OSDN -- Open-Source-Software-Entwicklung und Downloads
Übersetzungsstatus von Deutsch translation status for de

Android-x86
Fork
Spenden

  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

frameworks-native: Commit

frameworks/native


Commit MetaInfo

Revision79c6f61a2a719fcf222bbc73abc1eebaac8257df (tree)
Zeit2020-03-13 13:59:25
AutorChih-Wei Huang <cwhuang@linu...>
CommiterChih-Wei Huang

Log Message

Android 9.0.0 release 54
-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCXl2XowAKCRDorT+BmrEO
eLIrAKCIWqW6VivtGCISn4Ub4RXxTruiywCeImCee06i5eeN8SsfusRH+5STkJ4=
=h1Ei
-----END PGP SIGNATURE-----

Merge tag 'android-9.0.0_r54' into pie-x86

Android 9.0.0 release 54

Conflicts:
services/surfaceflinger/SurfaceFlinger.h

Ändern Zusammenfassung

Diff

--- a/libs/gui/include/gui/SurfaceControl.h
+++ b/libs/gui/include/gui/SurfaceControl.h
@@ -76,6 +76,10 @@ public:
7676
7777 sp<SurfaceComposerClient> getClient() const;
7878
79+ SurfaceControl(const sp<SurfaceComposerClient>& client,
80+ const sp<IBinder>& handle,
81+ const sp<IGraphicBufferProducer>& gbp,
82+ bool owned);
7983 private:
8084 // can't be copied
8185 SurfaceControl& operator = (SurfaceControl& rhs);
@@ -84,12 +88,6 @@ private:
8488 friend class SurfaceComposerClient;
8589 friend class Surface;
8690
87- SurfaceControl(
88- const sp<SurfaceComposerClient>& client,
89- const sp<IBinder>& handle,
90- const sp<IGraphicBufferProducer>& gbp,
91- bool owned);
92-
9391 ~SurfaceControl();
9492
9593 sp<Surface> generateSurfaceLocked() const;
--- a/services/surfaceflinger/Client.cpp
+++ b/services/surfaceflinger/Client.cpp
@@ -106,19 +106,18 @@ void Client::detachLayer(const Layer* layer)
106106 }
107107 }
108108 }
109-sp<Layer> Client::getLayerUser(const sp<IBinder>& handle) const
109+
110+bool Client::isAttached(const sp<IBinder>& handle) const
110111 {
111112 Mutex::Autolock _l(mLock);
112113 sp<Layer> lbc;
113114 wp<Layer> layer(mLayers.valueFor(handle));
114115 if (layer != 0) {
115- lbc = layer.promote();
116- ALOGE_IF(lbc==0, "getLayerUser(name=%p) is dead", handle.get());
116+ return true;
117117 }
118- return lbc;
118+ return false;
119119 }
120120
121-
122121 status_t Client::onTransact(
123122 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
124123 {
@@ -144,7 +143,6 @@ status_t Client::onTransact(
144143 return BnSurfaceComposerClient::onTransact(code, data, reply, flags);
145144 }
146145
147-
148146 status_t Client::createSurface(
149147 const String8& name,
150148 uint32_t w, uint32_t h, PixelFormat format, uint32_t flags,
@@ -152,22 +150,11 @@ status_t Client::createSurface(
152150 sp<IBinder>* handle,
153151 sp<IGraphicBufferProducer>* gbp)
154152 {
155- sp<Layer> parent = nullptr;
156- if (parentHandle != nullptr) {
157- auto layerHandle = reinterpret_cast<Layer::Handle*>(parentHandle.get());
158- parent = layerHandle->owner.promote();
159- if (parent == nullptr) {
160- return NAME_NOT_FOUND;
161- }
162- }
163- if (parent == nullptr) {
164- bool parentDied;
165- parent = getParentLayer(&parentDied);
166- // If we had a parent, but it died, we've lost all
167- // our capabilities.
168- if (parentDied) {
169- return NAME_NOT_FOUND;
170- }
153+ bool parentDied;
154+ sp<Layer> parentLayer;
155+ if (!parentHandle) parentLayer = getParentLayer(&parentDied);
156+ if (parentHandle == nullptr && parentDied) {
157+ return NAME_NOT_FOUND;
171158 }
172159
173160 /*
@@ -184,7 +171,8 @@ status_t Client::createSurface(
