Merge "Crash if too many open files"
diff --git a/cmds/lshal/ListCommand.cpp b/cmds/lshal/ListCommand.cpp
index ad7e4c4..a7ccf64 100644
--- a/cmds/lshal/ListCommand.cpp
+++ b/cmds/lshal/ListCommand.cpp
@@ -163,11 +163,11 @@
VintfInfo getVintfInfo(const std::shared_ptr<const ObjectType>& object,
const FqInstance& fqInstance, vintf::TransportArch ta, VintfInfo value) {
bool found = false;
- (void)object->forEachInstanceOfVersion(fqInstance.getPackage(), fqInstance.getVersion(),
- [&](const auto& instance) {
- found = match(instance, fqInstance, ta);
- return !found; // continue if not found
- });
+ (void)object->forEachHidlInstanceOfVersion(fqInstance.getPackage(), fqInstance.getVersion(),
+ [&](const auto& instance) {
+ found = match(instance, fqInstance, ta);
+ return !found; // continue if not found
+ });
return found ? value : VINTF_INFO_EMPTY;
}
@@ -453,7 +453,7 @@
}
bool found = false;
- (void)manifest->forEachInstanceOfVersion(package, version, [&found](const auto&) {
+ (void)manifest->forEachHidlInstanceOfVersion(package, version, [&found](const auto&) {
found = true;
return false; // break
});
@@ -797,9 +797,9 @@
std::map<std::string, TableEntry> entries;
- manifest->forEachInstance([&] (const vintf::ManifestInstance& manifestInstance) {
+ manifest->forEachHidlInstance([&] (const vintf::ManifestInstance& manifestInstance) {
TableEntry entry{
- .interfaceName = manifestInstance.getFqInstance().string(),
+ .interfaceName = manifestInstance.description(),
.transport = manifestInstance.transport(),
.arch = manifestInstance.arch(),
// TODO(b/71555570): Device manifest does not distinguish HALs from vendor or ODM.
diff --git a/libs/binder/IMemory.cpp b/libs/binder/IMemory.cpp
index caf2318..a7662e9 100644
--- a/libs/binder/IMemory.cpp
+++ b/libs/binder/IMemory.cpp
@@ -149,7 +149,7 @@
return static_cast<char*>(base) + offset;
}
-void* IMemory::pointer() const {
+void* IMemory::unsecurePointer() const {
ssize_t offset;
sp<IMemoryHeap> heap = getMemory(&offset);
void* const base = heap!=nullptr ? heap->base() : MAP_FAILED;
@@ -158,6 +158,8 @@
return static_cast<char*>(base) + offset;
}
+void* IMemory::pointer() const { return unsecurePointer(); }
+
size_t IMemory::size() const {
size_t size;
getMemory(nullptr, &size);
diff --git a/libs/binder/include/binder/IMemory.h b/libs/binder/include/binder/IMemory.h
index 071946f..8791741 100644
--- a/libs/binder/include/binder/IMemory.h
+++ b/libs/binder/include/binder/IMemory.h
@@ -77,10 +77,33 @@
virtual sp<IMemoryHeap> getMemory(ssize_t* offset=nullptr, size_t* size=nullptr) const = 0;
// helpers
- void* fastPointer(const sp<IBinder>& heap, ssize_t offset) const;
- void* pointer() const;
+
+ // Accessing the underlying pointer must be done with caution, as there are
+ // some inherent security risks associated with it. When receiving an
+ // IMemory from an untrusted process, there is currently no way to guarantee
+ // that this process would't change the content after the fact. This may
+ // lead to TOC/TOU class of security bugs. In most cases, when performance
+ // is not an issue, the recommended practice is to immediately copy the
+ // buffer upon reception, then work with the copy, e.g.:
+ //
+ // std::string private_copy(mem.size(), '\0');
+ // memcpy(private_copy.data(), mem.unsecurePointer(), mem.size());
+ //
+ // In cases where performance is an issue, this matter must be addressed on
+ // an ad-hoc basis.
+ void* unsecurePointer() const;
+
size_t size() const;
ssize_t offset() const;
+
+private:
+ // These are now deprecated and are left here for backward-compatibility
+ // with prebuilts that may reference these symbol at runtime.
