Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a1586de2 authored by Robert Carr's avatar Robert Carr Committed by Bryan Ferris
Browse files

[RESTRICT AUTOMERGE] SurfaceFlinger: Indicate whether we have captured secure layers. 

For purposes of the screen rotation animation the system server is allowed
to capture secure (not protected) layers and trusted not to persist screenshots
which may contain secure layers. However when displaying the screen rotation animation,
the layer the screenshot is placed on will itself not be secure, so if we record
the animation the recording will contain persisted versions of the secure content. Here
we forward whether the screenshot contains secure content so that system server can do the right thing.

Bug: b/69703445
Test: Transaction_test#SetFlagsSecureEUidSystem
Change-Id: If493a39257b5e15410360a3df23f3e0fc8cf295c
parent 5c99901e

libs/gui/ISurfaceComposer.cpp

+8 −2
Original line number Diff line number Diff line
@@ -103,6 +103,7 @@ public: 
    }



    virtual status_t captureScreen(const sp<IBinder>& display, sp<GraphicBuffer>* outBuffer,

                                   bool& outCapturedSecureLayers,

                                   Rect sourceCrop, uint32_t reqWidth, uint32_t reqHeight,

                                   int32_t minLayerZ, int32_t maxLayerZ, bool useIdentityTransform,

                                   ISurfaceComposer::Rotation rotation, bool captureSecureLayers) {
@@ -130,6 +131,8 @@ public: 


        *outBuffer = new GraphicBuffer();

        reply.read(**outBuffer);

        outCapturedSecureLayers = reply.readBool();



        return err;

    }
@@ -646,12 +649,15 @@ status_t BnSurfaceComposer::onTransact( 
            int32_t rotation = data.readInt32();

            bool captureSecureLayers = static_cast<bool>(data.readInt32());



            status_t res = captureScreen(display, &outBuffer, sourceCrop, reqWidth, reqHeight,

                                         minLayerZ, maxLayerZ, useIdentityTransform,

            bool capturedSecureLayers = false;

            status_t res = captureScreen(display, &outBuffer, capturedSecureLayers, sourceCrop, reqWidth,

                                         reqHeight, minLayerZ, maxLayerZ, useIdentityTransform,

                                         static_cast<ISurfaceComposer::Rotation>(rotation), captureSecureLayers);



            reply->writeInt32(res);

            if (res == NO_ERROR) {

                reply->write(*outBuffer);

                reply->writeBool(capturedSecureLayers);

            }

            return NO_ERROR;

        }

libs/gui/SurfaceComposerClient.cpp

+6 −4
Original line number Diff line number Diff line
@@ -768,11 +768,12 @@ status_t SurfaceComposerClient::getHdrCapabilities(const sp<IBinder>& display, 
status_t ScreenshotClient::capture(const sp<IBinder>& display, Rect sourceCrop, uint32_t reqWidth,

                                   uint32_t reqHeight, int32_t minLayerZ, int32_t maxLayerZ,

                                   bool useIdentityTransform, uint32_t rotation,

                                   bool captureSecureLayers, sp<GraphicBuffer>* outBuffer) {

                                   bool captureSecureLayers, sp<GraphicBuffer>* outBuffer,

                                   bool& outCapturedSecureLayers) {

    sp<ISurfaceComposer> s(ComposerService::getComposerService());

    if (s == NULL) return NO_INIT;

    status_t ret = s->captureScreen(display, outBuffer, sourceCrop, reqWidth, reqHeight, minLayerZ,

                                    maxLayerZ, useIdentityTransform,

    status_t ret = s->captureScreen(display, outBuffer, outCapturedSecureLayers, sourceCrop,

                                    reqWidth, reqHeight, minLayerZ, maxLayerZ, useIdentityTransform,

                                    static_cast<ISurfaceComposer::Rotation>(rotation),

                                    captureSecureLayers);

    if (ret != NO_ERROR) {
@@ -785,8 +786,9 @@ status_t ScreenshotClient::capture(const sp<IBinder>& display, Rect sourceCrop, 
                                   uint32_t reqHeight, int32_t minLayerZ, int32_t maxLayerZ,

                                   bool useIdentityTransform, uint32_t rotation,

                                   sp<GraphicBuffer>* outBuffer) {

    bool ignored;

    return capture(display, sourceCrop, reqWidth, reqHeight,

            minLayerZ, maxLayerZ, useIdentityTransform, rotation, false, outBuffer);

                   minLayerZ, maxLayerZ, useIdentityTransform, rotation, false, outBuffer, ignored);

}



status_t ScreenshotClient::captureLayers(const sp<IBinder>& layerHandle, Rect sourceCrop,

libs/gui/include/gui/ISurfaceComposer.h

+13 −2
Original line number Diff line number Diff line
@@ -178,11 +178,22 @@ public: 
     * This function will fail if there is a secure window on screen.

