395c25c4393
Reference: I975baa748c821538e5a733bb98a33ac609bf40a7
Change-Id: I6d11e4d6a84570bc2991a8552349e8b216b0d139
Merged-In: Ie3daecd1e8fc2f7fdf37baeb5979da9f2e0b3937
(cherry picked from commit 08391b3da7e2da3b0220eb5766e0a1774d28e9a5)
@@ -16,6 +16,7 @@ | ||
16 | 16 | |
17 | 17 | package android.widget; |
18 | 18 | |
19 | +import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL; | |
19 | 20 | import static android.view.accessibility.AccessibilityNodeInfo.EXTRA_DATA_TEXT_CHARACTER_LOCATION_ARG_LENGTH; |
20 | 21 | import static android.view.accessibility.AccessibilityNodeInfo.EXTRA_DATA_TEXT_CHARACTER_LOCATION_ARG_START_INDEX; |
21 | 22 | import static android.view.accessibility.AccessibilityNodeInfo.EXTRA_DATA_TEXT_CHARACTER_LOCATION_KEY; |
@@ -31,11 +32,13 @@ import android.annotation.IntRange; | ||
31 | 32 | import android.annotation.NonNull; |
32 | 33 | import android.annotation.Nullable; |
33 | 34 | import android.annotation.Px; |
35 | +import android.annotation.RequiresPermission; | |
34 | 36 | import android.annotation.Size; |
35 | 37 | import android.annotation.StringRes; |
36 | 38 | import android.annotation.StyleRes; |
37 | 39 | import android.annotation.XmlRes; |
38 | 40 | import android.app.Activity; |
41 | +import android.app.ActivityManager; | |
39 | 42 | import android.app.PendingIntent; |
40 | 43 | import android.app.assist.AssistStructure; |
41 | 44 | import android.content.ClipData; |
@@ -72,6 +75,7 @@ import android.os.Parcel; | ||
72 | 75 | import android.os.Parcelable; |
73 | 76 | import android.os.ParcelableParcel; |
74 | 77 | import android.os.SystemClock; |
78 | +import android.os.UserHandle; | |
75 | 79 | import android.provider.Settings; |
76 | 80 | import android.text.BoringLayout; |
77 | 81 | import android.text.DynamicLayout; |
@@ -723,6 +727,19 @@ public class TextView extends View implements ViewTreeObserver.OnPreDrawListener | ||
723 | 727 | |
724 | 728 | private InputFilter[] mFilters = NO_FILTERS; |
725 | 729 | |
730 | + /** | |
731 | + * To keep the information to indicate if there is necessary to restrict the power of | |
732 | + * INTERACT_ACROSS_USERS_FULL. | |
733 | + * <p> | |
734 | + * SystemUI always run as user 0 to process all of direct reply. SystemUI has the poer of | |
735 | + * INTERACT_ACROSS_USERS_FULL. However, all of the notifications not only belong to user 0 but | |
736 | + * also to the other users in multiple user environment. | |
737 | + * </p> | |
738 | + * | |
739 | + * @see #setRestrictedAcrossUser(boolean) | |
740 | + */ | |
741 | + private boolean mIsRestrictedAcrossUser; | |
742 | + | |
726 | 743 | private volatile Locale mCurrentSpellCheckerLocaleCache; |
727 | 744 | |
728 | 745 | // It is possible to have a selection even when mEditor is null (programmatically set, like when |
@@ -10440,6 +10457,24 @@ public class TextView extends View implements ViewTreeObserver.OnPreDrawListener | ||
10440 | 10457 | } |
10441 | 10458 | |
10442 | 10459 | /** |
10460 | + * To notify the TextView to restricted the power of the app granted INTERACT_ACROSS_USERS_FULL | |
10461 | + * permission. | |
10462 | + * <p> | |
10463 | + * Most of applications should not granted the INTERACT_ACROSS_USERS_FULL permssion. | |
10464 | + * SystemUI is the special one that run in user 0 process to handle multiple user notification. | |
10465 | + * Unforunately, the power of INTERACT_ACROSS_USERS_FULL should be limited or restricted for | |
10466 | + * preventing from information leak.</p> | |
10467 | + * <p>This function call is called for SystemUI Keyguard and Notification.</p> | |
10468 | + * | |
10469 | + * @param isRestricted is true if the power of INTERACT_ACROSS_USERS_FULL should be limited. | |
10470 | + * @hide | |
10471 | + */ | |
10472 | + @RequiresPermission(INTERACT_ACROSS_USERS_FULL) | |
