Merge "Mitigate the security vulnerability by sanitizing the transaction... (48e16201) · Commits · e / os / platform_frameworks_native

libs/gui/LayerState.cpp

+21 −0

Original line number	Diff line number	Diff line
		@@ -353,6 +353,27 @@ void DisplayState::merge(const DisplayState& other) {
		}
		}

		void DisplayState::sanitize(int32_t permissions) {
		if (what & DisplayState::eLayerStackChanged) {
		if (!(permissions & layer_state_t::Permission::ACCESS_SURFACE_FLINGER)) {
		what &= ~DisplayState::eLayerStackChanged;
		ALOGE("Stripped attempt to set eLayerStackChanged in sanitize");
		}
		}
		if (what & DisplayState::eDisplayProjectionChanged) {
		if (!(permissions & layer_state_t::Permission::ACCESS_SURFACE_FLINGER)) {
		what &= ~DisplayState::eDisplayProjectionChanged;
		ALOGE("Stripped attempt to set eDisplayProjectionChanged in sanitize");
		}
		}
		if (what & DisplayState::eSurfaceChanged) {
		if (!(permissions & layer_state_t::Permission::ACCESS_SURFACE_FLINGER)) {
		what &= ~DisplayState::eSurfaceChanged;
		ALOGE("Stripped attempt to set eSurfaceChanged in sanitize");
		}
		}
		}

		void layer_state_t::sanitize(int32_t permissions) {
		// TODO: b/109894387
		//

+1 −0

Original line number	Diff line number	Diff line
		@@ -320,6 +320,7 @@ struct DisplayState {

		DisplayState();
		void merge(const DisplayState& other);
		void sanitize(int32_t permissions);

		uint32_t what = 0;
		uint32_t flags = 0;

+3 −2

Original line number	Diff line number	Diff line
		@@ -4167,7 +4167,7 @@ status_t SurfaceFlinger::setTransactionState(

		bool SurfaceFlinger::applyTransactionState(const FrameTimelineInfo& frameTimelineInfo,
		Vector<ComposerState>& states,
		const Vector<DisplayState>& displays, uint32_t flags,
		Vector<DisplayState>& displays, uint32_t flags,
		const InputWindowCommands& inputWindowCommands,
		const int64_t desiredPresentTime, bool isAutoTimestamp,
		const client_cache_t& uncacheBuffer,
		@@ -4176,7 +4176,8 @@ bool SurfaceFlinger::applyTransactionState(const FrameTimelineInfo& frameTimelin
		const std::vector<ListenerCallbacks>& listenerCallbacks,
		int originPid, int originUid, uint64_t transactionId) {
		uint32_t transactionFlags = 0;
		for (const DisplayState& display : displays) {
		for (DisplayState& display : displays) {
		display.sanitize(permissions);
		transactionFlags \|= setDisplayStateLocked(display);
		}

+1 −1

Original line number	Diff line number	Diff line
		@@ -760,7 +760,7 @@ private:
		* Transactions
		*/
		bool applyTransactionState(const FrameTimelineInfo& info, Vector<ComposerState>& state,
		const Vector<DisplayState>& displays, uint32_t flags,
		Vector<DisplayState>& displays, uint32_t flags,
		const InputWindowCommands& inputWindowCommands,
		const int64_t desiredPresentTime, bool isAutoTimestamp,
		const client_cache_t& uncacheBuffer, const int64_t postTime,

+1 −1

File changed.

Contains only whitespace changes.