     */

    virtual status_t captureScreen(const sp<IBinder>& display, sp<GraphicBuffer>* outBuffer,

                                   Rect sourceCrop, uint32_t reqWidth, uint32_t reqHeight,

                                   int32_t minLayerZ, int32_t maxLayerZ, bool useIdentityTransform,

                                   bool& outCapturedSecureLayers, Rect sourceCrop,

                                   uint32_t reqWidth, uint32_t reqHeight, int32_t minLayerZ,

                                   int32_t maxLayerZ, bool useIdentityTransform,

                                   Rotation rotation = eRotateNone,

                                   bool captureSecureLayers = false) = 0;



    virtual status_t captureScreen(const sp<IBinder>& display, sp<GraphicBuffer>* outBuffer,

                                   Rect sourceCrop,

                                   uint32_t reqWidth, uint32_t reqHeight, int32_t minLayerZ,

                                   int32_t maxLayerZ, bool useIdentityTransform,

                                   Rotation rotation = eRotateNone,

                                   bool captureSecureLayers = false) {

      bool ignored;

      return captureScreen(display, outBuffer, ignored, sourceCrop, reqWidth, reqHeight, minLayerZ,

                           maxLayerZ, useIdentityTransform, rotation, captureSecureLayers);

    }

    /**

     * Capture a subtree of the layer hierarchy, potentially ignoring the root node.

     */

libs/gui/include/gui/SurfaceComposerClient.h

+2 −1
Original line number Diff line number Diff line
@@ -315,7 +315,8 @@ public: 
    static status_t capture(const sp<IBinder>& display, Rect sourceCrop, uint32_t reqWidth,

                            uint32_t reqHeight, int32_t minLayerZ, int32_t maxLayerZ,

                            bool useIdentityTransform, uint32_t rotation,

                            bool captureSecureLayers, sp<GraphicBuffer>* outBuffer);

                            bool captureSecureLayers, sp<GraphicBuffer>* outBuffer,

                            bool& outCapturedSecureLayers);

    static status_t capture(const sp<IBinder>& display, Rect sourceCrop, uint32_t reqWidth,

                            uint32_t reqHeight, int32_t minLayerZ, int32_t maxLayerZ,

                            bool useIdentityTransform, uint32_t rotation,

libs/gui/tests/Surface_test.cpp

+5 −3
Original line number Diff line number Diff line
@@ -126,7 +126,7 @@ TEST_F(SurfaceTest, QueuesToWindowComposerIsTrueWhenPurgatorized) { 
}



// This test probably doesn't belong here.

TEST_F(SurfaceTest, ScreenshotsOfProtectedBuffersSucceed) {

TEST_F(SurfaceTest, ScreenshotsOfProtectedBuffersDontSucceed) {

    sp<ANativeWindow> anw(mSurface);



    // Verify the screenshot works with no protected buffers.
@@ -134,7 +134,8 @@ TEST_F(SurfaceTest, ScreenshotsOfProtectedBuffersSucceed) { 
    sp<IBinder> display(sf->getBuiltInDisplay(

            ISurfaceComposer::eDisplayIdMain));

    sp<GraphicBuffer> outBuffer;

    ASSERT_EQ(NO_ERROR, sf->captureScreen(display, &outBuffer, Rect(),

    bool ignored;

    ASSERT_EQ(NO_ERROR, sf->captureScreen(display, &outBuffer, ignored, Rect(),

            64, 64, 0, 0x7fffffff, false));



    ASSERT_EQ(NO_ERROR, native_window_api_connect(anw.get(),
@@ -165,7 +166,7 @@ TEST_F(SurfaceTest, ScreenshotsOfProtectedBuffersSucceed) { 
                &buf));

        ASSERT_EQ(NO_ERROR, anw->queueBuffer(anw.get(), buf, -1));

    }

    ASSERT_EQ(NO_ERROR, sf->captureScreen(display, &outBuffer, Rect(),

    ASSERT_EQ(NO_ERROR, sf->captureScreen(display, &outBuffer, ignored, Rect(),

            64, 64, 0, 0x7fffffff, false));

}
@@ -601,6 +602,7 @@ public: 
        ColorMode /*colorMode*/) override { return NO_ERROR; }

    status_t captureScreen(const sp<IBinder>& /*display*/,

            sp<GraphicBuffer>* /*outBuffer*/,

            bool& /* outCapturedSecureLayers */,

            Rect /*sourceCrop*/, uint32_t /*reqWidth*/, uint32_t /*reqHeight*/,

            int32_t /*minLayerZ*/, int32_t /*maxLayerZ*/,

            bool /*useIdentityTransform*/,