Stagefright: authenticate ANativeWindow.
This change adds a check to verify that the ANativeWindow to which
decoded video buffers are queued sends those buffers to SurfaceFlinger.
The check is done when the buffer content is flagged as protected. This
change also adds an error in the case where protected buffers are
needed, but an ANativeWindow is not being used as the video destination.
Change-Id: I107c9082d65ef0de4a13594e9535a2053ad5161b
Bug: 4269240
diff --git a/media/libstagefright/OMXCodec.cpp b/media/libstagefright/OMXCodec.cpp
index a70f868..5d26fd5 100644
--- a/media/libstagefright/OMXCodec.cpp
+++ b/media/libstagefright/OMXCodec.cpp
@@ -1593,6 +1593,11 @@
return allocateOutputBuffersFromNativeWindow();
}
+ if (mEnableGrallocUsageProtected && portIndex == kPortIndexOutput) {
+ LOGE("protected output buffers must be stent to an ANativeWindow");
+ return PERMISSION_DENIED;
+ }
+
OMX_PARAM_PORTDEFINITIONTYPE def;
InitOMXParams(&def);
def.nPortIndex = portIndex;
@@ -1761,6 +1766,25 @@
usage |= GRALLOC_USAGE_PROTECTED;
}
+ // Make sure to check whether either Stagefright or the video decoder
+ // requested protected buffers.
+ if (usage & GRALLOC_USAGE_PROTECTED) {
+ // Verify that the ANativeWindow sends images directly to
+ // SurfaceFlinger.
+ int queuesToNativeWindow = 0;
+ err = mNativeWindow->query(
+ mNativeWindow.get(), NATIVE_WINDOW_QUEUES_TO_WINDOW_COMPOSER,
+ &queuesToNativeWindow);
+ if (err != 0) {
+ LOGE("error authenticating native window: %d", err);
+ return err;
+ }
+ if (queuesToNativeWindow != 1) {
+ LOGE("native window could not be authenticated");
+ return PERMISSION_DENIED;
+ }
+ }
+
LOGV("native_window_set_usage usage=0x%x", usage);
err = native_window_set_usage(
mNativeWindow.get(), usage | GRALLOC_USAGE_HW_TEXTURE | GRALLOC_USAGE_EXTERNAL_DISP);