Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f1ad68a1 authored by Patrick Williams's avatar Patrick Williams
Browse files

Fix transaction sanitization 

Bug: 336648041
Bug: 336648613
Test: CredentialsTest
Change-Id: I53894d014bfabc9c958a6f533d7e3b3a6dcd0a34
(cherry picked from commit 04e41761)
Merged-In: I53894d014bfabc9c958a6f533d7e3b3a6dcd0a34
parent 695e8deb

services/surfaceflinger/SurfaceFlinger.cpp

+1 −1
Original line number Diff line number Diff line
@@ -4513,7 +4513,7 @@ status_t SurfaceFlinger::setTransactionState( 
    const int originPid = ipc->getCallingPid();

    const int originUid = ipc->getCallingUid();

    uint32_t permissions = LayerStatePermissions::getTransactionPermissions(originPid, originUid);

    for (auto composerState : states) {

    for (auto& composerState : states) {

        composerState.state.sanitize(permissions);

    }

services/surfaceflinger/tests/Credentials_test.cpp

+13 −5
Original line number Diff line number Diff line
@@ -401,8 +401,13 @@ TEST_F(CredentialsTest, TransactionPermissionTest) { 
                .apply();

    }



    // Called from non privileged process

    Transaction().setTrustedOverlay(surfaceControl, true);

    // Attempt to set a trusted overlay from a non-privileged process. This should fail silently.

    {

        UIDFaker f{AID_BIN};

        Transaction().setTrustedOverlay(surfaceControl, true).apply(/*synchronous=*/true);

    }



    // Verify that the layer was not made a trusted overlay.

    {

        UIDFaker f(AID_SYSTEM);

        auto windowIsPresentAndNotTrusted = [&](const std::vector<WindowInfo>& windowInfos) {
@@ -413,12 +418,14 @@ TEST_F(CredentialsTest, TransactionPermissionTest) { 
            }

            return !foundWindowInfo->inputConfig.test(WindowInfo::InputConfig::TRUSTED_OVERLAY);

        };

        windowInfosListenerUtils.waitForWindowInfosPredicate(windowIsPresentAndNotTrusted);

        ASSERT_TRUE(

                windowInfosListenerUtils.waitForWindowInfosPredicate(windowIsPresentAndNotTrusted));

    }



    // Verify that privileged processes are able to set trusted overlays.

    {

        UIDFaker f(AID_SYSTEM);

        Transaction().setTrustedOverlay(surfaceControl, true);

        Transaction().setTrustedOverlay(surfaceControl, true).apply(/*synchronous=*/true);

        auto windowIsPresentAndTrusted = [&](const std::vector<WindowInfo>& windowInfos) {

            auto foundWindowInfo =

                    WindowInfosListenerUtils::findMatchingWindowInfo(windowInfo, windowInfos);
@@ -427,7 +434,8 @@ TEST_F(CredentialsTest, TransactionPermissionTest) { 
            }

            return foundWindowInfo->inputConfig.test(WindowInfo::InputConfig::TRUSTED_OVERLAY);

        };

        windowInfosListenerUtils.waitForWindowInfosPredicate(windowIsPresentAndTrusted);

        ASSERT_TRUE(

                windowInfosListenerUtils.waitForWindowInfosPredicate(windowIsPresentAndTrusted));

    }

}