Loading libs/gui/include/gui/ISurfaceComposer.h +3 −3 Original line number Diff line number Diff line Loading @@ -220,12 +220,12 @@ public: class BnSurfaceComposer: public BnInterface<ISurfaceComposer> { public: enum { enum ISurfaceComposerTag { // Note: BOOT_FINISHED must remain this value, it is called from // Java by ActivityManagerService. BOOT_FINISHED = IBinder::FIRST_CALL_TRANSACTION, CREATE_CONNECTION, UNUSED, // formerly CREATE_GRAPHIC_BUFFER_ALLOC CREATE_GRAPHIC_BUFFER_ALLOC_UNUSED, // unused, fails permissions check CREATE_DISPLAY_EVENT_CONNECTION, CREATE_DISPLAY, DESTROY_DISPLAY, Loading @@ -236,7 +236,7 @@ public: GET_DISPLAY_CONFIGS, GET_ACTIVE_CONFIG, SET_ACTIVE_CONFIG, CONNECT_DISPLAY, CONNECT_DISPLAY_UNUSED, // unused, fails permissions check CAPTURE_SCREEN, CAPTURE_LAYERS, CLEAR_ANIMATION_FRAME_STATS, Loading services/inputflinger/InputReader.cpp +26 −7 Original line number Diff line number Diff line Loading @@ -3089,6 +3089,7 @@ TouchInputMapper::TouchInputMapper(InputDevice* device) : InputMapper(device), mSource(0), mDeviceMode(DEVICE_MODE_DISABLED), mSurfaceWidth(-1), mSurfaceHeight(-1), mSurfaceLeft(0), mSurfaceTop(0), mPhysicalWidth(-1), mPhysicalHeight(-1), mPhysicalLeft(0), mPhysicalTop(0), mSurfaceOrientation(DISPLAY_ORIENTATION_0) { } Loading Loading @@ -3596,6 +3597,11 @@ void TouchInputMapper::configureSurface(nsecs_t when, bool* outResetNeeded) { break; } mPhysicalWidth = naturalPhysicalWidth; mPhysicalHeight = naturalPhysicalHeight; mPhysicalLeft = naturalPhysicalLeft; mPhysicalTop = naturalPhysicalTop; mSurfaceWidth = naturalLogicalWidth * naturalDeviceWidth / naturalPhysicalWidth; mSurfaceHeight = naturalLogicalHeight * naturalDeviceHeight / naturalPhysicalHeight; mSurfaceLeft = naturalPhysicalLeft * naturalLogicalWidth / naturalPhysicalWidth; Loading @@ -3604,6 +3610,11 @@ void TouchInputMapper::configureSurface(nsecs_t when, bool* outResetNeeded) { mSurfaceOrientation = mParameters.orientationAware ? mViewport.orientation : DISPLAY_ORIENTATION_0; } else { mPhysicalWidth = rawWidth; mPhysicalHeight = rawHeight; mPhysicalLeft = 0; mPhysicalTop = 0; mSurfaceWidth = rawWidth; mSurfaceHeight = rawHeight; mSurfaceLeft = 0; Loading Loading @@ -3914,6 +3925,10 @@ void TouchInputMapper::dumpSurface(std::string& dump) { dump += StringPrintf(INDENT3 "SurfaceHeight: %dpx\n", mSurfaceHeight); dump += StringPrintf(INDENT3 "SurfaceLeft: %d\n", mSurfaceLeft); dump += StringPrintf(INDENT3 "SurfaceTop: %d\n", mSurfaceTop); dump += StringPrintf(INDENT3 "PhysicalWidth: %dpx\n", mPhysicalWidth); dump += StringPrintf(INDENT3 "PhysicalHeight: %dpx\n", mPhysicalHeight); dump += StringPrintf(INDENT3 "PhysicalLeft: %d\n", mPhysicalLeft); dump += StringPrintf(INDENT3 "PhysicalTop: %d\n", mPhysicalTop); dump += StringPrintf(INDENT3 "SurfaceOrientation: %d\n", mSurfaceOrientation); } Loading Loading @@ -5120,10 +5135,10 @@ void TouchInputMapper::cookPointerData() { } break; case DISPLAY_ORIENTATION_180: x = float(mRawPointerAxes.x.maxValue - xTransformed) * mXScale + mXTranslate; x = float(mRawPointerAxes.x.maxValue - xTransformed) * mXScale; y = float(mRawPointerAxes.y.maxValue - yTransformed) * mYScale + mYTranslate; left = float(mRawPointerAxes.x.maxValue - rawRight) * mXScale + mXTranslate; right = float(mRawPointerAxes.x.maxValue - rawLeft) * mXScale + mXTranslate; left = float(mRawPointerAxes.x.maxValue - rawRight) * mXScale; right = float(mRawPointerAxes.x.maxValue - rawLeft) * mXScale; bottom = float(mRawPointerAxes.y.maxValue - rawTop) * mYScale + mYTranslate; top = float(mRawPointerAxes.y.maxValue - rawBottom) * mYScale + mYTranslate; orientation -= M_PI; Loading @@ -5132,10 +5147,10 @@ void TouchInputMapper::cookPointerData() { } break; case DISPLAY_ORIENTATION_270: x = float(mRawPointerAxes.y.maxValue - yTransformed) * mYScale + mYTranslate; x = float(mRawPointerAxes.y.maxValue - yTransformed) * mYScale; y = float(xTransformed - mRawPointerAxes.x.minValue) * mXScale + mXTranslate; left = float(mRawPointerAxes.y.maxValue - rawBottom) * mYScale + mYTranslate; right = float(mRawPointerAxes.y.maxValue - rawTop) * mYScale + mYTranslate; left = float(mRawPointerAxes.y.maxValue - rawBottom) * mYScale; right = float(mRawPointerAxes.y.maxValue - rawTop) * mYScale; bottom = float(rawRight - mRawPointerAxes.x.minValue) * mXScale + mXTranslate; top = float(rawLeft - mRawPointerAxes.x.minValue) * mXScale + mXTranslate; orientation += M_PI_2; Loading Loading @@ -6533,8 +6548,12 @@ void TouchInputMapper::cancelTouch(nsecs_t when) { } bool TouchInputMapper::isPointInsideSurface(int32_t x, int32_t y) { const float scaledX = x * mXScale; const float scaledY = x * mYScale; return x >= mRawPointerAxes.x.minValue && x <= mRawPointerAxes.x.maxValue && y >= mRawPointerAxes.y.minValue && y <= mRawPointerAxes.y.maxValue; && scaledX >= mPhysicalLeft && scaledX <= mPhysicalLeft + mPhysicalWidth && y >= mRawPointerAxes.y.minValue && y <= mRawPointerAxes.y.maxValue && scaledY >= mPhysicalTop && scaledY <= mPhysicalTop + mPhysicalHeight; } const TouchInputMapper::VirtualKey* TouchInputMapper::findVirtualKeyHit( Loading services/inputflinger/InputReader.h +11 −3 Original line number Diff line number Diff line Loading @@ -1521,13 +1521,21 @@ private: // in the natural orientation. // The surface origin specifies how the surface coordinates should be translated // to align with the logical display coordinate space. // The orientation may be different from the viewport orientation as it specifies // the rotation of the surface coordinates required to produce the viewport's // requested orientation, so it will depend on whether the device is orientation aware. int32_t mSurfaceWidth; int32_t mSurfaceHeight; int32_t mSurfaceLeft; int32_t mSurfaceTop; // Similar to the surface coordinates, but in the raw display coordinate space rather than in // the logical coordinate space. int32_t mPhysicalWidth; int32_t mPhysicalHeight; int32_t mPhysicalLeft; int32_t mPhysicalTop; // The orientation may be different from the viewport orientation as it specifies // the rotation of the surface coordinates required to produce the viewport's // requested orientation, so it will depend on whether the device is orientation aware. int32_t mSurfaceOrientation; // Translation and scaling factors, orientation-independent. Loading services/surfaceflinger/SurfaceFlinger.cpp +77 −42 Original line number Diff line number Diff line Loading @@ -1091,15 +1091,6 @@ status_t SurfaceFlinger::injectVSync(nsecs_t when) { status_t SurfaceFlinger::getLayerDebugInfo(std::vector<LayerDebugInfo>* outLayers) const NO_THREAD_SAFETY_ANALYSIS { IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); if ((uid != AID_SHELL) && !PermissionCache::checkPermission(sDump, pid, uid)) { ALOGE("Layer debug info permission denied for pid=%d, uid=%d", pid, uid); return PERMISSION_DENIED; } // Try to acquire a lock for 1s, fail gracefully const status_t err = mStateLock.timedLock(s2ns(1)); const bool locked = (err == NO_ERROR); Loading Loading @@ -3258,7 +3249,6 @@ bool callingThreadHasUnscopedSurfaceFlingerAccess() { IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); if ((uid != AID_GRAPHICS && uid != AID_SYSTEM) && !PermissionCache::checkPermission(sAccessSurfaceFlinger, pid, uid)) { return false; Loading