diff options
| author | 2016-12-21 12:58:51 -0800 | |
|---|---|---|
| committer | 2017-01-27 13:59:42 -0800 | |
| commit | 1db73f66624e7d151710483dd58e03eed672f064 (patch) | |
| tree | 40d09da72f244ae593284ac3bd895d078e9c4220 /services/surfaceflinger/SurfaceFlinger.cpp | |
| parent | bf89eb7b24f930e77be57bc7b6393e39691a4d35 (diff) | |
SurfaceFlinger: Add support for non-privileged clients.
Allow clients without privilege to create child layers through scoped
connections. We enable this in preparation for allowing SurfaceView
to bypass the WindowManager. We include support for reparenting of
all of a layer's children for the WindowManager to use in cases where
one surface is replacing another (while keeping its children around).
Test: Tested with corresponding SurfaceView modifications.
Change-Id: I9920e6730d719113522a68788e63fb59f70d3406
Diffstat (limited to 'services/surfaceflinger/SurfaceFlinger.cpp')
| -rw-r--r-- | services/surfaceflinger/SurfaceFlinger.cpp | 44 |
1 files changed, 37 insertions, 7 deletions
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp index 4798ecdedd..8cc8e318a6 100644 --- a/services/surfaceflinger/SurfaceFlinger.cpp +++ b/services/surfaceflinger/SurfaceFlinger.cpp @@ -71,6 +71,7 @@ #include "Layer.h" #include "LayerVector.h" #include "LayerDim.h" +#include "MonitoredProducer.h" #include "SurfaceFlinger.h" #include "DisplayHardware/FramebufferSurface.h" @@ -221,15 +222,29 @@ void SurfaceFlinger::binderDied(const wp<IBinder>& /* who */) startBootAnim(); } -sp<ISurfaceComposerClient> SurfaceFlinger::createConnection() -{ - sp<ISurfaceComposerClient> bclient; - sp<Client> client(new Client(this)); +static sp<ISurfaceComposerClient> initClient(const sp<Client>& client) { status_t err = client->initCheck(); if (err == NO_ERROR) { - bclient = client; + return client; } - return bclient; + return nullptr; +} + +sp<ISurfaceComposerClient> SurfaceFlinger::createConnection() { + return initClient(new Client(this)); +} + +sp<ISurfaceComposerClient> SurfaceFlinger::createScopedConnection( + const sp<IGraphicBufferProducer>& gbp) { + if (authenticateSurfaceTexture(gbp) == false) { + return nullptr; + } + const auto& layer = (static_cast<MonitoredProducer*>(gbp.get()))->getLayer(); + if (layer == nullptr) { + return nullptr; + } + + return initClient(new Client(this, layer)); } sp<IBinder> SurfaceFlinger::createDisplay(const String8& displayName, @@ -2575,6 +2590,11 @@ uint32_t SurfaceFlinger::setClientStateLocked( // We don't trigger a traversal here because if no other state is // changed, we don't want this to cause any more work } + if (what & layer_state_t::eReparentChildren) { + if (layer->reparentChildren(s.reparentHandle)) { + flags |= eTransactionNeeded|eTraversalNeeded; + } + } if (what & layer_state_t::eOverrideScalingModeChanged) { layer->setOverrideScalingMode(s.overrideScalingMode); // We don't trigger a traversal here because if no other state is @@ -3268,7 +3288,6 @@ status_t SurfaceFlinger::CheckTransactCodeCredentials(uint32_t code) { switch (code) { case CREATE_CONNECTION: case CREATE_DISPLAY: - case SET_TRANSACTION_STATE: case BOOT_FINISHED: case CLEAR_ANIMATION_FRAME_STATS: case GET_ANIMATION_FRAME_STATS: @@ -3286,6 +3305,17 @@ status_t SurfaceFlinger::CheckTransactCodeCredentials(uint32_t code) { } break; } + /* + * Calling setTransactionState is safe, because you need to have been + * granted a reference to Client* and Handle* to do anything with it. + * + * Creating a scoped connection is safe, as per discussion in ISurfaceComposer.h + */ + case SET_TRANSACTION_STATE: + case CREATE_SCOPED_CONNECTION: + { + return OK; + } case CAPTURE_SCREEN: { // codes that require permission check |