It turns out that requiring editor authors to call
InputContentInfo#requestPermission() as needed is just confusing and can
cause compatibility issues, because if an editor author forgot to call
that method then there would be no way for IME developers to prevent
permission denial except for relaxing the default permission of the
ContentProvider just because of such an application. This is not what we
want to see.
My conclusion is that the system should automatically call
InputContentInfo#requestPermission() (or do any equivalent operation)
when InputConnection#INPUT_CONTENT_GRANT_READ_URI_PERMISSION is
specified, like we have done in Context#startActivity().
With this CL, the system automatically grants a temporary URI permission
to the target application when the IME calls
InputConnection#commitContent() with
InputConnection#INPUT_CONTENT_GRANT_READ_URI_PERMISSION, and the
temporary permission will be revoked by any of the following events:
- InputContentInfo#releasePermission() is explicitly called by the
target application.
- The target application returned false in
InputConnection#commitContent().
- All the InputContentInfo instances copied from the original one are
GC-ed.
Bug:
29450031
Bug:
29892936
Change-Id: I37fb744e4d3d1c59177fb0a9be4ef5c325c9a39f
method public android.content.ClipDescription getDescription();
method public android.net.Uri getLinkUri();
method public void releasePermission();
- method public void requestPermission();
method public void writeToParcel(android.os.Parcel, int);
field public static final android.os.Parcelable.Creator<android.view.inputmethod.InputContentInfo> CREATOR;
}
method public android.content.ClipDescription getDescription();
method public android.net.Uri getLinkUri();
method public void releasePermission();
- method public void requestPermission();
method public void writeToParcel(android.os.Parcel, int);
field public static final android.os.Parcelable.Creator<android.view.inputmethod.InputContentInfo> CREATOR;
}
method public android.content.ClipDescription getDescription();
method public android.net.Uri getLinkUri();
method public void releasePermission();
- method public void requestPermission();
method public void writeToParcel(android.os.Parcel, int);
field public static final android.os.Parcelable.Creator<android.view.inputmethod.InputContentInfo> CREATOR;
}
public void closeConnection();
/**
- * When this flag is used, the editor will be able to request read access to the content URI
- * contained in the {@link InputContentInfo} object.
+ * When this flag is used in {@link #commitContent(InputContentInfo, int, Bundle)}, the editor
+ * will be able to request read access to the content URI contained in the
+ * {@link InputContentInfo} object.
*
* <p>Make sure that the content provider owning the Uri sets the
* {@link android.R.styleable#AndroidManifestProvider_grantUriPermissions
* grantUriPermissions} attribute in its manifest or included the
* {@link android.R.styleable#AndroidManifestGrantUriPermission
- * <grant-uri-permissions>} tag. Otherwise {@link InputContentInfo#requestPermission()}
- * can fail.</p>
+ * <grant-uri-permissions>} tag. Otherwise
+ * {@link #commitContent(InputContentInfo, int, Bundle)} can fail.</p>
*
* <p>Although calling this API is allowed only for the IME that is currently selected, the
* client is able to request a temporary read-only access even after the current IME is switched
}
/**
- * Requests a temporary read-only access permission for content URI associated with this object.
- *
- * <p>Does nothing if the temporary permission is already granted.</p>
- */
- public void requestPermission() {
- if (mUriToken == null) {
- return;
- }
- try {
- mUriToken.take();
- } catch (RemoteException e) {
- e.rethrowFromSystemServer();
- }
- }
-
- /**
* Releases a temporary read-only access permission for content URI associated with this object.