Loading @@ -4446,51 +4436,64 @@ void SurfaceFlinger::updateColorMatrixLocked() { } status_t SurfaceFlinger::CheckTransactCodeCredentials(uint32_t code) { switch (code) { case CREATE_CONNECTION: case CREATE_DISPLAY: #pragma clang diagnostic push #pragma clang diagnostic error "-Wswitch-enum" switch (static_cast<ISurfaceComposerTag>(code)) { // These methods should at minimum make sure that the client requested // access to SF. case BOOT_FINISHED: case CLEAR_ANIMATION_FRAME_STATS: case CREATE_CONNECTION: case CREATE_DISPLAY: case DESTROY_DISPLAY: case ENABLE_VSYNC_INJECTIONS: case GET_ACTIVE_COLOR_MODE: case GET_ANIMATION_FRAME_STATS: case SET_POWER_MODE: case GET_HDR_CAPABILITIES: case ENABLE_VSYNC_INJECTIONS: case SET_ACTIVE_CONFIG: case SET_ACTIVE_COLOR_MODE: case INJECT_VSYNC: { // codes that require permission check case SET_POWER_MODE: { if (!callingThreadHasUnscopedSurfaceFlingerAccess()) { IPCThreadState* ipc = IPCThreadState::self(); ALOGE("Permission Denial: can't access SurfaceFlinger pid=%d, uid=%d", ipc->getCallingPid(), ipc->getCallingUid()); return PERMISSION_DENIED; } break; } /* * Calling setTransactionState is safe, because you need to have been * granted a reference to Client* and Handle* to do anything with it. * * Creating a scoped connection is safe, as per discussion in ISurfaceComposer.h */ case SET_TRANSACTION_STATE: case CREATE_SCOPED_CONNECTION: { return OK; } case CAPTURE_SCREEN: { // codes that require permission check case GET_LAYER_DEBUG_INFO: { IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); if ((uid != AID_GRAPHICS) && !PermissionCache::checkPermission(sReadFramebuffer, pid, uid)) { ALOGE("Permission Denial: can't read framebuffer pid=%d, uid=%d", pid, uid); if ((uid != AID_SHELL) && !PermissionCache::checkPermission(sDump, pid, uid)) { ALOGE("Layer debug info permission denied for pid=%d, uid=%d", pid, uid); return PERMISSION_DENIED; } break; return OK; } case CAPTURE_LAYERS: { // Used by apps to hook Choreographer to SurfaceFlinger. case CREATE_DISPLAY_EVENT_CONNECTION: // The following calls are currently used by clients that do not // request necessary permissions. However, they do not expose any secret // information, so it is OK to pass them. case AUTHENTICATE_SURFACE: case GET_ACTIVE_CONFIG: case GET_BUILT_IN_DISPLAY: case GET_DISPLAY_COLOR_MODES: case GET_DISPLAY_CONFIGS: case GET_DISPLAY_STATS: case GET_SUPPORTED_FRAME_TIMESTAMPS: // Calling setTransactionState is safe, because you need to have been // granted a reference to Client* and Handle* to do anything with it. case SET_TRANSACTION_STATE: // Creating a scoped connection is safe, as per discussion in ISurfaceComposer.h case CREATE_SCOPED_CONNECTION: { return OK; } case CAPTURE_LAYERS: case CAPTURE_SCREEN: { // codes that require permission check IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); Loading @@ -4499,15 +4502,37 @@ status_t SurfaceFlinger::CheckTransactCodeCredentials(uint32_t code) { ALOGE("Permission Denial: can't read framebuffer pid=%d, uid=%d", pid, uid); return PERMISSION_DENIED; } break; return OK; } // The following codes are deprecated and should never be allowed to access SF. case CONNECT_DISPLAY_UNUSED: case CREATE_GRAPHIC_BUFFER_ALLOC_UNUSED: { ALOGE("Attempting to access SurfaceFlinger with unused code: %u", code); return PERMISSION_DENIED; } } // These codes are used for the IBinder protocol to either interrogate the recipient // side of the transaction for its canonical interface descriptor or to dump its state. // We let them pass by default. if (code == IBinder::INTERFACE_TRANSACTION || code == IBinder::DUMP_TRANSACTION || code == IBinder::PING_TRANSACTION || code == IBinder::SHELL_COMMAND_TRANSACTION || code == IBinder::SYSPROPS_TRANSACTION) { return OK; } // Numbers from 1000 to 1029 are currently use for backdoors. The code // in onTransact verifies that the user is root, and has access to use SF. if (code >= 1000 && code <= 1029) { ALOGV("Accessing SurfaceFlinger through backdoor code: %u", code); return OK; } ALOGE("Permission Denial: SurfaceFlinger did not recognize request code: %u", code); return PERMISSION_DENIED; #pragma clang diagnostic pop } status_t SurfaceFlinger::onTransact( uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) { status_t SurfaceFlinger::onTransact(uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) { status_t credentialCheck = CheckTransactCodeCredentials(code); if (credentialCheck != OK) { return credentialCheck; Loading Loading @@ -4799,6 +4824,16 @@ status_t SurfaceFlinger::captureScreen(const sp<IBinder>& displayToken, const auto display = getDisplayDeviceLocked(displayToken); if (!display) return BAD_VALUE; const Rect& dispScissor = display->getScissor(); if (!dispScissor.isEmpty()) { sourceCrop.set(dispScissor); // adb shell screencap will default reqWidth and reqHeight to zeros. if (reqWidth == 0 || reqHeight == 0) { reqWidth = uint32_t(dispScissor.width()); reqHeight = uint32_t(dispScissor.height()); } } DisplayRenderArea renderArea(display, sourceCrop, reqHeight, reqWidth, rotation); auto traverseLayers = std::bind(std::mem_fn(&SurfaceFlinger::traverseLayersInDisplay), this, Loading services/surfaceflinger/tests/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -17,6 +17,7 @@ cc_test { defaults: ["surfaceflinger_defaults"], test_suites: ["device-tests"], srcs: [ "Credentials_test.cpp", "Stress_test.cpp", "SurfaceInterceptor_test.cpp", "Transaction_test.cpp", Loading Loading
libs/gui/include/gui/ISurfaceComposer.h +3 −3 Original line number Diff line number Diff line Loading @@ -220,12 +220,12 @@ public: class BnSurfaceComposer: public BnInterface<ISurfaceComposer> { public: enum { enum ISurfaceComposerTag { // Note: BOOT_FINISHED must remain this value, it is called from // Java by ActivityManagerService. BOOT_FINISHED = IBinder::FIRST_CALL_TRANSACTION, CREATE_CONNECTION, UNUSED, // formerly CREATE_GRAPHIC_BUFFER_ALLOC CREATE_GRAPHIC_BUFFER_ALLOC_UNUSED, // unused, fails permissions check CREATE_DISPLAY_EVENT_CONNECTION, CREATE_DISPLAY, DESTROY_DISPLAY, Loading @@ -236,7 +236,7 @@ public: GET_DISPLAY_CONFIGS, GET_ACTIVE_CONFIG, SET_ACTIVE_CONFIG, CONNECT_DISPLAY, CONNECT_DISPLAY_UNUSED, // unused, fails permissions check CAPTURE_SCREEN, CAPTURE_LAYERS, CLEAR_ANIMATION_FRAME_STATS, Loading
services/inputflinger/InputReader.cpp +26 −7 Original line number Diff line number Diff line Loading @@ -3089,6 +3089,7 @@ TouchInputMapper::TouchInputMapper(InputDevice* device) : InputMapper(device), mSource(0), mDeviceMode(DEVICE_MODE_DISABLED), mSurfaceWidth(-1), mSurfaceHeight(-1), mSurfaceLeft(0), mSurfaceTop(0), mPhysicalWidth(-1), mPhysicalHeight(-1), mPhysicalLeft(0), mPhysicalTop(0), mSurfaceOrientation(DISPLAY_ORIENTATION_0) { } Loading Loading @@ -3596,6 +3597,11 @@ void TouchInputMapper::configureSurface(nsecs_t when, bool* outResetNeeded) { break; } mPhysicalWidth = naturalPhysicalWidth; mPhysicalHeight = naturalPhysicalHeight; mPhysicalLeft = naturalPhysicalLeft; mPhysicalTop = naturalPhysicalTop; mSurfaceWidth = naturalLogicalWidth * naturalDeviceWidth / naturalPhysicalWidth; mSurfaceHeight = naturalLogicalHeight * naturalDeviceHeight / naturalPhysicalHeight; mSurfaceLeft = naturalPhysicalLeft * naturalLogicalWidth / naturalPhysicalWidth; Loading @@ -3604,6 +3610,11 @@ void TouchInputMapper::configureSurface(nsecs_t when, bool* outResetNeeded) { mSurfaceOrientation = mParameters.orientationAware ? mViewport.orientation : DISPLAY_ORIENTATION_0; } else { mPhysicalWidth = rawWidth; mPhysicalHeight = rawHeight; mPhysicalLeft = 0; mPhysicalTop = 0; mSurfaceWidth = rawWidth; mSurfaceHeight = rawHeight; mSurfaceLeft = 0; Loading Loading @@ -3914,6 +3925,10 @@ void TouchInputMapper::dumpSurface(std::string& dump) { dump += StringPrintf(INDENT3 "SurfaceHeight: %dpx\n", mSurfaceHeight); dump += StringPrintf(INDENT3 "SurfaceLeft: %d\n", mSurfaceLeft); dump += StringPrintf(INDENT3 "SurfaceTop: %d\n", mSurfaceTop); dump += StringPrintf(INDENT3 "PhysicalWidth: %dpx\n", mPhysicalWidth); dump += StringPrintf(INDENT3 "PhysicalHeight: %dpx\n", mPhysicalHeight); dump += StringPrintf(INDENT3 "PhysicalLeft: %d\n", mPhysicalLeft); dump += StringPrintf(INDENT3 "PhysicalTop: %d\n", mPhysicalTop); dump += StringPrintf(INDENT3 "SurfaceOrientation: %d\n", mSurfaceOrientation); } Loading Loading @@ -5120,10 +5135,10 @@ void TouchInputMapper::cookPointerData() { } break; case DISPLAY_ORIENTATION_180: x = float(mRawPointerAxes.x.maxValue - xTransformed) * mXScale + mXTranslate; x = float(mRawPointerAxes.x.maxValue - xTransformed) * mXScale; y = float(mRawPointerAxes.y.maxValue - yTransformed) * mYScale + mYTranslate; left = float(mRawPointerAxes.x.maxValue - rawRight) * mXScale + mXTranslate; right = float(mRawPointerAxes.x.maxValue - rawLeft) * mXScale + mXTranslate; left = float(mRawPointerAxes.x.maxValue - rawRight) * mXScale; right = float(mRawPointerAxes.x.maxValue - rawLeft) * mXScale; bottom = float(mRawPointerAxes.y.maxValue - rawTop) * mYScale + mYTranslate; top = float(mRawPointerAxes.y.maxValue - rawBottom) * mYScale + mYTranslate; orientation -= M_PI; Loading @@ -5132,10 +5147,10 @@ void TouchInputMapper::cookPointerData() { } break; case DISPLAY_ORIENTATION_270: x = float(mRawPointerAxes.y.maxValue - yTransformed) * mYScale + mYTranslate; x = float(mRawPointerAxes.y.maxValue - yTransformed) * mYScale; y = float(xTransformed - mRawPointerAxes.x.minValue) * mXScale + mXTranslate; left = float(mRawPointerAxes.y.maxValue - rawBottom) * mYScale + mYTranslate; right = float(mRawPointerAxes.y.maxValue - rawTop) * mYScale + mYTranslate; left = float(mRawPointerAxes.y.maxValue - rawBottom) * mYScale; right = float(mRawPointerAxes.y.maxValue - rawTop) * mYScale; bottom = float(rawRight - mRawPointerAxes.x.minValue) * mXScale + mXTranslate; top = float(rawLeft - mRawPointerAxes.x.minValue) * mXScale + mXTranslate; orientation += M_PI_2; Loading Loading @@ -6533,8 +6548,12 @@ void TouchInputMapper::cancelTouch(nsecs_t when) { } bool TouchInputMapper::isPointInsideSurface(int32_t x, int32_t y) { const float scaledX = x * mXScale; const float scaledY = x * mYScale; return x >= mRawPointerAxes.x.minValue && x <= mRawPointerAxes.x.maxValue && y >= mRawPointerAxes.y.minValue && y <= mRawPointerAxes.y.maxValue; && scaledX >= mPhysicalLeft && scaledX <= mPhysicalLeft + mPhysicalWidth && y >= mRawPointerAxes.y.minValue && y <= mRawPointerAxes.y.maxValue && scaledY >= mPhysicalTop && scaledY <= mPhysicalTop + mPhysicalHeight; } const TouchInputMapper::VirtualKey* TouchInputMapper::findVirtualKeyHit( Loading