184171 uint32_t w, h;
185172 PixelFormat format;
186173 uint32_t flags;
187- sp<Layer>* parent;
174+ const sp<IBinder>& parentHandle;
175+ const sp<Layer>& parentLayer;
188176 int32_t windowType;
189177 int32_t ownerUid;
190178 public:
@@ -193,23 +181,25 @@ status_t Client::createSurface(
193181 uint32_t w, uint32_t h, PixelFormat format, uint32_t flags,
194182 sp<IBinder>* handle, int32_t windowType, int32_t ownerUid,
195183 sp<IGraphicBufferProducer>* gbp,
196- sp<Layer>* parent)
184+ const sp<IBinder>& parentHandle,
185+ const sp<Layer>& parentLayer)
197186 : flinger(flinger), client(client),
198187 handle(handle), gbp(gbp), result(NO_ERROR),
199188 name(name), w(w), h(h), format(format), flags(flags),
200- parent(parent), windowType(windowType), ownerUid(ownerUid) {
189+ parentHandle(parentHandle), parentLayer(parentLayer),
190+ windowType(windowType), ownerUid(ownerUid) {
201191 }
202192 status_t getResult() const { return result; }
203193 virtual bool handler() {
204194 result = flinger->createLayer(name, client, w, h, format, flags,
205- windowType, ownerUid, handle, gbp, parent);
195+ windowType, ownerUid, handle, gbp, parentHandle, parentLayer);
206196 return true;
207197 }
208198 };
209199
210200 sp<MessageBase> msg = new MessageCreateLayer(mFlinger.get(),
211201 name, this, w, h, format, flags, handle,
212- windowType, ownerUid, gbp, &parent);
202+ windowType, ownerUid, gbp, parentHandle, parentLayer);
213203 mFlinger->postMessageSync(msg);
214204 return static_cast<MessageCreateLayer*>( msg.get() )->getResult();
215205 }
@@ -219,21 +209,11 @@ status_t Client::destroySurface(const sp<IBinder>& handle) {
219209 }
220210
221211 status_t Client::clearLayerFrameStats(const sp<IBinder>& handle) const {
222- sp<Layer> layer = getLayerUser(handle);
223- if (layer == nullptr) {
224- return NAME_NOT_FOUND;
225- }
226- layer->clearFrameStats();
227- return NO_ERROR;
212+ return mFlinger->clearLayerFrameStats(this, handle);
228213 }
229214
230215 status_t Client::getLayerFrameStats(const sp<IBinder>& handle, FrameStats* outStats) const {
231- sp<Layer> layer = getLayerUser(handle);
232- if (layer == nullptr) {
233- return NAME_NOT_FOUND;
234- }
235- layer->getFrameStats(outStats);
236- return NO_ERROR;
216+ return mFlinger->getLayerFrameStats(this, handle, outStats);
237217 }
238218
239219 // ---------------------------------------------------------------------------
--- a/services/surfaceflinger/Client.h
+++ b/services/surfaceflinger/Client.h
@@ -49,7 +49,7 @@ public:
4949
5050 void detachLayer(const Layer* layer);
5151
52- sp<Layer> getLayerUser(const sp<IBinder>& handle) const;
52+ bool isAttached (const sp<IBinder>& handle) const;
5353
5454 void updateParent(const sp<Layer>& parentLayer);
5555
@@ -58,7 +58,7 @@ private:
5858 virtual status_t createSurface(
5959 const String8& name,
6060 uint32_t w, uint32_t h,PixelFormat format, uint32_t flags,
61- const sp<IBinder>& parent, int32_t windowType, int32_t ownerUid,
61+ const sp<IBinder>& parentHandle, int32_t windowType, int32_t ownerUid,
6262 sp<IBinder>* handle,
6363 sp<IGraphicBufferProducer>* gbp);
6464
--- a/services/surfaceflinger/Layer.cpp
+++ b/services/surfaceflinger/Layer.cpp
@@ -170,7 +170,6 @@ void Layer::onLayerDisplayed(const sp<Fence>& /*releaseFence*/) {}
170170
171171 void Layer::onRemovedFromCurrentState() {
172172 // the layer is removed from SF mCurrentState to mLayersPendingRemoval
173-
