Only allow system and graphics to create secure displays - platform/frameworks/native

diff options

author	chaviw <chaviw@google.com>	2020-09-01 14:53:46 -0700
committer	chaviw <chaviw@google.com>	2020-09-15 11:44:46 -0700
commit	d4a61643bf032551c945c409b4572efd29223220 (patch)
tree	8a1a7b1c01e989dbf77996caf9293db6da632a7f /libs/renderengine/RenderEngine.cpp
parent	934e82a98dd5a528bef61e035db412963f9ab5f3 (diff)

Only allow system and graphics to create secure displays

Previously, we allowed any process that had the permission ACCESS_SURFACE_FLINGER to create a display, either secure or not secure. The shell process needs this permission to create a display for screen recording. However, we just shouldn't allow any process to create a secure display since that would allow them to render secure content. Instead, only allow system and graphics to create secure displays. Fixes: 154721930 Test: Modified screenrecord to create secure display, which fails Test: SurfaceFlinger_test Test: SurfaceInterceptorTest Test: DisplayTransactionTest Change-Id: Ib3c5b6c8abd41f3f6fc6a71273cb2a17bfdba959

Diffstat (limited to 'libs/renderengine/RenderEngine.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: