SurfaceControl: Add setDropInputMode api
Introduces an API to drop input events on this SurfaceControl. This
policy will be inherited by its children. The caller must hold the
ACCESS_SURFACE_FLINGER permission.
Options include:
ALL: SurfaceControl and its children will not receive any
input regardless of whether it has a valid input channel.
These policies are used to enable features that allow for a less trusted
interaction model between apps. See the bug for more details.
Note: this backport does not include the OBSCURED option since its
not needed for the security fix.
Test: atest libgui_test InputDispatcherDropInputFeatureTest
Bug: 197296414
Merged-In: I443741d5ab51a45d37fb865f11c433c436d96c1e
Change-Id: I443741d5ab51a45d37fb865f11c433c436d96c1e
diff --git a/services/surfaceflinger/Layer.cpp b/services/surfaceflinger/Layer.cpp
index 4e3ef24..bae242a 100644
--- a/services/surfaceflinger/Layer.cpp
+++ b/services/surfaceflinger/Layer.cpp
@@ -119,6 +119,7 @@
mCurrentState.treeHasFrameRateVote = false;
mCurrentState.fixedTransformHint = ui::Transform::ROT_INVALID;
mCurrentState.isTrustedOverlay = false;
+ mCurrentState.dropInputMode = gui::DropInputMode::NONE;
if (args.flags & ISurfaceComposerClient::eNoColorFill) {
// Set an invalid color so there is no color fill.
@@ -2645,6 +2646,16 @@
}
}
+bool Layer::setDropInputMode(gui::DropInputMode mode) {
+ if (mCurrentState.dropInputMode == mode) {
+ return false;
+ }
+ mCurrentState.dropInputMode = mode;
+ mCurrentState.modified = true;
+ mCurrentState.inputInfoChanged = true;
+ setTransactionFlags(eTransactionNeeded);
+ return true;
+}
// ---------------------------------------------------------------------------
}; // namespace android
diff --git a/services/surfaceflinger/Layer.h b/services/surfaceflinger/Layer.h
index a12bae4..30f207f 100644
--- a/services/surfaceflinger/Layer.h
+++ b/services/surfaceflinger/Layer.h
@@ -16,6 +16,7 @@
#pragma once
+#include <android/gui/DropInputMode.h>
#include <compositionengine/LayerFE.h>
#include <gui/BufferQueue.h>
#include <gui/ISurfaceComposerClient.h>
@@ -282,6 +283,8 @@
// Whether or not this layer is a trusted overlay for input
bool isTrustedOverlay;
+
+ gui::DropInputMode dropInputMode;
};
explicit Layer(const LayerCreationArgs& args);
@@ -410,6 +413,8 @@
bool setShadowRadius(float shadowRadius);
virtual bool setFrameRateSelectionPriority(int32_t priority);
virtual bool setFixedTransformHint(ui::Transform::RotationFlags fixedTransformHint);
+ bool setDropInputMode(gui::DropInputMode);
+
// If the variable is not set on the layer, it traverses up the tree to inherit the frame
// rate priority from its parent.
virtual int32_t getFrameRateSelectionPriority() const;
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index 4947210..4165df9 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@@ -3867,6 +3867,15 @@
ALOGE("Attempt to set trusted overlay without permission ACCESS_SURFACE_FLINGER");
}
}
+ if (what & layer_state_t::eDropInputModeChanged) {
+ if (privileged) {
+ if (layer->setDropInputMode(s.dropInputMode)) {
+ flags |= eTraversalNeeded;
+ }
+ } else {
+ ALOGE("Attempt to update InputPolicyFlags without permission ACCESS_SURFACE_FLINGER");
+ }
+ }
// This has to happen after we reparent children because when we reparent to null we remove
// child layers from current state and remove its relative z. If the children are reparented in
// the same transaction, then we have to make sure we reparent the children first so we do not