Mitigate the security vulnerability by sanitizing the transaction flags. - platform/frameworks/native

diff options

author	Sally Qi <sallyqi@google.com>	2022-10-05 11:42:30 -0700
committer	Sally Qi <sallyqi@google.com>	2023-01-23 10:57:42 -0800
commit	03d4458ea0cb00c28f695d99aae5e4c6b15fc237 (patch)
tree	c0fb21071d596a24c0103c3b198e0f36e83e59e5 /libs/gui/BLASTBufferQueue.cpp
parent	c7df484a6f4265d20418fc64c46ead350f794a0c (diff)

Mitigate the security vulnerability by sanitizing the transaction flags.

- This is part of fix of commit Id9d9012d4ede9c8330f0ce1096bcb78e51b7c5df for backporting. - Part of commit Id9d9012d4ede9c8330f0ce1096bcb78e51b7c5df which sanitizes the transaction flags from DisplayState instead. - In rvc, we only have ACCESS_SURFACE_FLINGER permission check passed as `privileged` argument in SF::applyTransactionState. We can directly utilize it for sanitization in DiaplyState. - In rvc code base, SF::setTransactionState pass a const array of displayState objects and then call SF::applyTransactionState. To successfully sanitize the flags for each displayState object, we convert this const array into non-const one before calling SF::applyTransactionState. Bug: 248031255 Test: test using displaytoken app manually on the phone, test shell screenrecord during using displaytoken; atest android.hardware.camera2.cts.FastBasicsTest Change-Id: Id9d9012d4ede9c8330f0ce1096bcb78e51b7c5df Merged-In: Id9d9012d4ede9c8330f0ce1096bcb78e51b7c5df

Diffstat (limited to 'libs/gui/BLASTBufferQueue.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: