Explicitly pass userId to getWindowToken
UiAutomationConnection.clearWindowContentFrameStats method currently clears
calling identity before calling mAccessibilityManager.getWindowToken. This
doesn't work properly when a call is made by a secondary user, because it
wouldn't pass a check in getWindowToken. This is now fixed by explicitly
passing ID of the calling user.
Bug: 26498396
Change-Id: I8f0cdde33e18f04adb1833c6c0d0c329de921018
diff --git a/core/java/android/app/UiAutomationConnection.java b/core/java/android/app/UiAutomationConnection.java
index 13e27e2..bd10267 100644
--- a/core/java/android/app/UiAutomationConnection.java
+++ b/core/java/android/app/UiAutomationConnection.java
@@ -28,6 +28,7 @@
import android.os.Process;
import android.os.RemoteException;
import android.os.ServiceManager;
+import android.os.UserHandle;
import android.view.IWindowManager;
import android.view.InputEvent;
import android.view.SurfaceControl;
@@ -167,9 +168,10 @@
throwIfShutdownLocked();
throwIfNotConnectedLocked();
}
+ int callingUserId = UserHandle.getCallingUserId();
final long identity = Binder.clearCallingIdentity();
try {
- IBinder token = mAccessibilityManager.getWindowToken(windowId);
+ IBinder token = mAccessibilityManager.getWindowToken(windowId, callingUserId);
if (token == null) {
return false;
}
@@ -186,9 +188,10 @@
throwIfShutdownLocked();
throwIfNotConnectedLocked();
}
+ int callingUserId = UserHandle.getCallingUserId();
final long identity = Binder.clearCallingIdentity();
try {
- IBinder token = mAccessibilityManager.getWindowToken(windowId);
+ IBinder token = mAccessibilityManager.getWindowToken(windowId, callingUserId);
if (token == null) {
return null;
}
diff --git a/core/java/android/view/accessibility/IAccessibilityManager.aidl b/core/java/android/view/accessibility/IAccessibilityManager.aidl
index b6570cc..9e79057 100644
--- a/core/java/android/view/accessibility/IAccessibilityManager.aidl
+++ b/core/java/android/view/accessibility/IAccessibilityManager.aidl
@@ -58,5 +58,5 @@
void temporaryEnableAccessibilityStateUntilKeyguardRemoved(in ComponentName service,
boolean touchExplorationEnabled);
- IBinder getWindowToken(int windowId);
+ IBinder getWindowToken(int windowId, int userId);
}
diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
index 39d5952..28aeef7 100644
--- a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
+++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
@@ -715,7 +715,7 @@
}
@Override
- public IBinder getWindowToken(int windowId) {
+ public IBinder getWindowToken(int windowId, int userId) {
mSecurityPolicy.enforceCallingPermission(
Manifest.permission.RETRIEVE_WINDOW_TOKEN,
GET_WINDOW_TOKEN);
@@ -724,8 +724,7 @@
// share the accessibility state of the parent. The call below
// performs the current profile parent resolution.
final int resolvedUserId = mSecurityPolicy
- .resolveCallingUserIdEnforcingPermissionsLocked(
- UserHandle.getCallingUserId());
+ .resolveCallingUserIdEnforcingPermissionsLocked(userId);
if (resolvedUserId != mCurrentUserId) {
return null;
}