Merge "Check for any permissions before holding any sf locks" into sc-dev (6c8199f3) · Commits · e / os / platform_frameworks_native

services/surfaceflinger/SurfaceFlinger.cpp

+30 −18

Original line number	Diff line number	Diff line
		@@ -254,6 +254,11 @@ private:
		std::function<void()> mCallback;
		};

		enum Permission {
		ACCESS_SURFACE_FLINGER = 0x1,
		ROTATE_SURFACE_FLINGER = 0x2,
		};

		} // namespace anonymous

		struct SetInputWindowsListener : os::BnSetInputWindowsListener {
		@@ -3283,7 +3288,7 @@ void SurfaceFlinger::flushTransactionQueues() {
		transaction.displays, transaction.flags,
		transaction.inputWindowCommands, transaction.desiredPresentTime,
		transaction.isAutoTimestamp, transaction.buffer,
		transaction.postTime, transaction.privileged,
		transaction.postTime, transaction.permissions,
		transaction.hasListenerCallbacks, transaction.listenerCallbacks,
		transaction.originPid, transaction.originUid, transaction.id);
		}
		@@ -3356,16 +3361,23 @@ status_t SurfaceFlinger::setTransactionState(
		const std::vector<ListenerCallbacks>& listenerCallbacks, uint64_t transactionId) {
		ATRACE_CALL();

		{
		Mutex::Autolock _l(mQueueLock);
		uint32_t permissions =
		callingThreadHasUnscopedSurfaceFlingerAccess() ? Permission::ACCESS_SURFACE_FLINGER : 0;
		// Avoid checking for rotation permissions if the caller already has ACCESS_SURFACE_FLINGER
		// permissions.
		if ((permissions & Permission::ACCESS_SURFACE_FLINGER) \|\|
		callingThreadHasRotateSurfaceFlingerAccess()) {
		permissions \|= Permission::ROTATE_SURFACE_FLINGER;
		}

		const int64_t postTime = systemTime();
		bool privileged = callingThreadHasUnscopedSurfaceFlingerAccess();

		IPCThreadState* ipc = IPCThreadState::self();
		const int originPid = ipc->getCallingPid();
		const int originUid = ipc->getCallingUid();

		{
		Mutex::Autolock _l(mQueueLock);
		// If its TransactionQueue already has a pending TransactionState or if it is pending
		auto itr = mPendingTransactionQueues.find(applyToken);
		// if this is an animation frame, wait until prior animation frame has
		@@ -3400,7 +3412,7 @@ status_t SurfaceFlinger::setTransactionState(

		mTransactionQueue.emplace(frameTimelineInfo, states, displays, flags, applyToken,
		inputWindowCommands, desiredPresentTime, isAutoTimestamp,
		uncacheBuffer, postTime, privileged, hasListenerCallbacks,
		uncacheBuffer, postTime, permissions, hasListenerCallbacks,
		listenerCallbacks, originPid, originUid, transactionId);

		if (pendingTransactions \|\|
		@@ -3414,7 +3426,8 @@ status_t SurfaceFlinger::setTransactionState(
		ALOGW("eEarlyWakeup is deprecated. Use eExplicitEarlyWakeup[Start\|End]");
		}

		if (!privileged && (flags & (eExplicitEarlyWakeupStart \| eExplicitEarlyWakeupEnd))) {
		if (!(permissions & Permission::ACCESS_SURFACE_FLINGER) &&
		(flags & (eExplicitEarlyWakeupStart \| eExplicitEarlyWakeupEnd))) {
		ALOGE("Only WindowManager is allowed to use eExplicitEarlyWakeup[Start\|End] flags");
		flags &= ~(eExplicitEarlyWakeupStart \| eExplicitEarlyWakeupEnd);
		}
		@@ -3469,12 +3482,11 @@ void SurfaceFlinger::applyTransactionState(const FrameTimelineInfo& frameTimelin
		const InputWindowCommands& inputWindowCommands,
		const int64_t desiredPresentTime, bool isAutoTimestamp,
		const client_cache_t& uncacheBuffer,
		const int64_t postTime, bool privileged,
		const int64_t postTime, uint32_t permissions,
		bool hasListenerCallbacks,
		const std::vector<ListenerCallbacks>& listenerCallbacks,
		int originPid, int originUid, uint64_t transactionId) {
		uint32_t transactionFlags = 0;

		for (const DisplayState& display : displays) {
		transactionFlags \|= setDisplayStateLocked(display);
		}
		@@ -3492,7 +3504,7 @@ void SurfaceFlinger::applyTransactionState(const FrameTimelineInfo& frameTimelin
		for (const ComposerState& state : states) {
		clientStateFlags \|=
		setClientStateLocked(frameTimelineInfo, state, desiredPresentTime, isAutoTimestamp,
		postTime, privileged, listenerCallbacksWithSurfaces);
		postTime, permissions, listenerCallbacksWithSurfaces);
		if ((flags & eAnimation) && state.state.surface) {
		if (const auto layer = fromHandleLocked(state.state.surface).promote(); layer) {
		mScheduler->recordLayerHistory(layer.get(),
		@@ -3512,7 +3524,7 @@ void SurfaceFlinger::applyTransactionState(const FrameTimelineInfo& frameTimelin
		}
		transactionFlags \|= clientStateFlags;