174173 mPendingRemoval = true;
175174
176175 if (mCurrentState.zOrderRelativeOf != nullptr) {
@@ -212,6 +211,11 @@ bool Layer::getPremultipledAlpha() const {
212211
213212 sp<IBinder> Layer::getHandle() {
214213 Mutex::Autolock _l(mLock);
214+ if (mGetHandleCalled) {
215+ ALOGE("Get handle called twice" );
216+ return nullptr;
217+ }
218+ mGetHandleCalled = true;
215219 return new Handle(mFlinger, this);
216220 }
217221
--- a/services/surfaceflinger/Layer.h
+++ b/services/surfaceflinger/Layer.h
@@ -699,6 +699,8 @@ public:
699699 wp<Layer> owner;
700700 };
701701
702+ // Creates a new handle each time, so we only expect
703+ // this to be called once.
702704 sp<IBinder> getHandle();
703705 const String8& getName() const;
704706 virtual void notifyAvailableFrames() {}
@@ -803,6 +805,7 @@ private:
803805 const LayerVector::Visitor& visitor);
804806 LayerVector makeChildrenTraversalList(LayerVector::StateSet stateSet,
805807 const std::vector<Layer*>& layersInTree);
808+ bool mGetHandleCalled = false;
806809 };
807810
808811 // ---------------------------------------------------------------------------
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@@ -3086,20 +3086,34 @@ void SurfaceFlinger::drawWormhole(const sp<const DisplayDevice>& displayDevice,
30863086 engine.fillRegionWithColor(region, height, 0, 0, 0, 0);
30873087 }
30883088
3089-status_t SurfaceFlinger::addClientLayer(const sp<Client>& client,
3090- const sp<IBinder>& handle,
3091- const sp<IGraphicBufferProducer>& gbc,
3092- const sp<Layer>& lbc,
3093- const sp<Layer>& parent)
3094-{
3089+status_t SurfaceFlinger::addClientLayer(const sp<Client>& client, const sp<IBinder>& handle,
3090+ const sp<IGraphicBufferProducer>& gbc, const sp<Layer>& lbc,
3091+ const sp<IBinder>& parentHandle,
3092+ const sp<Layer>& parentLayer) {
30953093 // add this layer to the current state list
30963094 {
30973095 Mutex::Autolock _l(mStateLock);
3096+ sp<Layer> parent;
3097+
3098+ if (parentHandle != nullptr) {
3099+ parent = fromHandle(parentHandle);
3100+ if (parent == nullptr) {
3101+ return NAME_NOT_FOUND;
3102+ }
3103+ } else {
3104+ parent = parentLayer;
3105+ }
3106+
30983107 if (mNumLayers >= MAX_LAYERS) {
30993108 ALOGE("AddClientLayer failed, mNumLayers (%zu) >= MAX_LAYERS (%zu)", mNumLayers,
31003109 MAX_LAYERS);
31013110 return NO_MEMORY;
31023111 }
3112+
3113+ auto [itr, inserted] = mLayersByLocalBinderToken.emplace(handle->localBinder(), lbc);
3114+ if (!inserted) {
3115+ ALOGE("-----------ERROR REGISTERING HANDLE, layer pair: handle is already a key");
3116+ }
31033117 if (parent == nullptr) {
31043118 mCurrentState.layersSortedByZ.add(lbc);
31053119 } else {
@@ -3128,6 +3142,23 @@ status_t SurfaceFlinger::addClientLayer(const sp<Client>& client,
31283142 return NO_ERROR;
31293143 }
31303144
3145+status_t SurfaceFlinger::removeLayerFromMap(const wp<Layer>& layer) {
3146+ auto it = mLayersByLocalBinderToken.begin();
3147+ while (it != mLayersByLocalBinderToken.end()) {
3148+ if (it->second == layer) {
3149+ it = mLayersByLocalBinderToken.erase(it);
3150+ break;
3151+ } else {
3152+ it++;
3153+ }
3154+ }
3155+ if (it == mLayersByLocalBinderToken.end()) {
3156+ ALOGE("Failed to remove layer from mapping - could not find matching layer");
3157+ return BAD_VALUE;
3158+ }
3159+ return NO_ERROR;
3160+}
3161+
31313162 status_t SurfaceFlinger::removeLayer(const sp<Layer>& layer, bool topLevelOnly) {
31323163 Mutex::Autolock _l(mStateLock);
