diff options
| -rw-r--r-- | cmds/keystore/keystore.cpp | 1 | ||||
| -rwxr-xr-x | cmds/keystore/test-keystore | 272 | ||||
| -rw-r--r-- | include/gui/SurfaceTexture.h | 5 | ||||
| -rw-r--r-- | include/surfaceflinger/Surface.h | 2 | ||||
| -rw-r--r-- | libs/gui/Surface.cpp | 4 | ||||
| -rw-r--r-- | libs/gui/SurfaceTexture.cpp | 8 | ||||
| -rw-r--r-- | libs/utils/BackupData.cpp | 3 |
7 files changed, 291 insertions, 4 deletions
diff --git a/cmds/keystore/keystore.cpp b/cmds/keystore/keystore.cpp index b48be6ef38..bbd1a1bfd6 100644 --- a/cmds/keystore/keystore.cpp +++ b/cmds/keystore/keystore.cpp @@ -363,6 +363,7 @@ public: response = writeMasterKey(pw); } if (response == NO_ERROR) { + memcpy(mMasterKey, masterKeyBlob.getValue(), MASTER_KEY_SIZE_BYTES); setupMasterKeys(); } return response; diff --git a/cmds/keystore/test-keystore b/cmds/keystore/test-keystore new file mode 100755 index 0000000000..82b276fe76 --- /dev/null +++ b/cmds/keystore/test-keystore @@ -0,0 +1,272 @@ +#!/bin/bash +# +# Copyright 2011, The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +prefix=$0 +log_file=$prefix.log +baseline_file=$prefix.baseline + +function cleanup_output() { + rm -f $log_file + rm -f $baseline_file +} + +function log() { + echo "$@" + append $log_file \# "$@" + append $baseline_file \# "$@" +} + +function expect() { + append $baseline_file "$@" +} + +function append() { + declare -r file=$1 + shift + echo "$@" >> $file +} + +function run() { + # strip out carriage returns from adb + # strip out date/time from ls -l + "$@" | tr --delete '\r' | sed -E 's/[0-9]{4}-[0-9]{2}-[0-9]{2} +[0-9]{1,2}:[0-9]{2} //' >> $log_file +} + +function keystore() { + declare -r user=$1 + shift + run adb shell su $user keystore_cli "$@" +} + +function list_keystore_directory() { + run adb shell ls -al /data/misc/keystore +} + +function compare() { + log "comparing $baseline_file and $log_file" + diff $baseline_file $log_file || (log $tag FAILED && exit 1) +} + +function test_basic() { + + # + # reset + # + log "reset keystore as system user" + keystore system r + expect "1 No error" + list_keystore_directory + + # + # basic tests as system/root + # + log "root does not have permission to run test" + keystore root t + expect "6 Permission denied" + + log "but system user does" + keystore system t + expect "3 Uninitialized" + list_keystore_directory + + log "password is now bar" + keystore system p bar + expect "1 No error" + list_keystore_directory + expect "-rw------- keystore keystore 84 .masterkey" + + log "no error implies initialized and unlocked" + keystore system t + expect "1 No error" + + log "saw with no argument" + keystore system s + expect "5 Protocol error" + + log "saw nothing" + keystore system s "" + expect "1 No error" + + log "add key baz" + keystore system i baz quux + expect "1 No error" + + log "1000 is uid of system" + list_keystore_directory + expect "-rw------- keystore keystore 84 .masterkey" + expect "-rw------- keystore keystore 52 1000_baz" + + log "saw baz" + keystore system s "" + expect "1 No error" + expect "baz" + + log "system does not have access to read any keys" + keystore system g baz + expect "6 Permission denied" + + log "however, root can read system user keys (as can wifi or vpn users)" + keystore root g baz + expect "1 No error" + expect "quux" + + # + # app user tests + # + + # app_0 has uid 10000, as seen below + log "other uses cannot see the system keys" + keystore app_0 g baz + expect "7 Key not found" + + log "app user cannot use reset, password, lock, unlock" + keystore app_0 r + expect "6 Permission denied" + keystore app_0 p + expect "6 Permission denied" + keystore app_0 l + expect "6 Permission denied" + keystore app_0 u + expect "6 Permission denied" + + log "install app_0 key" + keystore app_0 i 0x deadbeef + expect 1 No error + list_keystore_directory + expect "-rw------- keystore keystore 84 .masterkey" + expect "-rw------- keystore keystore 52 10000_0x" + expect "-rw------- keystore keystore 52 1000_baz" + + log "get with no argument" + keystore app_0 g + expect "5 Protocol error" + + keystore app_0 g 0x + expect "1 No error" + expect "deadbeef" + + keystore app_0 i fred barney + expect "1 No error" + + keystore app_0 s "" + expect "1 No error" + expect "0x" + expect "fred" + + log "note that saw returns the suffix of prefix matches" + keystore app_0 s fr # fred + expect "1 No error" + expect "ed" # fred + + # + # lock tests + # + log "lock the store as system" + keystore system l + expect "1 No error" + keystore system t + expect "2 Locked" + + log "saw works while locked" + keystore app_0 s "" + expect "1 No error" + expect "0x" + expect "fred" + + log "...but cannot read keys..." + keystore app_0 g 0x + expect "2 Locked" + + log "...but they can be deleted." + keystore app_0 e 0x + expect "1 No error" + keystore app_0 d 0x + expect "1 No