services/inputflinger/InputReader.h +11 −3 Original line number Diff line number Diff line Loading @@ -1521,13 +1521,21 @@ private: // in the natural orientation. // The surface origin specifies how the surface coordinates should be translated // to align with the logical display coordinate space. // The orientation may be different from the viewport orientation as it specifies // the rotation of the surface coordinates required to produce the viewport's // requested orientation, so it will depend on whether the device is orientation aware. int32_t mSurfaceWidth; int32_t mSurfaceHeight; int32_t mSurfaceLeft; int32_t mSurfaceTop; // Similar to the surface coordinates, but in the raw display coordinate space rather than in // the logical coordinate space. int32_t mPhysicalWidth; int32_t mPhysicalHeight; int32_t mPhysicalLeft; int32_t mPhysicalTop; // The orientation may be different from the viewport orientation as it specifies // the rotation of the surface coordinates required to produce the viewport's // requested orientation, so it will depend on whether the device is orientation aware. int32_t mSurfaceOrientation; // Translation and scaling factors, orientation-independent. Loading
services/surfaceflinger/SurfaceFlinger.cpp +77 −42 Original line number Diff line number Diff line Loading @@ -1091,15 +1091,6 @@ status_t SurfaceFlinger::injectVSync(nsecs_t when) { status_t SurfaceFlinger::getLayerDebugInfo(std::vector<LayerDebugInfo>* outLayers) const NO_THREAD_SAFETY_ANALYSIS { IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); if ((uid != AID_SHELL) && !PermissionCache::checkPermission(sDump, pid, uid)) { ALOGE("Layer debug info permission denied for pid=%d, uid=%d", pid, uid); return PERMISSION_DENIED; } // Try to acquire a lock for 1s, fail gracefully const status_t err = mStateLock.timedLock(s2ns(1)); const bool locked = (err == NO_ERROR); Loading Loading @@ -3258,7 +3249,6 @@ bool callingThreadHasUnscopedSurfaceFlingerAccess() { IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); if ((uid != AID_GRAPHICS && uid != AID_SYSTEM) && !PermissionCache::checkPermission(sAccessSurfaceFlinger, pid, uid)) { return false; Loading Loading @@ -4446,51 +4436,64 @@ void SurfaceFlinger::updateColorMatrixLocked() { } status_t SurfaceFlinger::CheckTransactCodeCredentials(uint32_t code) { switch (code) { case CREATE_CONNECTION: case CREATE_DISPLAY: #pragma clang diagnostic push #pragma clang diagnostic error "-Wswitch-enum" switch (static_cast<ISurfaceComposerTag>(code)) { // These methods should at minimum make sure that the client requested // access to SF. case BOOT_FINISHED: case CLEAR_ANIMATION_FRAME_STATS: case CREATE_CONNECTION: case CREATE_DISPLAY: case DESTROY_DISPLAY: case ENABLE_VSYNC_INJECTIONS: case GET_ACTIVE_COLOR_MODE: case GET_ANIMATION_FRAME_STATS: case SET_POWER_MODE: case GET_HDR_CAPABILITIES: case ENABLE_VSYNC_INJECTIONS: case SET_ACTIVE_CONFIG: case SET_ACTIVE_COLOR_MODE: case INJECT_VSYNC: { // codes that require permission check case SET_POWER_MODE: { if (!callingThreadHasUnscopedSurfaceFlingerAccess()) { IPCThreadState* ipc = IPCThreadState::self(); ALOGE("Permission Denial: can't access SurfaceFlinger pid=%d, uid=%d", ipc->getCallingPid(), ipc->getCallingUid()); return PERMISSION_DENIED; } break; } /* * Calling setTransactionState is safe, because you need to have been * granted a reference to Client* and Handle* to do anything with it. * * Creating a scoped connection is safe, as per discussion in ISurfaceComposer.h */ case SET_TRANSACTION_STATE: case CREATE_SCOPED_CONNECTION: { return OK; } case CAPTURE_SCREEN: { // codes that require permission check case GET_LAYER_DEBUG_INFO: { IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); if ((uid != AID_GRAPHICS) && !PermissionCache::checkPermission(sReadFramebuffer, pid, uid)) { ALOGE("Permission Denial: can't read framebuffer pid=%d, uid=%d", pid, uid); if ((uid != AID_SHELL) && !PermissionCache::checkPermission(sDump, pid, uid)) { ALOGE("Layer