Refactor SurfaceFlinger::onTransact (6e8e98a2) · Commits · e / os / platform_frameworks_native

services/surfaceflinger/SurfaceFlinger.cpp

+13 −7

Original line number	Diff line number	Diff line
		@@ -3215,9 +3215,7 @@ bool SurfaceFlinger::startDdmConnection()
		return true;
		}

		status_t SurfaceFlinger::onTransact(
		uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
		{
		status_t SurfaceFlinger::CheckTransactCodeCredentials(uint32_t code) {
		switch (code) {
		case CREATE_CONNECTION:
		case CREATE_DISPLAY:
		@@ -3234,8 +3232,7 @@ status_t SurfaceFlinger::onTransact(
		const int uid = ipc->getCallingUid();
		if ((uid != AID_GRAPHICS && uid != AID_SYSTEM) &&
		!PermissionCache::checkPermission(sAccessSurfaceFlinger, pid, uid)) {
		ALOGE("Permission Denial: "
		"can't access SurfaceFlinger pid=%d, uid=%d", pid, uid);
		ALOGE("Permission Denial: can't access SurfaceFlinger pid=%d, uid=%d", pid, uid);
		return PERMISSION_DENIED;
		}
		break;
		@@ -3248,13 +3245,22 @@ status_t SurfaceFlinger::onTransact(
		const int uid = ipc->getCallingUid();
		if ((uid != AID_GRAPHICS) &&
		!PermissionCache::checkPermission(sReadFramebuffer, pid, uid)) {
		ALOGE("Permission Denial: "
		"can't read framebuffer pid=%d, uid=%d", pid, uid);
		ALOGE("Permission Denial: can't read framebuffer pid=%d, uid=%d", pid, uid);
		return PERMISSION_DENIED;
		}
		break;
		}
		}
		return OK;
		}

		status_t SurfaceFlinger::onTransact(
		uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
		{
		status_t credentialCheck = CheckTransactCodeCredentials(code);
		if (credentialCheck != OK) {
		return credentialCheck;
		}

		status_t err = BnSurfaceComposer::onTransact(code, data, reply, flags);
		if (err == UNKNOWN_TRANSACTION \|\| err == PERMISSION_DENIED) {

+5 −1

Original line number	Diff line number	Diff line
		@@ -582,6 +582,10 @@ private:
		};
		mutable Mutex mBufferingStatsMutex;
		std::unordered_map<std::string, BufferingStats> mBufferingStats;

		// Verify that transaction is being called by an approved process:
		// either AID_GRAPHICS or AID_SYSTEM.
		status_t CheckTransactCodeCredentials(uint32_t code);
		};

		}; // namespace android