31333164 return removeLayerLocked(mStateLock, layer, topLevelOnly);
@@ -3366,8 +3397,8 @@ uint32_t SurfaceFlinger::setClientStateLocked(const ComposerState& composerState
33663397 const layer_state_t& s = composerState.state;
33673398 sp<Client> client(static_cast<Client*>(composerState.client.get()));
33683399
3369- sp<Layer> layer(client->getLayerUser(s.surface));
3370- if (layer == nullptr) {
3400+ sp<Layer> layer = fromHandle(s.surface);
3401+ if (layer == nullptr || !(client->isAttached(s.surface))) {
33713402 return 0;
33723403 }
33733404
@@ -3527,8 +3558,8 @@ void SurfaceFlinger::setDestroyStateLocked(const ComposerState& composerState) {
35273558 const layer_state_t& state = composerState.state;
35283559 sp<Client> client(static_cast<Client*>(composerState.client.get()));
35293560
3530- sp<Layer> layer(client->getLayerUser(state.surface));
3531- if (layer == nullptr) {
3561+ sp<Layer> layer = fromHandle(state.surface);
3562+ if (layer == nullptr || !(client->isAttached(state.surface))) {
35323563 return;
35333564 }
35343565
@@ -3542,13 +3573,12 @@ void SurfaceFlinger::setDestroyStateLocked(const ComposerState& composerState) {
35423573 }
35433574 }
35443575
3545-status_t SurfaceFlinger::createLayer(
3546- const String8& name,
3547- const sp<Client>& client,
3548- uint32_t w, uint32_t h, PixelFormat format, uint32_t flags,
3549- int32_t windowType, int32_t ownerUid, sp<IBinder>* handle,
3550- sp<IGraphicBufferProducer>* gbp, sp<Layer>* parent)
3551-{
3576+status_t SurfaceFlinger::createLayer(const String8& name, const sp<Client>& client, uint32_t w,
3577+ uint32_t h, PixelFormat format, uint32_t flags,
3578+ int32_t windowType, int32_t ownerUid, sp<IBinder>* handle,
3579+ sp<IGraphicBufferProducer>* gbp,
3580+ const sp<IBinder>& parentHandle,
3581+ const sp<Layer>& parentLayer) {
35523582 if (int32_t(w|h) < 0) {
35533583 ALOGE("createLayer() failed, w or h is negative (w=%d, h=%d)",
35543584 int(w), int(h));
@@ -3591,7 +3621,7 @@ status_t SurfaceFlinger::createLayer(
35913621
35923622 layer->setInfo(windowType, ownerUid);
35933623
3594- result = addClientLayer(client, *handle, *gbp, layer, *parent);
3624+ result = addClientLayer(client, *handle, *gbp, layer, parentHandle, parentLayer);
35953625 if (result != NO_ERROR) {
35963626 return result;
35973627 }
@@ -3661,14 +3691,35 @@ status_t SurfaceFlinger::createColorLayer(const sp<Client>& client,
36613691 return NO_ERROR;
36623692 }
36633693
3694+status_t SurfaceFlinger::clearLayerFrameStats(const sp<const Client>& client, const sp<IBinder>& handle) {
3695+ Mutex::Autolock _l(mStateLock);
3696+ sp<Layer> layer = fromHandle(handle);
3697+ if (layer == nullptr || !(client->isAttached(handle))) {
3698+ return NAME_NOT_FOUND;
3699+ }
3700+ layer->clearFrameStats();
3701+ return NO_ERROR;
3702+}
3703+
3704+status_t SurfaceFlinger::getLayerFrameStats(const sp<const Client>& client, const sp<IBinder>& handle, FrameStats* outStats) {
3705+ Mutex::Autolock _l(mStateLock);
3706+ sp<Layer> layer = fromHandle(handle);
3707+ if (layer == nullptr || !(client->isAttached(handle))) {
3708+ return NAME_NOT_FOUND;
3709+ }
3710+ layer->getFrameStats(outStats);
3711+ return NO_ERROR;
3712+}
3713+
36643714 status_t SurfaceFlinger::onLayerRemoved(const sp<Client>& client, const sp<IBinder>& handle)
36653715 {
3716+ Mutex::Autolock _l(mStateLock);
36663717 // called by a client when it wants to remove a Layer
36673718 status_t err = NO_ERROR;
