commit fba00864f85c3bd91eaed7744cf75c630b3673f4
author Yohei Yukaw <yukawa@google.com> Thu Apr 09 22:10:45 2015 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Thu Apr 09 22:10:48 2015 +0000
tree 265447b00c8eedcca79583a49bb8925e811b98e7
parent 32b7f9fbcc0a513c786f231bbb5b531d5cf94da0
parent a0f3ad1b5aabe04d9eb1df8bad34124b826ab641

Merge "Verify that EditorInfo.packageName and uid are consistent"

services/core/java/com/android/server/InputMethodManagerService.java

diff --git a/services/core/java/com/android/server/InputMethodManagerService.java b/services/core/java/com/android/server/InputMethodManagerService.java
index 4677f65..d92a89f 100644
--- a/services/core/java/com/android/server/InputMethodManagerService.java
+++ b/services/core/java/com/android/server/InputMethodManagerService.java
@@ -15,6 +15,7 @@
 
 package com.android.server;
 
+import android.annotation.NonNull;
 import com.android.internal.content.PackageMonitor;
 import com.android.internal.inputmethod.InputMethodSubtypeSwitchingController;
 import com.android.internal.inputmethod.InputMethodSubtypeSwitchingController.ImeSubtypeListItem;
@@ -1285,13 +1286,24 @@
         return startInputUncheckedLocked(cs, inputContext, attribute, controlFlags);
     }
 
-    InputBindResult startInputUncheckedLocked(ClientState cs,
+    InputBindResult startInputUncheckedLocked(@NonNull ClientState cs,
             IInputContext inputContext, EditorInfo attribute, int controlFlags) {
         // If no method is currently selected, do nothing.
         if (mCurMethodId == null) {
             return mNoBinding;
         }
 
+        if (attribute != null) {
+            // We accept an empty package name as a valid data.
+            if (!TextUtils.isEmpty(attribute.packageName) &&
+                    !InputMethodUtils.checkIfPackageBelongsToUid(mAppOpsManager, cs.uid,
+                            attribute.packageName)) {
+                Slog.e(TAG, "Rejecting this client as it reported an invalid package name."
+                        + " uid=" + cs.uid + " package=" + attribute.packageName);
+                return mNoBinding;
+            }
+        }
+
         if (mCurClient != cs) {
             // Was the keyguard locked when switching over to the new client?
             mCurClientInKeyguard = isKeyguardLocked();
@@ -1855,16 +1867,10 @@
         }
 
         if (mCurClient != null && mCurAttribute != null) {
-            final int uid = mCurClient.uid;
-            final String packageName = mCurAttribute.packageName;
-            if (SystemConfig.getInstance().getFixedImeApps().contains(packageName)) {
-                if (InputMethodUtils.checkIfPackageBelongsToUid(mAppOpsManager, uid, packageName)) {
-                    return;
-                }
-                // TODO: Do we need to lock the input method when the application reported an
-                // incorrect package name?
-                Slog.e(TAG, "Ignoring FixedImeApps due to the validation failure. uid=" + uid
-                        + " package=" + packageName);
+            // We have already made sure that the package name belongs to the application's UID.
+            // No further UID check is required.
+            if (SystemConfig.getInstance().getFixedImeApps().contains(mCurAttribute.packageName)) {
+                return;
             }
         }
 
@@ -2148,7 +2154,7 @@
                 // more quickly (not get stuck behind it initializing itself for the
                 // new focused input, even if its window wants to hide the IME).
                 boolean didStart = false;
-                        
+
                 switch (softInputMode&WindowManager.LayoutParams.SOFT_INPUT_MASK_STATE) {
                     case WindowManager.LayoutParams.SOFT_INPUT_STATE_UNSPECIFIED:
                         if (!isTextEditor || !doAutoShow) {