diff options
| author | 2016-12-21 12:58:51 -0800 | |
|---|---|---|
| committer | 2017-01-27 13:59:42 -0800 | |
| commit | 1db73f66624e7d151710483dd58e03eed672f064 (patch) | |
| tree | 40d09da72f244ae593284ac3bd895d078e9c4220 /services/surfaceflinger/Client.cpp | |
| parent | bf89eb7b24f930e77be57bc7b6393e39691a4d35 (diff) | |
SurfaceFlinger: Add support for non-privileged clients.
Allow clients without privilege to create child layers through scoped
connections. We enable this in preparation for allowing SurfaceView
to bypass the WindowManager. We include support for reparenting of
all of a layer's children for the WindowManager to use in cases where
one surface is replacing another (while keeping its children around).
Test: Tested with corresponding SurfaceView modifications.
Change-Id: I9920e6730d719113522a68788e63fb59f70d3406
Diffstat (limited to 'services/surfaceflinger/Client.cpp')
| -rw-r--r-- | services/surfaceflinger/Client.cpp | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/services/surfaceflinger/Client.cpp b/services/surfaceflinger/Client.cpp index 7e04fda6de..f63784e18b 100644 --- a/services/surfaceflinger/Client.cpp +++ b/services/surfaceflinger/Client.cpp @@ -35,7 +35,13 @@ const String16 sAccessSurfaceFlinger("android.permission.ACCESS_SURFACE_FLINGER" // --------------------------------------------------------------------------- Client::Client(const sp<SurfaceFlinger>& flinger) - : mFlinger(flinger) + : Client(flinger, nullptr) +{ +} + +Client::Client(const sp<SurfaceFlinger>& flinger, const sp<Layer>& parentLayer) + : mFlinger(flinger), + mParentLayer(parentLayer) { } @@ -47,6 +53,10 @@ Client::~Client() } } +void Client::setParentLayer(const sp<Layer>& parentLayer) { + mParentLayer = parentLayer; +} + status_t Client::initCheck() const { return NO_ERROR; } @@ -90,12 +100,17 @@ status_t Client::onTransact( const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); const int self_pid = getpid(); - if (CC_UNLIKELY(pid != self_pid && uid != AID_GRAPHICS && uid != AID_SYSTEM && uid != 0)) { + // If we are called from another non root process without the GRAPHICS, SYSTEM, or ROOT + // uid we require the sAccessSurfaceFlinger permission. + // We grant an exception in the case that the Client has a "parent layer", as its + // effects will be scoped to that layer. + if (CC_UNLIKELY(pid != self_pid && uid != AID_GRAPHICS && uid != AID_SYSTEM && uid != 0) + && (mParentLayer.promote() == nullptr)) { // we're called from a different process, do the real check if (!PermissionCache::checkCallingPermission(sAccessSurfaceFlinger)) { ALOGE("Permission Denial: " - "can't openGlobalTransaction pid=%d, uid=%d", pid, uid); + "can't openGlobalTransaction pid=%d, uid<=%d", pid, uid); return PERMISSION_DENIED; } } @@ -117,6 +132,14 @@ status_t Client::createSurface( return NAME_NOT_FOUND; } } + if (parent == nullptr && mParentLayer != nullptr) { + parent = mParentLayer.promote(); + // If we had a parent, but it died, we've lost all + // our capabilities. + if (parent == nullptr) { + return NAME_NOT_FOUND; + } + } /* * createSurface must be called from the GL thread so that it can |