3668- sp<Layer> l(client->getLayerUser(handle));
3669- if (l != nullptr) {
3719+ sp<Layer> l = fromHandle(handle);
3720+ if (l != nullptr || client->isAttached(handle)) {
36703721 mInterceptor->saveSurfaceDeletion(l);
3671- err = removeLayer(l);
3722+ err = removeLayerLocked(mStateLock, l);
36723723 ALOGE_IF(err<0 && err != NAME_NOT_FOUND,
36733724 "error removing layer=%p (%s)", l.get(), strerror(-err));
36743725 }
@@ -3677,15 +3728,18 @@ status_t SurfaceFlinger::onLayerRemoved(const sp<Client>& client, const sp<IBind
36773728
36783729 status_t SurfaceFlinger::onLayerDestroyed(const wp<Layer>& layer)
36793730 {
3731+ Mutex::Autolock _l(mStateLock);
36803732 // called by ~LayerCleaner() when all references to the IBinder (handle)
36813733 // are gone
36823734 sp<Layer> l = layer.promote();
36833735 if (l == nullptr) {
3736+ removeLayerFromMap(layer);
36843737 // The layer has already been removed, carry on
36853738 return NO_ERROR;
36863739 }
3740+ removeLayerFromMap(layer);
36873741 // If we have a parent, then we can continue to live as long as it does.
3688- return removeLayer(l, true);
3742+ return removeLayerLocked(mStateLock, l, true);
36893743 }
36903744
36913745 // ---------------------------------------------------------------------------
@@ -4843,34 +4897,40 @@ status_t SurfaceFlinger::captureLayers(const sp<IBinder>& layerHandleBinder,
48434897 const bool mChildrenOnly;
48444898 };
48454899
4846- auto layerHandle = reinterpret_cast<Layer::Handle*>(layerHandleBinder.get());
4847- auto parent = layerHandle->owner.promote();
4900+ int reqWidth = 0;
4901+ int reqHeight = 0;
4902+ sp<Layer> parent;
4903+ Rect crop(sourceCrop);
48484904
4849- if (parent == nullptr || parent->isPendingRemoval()) {
4850- ALOGE("captureLayers called with a removed parent");
4851- return NAME_NOT_FOUND;
4852- }
4905+ {
4906+ Mutex::Autolock _l(mStateLock);
48534907
4854- const int uid = IPCThreadState::self()->getCallingUid();
4855- const bool forSystem = uid == AID_GRAPHICS || uid == AID_SYSTEM;
4856- if (!forSystem && parent->getCurrentState().flags & layer_state_t::eLayerSecure) {
4857- ALOGW("Attempting to capture secure layer: PERMISSION_DENIED");
4858- return PERMISSION_DENIED;
4859- }
4908+ parent = fromHandle(layerHandleBinder);
4909+ if (parent == nullptr || parent->isPendingRemoval()) {
4910+ ALOGE("captureLayers called with an invalid or removed parent");
4911+ return NAME_NOT_FOUND;
4912+ }
48604913
4861- Rect crop(sourceCrop);
4862- if (sourceCrop.width() <= 0) {
4863- crop.left = 0;
4864- crop.right = parent->getCurrentState().active.w;
4865- }
4914+ const int uid = IPCThreadState::self()->getCallingUid();
4915+ const bool forSystem = uid == AID_GRAPHICS || uid == AID_SYSTEM;
4916+ if (!forSystem && parent->getCurrentState().flags & layer_state_t::eLayerSecure) {
4917+ ALOGW("Attempting to capture secure layer: PERMISSION_DENIED");
4918+ return PERMISSION_DENIED;
4919+ }
48664920
4867- if (sourceCrop.height() <= 0) {
4868- crop.top = 0;
4869- crop.bottom = parent->getCurrentState().active.h;
4870- }
4921+ if (sourceCrop.width() <= 0) {
4922+ crop.left = 0;
4923+ crop.right = parent->getCurrentState().active.w;
4924+ }
48714925
4872- int32_t reqWidth = crop.width() * frameScale;
4873- int32_t reqHeight = crop.height() * frameScale;
4926+ if (sourceCrop.height() <= 0) {
4927+ crop.top = 0;
4928+ crop.bottom = parent->getCurrentState().active.h;
4929+ }
4930+
