From 00bf64278b0d2c13a6f1a2f8616736881414597b Mon Sep 17 00:00:00 2001 From: Krzysztof KosiƄski Date: Mon, 2 Apr 2018 09:49:07 -0700 Subject: Do not allocate protected AHardwareBuffers with CPU access. Depending on the gralloc implementation, allocating AHardwareBuffers with PROTECTED_CONTENT usage and nonzero CPU read or write mask may succeed, but the buffer won't be accessible by the CPU - either because the lock() call will fail, or there will be memory violation when trying to access the memory. Prevent allocating such buffers. Bug: 77461051 Test: Builds and passes CtsNativeHardwareTestCases on Pixel XL. Change-Id: I822c9fb2d8ce24cd0c0fc0ac765b7a71fd372199 --- libs/nativewindow/AHardwareBuffer.cpp | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'libs/nativewindow/AHardwareBuffer.cpp') diff --git a/libs/nativewindow/AHardwareBuffer.cpp b/libs/nativewindow/AHardwareBuffer.cpp index f37ef289b3..49ffc8f221 100644 --- a/libs/nativewindow/AHardwareBuffer.cpp +++ b/libs/nativewindow/AHardwareBuffer.cpp @@ -60,6 +60,13 @@ int AHardwareBuffer_allocate(const AHardwareBuffer_Desc* desc, AHardwareBuffer** return BAD_VALUE; } + if ((desc->usage & (AHARDWAREBUFFER_USAGE_CPU_READ_MASK | AHARDWAREBUFFER_USAGE_CPU_WRITE_MASK)) && + (desc->usage & AHARDWAREBUFFER_USAGE_PROTECTED_CONTENT)) { + ALOGE("AHARDWAREBUFFER_USAGE_PROTECTED_CONTENT requires AHARDWAREBUFFER_USAGE_CPU_READ_NEVER " + "and AHARDWAREBUFFER_USAGE_CPU_WRITE_NEVER"); + return BAD_VALUE; + } + uint64_t usage = AHardwareBuffer_convertToGrallocUsageBits(desc->usage); sp gbuffer(new GraphicBuffer( desc->width, desc->height, format, desc->layers, usage, -- cgit v1.2.3-59-g8ed1b