1 /* 2 * Copyright (C) 2023 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.inputmethod; 18 19 import android.annotation.NonNull; 20 import android.annotation.Nullable; 21 import android.content.pm.PackageManagerInternal; 22 import android.os.IBinder; 23 import android.os.RemoteException; 24 import android.util.ArrayMap; 25 26 import com.android.internal.annotations.GuardedBy; 27 import com.android.internal.annotations.VisibleForTesting; 28 import com.android.internal.inputmethod.IInputMethodClient; 29 import com.android.internal.inputmethod.IRemoteInputConnection; 30 31 import java.util.ArrayList; 32 import java.util.List; 33 import java.util.function.Consumer; 34 35 /** 36 * Store and manage {@link InputMethodManagerService} clients. 37 */ 38 final class ClientController { 39 40 @GuardedBy("ImfLock.class") 41 private final ArrayMap<IBinder, ClientState> mClients = new ArrayMap<>(); 42 43 @GuardedBy("ImfLock.class") 44 private final List<ClientControllerCallback> mCallbacks = new ArrayList<>(); 45 46 @NonNull 47 private final PackageManagerInternal mPackageManagerInternal; 48 49 interface ClientControllerCallback { 50 onClientRemoved(@onNull ClientState client)51 void onClientRemoved(@NonNull ClientState client); 52 } 53 ClientController(@onNull PackageManagerInternal packageManagerInternal)54 ClientController(@NonNull PackageManagerInternal packageManagerInternal) { 55 mPackageManagerInternal = packageManagerInternal; 56 } 57 58 @GuardedBy("ImfLock.class") 59 @NonNull addClient(@onNull IInputMethodClientInvoker clientInvoker, @NonNull IRemoteInputConnection fallbackInputConnection, int selfReportedDisplayId, int callerUid, int callerPid)60 ClientState addClient(@NonNull IInputMethodClientInvoker clientInvoker, 61 @NonNull IRemoteInputConnection fallbackInputConnection, int selfReportedDisplayId, 62 int callerUid, int callerPid) { 63 final IBinder.DeathRecipient deathRecipient = () -> { 64 // Exceptionally holding ImfLock here since this is a internal lambda expression. 65 synchronized (ImfLock.class) { 66 removeClientAsBinder(clientInvoker.asBinder()); 67 } 68 }; 69 70 // TODO(b/319457906): Optimize this linear search. 71 final int numClients = mClients.size(); 72 for (int i = 0; i < numClients; ++i) { 73 final ClientState state = mClients.valueAt(i); 74 if (state.mUid == callerUid && state.mPid == callerPid 75 && state.mSelfReportedDisplayId == selfReportedDisplayId) { 76 throw new SecurityException("uid=" + callerUid + "/pid=" + callerPid 77 + "/displayId=" + selfReportedDisplayId + " is already registered"); 78 } 79 } 80 try { 81 clientInvoker.asBinder().linkToDeath(deathRecipient, 0 /* flags */); 82 } catch (RemoteException e) { 83 throw new IllegalStateException(e); 84 } 85 // We cannot fully avoid race conditions where the client UID already lost the access to 86 // the given self-reported display ID, even if the client is not maliciously reporting 87 // a fake display ID. Unconditionally returning SecurityException just because the 88 // client doesn't pass display ID verification can cause many test failures hence not an 89 // option right now. At the same time 90 // context.getSystemService(InputMethodManager.class) 91 // is expected to return a valid non-null instance at any time if we do not choose to 92 // have the client crash. Thus we do not verify the display ID at all here. Instead we 93 // later check the display ID every time the client needs to interact with the specified 94 // display. 95 final var cs = new ClientState(clientInvoker, fallbackInputConnection, callerUid, callerPid, 96 selfReportedDisplayId, deathRecipient); 97 mClients.put(clientInvoker.asBinder(), cs); 98 return cs; 99 } 100 101 @VisibleForTesting 102 @GuardedBy("ImfLock.class") removeClient(@onNull IInputMethodClient client)103 boolean removeClient(@NonNull IInputMethodClient client) { 104 return removeClientAsBinder(client.asBinder()); 105 } 106 107 @GuardedBy("ImfLock.class") removeClientAsBinder(IBinder binder)108 private boolean removeClientAsBinder(IBinder binder) { 109 final ClientState cs = mClients.remove(binder); 110 if (cs == null) { 111 return false; 112 } 113 binder.unlinkToDeath(cs.mClientDeathRecipient, 0 /* flags */); 114 for (int i = 0; i < mCallbacks.size(); i++) { 115 mCallbacks.get(i).onClientRemoved(cs); 116 } 117 return true; 118 } 119 120 @GuardedBy("ImfLock.class") addClientControllerCallback(@onNull ClientControllerCallback callback)121 void addClientControllerCallback(@NonNull ClientControllerCallback callback) { 122 mCallbacks.add(callback); 123 } 124 125 @GuardedBy("ImfLock.class") 126 @Nullable getClient(IBinder binder)127 ClientState getClient(IBinder binder) { 128 return mClients.get(binder); 129 } 130 131 @GuardedBy("ImfLock.class") forAllClients(@onNull Consumer<ClientState> consumer)132 void forAllClients(@NonNull Consumer<ClientState> consumer) { 133 for (int i = 0; i < mClients.size(); i++) { 134 consumer.accept(mClients.valueAt(i)); 135 } 136 } 137 138 @GuardedBy("ImfLock.class") verifyClientAndPackageMatch(@onNull IInputMethodClient client, @NonNull String packageName)139 boolean verifyClientAndPackageMatch(@NonNull IInputMethodClient client, 140 @NonNull String packageName) { 141 final ClientState cs = mClients.get(client.asBinder()); 142 if (cs == null) { 143 throw new IllegalArgumentException("unknown client " + client.asBinder()); 144 } 145 return InputMethodUtils.checkIfPackageBelongsToUid( 146 mPackageManagerInternal, cs.mUid, packageName); 147 } 148 } 149