4931+ reqWidth = crop.width() * frameScale;
4932+ reqHeight = crop.height() * frameScale;
4933+ } // mStateLock
48744934
48754935 LayerRenderArea renderArea(this, parent, crop, reqWidth, reqHeight, childrenOnly);
48764936
@@ -5195,8 +5255,22 @@ void SurfaceFlinger::traverseLayersInDisplay(const sp<const DisplayDevice>& hw,
51955255 }
51965256 }
51975257
5198-}; // namespace android
5258+sp<Layer> SurfaceFlinger::fromHandle(const sp<IBinder>& handle) {
5259+ if (!handle) return nullptr;
5260+
5261+ BBinder *b = handle->localBinder();
5262+ if (b == nullptr) {
5263+ return nullptr;
5264+ }
5265+ auto it = mLayersByLocalBinderToken.find(b);
5266+ if (it != mLayersByLocalBinderToken.end()) {
5267+ auto ret = it->second.promote();
5268+ return ret;
5269+ }
5270+ return nullptr;
5271+}
51995272
5273+} // namespace android
52005274
52015275 #if defined(__gl_h_)
52025276 #error "don't include gl/gl.h in this file"
--- a/services/surfaceflinger/SurfaceFlinger.h
+++ b/services/surfaceflinger/SurfaceFlinger.h
@@ -343,6 +343,12 @@ public:
343343
344344 int getPrimaryDisplayOrientation() const { return mPrimaryDisplayOrientation; }
345345
346+ status_t clearLayerFrameStats(const sp<const Client>& client, const sp<IBinder>& handle);
347+
348+ status_t getLayerFrameStats(const sp<const Client>& client, const sp<IBinder>& handle, FrameStats* outStats);
349+
350+ sp<Layer> fromHandle(const sp<IBinder>& handle) REQUIRES(mStateLock);
351+
346352 void screenReleased(const sp<IBinder>& display);
347353 void screenAcquired(const sp<IBinder>& display);
348354
@@ -519,17 +525,17 @@ private:
519525 uint32_t setTransactionFlags(uint32_t flags, VSyncModulator::TransactionStart transactionStart);
520526 void commitTransaction();
521527 bool containsAnyInvalidClientState(const Vector<ComposerState>& states);
522- uint32_t setClientStateLocked(const ComposerState& composerState);
528+ uint32_t setClientStateLocked(const ComposerState& composerState) REQUIRES(mStateLock);
523529 uint32_t setDisplayStateLocked(const DisplayState& s);
524- void setDestroyStateLocked(const ComposerState& composerState);
530+ void setDestroyStateLocked(const ComposerState& composerState) REQUIRES(mStateLock);
525531
526532 /* ------------------------------------------------------------------------
527533 * Layer management
528534 */
529- status_t createLayer(const String8& name, const sp<Client>& client,
530- uint32_t w, uint32_t h, PixelFormat format, uint32_t flags,
531- int32_t windowType, int32_t ownerUid, sp<IBinder>* handle,
532- sp<IGraphicBufferProducer>* gbp, sp<Layer>* parent);
535+ status_t createLayer(const String8& name, const sp<Client>& client, uint32_t w, uint32_t h,
536+ PixelFormat format, uint32_t flags, int32_t windowType, int32_t ownerUid,
537+ sp<IBinder>* handle, sp<IGraphicBufferProducer>* gbp,
538+ const sp<IBinder>& parentHandle, const sp<Layer>& parentLayer = nullptr);
533539
534540 status_t createBufferLayer(const sp<Client>& client, const String8& name,
535541 uint32_t w, uint32_t h, uint32_t flags, PixelFormat& format,
@@ -555,12 +561,13 @@ private:
555561 status_t removeLayer(const sp<Layer>& layer, bool topLevelOnly = false);
556562 status_t removeLayerLocked(const Mutex&, const sp<Layer>& layer, bool topLevelOnly = false);
557563
564+ // remove layer from mapping
565+ status_t removeLayerFromMap(const wp<Layer>& layer);
566+
558567 // add a layer to SurfaceFlinger
559- status_t addClientLayer(const sp<Client>& client,
