Merge "[SurfaceFlinger] Make sure switch the protected state of buffers." into qt-dev
diff --git a/libs/binder/aidl/android/content/pm/IPackageManagerNative.aidl b/libs/binder/aidl/android/content/pm/IPackageManagerNative.aidl
index 70ed80d..90980b8 100644
--- a/libs/binder/aidl/android/content/pm/IPackageManagerNative.aidl
+++ b/libs/binder/aidl/android/content/pm/IPackageManagerNative.aidl
@@ -74,4 +74,11 @@
* LOCATION_PRODUCT: getApplicationInfo(packageName).isProduct()
*/
int getLocationFlags(in @utf8InCpp String packageName);
+
+ /**
+ * Returns the target SDK version for the given package.
+ * Unknown packages will cause the call to fail. The caller must check the
+ * returned Status before using the result of this function.
+ */
+ int getTargetSdkVersionForPackage(in String packageName);
}
diff --git a/libs/gui/Android.bp b/libs/gui/Android.bp
index f435d98..34575f5 100644
--- a/libs/gui/Android.bp
+++ b/libs/gui/Android.bp
@@ -25,50 +25,19 @@
},
double_loadable: true,
- clang: true,
- cflags: [
- "-Wall",
- "-Werror",
- ],
- cppflags: [
- "-Wextra",
- "-DDEBUG_ONLY_CODE=0",
- ],
-
- product_variables: {
- eng: {
- cppflags: [
- "-UDEBUG_ONLY_CODE",
- "-DDEBUG_ONLY_CODE=1",
- ],
- },
- },
+ defaults: ["libgui_bufferqueue-defaults"],
srcs: [
"BitTube.cpp",
"BufferHubConsumer.cpp",
"BufferHubProducer.cpp",
- "BufferItem.cpp",
"BufferItemConsumer.cpp",
- "BufferQueue.cpp",
- "BufferQueueConsumer.cpp",
- "BufferQueueCore.cpp",
- "BufferQueueProducer.cpp",
- "BufferQueueThreadState.cpp",
- "BufferSlot.cpp",
"ConsumerBase.cpp",
"CpuConsumer.cpp",
"DisplayEventReceiver.cpp",
- "FrameTimestamps.cpp",
"GLConsumer.cpp",
- "GLConsumerUtils.cpp",
"GuiConfig.cpp",
- "HdrMetadata.cpp",
"IDisplayEventConnection.cpp",
- "IConsumerListener.cpp",
- "IGraphicBufferConsumer.cpp",
- "IGraphicBufferProducer.cpp",
- "IProducerListener.cpp",
"IRegionSamplingListener.cpp",
"ISurfaceComposer.cpp",
"ISurfaceComposerClient.cpp",
@@ -76,50 +45,20 @@
"LayerDebugInfo.cpp",
"LayerMetadata.cpp",
"LayerState.cpp",
- "OccupancyTracker.cpp",
"StreamSplitter.cpp",
"Surface.cpp",
"SurfaceControl.cpp",
"SurfaceComposerClient.cpp",
"SyncFeatures.cpp",
"view/Surface.cpp",
- "bufferqueue/1.0/B2HProducerListener.cpp",
- "bufferqueue/1.0/Conversion.cpp",
- "bufferqueue/1.0/H2BGraphicBufferProducer.cpp",
- "bufferqueue/1.0/H2BProducerListener.cpp",
- "bufferqueue/1.0/WProducerListener.cpp",
- "bufferqueue/2.0/B2HGraphicBufferProducer.cpp",
- "bufferqueue/2.0/B2HProducerListener.cpp",
- "bufferqueue/2.0/H2BGraphicBufferProducer.cpp",
- "bufferqueue/2.0/H2BProducerListener.cpp",
- "bufferqueue/2.0/types.cpp",
],
shared_libs: [
"android.frameworks.bufferhub@1.0",
- "android.hardware.graphics.bufferqueue@1.0",
- "android.hardware.graphics.bufferqueue@2.0",
- "android.hardware.graphics.common@1.1",
- "android.hardware.graphics.common@1.2",
- "android.hidl.token@1.0-utils",
- "libbase",
- "libbinder",
"libbufferhub",
"libbufferhubqueue", // TODO(b/70046255): Remove this once BufferHub is integrated into libgui.
