sf: vds: Add support for secure virtual displays (9163a89a) · Commits · e / devices / smdk4412 / android_frameworks_native

services/surfaceflinger/DisplayHardware/VirtualDisplaySurface.cpp

+27 −3

Original line number	Diff line number	Diff line
		@@ -53,7 +53,8 @@ VirtualDisplaySurface::VirtualDisplaySurface(HWComposer& hwc,
		const sp<IGraphicBufferProducer>& sink,
		const sp<IGraphicBufferProducer>& bqProducer,
		const sp<IGraphicBufferConsumer>& bqConsumer,
		const String8& name)
		const String8& name,
		bool secure)
		: ConsumerBase(bqConsumer),
		mHwc(hwc),
		mDisplayId(NO_MEMORY),
		@@ -63,7 +64,8 @@ VirtualDisplaySurface::VirtualDisplaySurface(HWComposer& hwc,
		mDbgState(DBG_STATE_IDLE),
		mDbgLastCompositionType(COMPOSITION_UNKNOWN),
		mMustRecompose(false),
		mForceHwcCopy(false)
		mForceHwcCopy(false),
		mSecure(false)
		{
		mSource[SOURCE_SINK] = sink;
		mSource[SOURCE_SCRATCH] = bqProducer;
		@@ -90,6 +92,11 @@ VirtualDisplaySurface::VirtualDisplaySurface(HWComposer& hwc,
		{
		mDefaultOutputFormat = HAL_PIXEL_FORMAT_IMPLEMENTATION_DEFINED;
		mForceHwcCopy = true;
		//Set secure flag only if the session requires HW protection, currently
		//there is no other way to distinguish different security protection levels
		//This allows Level-3 sessions(eg.simulated displayes) to get
		//buffers from IOMMU heap and not MM (secure) heap.
		mSecure = secure;
		}

		// XXX: With this debug property we can allow screenrecord to be composed
		@@ -114,6 +121,7 @@ VirtualDisplaySurface::VirtualDisplaySurface(HWComposer& hwc,
		VDS_LOGV("creation: sinkFormat: 0x%x sinkUsage: 0x%x mForceHwcCopy: %d",
		mOutputFormat, sinkUsage, mForceHwcCopy);

		setOutputUsage();
		resetPerFrameState();

		ConsumerBase::mName = String8::format("VDS: %s", mDisplayName.string());
		@@ -126,6 +134,22 @@ VirtualDisplaySurface::VirtualDisplaySurface(HWComposer& hwc,
		VirtualDisplaySurface::~VirtualDisplaySurface() {
		}

		// helper to update the output usage when the display is secure
		void VirtualDisplaySurface::setOutputUsage() {
		mOutputUsage = GRALLOC_USAGE_HW_COMPOSER;
		if (mSecure) {
		//TODO: Currently, the framework can only say whether the display
		//and its subsequent session are secure or not. However, there is
		//no mechanism to distinguish the different levels of security.
		//The current solution assumes WV L3 protection.
		mOutputUsage \|= GRALLOC_USAGE_PROTECTED;
		#ifdef QCOM_BSP
		mOutputUsage \|= GRALLOC_USAGE_PRIVATE_MM_HEAP \|
		GRALLOC_USAGE_PRIVATE_UNCACHED;
		#endif
		}
		}

		status_t VirtualDisplaySurface::beginFrame(bool mustRecompose) {
		if (mDisplayId < 0)
		return NO_ERROR;
		@@ -180,7 +204,7 @@ status_t VirtualDisplaySurface::prepareFrame(CompositionType compositionType) {
		// format/usage and get a new buffer when the GLES driver calls
		// dequeueBuffer().
		mOutputFormat = mDefaultOutputFormat;
		mOutputUsage = GRALLOC_USAGE_HW_COMPOSER;
		setOutputUsage();
		refreshOutputBuffer();
		}

services/surfaceflinger/DisplayHardware/VirtualDisplaySurface.h

+6 −1

Original line number	Diff line number	Diff line
		@@ -76,7 +76,8 @@ public:
		const sp<IGraphicBufferProducer>& sink,
		const sp<IGraphicBufferProducer>& bqProducer,
		const sp<IGraphicBufferConsumer>& bqConsumer,
		const String8& name);
		const String8& name,
		bool secure);

		//
		// DisplaySurface interface
		@@ -125,6 +126,7 @@ private:
		void updateQueueBufferOutput(const QueueBufferOutput& qbo);
		void resetPerFrameState();
		status_t refreshOutputBuffer();
		void setOutputUsage();

		// Both the sink and scratch buffer pools have their own set of slots
		// ("source slots", or "sslot"). We have to merge these into the single
		@@ -153,6 +155,9 @@ private:
		// or not.
		int32_t mDisplayId;

		// secure flag
		bool mSecure;

		//
		// Inter-frame state
		//

services/surfaceflinger/SurfaceFlinger.cpp

+6 −3

Original line number	Diff line number	Diff line
		@@ -1259,7 +1259,8 @@ void SurfaceFlinger::configureVirtualDisplay(int32_t &hwcDisplayId,
		if(!wfdVirtual) {
		// This is for non-wfd virtual display scenarios(e.g. SSD/SR/CTS)
		sp<VirtualDisplaySurface> vds = new VirtualDisplaySurface(*mHwc,
		hwcDisplayId, state.surface, bqProducer, bqConsumer, state.displayName);
		hwcDisplayId, state.surface, bqProducer, bqConsumer,
		state.displayName, state.isSecure);
		dispSurface = vds;
		// There won't be any interaction with HWC for this virtual display.
		// so the GLES driver can pass buffers directly to the sink.
		@@ -1279,7 +1280,8 @@ void SurfaceFlinger::configureVirtualDisplay(int32_t &hwcDisplayId,
		// WFD virtual display instance gets valid hwcDisplayId and
		// SSD/SR will get invalid hwcDisplayId
		sp<VirtualDisplaySurface> vds = new VirtualDisplaySurface(*mHwc,
		hwcDisplayId, state.surface, bqProducer, bqConsumer, state.displayName);
		hwcDisplayId, state.surface, bqProducer, bqConsumer,
		state.displayName, state.isSecure);
		dispSurface = vds;
		// There won't be any interaction with HWC for this virtual
		// display, so the GLES driver can pass buffers directly to the
		@@ -1295,7 +1297,8 @@ void SurfaceFlinger::configureVirtualDisplay(int32_t &hwcDisplayId,
		// mForceHwcCopy (which is based on Usage Flags)

		sp<VirtualDisplaySurface> vds = new VirtualDisplaySurface(*mHwc,
		hwcDisplayId, state.surface, bqProducer, bqConsumer, state.displayName);
		hwcDisplayId, state.surface, bqProducer, bqConsumer,
		state.displayName, state.isSecure);
		dispSurface = vds;
		if (hwcDisplayId >= 0) {
		producer = vds;