The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ac96551d22ac7ff8389760422dd9641e72e878f0

commit ac96551d22ac7ff8389760422dd9641e72e878f0
Author: jamescook <jamescook@chromium.org>
Date: Wed May 25 23:09:58 2016

mus: Don't allow SetEventObserver to monitor key events

It should only be allowed to monitor mouse/touch events. Otherwise a malicious
or compromised app could spy on keystrokes for another app.

BUG= 614792 
TEST=added to mus_ws_unittests

Review-Url: https://codereview.chromium.org/2016443003
Cr-Commit-Position: refs/heads/master@{#396032}

[modify] https://crrev.com/ac96551d22ac7ff8389760422dd9641e72e878f0/components/mus/ws/window_tree.cc
[modify] https://crrev.com/ac96551d22ac7ff8389760422dd9641e72e878f0/components/mus/ws/window_tree_unittest.cc

A note from me from the review about the accelerator interfaces:

"I just talked to ben@ and sky@. I can't say I understand all the details, but
the WindowTree AddAccelerator code can only be invoked by the window manager
(via the WindowManagerClient interface, which is an associated interface on the
window manager's connection to the WS WindowTree interface). Arbitrary apps
can't bind to that interface.

The window manager exports an AcceleratorRegistrar interface, but this can only
be accessed by apps requesting the capability "mus:window_manager" in their
manifest.json files. app_driver is the only app that does this, for things like
making Ctrl-N open a browser when none is running. Apps cannot request new
capabilities at runtime, so a compromised renderer can't get that interface and
install accelerators to spy on keys."