- "libcutils",
- "libEGL",
- "libGLESv2",
- "libhidlbase",
- "libhidltransport",
- "libhwbinder",
"libinput",
- "liblog",
- "libnativewindow",
"libpdx_default_transport",
- "libsync",
- "libui",
- "libutils",
- "libvndksupport",
],
// bufferhub is not used when building libgui for vendors
@@ -145,43 +84,31 @@
header_libs: [
"libdvr_headers",
- "libgui_headers",
- "libnativebase_headers",
"libpdx_headers",
],
-
- export_shared_lib_headers: [
- "libbinder",
- "libEGL",
- "libnativewindow",
- "libui",
- "android.hardware.graphics.bufferqueue@1.0",
- "android.hardware.graphics.bufferqueue@2.0",
- "android.hardware.graphics.common@1.1",
- "android.hardware.graphics.common@1.2",
- "android.hidl.token@1.0-utils",
- ],
-
- export_header_lib_headers: [
- "libgui_headers",
- ],
-
- export_include_dirs: [
- "include",
- ],
}
// Used by media codec services exclusively as a static lib for
-// core bufferqueuesupport only.
+// core bufferqueue support only.
cc_library_static {
name: "libgui_bufferqueue_static",
vendor_available: true,
+ cflags: [
+ "-DNO_BUFFERHUB",
+ ],
+
+ defaults: ["libgui_bufferqueue-defaults"],
+}
+
+// Common build config shared by libgui and libgui_bufferqueue_static.
+cc_defaults {
+ name: "libgui_bufferqueue-defaults",
+
clang: true,
cflags: [
"-Wall",
"-Werror",
- "-DNO_BUFFERHUB",
],
cppflags: [
diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp
index d9a986e..139987e 100644
--- a/libs/sensor/Sensor.cpp
+++ b/libs/sensor/Sensor.cpp
@@ -22,6 +22,13 @@
#include <binder/IPermissionController.h>
#include <binder/IServiceManager.h>
+/*
+ * The permission to use for activity recognition sensors (like step counter).
+ * See sensor types for more details on what sensors should require this
+ * permission.
+ */
+#define SENSOR_PERMISSION_ACTIVITY_RECOGNITION "android.permission.ACTIVITY_RECOGNITION"
+
// ----------------------------------------------------------------------------
namespace android {
// ----------------------------------------------------------------------------
@@ -116,7 +123,7 @@
mStringType = SENSOR_STRING_TYPE_HEART_RATE;
mRequiredPermission = SENSOR_PERMISSION_BODY_SENSORS;
AppOpsManager appOps;
- mRequiredAppOp = appOps.permissionToOpCode(String16(SENSOR_PERMISSION_BODY_SENSORS));
+ mRequiredAppOp = appOps.permissionToOpCode(String16(mRequiredPermission));
mFlags |= SENSOR_FLAG_ON_CHANGE_MODE;
} break;
case SENSOR_TYPE_LIGHT:
@@ -165,14 +172,22 @@
mFlags |= SENSOR_FLAG_WAKE_UP;
}
break;
- case SENSOR_TYPE_STEP_COUNTER:
+ case SENSOR_TYPE_STEP_COUNTER: {
mStringType = SENSOR_STRING_TYPE_STEP_COUNTER;
+ mRequiredPermission = SENSOR_PERMISSION_ACTIVITY_RECOGNITION;
+ AppOpsManager appOps;
+ mRequiredAppOp =
+ appOps.permissionToOpCode(String16(mRequiredPermission));
mFlags |= SENSOR_FLAG_ON_CHANGE_MODE;
- break;
- case SENSOR_TYPE_STEP_DETECTOR:
+ } break;
+ case SENSOR_TYPE_STEP_DETECTOR: {
mStringType = SENSOR_STRING_TYPE_STEP_DETECTOR;