error" + keystore app_0 e 0x + expect "7 Key not found" + + # + # password + # + log "wrong password" + keystore system u foo + expect "13 Wrong password (4 tries left)" + log "right password" + keystore system u bar + expect "1 No error" + + log "make the password foo" + keystore system p foo + expect "1 No error" + + # + # final reset + # + log "reset wipes everything for all users" + keystore system r + expect "1 No error" + list_keystore_directory + + keystore system t + expect "3 Uninitialized" + +} + +function test_4599735() { + # http://b/4599735 + log "start regression test for b/4599735" + keystore system r + expect "1 No error" + + keystore system p foo + expect "1 No error" + + keystore system i baz quux + expect "1 No error" + + keystore root g baz + expect "1 No error" + expect "quux" + + keystore system l + expect "1 No error" + + keystore system p foo + expect "1 No error" + + log "after unlock, regression led to result of '8 Value corrupted'" + keystore root g baz + expect "1 No error" + expect "quux" + + keystore system r + expect "1 No error" + log "end regression test for b/4599735" +} + +function main() { + cleanup_output + log $tag START + test_basic + test_4599735 + compare + log $tag PASSED + cleanup_output +} + +main diff --git a/include/gui/SurfaceTexture.h b/include/gui/SurfaceTexture.h index 9294df6743..e558dfd6c2 100644 --- a/include/gui/SurfaceTexture.h +++ b/include/gui/SurfaceTexture.h @@ -56,7 +56,7 @@ public: // tex indicates the name OpenGL texture to which images are to be streamed. // This texture name cannot be changed once the SurfaceTexture is created. - SurfaceTexture(GLuint tex); + SurfaceTexture(GLuint tex, bool allowSynchronousMode = true); virtual ~SurfaceTexture(); @@ -361,6 +361,9 @@ private: // mSynchronousMode whether we're in synchronous mode or not bool mSynchronousMode; + // mAllowSynchronousMode whether we allow synchronous mode or not + const bool mAllowSynchronousMode; + // mDequeueCondition condition used for dequeueBuffer in synchronous mode mutable Condition mDequeueCondition; diff --git a/include/surfaceflinger/Surface.h b/include/surfaceflinger/Surface.h index 8845dc9e1c..dc2a845620 100644 --- a/include/surfaceflinger/Surface.h +++ b/include/surfaceflinger/Surface.h @@ -40,6 +40,7 @@ namespace android { class GraphicBuffer; class GraphicBufferMapper; class IOMX; +class ISurfaceTexture; class Rect; class Surface; class SurfaceComposerClient; @@ -154,6 +155,7 @@ public: bool isValid(); uint32_t getFlags() const { return mFlags; } uint32_t getIdentity() const { return mIdentity; } + sp<ISurfaceTexture> getSurfaceTexture(); // the lock/unlock APIs must be used from the same thread status_t lock(SurfaceInfo* info, bool blocking = true); diff --git a/libs/gui/Surface.cpp b/libs/gui/Surface.cpp index 4d1d923a42..9185e1e993 100644 --- a/libs/gui/Surface.cpp +++ b/libs/gui/Surface.cpp @@ -421,6 +421,10 @@ status_t Surface::validate(bool inCancelBuffer) const return NO_ERROR; } +sp<ISurfaceTexture> Surface::getSurfaceTexture() { + return mSurface != NULL ? mSurface->getSurfaceTexture() : NULL; +} + sp<IBinder> Surface::asBinder() const { return mSurface!=0 ? mSurface->asBinder() : 0; } diff --git a/libs/gui/SurfaceTexture.cpp b/libs/gui/SurfaceTexture.cpp index 3cecdb401a..37e6d1187d 100644 --- a/libs/gui/SurfaceTexture.cpp +++ b/libs/gui/SurfaceTexture.cpp @@ -78,7 +78,7 @@ static float mtxRot270[16] = { static void mtxMul(float out[16], const float a[16], const float b[16]); -SurfaceTexture::SurfaceTexture(GLuint tex) : +SurfaceTexture::SurfaceTexture(GLuint tex, bool allowSynchronousMode) : mDefaultWidth(1), mDefaultHeight(1), mPixelFormat(PIXEL_FORMAT_RGBA_8888), @@ -91,7 +91,8 @@ SurfaceTexture::SurfaceTexture(GLuint tex) : mCurrentTimestamp(0), mNextTransform(0), mTexName(tex), - mSynchronousMode(false) { + mSynchronousMode(false), + mAllowSynchronousMode(allowSynchronousMode) { LOGV("SurfaceTexture::SurfaceTexture"); sp<ISurfaceComposer> composer(ComposerService::getComposerService()); mGraphicBufferAlloc = composer->createGraphicBufferAlloc(); @@ -371,6 +372,9 @@ status_t SurfaceTexture::setSynchronousMode(bool enabled) { Mutex::Autolock lock(mMutex); status_t err = OK; + if (!mAllowSynchronousMode && enabled) + return err; + if (!enabled) { // going to asynchronous mode, drain the queue while (mSynchronousMode != enabled && !mQueue.isEmpty()) { diff --git a/libs/utils/BackupData.cpp b/libs/utils/BackupData.cpp index f963058fab..8791263933 100644 --- a/libs/utils/BackupData.cpp +++ b/libs/utils/BackupData.cpp @@ -285,7 +285,8 @@ BackupDataReader::ReadNextHeader(bool* done, int* type) break; } default: - LOGD("Chunk header at %d has invalid type: 0x%08x", (int)m_pos, (int)m_header.type); + LOGD("Chunk header at %d has invalid type: 0x%08x", + (int)(m_pos - sizeof(m_header)), (int)m_header.type); m_status = EINVAL; } |