Don't allow showing IME on untrusted virtual displays
Sometimes users can have sensitive information in IME window, such as
predictions or custom background.
If app could create a virtual display with system decorations support,
the security leak may happen that app can read the text or image from
the surface.
Add a check if the display is trusted that owned by system
When showSoftInput requested, if the display is not trusted then
show IME on default display.
Note that we also modified ImeDisplayValidator to use dedicated API
IWindowManager#shouldShowIme for checking if IME support on a display.
(And add it as @TestApi for CTS to verify)
Fix: 129443632
Fix: 129881992
Test: atest MultiDisplaySystemDecorationTests
Change-Id: Icfd66689dad4b782c50b56a515194dd138d3b280
6 files changed