diff options
Diffstat (limited to 'services/surfaceflinger/Client.cpp')
| -rw-r--r-- | services/surfaceflinger/Client.cpp | 126 |
1 files changed, 27 insertions, 99 deletions
diff --git a/services/surfaceflinger/Client.cpp b/services/surfaceflinger/Client.cpp index 0b59147c5a..6bfd302b5c 100644 --- a/services/surfaceflinger/Client.cpp +++ b/services/surfaceflinger/Client.cpp @@ -17,7 +17,6 @@ #include <stdint.h> #include <sys/types.h> -#include <binder/PermissionCache.h> #include <binder/IPCThreadState.h> #include <private/android_filesystem_config.h> @@ -35,55 +34,10 @@ const String16 sAccessSurfaceFlinger("android.permission.ACCESS_SURFACE_FLINGER" // --------------------------------------------------------------------------- Client::Client(const sp<SurfaceFlinger>& flinger) - : Client(flinger, nullptr) + : mFlinger(flinger) { } -Client::Client(const sp<SurfaceFlinger>& flinger, const sp<Layer>& parentLayer) - : mFlinger(flinger), - mParentLayer(parentLayer) -{ -} - -Client::~Client() -{ - // We need to post a message to remove our remaining layers rather than - // do so directly by acquiring the SurfaceFlinger lock. If we were to - // attempt to directly call the lock it becomes effectively impossible - // to use sp<Client> while holding the SF lock as descoping it could - // then trigger a dead-lock. - - const size_t count = mLayers.size(); - for (size_t i=0 ; i<count ; i++) { - sp<Layer> l = mLayers.valueAt(i).promote(); - if (l == nullptr) { - continue; - } - mFlinger->postMessageAsync(new LambdaMessage([flinger = mFlinger, l]() { - flinger->removeLayer(l); - })); - } -} - -void Client::updateParent(const sp<Layer>& parentLayer) { - Mutex::Autolock _l(mLock); - - // If we didn't ever have a parent, then we must instead be - // relying on permissions and we never need a parent. - if (mParentLayer != nullptr) { - mParentLayer = parentLayer; - } -} - -sp<Layer> Client::getParentLayer(bool* outParentDied) const { - Mutex::Autolock _l(mLock); - sp<Layer> parent = mParentLayer.promote(); - if (outParentDied != nullptr) { - *outParentDied = (mParentLayer != nullptr && parent == nullptr); - } - return parent; -} - status_t Client::initCheck() const { return NO_ERROR; } @@ -118,64 +72,38 @@ sp<Layer> Client::getLayerUser(const sp<IBinder>& handle) const return lbc; } - -status_t Client::onTransact( - uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) -{ - // these must be checked - IPCThreadState* ipc = IPCThreadState::self(); - const int pid = ipc->getCallingPid(); - const int uid = ipc->getCallingUid(); - const int self_pid = getpid(); - // If we are called from another non root process without the GRAPHICS, SYSTEM, or ROOT - // uid we require the sAccessSurfaceFlinger permission. - // We grant an exception in the case that the Client has a "parent layer", as its - // effects will be scoped to that layer. - if (CC_UNLIKELY(pid != self_pid && uid != AID_GRAPHICS && uid != AID_SYSTEM && uid != 0) - && (getParentLayer() == nullptr)) { - // we're called from a different process, do the real check - if (!PermissionCache::checkCallingPermission(sAccessSurfaceFlinger)) - { - ALOGE("Permission Denial: " - "can't openGlobalTransaction pid=%d, uid<=%d", pid, uid); - return PERMISSION_DENIED; - } - } - return BnSurfaceComposerClient::onTransact(code, data, reply, flags); +status_t Client::createSurface(const String8& name, uint32_t w, uint32_t h, PixelFormat format, + uint32_t flags, const sp<IBinder>& parentHandle, + LayerMetadata metadata, sp<IBinder>* handle, + sp<IGraphicBufferProducer>* gbp) { + // We rely on createLayer to check permissions. + return mFlinger->createLayer(name, this, w, h, format, flags, std::move(metadata), handle, gbp, + parentHandle); } - -status_t Client::createSurface( - const String8& name, - uint32_t w, uint32_t h, PixelFormat format, uint32_t flags, - const sp<IBinder>& parentHandle, int32_t windowType, int32_t ownerUid, - sp<IBinder>* handle, - sp<IGraphicBufferProducer>* gbp) -{ - sp<Layer> parent = nullptr; - if (parentHandle != nullptr) { - auto layerHandle = reinterpret_cast<Layer::Handle*>(parentHandle.get()); - parent = layerHandle->owner.promote(); - if (parent == nullptr) { - return NAME_NOT_FOUND; - } - } - if (parent == nullptr) { - bool parentDied; - parent = getParentLayer(&parentDied); - // If we had a parent, but it died, we've lost all - // our capabilities. - if (parentDied) { - return NAME_NOT_FOUND; +status_t Client::createWithSurfaceParent(const String8& name, uint32_t w, uint32_t h, + PixelFormat format, uint32_t flags, + const sp<IGraphicBufferProducer>& parent, + LayerMetadata metadata, sp<IBinder>* handle, + sp<IGraphicBufferProducer>* gbp) { + if (mFlinger->authenticateSurfaceTexture(parent) == false) { + ALOGE("failed to authenticate surface texture"); + // The extra parent layer check below before returning is to help with debugging + // b/134888387. Once the bug is fixed the check can be deleted. + if ((static_cast<MonitoredProducer*>(parent.get()))->getLayer() == nullptr) { + ALOGE("failed to find parent layer"); } + return BAD_VALUE; } - return mFlinger->createLayer(name, this, w, h, format, flags, windowType, - ownerUid, handle, gbp, &parent); -} + const auto& layer = (static_cast<MonitoredProducer*>(parent.get()))->getLayer(); + if (layer == nullptr) { + ALOGE("failed to find parent layer"); + return BAD_VALUE; + } -status_t Client::destroySurface(const sp<IBinder>& handle) { - return mFlinger->onLayerRemoved(this, handle); + return mFlinger->createLayer(name, this, w, h, format, flags, std::move(metadata), handle, gbp, + nullptr, layer); } status_t Client::clearLayerFrameStats(const sp<IBinder>& handle) const { |