debug info permission denied for pid=%d, uid=%d", pid, uid); return PERMISSION_DENIED; } break; return OK; } case CAPTURE_LAYERS: { // Used by apps to hook Choreographer to SurfaceFlinger. case CREATE_DISPLAY_EVENT_CONNECTION: // The following calls are currently used by clients that do not // request necessary permissions. However, they do not expose any secret // information, so it is OK to pass them. case AUTHENTICATE_SURFACE: case GET_ACTIVE_CONFIG: case GET_BUILT_IN_DISPLAY: case GET_DISPLAY_COLOR_MODES: case GET_DISPLAY_CONFIGS: case GET_DISPLAY_STATS: case GET_SUPPORTED_FRAME_TIMESTAMPS: // Calling setTransactionState is safe, because you need to have been // granted a reference to Client* and Handle* to do anything with it. case SET_TRANSACTION_STATE: // Creating a scoped connection is safe, as per discussion in ISurfaceComposer.h case CREATE_SCOPED_CONNECTION: { return OK; } case CAPTURE_LAYERS: case CAPTURE_SCREEN: { // codes that require permission check IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); Loading @@ -4499,15 +4502,37 @@ status_t SurfaceFlinger::CheckTransactCodeCredentials(uint32_t code) { ALOGE("Permission Denial: can't read framebuffer pid=%d, uid=%d", pid, uid); return PERMISSION_DENIED; } break; return OK; } // The following codes are deprecated and should never be allowed to access SF. case CONNECT_DISPLAY_UNUSED: case CREATE_GRAPHIC_BUFFER_ALLOC_UNUSED: { ALOGE("Attempting to access SurfaceFlinger with unused code: %u", code); return PERMISSION_DENIED; } } // These codes are used for the IBinder protocol to either interrogate the recipient // side of the transaction for its canonical interface descriptor or to dump its state. // We let them pass by default. if (code == IBinder::INTERFACE_TRANSACTION || code == IBinder::DUMP_TRANSACTION || code == IBinder::PING_TRANSACTION || code == IBinder::SHELL_COMMAND_TRANSACTION || code == IBinder::SYSPROPS_TRANSACTION) { return OK; } // Numbers from 1000 to 1029 are currently use for backdoors. The code // in onTransact verifies that the user is root, and has access to use SF. if (code >= 1000 && code <= 1029) { ALOGV("Accessing SurfaceFlinger through backdoor code: %u", code); return OK; } ALOGE("Permission Denial: SurfaceFlinger did not recognize request code: %u", code); return PERMISSION_DENIED; #pragma clang diagnostic pop } status_t SurfaceFlinger::onTransact( uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) { status_t SurfaceFlinger::onTransact(uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) { status_t credentialCheck = CheckTransactCodeCredentials(code); if (credentialCheck != OK) { return credentialCheck; Loading Loading @@ -4799,6 +4824,16 @@ status_t SurfaceFlinger::captureScreen(const sp<IBinder>& displayToken, const auto display = getDisplayDeviceLocked(displayToken); if (!display) return BAD_VALUE; const Rect& dispScissor = display->getScissor(); if (!dispScissor.isEmpty()) { sourceCrop.set(dispScissor); // adb shell screencap will default reqWidth and reqHeight to zeros. if (reqWidth == 0 || reqHeight == 0) { reqWidth = uint32_t(dispScissor.width()); reqHeight = uint32_t(dispScissor.height()); } } DisplayRenderArea renderArea(display, sourceCrop, reqHeight, reqWidth, rotation); auto traverseLayers = std::bind(std::mem_fn(&SurfaceFlinger::traverseLayersInDisplay), this, Loading
services/surfaceflinger/tests/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -17,6 +17,7 @@ cc_test { defaults: ["surfaceflinger_defaults"], test_suites: ["device-tests"], srcs: [ "Credentials_test.cpp", "Stress_test.cpp", "SurfaceInterceptor_test.cpp", "Transaction_test.cpp", Loading