10473 | + public final void setRestrictedAcrossUser(boolean isRestricted) { | |
10474 | + mIsRestrictedAcrossUser = isRestricted; | |
10475 | + } | |
10476 | + | |
10477 | + /** | |
10443 | 10478 | * This is a temporary method. Future versions may support multi-locale text. |
10444 | 10479 | * Caveat: This method may not return the latest text services locale, but this should be |
10445 | 10480 | * acceptable and it's more important to make this method asynchronous. |
@@ -11647,6 +11682,12 @@ public class TextView extends View implements ViewTreeObserver.OnPreDrawListener | ||
11647 | 11682 | } |
11648 | 11683 | |
11649 | 11684 | boolean canCut() { |
11685 | + if (mIsRestrictedAcrossUser | |
11686 | + && UserHandle.myUserId() != ActivityManager.getCurrentUser()) { | |
11687 | + // When it's restricted, and the curren user is not the process user. It can't cut | |
11688 | + // because it may cut the text of the user 10 into the clipboard of user 0. | |
11689 | + return false; | |
11690 | + } | |
11650 | 11691 | if (hasPasswordTransformationMethod()) { |
11651 | 11692 | return false; |
11652 | 11693 | } |
@@ -11660,6 +11701,12 @@ public class TextView extends View implements ViewTreeObserver.OnPreDrawListener | ||
11660 | 11701 | } |
11661 | 11702 | |
11662 | 11703 | boolean canCopy() { |
11704 | + if (mIsRestrictedAcrossUser | |
11705 | + && UserHandle.myUserId() != ActivityManager.getCurrentUser()) { | |
11706 | + // When it's restricted, and the curren user is not the process user. It can't copy | |
11707 | + // because it may copy the text of the user 10 to the clipboard of user 0. | |
11708 | + return false; | |
11709 | + } | |
11663 | 11710 | if (hasPasswordTransformationMethod()) { |
11664 | 11711 | return false; |
11665 | 11712 | } |
@@ -11689,6 +11736,12 @@ public class TextView extends View implements ViewTreeObserver.OnPreDrawListener | ||
11689 | 11736 | } |
11690 | 11737 | |
11691 | 11738 | boolean canPaste() { |
11739 | + if (mIsRestrictedAcrossUser | |
11740 | + && UserHandle.myUserId() != ActivityManager.getCurrentUser()) { | |
11741 | + // When it's restricted, and the curren user is not the process user. It can't paste | |
11742 | + // because it may copy the text from the user 0 clipboard in current user is 10. | |
11743 | + return false; | |
11744 | + } | |
11692 | 11745 | return (mText instanceof Editable |
11693 | 11746 | && mEditor != null && mEditor.mKeyListener != null |
11694 | 11747 | && getSelectionStart() >= 0 |
@@ -79,6 +79,7 @@ public class KeyguardPasswordView extends KeyguardAbsKeyInputView | ||
79 | 79 | |
80 | 80 | @Override |
81 | 81 | protected void resetState() { |
82 | + mPasswordEntry.setRestrictedAcrossUser(true); | |
82 | 83 | mSecurityMessageDisplay.setMessage(""); |
83 | 84 | final boolean wasDisabled = mPasswordEntry.isEnabled(); |
84 | 85 | setPasswordEntryEnabled(true); |
@@ -169,6 +170,7 @@ public class KeyguardPasswordView extends KeyguardAbsKeyInputView | ||
169 | 170 | Context.INPUT_METHOD_SERVICE); |
170 | 171 | |
171 | 172 | mPasswordEntry = findViewById(getPasswordTextViewId()); |
173 | + mPasswordEntry.setRestrictedAcrossUser(true); | |
172 | 174 | mPasswordEntryDisabler = new TextViewInputDisabler(mPasswordEntry); |
173 | 175 | mPasswordEntry.setKeyListener(TextKeyListener.getInstance()); |
174 | 176 | mPasswordEntry.setInputType(InputType.TYPE_CLASS_TEXT |
@@ -192,6 +192,7 @@ public class RemoteInputView extends LinearLayout implements View.OnClickListene | ||
192 | 192 | LayoutInflater.from(context).inflate(R.layout.remote_input, root, false); |
193 | 193 | v.mController = controller; |
194 | 194 | v.mEntry = entry; |
195 | + v.mEditText.setRestrictedAcrossUser(true); | |
195 | 196 | v.setTag(VIEW_TAG); |
196 | 197 | |
197 | 198 | // Disable the TextClassifier to avoid cross user interactions. |