diff options
| author | 2023-01-24 00:22:31 +0000 | |
|---|---|---|
| committer | 2023-01-24 00:22:31 +0000 | |
| commit | e3ae4f39f6a15ffb6f0972c051aa7435e812ecad (patch) | |
| tree | 20a402c60f53eb2e483c708865960a3f09f23ffe /libs/gui | |
| parent | fbceef032950b5917ac701ec4283afd0e668cba1 (diff) | |
| parent | 8b172cefcbcb3856d623844f8bdffb7d9cd6a7c4 (diff) | |
Mitigate the security vulnerability by sanitizing the transaction flags. am: 3ea58dbc1d am: 8b172cefcb
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/20886664
Change-Id: I3831739ed5fe30094f64400fc38e9c8a18cf7807
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat (limited to 'libs/gui')
| -rw-r--r-- | libs/gui/LayerState.cpp | 21 | ||||
| -rw-r--r-- | libs/gui/include/gui/LayerState.h | 1 |
2 files changed, 22 insertions, 0 deletions
diff --git a/libs/gui/LayerState.cpp b/libs/gui/LayerState.cpp index bf275a5900..9654a60310 100644 --- a/libs/gui/LayerState.cpp +++ b/libs/gui/LayerState.cpp @@ -391,6 +391,27 @@ void DisplayState::merge(const DisplayState& other) { } } +void DisplayState::sanitize(int32_t permissions) { + if (what & DisplayState::eLayerStackChanged) { + if (!(permissions & layer_state_t::Permission::ACCESS_SURFACE_FLINGER)) { + what &= ~DisplayState::eLayerStackChanged; + ALOGE("Stripped attempt to set eLayerStackChanged in sanitize"); + } + } + if (what & DisplayState::eDisplayProjectionChanged) { + if (!(permissions & layer_state_t::Permission::ACCESS_SURFACE_FLINGER)) { + what &= ~DisplayState::eDisplayProjectionChanged; + ALOGE("Stripped attempt to set eDisplayProjectionChanged in sanitize"); + } + } + if (what & DisplayState::eSurfaceChanged) { + if (!(permissions & layer_state_t::Permission::ACCESS_SURFACE_FLINGER)) { + what &= ~DisplayState::eSurfaceChanged; + ALOGE("Stripped attempt to set eSurfaceChanged in sanitize"); + } + } +} + void layer_state_t::sanitize(int32_t permissions) { // TODO: b/109894387 // diff --git a/libs/gui/include/gui/LayerState.h b/libs/gui/include/gui/LayerState.h index 2a8d30d2da..e5a029b1ff 100644 --- a/libs/gui/include/gui/LayerState.h +++ b/libs/gui/include/gui/LayerState.h @@ -278,6 +278,7 @@ struct DisplayState { DisplayState(); void merge(const DisplayState& other); + void sanitize(int32_t permissions); uint32_t what; sp<IBinder> token; |