DO NOT MERGE - OMX: allow only secure codec to remotely call allocateBuffer. Bug: 24310423 Change-Id: Iebcfc58b447f925ec2134898060af2ef227266a3 (cherry picked from commit 8dde7269a5356503d2b283234b6cb46d0c3f214e)

commit: 4a03d784f7c0e3a9685d182eee92ba6580eaf5a1 [log] [tgz]
author: Wei Jia <wjia@google.com> Mon Sep 28 11:32:23 2015 -0700
committer: Wei Jia <wjia@google.com> Wed Oct 07 11:27:32 2015 -0700
tree: a7356ea6c85c6d1b4b45e0288f43b4f9fe9edae4
parent: 74d1927e4122a1748f89ca2ef79406fc06ee94b2 [diff] [blame]
diff --git a/media/libmedia/IOMX.cpp b/media/libmedia/IOMX.cpp
index 71ce320..10747f3 100644
--- a/media/libmedia/IOMX.cpp
+++ b/media/libmedia/IOMX.cpp

@@ -810,6 +810,12 @@
 
             node_id node = (void*)data.readIntPtr();
             OMX_U32 port_index = data.readInt32();
+            if (!isSecure(node) || port_index != 0 /* kPortIndexInput */) {
+                ALOGE("b/24310423");
+                reply->writeInt32(INVALID_OPERATION);
+                return NO_ERROR;
+            }
+
             size_t size = data.readInt32();
 
             buffer_id buffer;
commit	4a03d784f7c0e3a9685d182eee92ba6580eaf5a1	[log] [tgz]
author	Wei Jia <wjia@google.com>	Mon Sep 28 11:32:23 2015 -0700
committer	Wei Jia <wjia@google.com>	Wed Oct 07 11:27:32 2015 -0700
tree	a7356ea6c85c6d1b4b45e0288f43b4f9fe9edae4
parent	74d1927e4122a1748f89ca2ef79406fc06ee94b2 [diff] [blame]