commit ddbd25102da392990a0256374e74ed3ecf2bc956
author Vishnu Nair <vishnun@google.com> Tue Nov 12 14:39:43 2019 -0800
committer Vishnu Nair <vishnun@google.com> Tue Nov 12 14:39:43 2019 -0800
tree ca57936debc3164c663e8d872bc96e2185f0bbaa
parent b66ea478d4161a5f755bca5901a26a4d81c4f35a

Allow adding EmbeddedWindows without host windows

In some cases privileged clients want to add embedded windows without requiring a host
window. Client with INTERNAL_SYSTEM_WINDOW can add such a window. The system
will still blame the calling PID if the embedded process stops responding but will ignore
pointerDownOutsideFocus events to this embedded window since it has no host.

Fixes: 144250438
Test: atest CtsWindowManagerDeviceTestCases:WindowlessWmTests
Test:
1. cherry-pick ag/9618804
2. adb shell content insert --uri content://settings/secure --bind name:s:window_magnification --bind value:s:1

Change-Id: Iceef70020c6ecd31b10e92a535c27458505c9ef0

services/core/java/com/android/server/wm/Session.java

diff --git a/services/core/java/com/android/server/wm/Session.java b/services/core/java/com/android/server/wm/Session.java
index 7135b21..a517085 100644
--- a/services/core/java/com/android/server/wm/Session.java
+++ b/services/core/java/com/android/server/wm/Session.java
@@ -621,8 +621,15 @@
         return false;
     }
 
+    @Override
     public void grantInputChannel(int displayId, SurfaceControl surface,
             IWindow window, IBinder hostInputToken, InputChannel outInputChannel) {
+        if (hostInputToken == null && !mCanAddInternalSystemWindow) {
+            // Callers without INTERNAL_SYSTEM_WINDOW permission cannot grant input channel to
+            // embedded windows without providing a host window input token
+            throw new SecurityException("Requires INTERNAL_SYSTEM_WINDOW permission");
+        }
+
         final long identity = Binder.clearCallingIdentity();
         try {
             mService.grantInputChannel(mUid, mPid, displayId, surface, window,