Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_base / 9a72d2285c09bf2a3380d47304f3a35c831b7b2b
commit9a72d2285c09bf2a3380d47304f3a35c831b7b2b[log] [tgz]
authorlumark <lumark@google.com>Sat Mar 30 18:31:45 2019 +0800
committerlumark <lumark@google.com>Tue Apr 30 16:43:09 2019 +0800
treeb2f92240a6335769962b51c091c4988b64850d64
parentc17691b323f450d20e5eda3f82a53d3c9ae0532d [diff]
Don't allow showing IME on untrusted virtual displays

Sometimes users can have sensitive information in IME window, such as
predictions or custom background.

If app could create a virtual display with system decorations support,
the security leak may happen that app can read the text or image from
the surface.

Add a check if the display is trusted that owned by system
When showSoftInput requested, if the display is not trusted then
show IME on default display.

Note that we also modified ImeDisplayValidator to use dedicated API
IWindowManager#shouldShowIme for checking if IME support on a display.
(And add it as @TestApi for CTS to verify)

Fix: 129443632
Fix: 129881992
Test: atest MultiDisplaySystemDecorationTests

Change-Id: Icfd66689dad4b782c50b56a515194dd138d3b280
6 files changed
tree: b2f92240a6335769962b51c091c4988b64850d64
  1. apct-tests/
  2. api/
  3. cmds/
  4. config/
  5. core/
  6. data/
  7. docs/
  8. drm/
  9. graphics/
  10. keystore/
  11. libs/
  12. location/
  13. lowpan/
  14. media/
  15. native/
  16. nfc-extras/
  17. obex/
  18. opengl/
  19. packages/
  20. proto/
  21. rs/
  22. samples/
  23. sax/
  24. services/
  25. startop/
  26. telecomm/
  27. telephony/
  28. test-base/
  29. test-legacy/
  30. test-mock/
  31. test-runner/
  32. tests/
  33. tools/
  34. wifi/
  35. .gitignore
  36. Android.bp
  37. Android.mk
  38. CleanSpec.mk
  39. jarjar_rules_hidl.txt
  40. MODULE_LICENSE_APACHE2
  41. NOTICE
  42. pathmap.mk
  43. PREUPLOAD.cfg