*
* <p>Does nothing if the temporary permission is not granted.</p>
* {@hide}
*/
interface IInputContentUriToken {
- void take();
void release();
}
public boolean commitContent(InputContentInfo inputContentInfo, int flags, Bundle opts) {
boolean result = false;
+ final boolean grantUriPermission =
+ (flags & InputConnection.INPUT_CONTENT_GRANT_READ_URI_PERMISSION) != 0;
if (isMethodMissing(MissingMethodFlags.COMMIT_CONTENT)) {
// This method is not implemented.
return false;
}
try {
- if ((flags & InputConnection.INPUT_CONTENT_GRANT_READ_URI_PERMISSION) != 0) {
+ if (grantUriPermission) {
final AbstractInputMethodService inputMethodService = mInputMethodService.get();
if (inputMethodService == null) {
// This basically should not happen, because it's the the caller of this method.
return false;
}
+ // Temporarily grant URI permission.
inputMethodService.exposeContent(inputContentInfo, this);
}
-
InputContextCallback callback = InputContextCallback.getInstance();
mIInputContext.commitContent(inputContentInfo, flags, opts, callback.mSeq, callback);
synchronized (callback) {
}
}
callback.dispose();
+ // If this request is not handled, then there is no reason to keep the URI permission.
+ if (grantUriPermission && !result) {
+ inputContentInfo.releasePermission();
+ }
} catch (RemoteException e) {
return false;
}
@GuardedBy("mLock")
private IBinder mPermissionOwnerToken = null;
- InputContentUriTokenHandler(@NonNull Uri contentUri, int sourceUid,
+ static InputContentUriTokenHandler create(@NonNull Uri contentUri, int sourceUid,
@NonNull String targetPackage, @UserIdInt int sourceUserId,
@UserIdInt int targetUserId) {
- mUri = contentUri;
- mSourceUid = sourceUid;
- mTargetPackage = targetPackage;
- mSourceUserId = sourceUserId;
- mTargetUserId = targetUserId;
- }
-
- @Override
- public void take() {
- synchronized (mLock) {
- if (mPermissionOwnerToken != null) {
- // Permission is already granted.
- return;
- }
-
- try {
- mPermissionOwnerToken = ActivityManagerNative.getDefault()
- .newUriPermissionOwner("InputContentUriTokenHandler");
- } catch (RemoteException e) {
- e.rethrowFromSystemServer();
- }
-
- doTakeLocked(mPermissionOwnerToken);
+ final IBinder permissionOwner;
+ try {
+ permissionOwner = ActivityManagerNative.getDefault()
+ .newUriPermissionOwner("InputContentUriTokenHandler");
+ } catch (RemoteException e) {
+ return null;
}
- }
- private void doTakeLocked(@NonNull IBinder permissionOwner) {
long origId = Binder.clearCallingIdentity();
try {
- try {
- ActivityManagerNative.getDefault().grantUriPermissionFromOwner(
- permissionOwner, mSourceUid, mTargetPackage, mUri,
- Intent.FLAG_GRANT_READ_URI_PERMISSION, mSourceUserId, mTargetUserId);
- } catch (RemoteException e) {
- e.rethrowFromSystemServer();
- }
+ ActivityManagerNative.getDefault().grantUriPermissionFromOwner(
+ permissionOwner, sourceUserId, targetPackage, contentUri,
+ Intent.FLAG_GRANT_READ_URI_PERMISSION, sourceUserId, targetUserId);
+ } catch (RemoteException e) {
+ return null;
} finally {
Binder.restoreCallingIdentity(origId);
}
+ return new InputContentUriTokenHandler(contentUri, sourceUid, targetPackage, sourceUserId,
+ targetUserId, permissionOwner);
+ }
+
+ private InputContentUriTokenHandler(@NonNull Uri contentUri, int sourceUid,
+ @NonNull String targetPackage, @UserIdInt int sourceUserId,
+ @UserIdInt int targetUserId, @NonNull IBinder permissionOwnerToken) {
+ mUri = contentUri;
+ mSourceUid = sourceUid;
+ mTargetPackage = targetPackage;
+ mSourceUserId = sourceUserId;
+ mTargetUserId = targetUserId;
+ mPermissionOwnerToken = permissionOwnerToken;
}
@Override
}
final int imeUserId = UserHandle.getUserId(uid);
final int appUserId = UserHandle.getUserId(mCurClient.uid);
- return new InputContentUriTokenHandler(contentUri, uid, packageName, imeUserId,
+ return InputContentUriTokenHandler.create(contentUri, uid, packageName, imeUserId,
appUserId);
}
}
OSDN Git Service
