Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cb57534e authored by Vladimir Komsiyski's avatar Vladimir Komsiyski Committed by Android (Google) Code Review
Browse files

Merge "Allow system windows for virtual devices only on trusted displays." into main

parents 58d4e381 2cf25e0d

services/core/java/com/android/server/policy/PhoneWindowManager.java

+2 −1
Original line number Diff line number Diff line
@@ -3204,8 +3204,9 @@ public class PhoneWindowManager implements WindowManagerPolicy { 
            return ADD_OKAY;

        }



        // Allow virtual device owners to add overlays on the displays they own.

        // Allow virtual device owners to add overlays on the trusted displays they own.

        if (mWindowManagerFuncs.isCallerVirtualDeviceOwner(displayId, callingUid)

                && mWindowManagerFuncs.isDisplayTrusted(displayId)

                && mContext.checkCallingOrSelfPermission(CREATE_VIRTUAL_DEVICE)

                == PERMISSION_GRANTED) {

            return ADD_OKAY;

services/core/java/com/android/server/policy/WindowManagerPolicy.java

+5 −0
Original line number Diff line number Diff line
@@ -368,6 +368,11 @@ public interface WindowManagerPolicy extends WindowManagerPolicyConstants { 
         * belongs to.

         */

        boolean isCallerVirtualDeviceOwner(int displayId, int callingUid);



        /**

         * Returns whether the display with the given ID is trusted.

         */

        boolean isDisplayTrusted(int displayId);

    }



    /**

services/core/java/com/android/server/wm/DisplayPolicy.java

+2 −1
Original line number Diff line number Diff line
@@ -1073,7 +1073,8 @@ public class DisplayPolicy { 


        final String systemUiPermission =

                mService.isCallerVirtualDeviceOwner(mDisplayContent.getDisplayId(), callingUid)

                        // Allow virtual device owners to add system windows on their displays.

                        && mDisplayContent.isTrusted()

                        // Virtual device owners can add system windows on their trusted displays.

                        ? android.Manifest.permission.CREATE_VIRTUAL_DEVICE

                        : android.Manifest.permission.STATUS_BAR_SERVICE;

services/core/java/com/android/server/wm/WindowManagerService.java

+16 −0
Original line number Diff line number Diff line
@@ -10172,6 +10172,22 @@ public class WindowManagerService extends IWindowManager.Stub 
        }

    }



    /**

     * Returns whether the display with the given ID is trusted.

     */

    @Override

    public boolean isDisplayTrusted(int displayId) {

        final long identity = Binder.clearCallingIdentity();

        try {

            synchronized (mGlobalLock) {

                DisplayContent dc = mRoot.getDisplayContent(displayId);

                return dc != null && dc.isTrusted();

            }

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    @RequiresPermission(ACCESS_SURFACE_FLINGER)

    @Override

    public boolean replaceContentOnDisplay(int displayId, SurfaceControl sc) {