Move check for secure windows to InputTracer
We have a requirement where all windows that use FLAG_SECURE must use
InputConfig::SENSITIVE_FOR_TRACING. However, it only makes sense to
enforce this condition on windows that can receive input.
There are many conditions that determine whether a window is configured
to receive input (e.g. touchable region, NOT_TOUCHABLE, NOT_FOCUSABLE,
NO_INPUT_CHANNEL, PAUSE_DISPATCHING, NOT_VISIBLE, etc.), so it is not
straightforward to tell when this condition should be enforced.
Instead of enforcing it when we receive WindowInfos from SF, enforce it
in the InputTracer so that we crash if we're trying to trace an event
going to a FLAG_SECURE window that isn't marked as senstive for tracing.
Bug: 332032185
Test: None
Change-Id: I56161c92cb95f775235695128ebdf6d2c7e9884f
diff --git a/services/inputflinger/dispatcher/trace/InputTracer.cpp b/services/inputflinger/dispatcher/trace/InputTracer.cpp
index f8ee95f..415b696 100644
--- a/services/inputflinger/dispatcher/trace/InputTracer.cpp
+++ b/services/inputflinger/dispatcher/trace/InputTracer.cpp
@@ -86,8 +86,16 @@
// This is a global monitor, assume its target is the system.
return {.uid = gui::Uid{AID_SYSTEM}, .isSecureWindow = false};
}
- const bool isSensitiveTarget = target.windowHandle->getInfo()->inputConfig.test(
- gui::WindowInfo::InputConfig::SENSITIVE_FOR_TRACING);
+ const auto& info = *target.windowHandle->getInfo();
+ const bool isSensitiveTarget =
+ info.inputConfig.test(gui::WindowInfo::InputConfig::SENSITIVE_FOR_TRACING);
+
+ // All FLAG_SECURE targets must be marked as sensitive for tracing.
+ if (info.layoutParamsFlags.test(gui::WindowInfo::Flag::SECURE) && !isSensitiveTarget) {
+ LOG(FATAL)
+ << "Input target with FLAG_SECURE does not set InputConfig::SENSITIVE_FOR_TRACING: "
+ << info;
+ }
return {target.windowHandle->getInfo()->ownerUid, isSensitiveTarget};
}