560- const sp<IBinder>& handle,
561- const sp<IGraphicBufferProducer>& gbc,
562- const sp<Layer>& lbc,
563- const sp<Layer>& parent);
568+ status_t addClientLayer(const sp<Client>& client, const sp<IBinder>& handle,
569+ const sp<IGraphicBufferProducer>& gbc, const sp<Layer>& lbc,
570+ const sp<IBinder>& parentHandle, const sp<Layer>& parentLayer);
564571
565572 /* ------------------------------------------------------------------------
566573 * Boot animation, on/off animations and screen capture
@@ -823,6 +830,9 @@ private:
823830 // it may be read from other threads with mStateLock held
824831 DefaultKeyedVector< wp<IBinder>, sp<DisplayDevice> > mDisplays;
825832
833+ // protected by mStateLock
834+ std::unordered_map<BBinder*, wp<Layer>> mLayersByLocalBinderToken;
835+
826836 // don't use a lock for these, we don't care
827837 int mDebugRegion;
828838 int mDebugDDMS;
--- a/services/surfaceflinger/tests/Android.bp
+++ b/services/surfaceflinger/tests/Android.bp
@@ -18,7 +18,8 @@ cc_test {
1818 tags: ["test"],
1919 test_suites: ["device-tests"],
2020 srcs: [
21- "Stress_test.cpp",
21+ "InvalidHandles_test.cpp",
22+ "Stress_test.cpp",
2223 "SurfaceInterceptor_test.cpp",
2324 "Transaction_test.cpp",
2425 ],
--- /dev/null
+++ b/services/surfaceflinger/tests/InvalidHandles_test.cpp
@@ -0,0 +1,67 @@
1+/*
2+ * Copyright (C) 2019 The Android Open Source Project
3+ *
4+ * Licensed under the Apache License, Version 2.0 (the "License");
5+ * you may not use this file except in compliance with the License.
6+ * You may obtain a copy of the License at
7+ *
8+ * http://www.apache.org/licenses/LICENSE-2.0
9+ *
10+ * Unless required by applicable law or agreed to in writing, software
11+ * distributed under the License is distributed on an "AS IS" BASIS,
12+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+ * See the License for the specific language governing permissions and
14+ * limitations under the License.
15+ */
16+
17+#include <binder/Binder.h>
18+
19+#include <gtest/gtest.h>
20+
21+#include <gui/ISurfaceComposer.h>
22+#include <gui/SurfaceComposerClient.h>
23+#include <private/gui/ComposerService.h>
24+#include <ui/Rect.h>
25+
26+namespace android {
27+namespace {
28+
29+class NotALayer : public BBinder {};
30+
31+/**
32+ * For all of these tests we make a SurfaceControl with an invalid layer handle
33+ * and verify we aren't able to trick SurfaceFlinger.
34+ */
35+class InvalidHandleTest : public ::testing::Test {
36+protected:
37+ sp<SurfaceComposerClient> mScc;
38+ sp<SurfaceControl> mNotSc;
39+ void SetUp() override {
40+ mScc = new SurfaceComposerClient;
41+ ASSERT_EQ(NO_ERROR, mScc->initCheck());
42+ mNotSc = makeNotSurfaceControl();
43+ }
44+
45+ sp<SurfaceControl> makeNotSurfaceControl() {
46+ return new SurfaceControl(mScc, new NotALayer(), nullptr, true);
47+ }
48+};
49+
50+TEST_F(InvalidHandleTest, createSurfaceInvalidHandle) {
51+ auto notSc = makeNotSurfaceControl();
52+ ASSERT_EQ(nullptr,
53+ mScc->createSurface(String8("lolcats"), 19, 47, PIXEL_FORMAT_RGBA_8888, 0,
54+ notSc.get())
55+ .get());
56+}
57+
58+TEST_F(InvalidHandleTest, captureLayersInvalidHandle) {
59+ sp<ISurfaceComposer> sf(ComposerService::getComposerService());
60+ sp<GraphicBuffer> outBuffer;
61+
62+ ASSERT_EQ(NAME_NOT_FOUND,
63+ sf->captureLayers(mNotSc->getHandle(), &outBuffer, Rect::EMPTY_RECT, 1.0f));
64+}
65+
66+} // namespace
67+} // namespace android
Show on old repository browser