+ // Instead, new code should use unsecurePointer()/unsecureFastPointer(),
+ // which do the same thing, but make it more obvious that there are some
+ // security-related pitfalls associated with them.
+ void* pointer() const;
+ void* fastPointer(const sp<IBinder>& heap, ssize_t offset) const;
};
class BnMemory : public BnInterface<IMemory>
diff --git a/libs/binder/tests/Android.bp b/libs/binder/tests/Android.bp
index bc457ce..f25e954 100644
--- a/libs/binder/tests/Android.bp
+++ b/libs/binder/tests/Android.bp
@@ -70,6 +70,7 @@
"libutils",
],
test_suites: ["device-tests"],
+ require_root: true,
}
cc_test {
@@ -136,6 +137,7 @@
"libutils",
],
test_suites: ["device-tests"],
+ require_root: true,
}
aidl_interface {
diff --git a/libs/vr/libvrflinger/display_service.cpp b/libs/vr/libvrflinger/display_service.cpp
index 5a9360c..582fed3 100644
--- a/libs/vr/libvrflinger/display_service.cpp
+++ b/libs/vr/libvrflinger/display_service.cpp
@@ -18,6 +18,8 @@
#include <private/dvr/trusted_uids.h>
#include <private/dvr/types.h>
+#include "DisplayHardware/DisplayIdentification.h"
+
using android::dvr::display::DisplayProtocol;
using android::pdx::Channel;
using android::pdx::ErrorStatus;
@@ -44,19 +46,6 @@
Endpoint::Create(display::DisplayProtocol::kClientPath)) {
hardware_composer_.Initialize(
hidl, primary_display_id, request_display_callback);
-
- uint8_t port;
- const auto error = hidl->getDisplayIdentificationData(
- primary_display_id, &display_identification_port_,
- &display_identification_data_);
- if (error != android::hardware::graphics::composer::V2_1::Error::NONE) {
- if (error !=
- android::hardware::graphics::composer::V2_1::Error::UNSUPPORTED) {
- ALOGI("DisplayService: identification data error\n");
- } else {
- ALOGI("DisplayService: identification data unsupported\n");
- }
- }
}
bool DisplayService::IsInitialized() const {
@@ -212,6 +201,7 @@
pdx::Status<std::string> DisplayService::OnGetConfigurationData(
pdx::Message& /*message*/, display::ConfigFileType config_type) {
std::string property_name;
+ DisplayIdentificationData display_identification_data;
switch (config_type) {
case display::ConfigFileType::kLensMetrics:
property_name = kDvrLensMetricsProperty;
@@ -223,11 +213,13 @@
property_name = kDvrDeviceConfigProperty;
break;
case display::ConfigFileType::kDeviceEdid:
- if (display_identification_data_.size() == 0) {
+ display_identification_data =
+ hardware_composer_.GetCurrentDisplayIdentificationData();
+ if (display_identification_data.size() == 0) {
return ErrorStatus(ENOENT);
}
- return std::string(display_identification_data_.begin(),
- display_identification_data_.end());
+ return std::string(display_identification_data.begin(),
+ display_identification_data.end());
default:
return ErrorStatus(EINVAL);
}
@@ -246,7 +238,7 @@
pdx::Status<uint8_t> DisplayService::OnGetDisplayIdentificationPort(
pdx::Message& /*message*/) {
- return display_identification_port_;
+ return hardware_composer_.GetCurrentDisplayPort();
}
// Creates a new DisplaySurface and associates it with this channel. This may
diff --git a/libs/vr/libvrflinger/display_service.h b/libs/vr/libvrflinger/display_service.h
index 06ba566..89f1eae 100644
--- a/libs/vr/libvrflinger/display_service.h
+++ b/libs/vr/libvrflinger/display_service.h
@@ -18,8 +18,6 @@
#include "epoll_event_dispatcher.h"
#include "hardware_composer.h"
-#include "DisplayHardware/DisplayIdentification.h"
-
namespace android {
namespace dvr {
@@ -120,9 +118,6 @@
DisplayService(const DisplayService&) = delete;
void operator=(const DisplayService&) = delete;
-
- DisplayIdentificationData display_identification_data_;
- uint8_t display_identification_port_;
};
