commit ea97d18b244d01edff2098848022d125af350140
author Bernardo Rufino <brufino@google.com> Wed Aug 19 14:43:14 2020 +0100
committer Bernardo Rufino <brufino@google.com> Mon Oct 05 16:37:03 2020 +0000
tree c48327588557a89afb670636aa690c6dd6fe8348
parent 21b0037dac3486703303c72ba92ff4ac364c6ebb

Block untrusted touches in InputDispatcher

With topic CL InputDispatcher now has the effect of each window for
cross-UID touch occlusion rules: ALLOW, USE_OPACITY or BLOCK_UNTRUSTED.
Check topic CL for exact meaning of each. USE_OPACITY is only used by
SAWs for now.

In this CL, InputDispatcher make use of that information for the stack
of windows above the touch-consuming window to block a touch or not.

The summary of the rules are:
* If there is any visible untrusted window from a different UID (than
the touch-consuming window UID) that has state BLOCK_UNTRUSTED, the
touch is blocked.
* Else, if there is any visible untrusted window from a different UID
that has state USE_OPACITY, we compute the composed obscuring opacity
by each stack of USE_OPACITY windows per UID of occluding window.
We take maximum of those and compare with secure setting
"maximum_obscuring_opacity_for_touch", if it's greater than the
setting the touch is blocked. This means the remaining visibility on the
touch-consuming window is not high enough to let the touch happen.
* Else we don't block the touch.

More details on go/cross-uid-touches. This doesn't interfere with
existing flags FLAG_WINDOW_IS_OBSCURED and
FLAG_WINDOW_IS_PARTIALLY_OBSCURED.

To compute the opacity we also propagate the alpha of each window from
SurfaceFlinger to InputDispatcher.

Test: atest WindowUntrustedTouchTest
Test: atest inputflinger_tests inputflinger_benchmarks libinput_tests
Test: go/try-cross-uid-touches for manual testing
Bug: 158002302
Change-Id: I673d7a5f16b19952311e8cb44a48af4349a4bd40

libs/input/InputWindow.cpp

diff --git a/libs/input/InputWindow.cpp b/libs/input/InputWindow.cpp
index 885dc9b..8546bbb 100644
--- a/libs/input/InputWindow.cpp
+++ b/libs/input/InputWindow.cpp
@@ -59,10 +59,11 @@
             info.surfaceInset == surfaceInset && info.globalScaleFactor == globalScaleFactor &&
             info.transform == transform && info.touchableRegion.hasSameRects(touchableRegion) &&
             info.visible == visible && info.trustedOverlay == trustedOverlay &&
-            info.focusable == focusable && info.hasWallpaper == hasWallpaper &&
-            info.paused == paused && info.ownerPid == ownerPid && info.ownerUid == ownerUid &&
-            info.inputFeatures == inputFeatures && info.displayId == displayId &&
-            info.portalToDisplayId == portalToDisplayId &&
+            info.focusable == focusable && info.touchOcclusionMode == touchOcclusionMode &&
+            info.hasWallpaper == hasWallpaper && info.paused == paused &&
+            info.ownerPid == ownerPid && info.ownerUid == ownerUid &&
+            info.packageName == packageName && info.inputFeatures == inputFeatures &&
+            info.displayId == displayId && info.portalToDisplayId == portalToDisplayId &&
             info.replaceTouchableRegionWithCrop == replaceTouchableRegionWithCrop &&
             info.applicationInfo == applicationInfo;
 }
@@ -91,6 +92,7 @@
         parcel->writeInt32(frameBottom) ?:
         parcel->writeInt32(surfaceInset) ?:
         parcel->writeFloat(globalScaleFactor) ?:
+        parcel->writeFloat(alpha) ?:
         parcel->writeFloat(transform.dsdx()) ?:
         parcel->writeFloat(transform.dtdx()) ?:
         parcel->writeFloat(transform.tx()) ?:
@@ -102,8 +104,10 @@
         parcel->writeBool(hasWallpaper) ?:
         parcel->writeBool(paused) ?:
         parcel->writeBool(trustedOverlay) ?:
+        parcel->writeInt32(static_cast<int32_t>(touchOcclusionMode)) ?:
         parcel->writeInt32(ownerPid) ?:
         parcel->writeInt32(ownerUid) ?:
+        parcel->writeUtf8AsUtf16(packageName) ?:
         parcel->writeInt32(inputFeatures.get()) ?:
         parcel->writeInt32(displayId) ?:
         parcel->writeInt32(portalToDisplayId) ?:
@@ -134,6 +138,7 @@
     flags = Flags<Flag>(parcel->readInt32());
     type = static_cast<Type>(parcel->readInt32());
     float dsdx, dtdx, tx, dtdy, dsdy, ty;
+    int32_t touchOcclusionModeInt;
     // clang-format off
     status = parcel->readInt32(&frameLeft) ?:
         parcel->readInt32(&frameTop) ?:
@@ -141,6 +146,7 @@
         parcel->readInt32(&frameBottom) ?:
         parcel->readInt32(&surfaceInset) ?:
         parcel->readFloat(&globalScaleFactor) ?:
+        parcel->readFloat(&alpha) ?:
         parcel->readFloat(&dsdx) ?:
         parcel->readFloat(&dtdx) ?:
         parcel->readFloat(&tx) ?:
@@ -152,14 +158,18 @@
         parcel->readBool(&hasWallpaper) ?:
         parcel->readBool(&paused) ?:
         parcel->readBool(&trustedOverlay) ?:
+        parcel->readInt32(&touchOcclusionModeInt) ?:
         parcel->readInt32(&ownerPid) ?:
-        parcel->readInt32(&ownerUid);
+        parcel->readInt32(&ownerUid) ?:
+        parcel->readUtf8FromUtf16(&packageName);
     // clang-format on
 
     if (status != OK) {
         return status;
     }
 
+    touchOcclusionMode = static_cast<TouchOcclusionMode>(touchOcclusionModeInt);
+
     inputFeatures = Flags<Feature>(parcel->readInt32());
     status = parcel->readInt32(&displayId) ?:
         parcel->readInt32(&portalToDisplayId) ?: