Explicitly handle null rather than relying on NPE.

IInputMethodManager is an actual IPC interface with which application
processes can communicate with InputMethodManagerService (IMMS).
Although this has never been a public API, it is actually exposed to the
application process hence we parameters passed to that interface methods
should be considered untrusted.

In Android L-MR1 and prior, calling IInputMethodManager#startInput()
from the application process via reflection with null EditorInfo can
result in NPE in the IME process, which is not great.

In Android M, doing that causes NPE in the IMMS process but the
exception is just sent back to the application process via Binder call,
which is no longer so harmful.

In Android N, we want to make sure that such an invalid internal API
call is clearly under our control, rather than relying on NPE, by having
an explicit null check.

Bug: 26866030
Change-Id: Ica812177d9ca454dd16e3dd6854f3053c329b344

diff --git a/services/core/java/com/android/server/InputMethodManagerService.java b/services/core/java/com/android/server/InputMethodManagerService.java
index c1b341e..898d5b7 100644 (file)
--- a/services/core/java/com/android/server/InputMethodManagerService.java
+++ b/services/core/java/com/android/server/InputMethodManagerService.java
@@ -1318,8 +1318,7 @@ public class InputMethodManagerService extends IInputMethodManager.Stub
             /* @InputMethodClient.StartInputReason */ final int startInputReason,
             IInputMethodClient client, IInputContext inputContext,
             /* @InputConnectionInspector.missingMethods */ final int missingMethods,
-            EditorInfo attribute,
-            int controlFlags) {
+            @Nullable EditorInfo attribute, int controlFlags) {
         // If no method is currently selected, do nothing.
         if (mCurMethodId == null) {
             return mNoBinding;
@@ -1331,6 +1330,12 @@ public class InputMethodManagerService extends IInputMethodManager.Stub
                     + client.asBinder());
         }
 
+        if (attribute == null) {
+            Slog.w(TAG, "Ignoring startInput with null EditorInfo."
+                    + " uid=" + cs.uid + " pid=" + cs.pid);
+            return null;
+        }
+
         try {
             if (!mIWindowManager.inputMethodClientHasFocus(cs.client)) {
                 // Check with the window manager to make sure this client actually
@@ -1476,7 +1481,7 @@ public class InputMethodManagerService extends IInputMethodManager.Stub
             /* @InputMethodClient.StartInputReason */ final int startInputReason,
             IInputMethodClient client, IInputContext inputContext,
             /* @InputConnectionInspector.missingMethods */ final int missingMethods,
-            EditorInfo attribute, int controlFlags) {
+            @Nullable EditorInfo attribute, int controlFlags) {
         if (!calledFromValidUser()) {
             return null;
         }
@@ -2208,7 +2213,7 @@ public class InputMethodManagerService extends IInputMethodManager.Stub
     public InputBindResult startInputOrWindowGainedFocus(
             /* @InputMethodClient.StartInputReason */ final int startInputReason,
             IInputMethodClient client, IBinder windowToken, int controlFlags, int softInputMode,
-            int windowFlags, EditorInfo attribute, IInputContext inputContext,
+            int windowFlags, @Nullable EditorInfo attribute, IInputContext inputContext,
             /* @InputConnectionInspector.missingMethods */ final int missingMethods) {
         if (windowToken != null) {
             return windowGainedFocus(startInputReason, client, windowToken, controlFlags,