} // namespace dvr
diff --git a/libs/vr/libvrflinger/hardware_composer.cpp b/libs/vr/libvrflinger/hardware_composer.cpp
index 9072d89..67607af 100644
--- a/libs/vr/libvrflinger/hardware_composer.cpp
+++ b/libs/vr/libvrflinger/hardware_composer.cpp
@@ -137,6 +137,20 @@
composer_callback_->SetVsyncService(nullptr);
}
+void HardwareComposer::UpdateEdidData(Hwc2::Composer* composer,
+ hwc2_display_t hw_id) {
+ const auto error = composer->getDisplayIdentificationData(
+ hw_id, &display_port_, &display_identification_data_);
+ if (error != android::hardware::graphics::composer::V2_1::Error::NONE) {
+ if (error !=
+ android::hardware::graphics::composer::V2_1::Error::UNSUPPORTED) {
+ ALOGI("hardware_composer: identification data error\n");
+ } else {
+ ALOGI("hardware_composer: identification data unsupported\n");
+ }
+ }
+}
+
bool HardwareComposer::Initialize(
Hwc2::Composer* composer, hwc2_display_t primary_display_id,
RequestDisplayCallback request_display_callback) {
@@ -164,6 +178,8 @@
"HardwareComposer: Failed to create interrupt event fd : %s",
strerror(errno));
+ UpdateEdidData(composer, primary_display_id);
+
post_thread_ = std::thread(&HardwareComposer::PostThread, this);
initialized_ = true;
@@ -988,6 +1004,9 @@
EnableDisplay(*external_display_, false);
}
+ // Update the cached edid data for the current display.
+ UpdateEdidData(composer_.get(), target_display_->id);
+
// Turn the new target display on.
EnableDisplay(*target_display_, true);
diff --git a/libs/vr/libvrflinger/hardware_composer.h b/libs/vr/libvrflinger/hardware_composer.h
index db0d6a7..989ce35 100644
--- a/libs/vr/libvrflinger/hardware_composer.h
+++ b/libs/vr/libvrflinger/hardware_composer.h
@@ -25,6 +25,7 @@
#include <private/dvr/shared_buffer_helpers.h>
#include <private/dvr/vsync_service.h>
+#include "DisplayHardware/DisplayIdentification.h"
#include "acquired_buffer.h"
#include "display_surface.h"
@@ -334,6 +335,14 @@
int OnNewGlobalBuffer(DvrGlobalBufferKey key, IonBuffer& ion_buffer);
void OnDeletedGlobalBuffer(DvrGlobalBufferKey key);
+ // Gets the edid data for the current active display (internal or external)
+ DisplayIdentificationData GetCurrentDisplayIdentificationData() {
+ return display_identification_data_;
+ }
+
+ // Gets the edid port for the current active display (internal or external)
+ uint8_t GetCurrentDisplayPort() { return display_port_; }
+
private:
DisplayParams GetDisplayParams(Hwc2::Composer* composer,
hwc2_display_t display, bool is_primary);
@@ -544,6 +553,11 @@
bool vsync_trace_parity_ = false;
sp<VsyncService> vsync_service_;
+ // Edid section.
+ void UpdateEdidData(Hwc2::Composer* composer, hwc2_display_t hw_id);
+ DisplayIdentificationData display_identification_data_;
+ uint8_t display_port_;
+
static constexpr int kPostThreadInterrupted = 1;
HardwareComposer(const HardwareComposer&) = delete;
diff --git a/services/surfaceflinger/BufferQueueLayer.cpp b/services/surfaceflinger/BufferQueueLayer.cpp
index 5f79750..f2e861d 100644
--- a/services/surfaceflinger/BufferQueueLayer.cpp
+++ b/services/surfaceflinger/BufferQueueLayer.cpp
@@ -196,8 +196,9 @@
bool sidebandStreamChanged = true;
if (mSidebandStreamChanged.compare_exchange_strong(sidebandStreamChanged, false)) {
// mSidebandStreamChanged was changed to false
+ mSidebandStream = mConsumer->getSidebandStream();
auto& layerCompositionState = getCompositionLayer()->editState().frontEnd;
- layerCompositionState.sidebandStream = mConsumer->getSidebandStream();
+ layerCompositionState.sidebandStream = mSidebandStream;
if (layerCompositionState.sidebandStream != nullptr) {
setTransactionFlags(eTransactionNeeded);
mFlinger->setTransactionFlags(eTraversalNeeded);