		if (privileged) {
		if (permissions & Permission::ACCESS_SURFACE_FLINGER) {
		transactionFlags \|= addInputWindowCommands(inputWindowCommands);
		} else if (!inputWindowCommands.empty()) {
		ALOGE("Only privileged callers are allowed to send input commands.");
		@@ -3616,10 +3628,10 @@ bool SurfaceFlinger::callingThreadHasUnscopedSurfaceFlingerAccess(bool usePermis

		uint32_t SurfaceFlinger::setClientStateLocked(
		const FrameTimelineInfo& frameTimelineInfo, const ComposerState& composerState,
		int64_t desiredPresentTime, bool isAutoTimestamp, int64_t postTime, bool privileged,
		int64_t desiredPresentTime, bool isAutoTimestamp, int64_t postTime, uint32_t permissions,
		std::unordered_set<ListenerCallbacks, ListenerCallbacksHash>& listenerCallbacks) {
		const layer_state_t& s = composerState.state;

		const bool privileged = permissions & Permission::ACCESS_SURFACE_FLINGER;
		for (auto& listener : s.listeners) {
		// note that startRegistration will not re-register if the listener has
		// already be registered for a prior surface control
		@@ -3744,8 +3756,8 @@ uint32_t SurfaceFlinger::setClientStateLocked(
		// ACCESS_SURFACE_FLINGER nor ROTATE_SURFACE_FLINGER
		// (a.k.a. everyone except WindowManager / tests / Launcher) from setting non rectangle
		// preserving transformations.
		bool allowNonRectPreservingTransforms =
		privileged \|\| callingThreadHasRotateSurfaceFlingerAccess();
		const bool allowNonRectPreservingTransforms =
		permissions & Permission::ROTATE_SURFACE_FLINGER;
		if (layer->setMatrix(s.matrix, allowNonRectPreservingTransforms)) flags \|= eTraversalNeeded;
		}
		if (what & layer_state_t::eTransparentRegionChanged) {

services/surfaceflinger/SurfaceFlinger.h

+6 −5

Original line number	Diff line number	Diff line
		@@ -344,7 +344,8 @@ protected:

		virtual uint32_t setClientStateLocked(
		const FrameTimelineInfo& info, const ComposerState& composerState,
		int64_t desiredPresentTime, bool isAutoTimestamp, int64_t postTime, bool privileged,
		int64_t desiredPresentTime, bool isAutoTimestamp, int64_t postTime,
		uint32_t permissions,
		std::unordered_set<ListenerCallbacks, ListenerCallbacksHash>& listenerCallbacks)
		REQUIRES(mStateLock);
		virtual void commitTransactionLocked();
		@@ -441,7 +442,7 @@ private:
		const sp<IBinder>& applyToken,
		const InputWindowCommands& inputWindowCommands, int64_t desiredPresentTime,
		bool isAutoTimestamp, const client_cache_t& uncacheBuffer,
		int64_t postTime, bool privileged, bool hasListenerCallbacks,
		int64_t postTime, uint32_t permissions, bool hasListenerCallbacks,
		std::vector<ListenerCallbacks> listenerCallbacks, int originPid,
		int originUid, uint64_t transactionId)
		: frameTimelineInfo(frameTimelineInfo),
		@@ -454,7 +455,7 @@ private:
		isAutoTimestamp(isAutoTimestamp),
		buffer(uncacheBuffer),
		postTime(postTime),
		privileged(privileged),
		permissions(permissions),
		hasListenerCallbacks(hasListenerCallbacks),
		listenerCallbacks(listenerCallbacks),
		originPid(originPid),
		@@ -471,7 +472,7 @@ private:
		const bool isAutoTimestamp;
		client_cache_t buffer;
		const int64_t postTime;
		bool privileged;
		uint32_t permissions;
		bool hasListenerCallbacks;
		std::vector<ListenerCallbacks> listenerCallbacks;
		int originPid;
		@@ -736,7 +737,7 @@ private:
		const InputWindowCommands& inputWindowCommands,
		const int64_t desiredPresentTime, bool isAutoTimestamp,
		const client_cache_t& uncacheBuffer, const int64_t postTime,
		bool privileged, bool hasListenerCallbacks,
		uint32_t permissions, bool hasListenerCallbacks,
		const std::vector<ListenerCallbacks>& listenerCallbacks,
		int originPid, int originUid, uint64_t transactionId)
		REQUIRES(mStateLock);