+ mRequiredPermission = SENSOR_PERMISSION_ACTIVITY_RECOGNITION;
+ AppOpsManager appOps;
+ mRequiredAppOp =
+ appOps.permissionToOpCode(String16(mRequiredPermission));
mFlags |= SENSOR_FLAG_SPECIAL_REPORTING_MODE;
- break;
+ } break;
case SENSOR_TYPE_TEMPERATURE:
mStringType = SENSOR_STRING_TYPE_TEMPERATURE;
mFlags |= SENSOR_FLAG_ON_CHANGE_MODE;
diff --git a/services/sensorservice/SensorEventConnection.cpp b/services/sensorservice/SensorEventConnection.cpp
index c4cfdc6..0e40940 100644
--- a/services/sensorservice/SensorEventConnection.cpp
+++ b/services/sensorservice/SensorEventConnection.cpp
@@ -285,8 +285,9 @@
scratch[count++] = buffer[i];
}
} else {
- // Regular sensor event, just copy it to the scratch buffer.
- if (hasSensorAccess()) {
+ // Regular sensor event, just copy it to the scratch buffer after checking
+ // the AppOp.
+ if (hasSensorAccess() && noteOpIfRequired(buffer[i])) {
scratch[count++] = buffer[i];
}
}
@@ -386,6 +387,16 @@
return mHasSensorAccess && !mService->mSensorPrivacyPolicy->isSensorPrivacyEnabled();
}
+bool SensorService::SensorEventConnection::noteOpIfRequired(const sensors_event_t& event) {
+ bool success = true;
+ const auto iter = mHandleToAppOp.find(event.sensor);
+ if (iter != mHandleToAppOp.end()) {
+ int32_t appOpMode = mService->sAppOpsManager.noteOp((*iter).second, mUid, mOpPackageName);
+ success = (appOpMode == AppOpsManager::MODE_ALLOWED);
+ }
+ return success;
+}
+
void SensorService::SensorEventConnection::reAllocateCacheLocked(sensors_event_t const* scratch,
int count) {
sensors_event_t *eventCache_new;
diff --git a/services/sensorservice/SensorEventConnection.h b/services/sensorservice/SensorEventConnection.h
index 7077880..fd881cb 100644
--- a/services/sensorservice/SensorEventConnection.h
+++ b/services/sensorservice/SensorEventConnection.h
@@ -19,6 +19,7 @@
#include <stdint.h>
#include <sys/types.h>
+#include <unordered_map>
#include <utils/Vector.h>
#include <utils/SortedVector.h>
@@ -134,6 +135,9 @@
// privacy not being enabled.
bool hasSensorAccess();
+ // Call noteOp for the sensor if the sensor requires a permission
+ bool noteOpIfRequired(const sensors_event_t& event);
+
sp<SensorService> const mService;
sp<BitTube> mChannel;
uid_t mUid;
@@ -181,6 +185,10 @@
mutable Mutex mDestroyLock;
bool mDestroyed;
bool mHasSensorAccess;
+
+ // Store a mapping of sensor handles to required AppOp for a sensor. This map only contains a
+ // valid mapping for sensors that require a permission in order to reduce the lookup time.
+ std::unordered_map<int32_t, int32_t> mHandleToAppOp;
};
} // namepsace android
diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
index 0269990..639ce78 100644
--- a/services/sensorservice/SensorService.cpp
+++ b/services/sensorservice/SensorService.cpp
@@ -13,8 +13,8 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+#include <android/content/pm/IPackageManagerNative.h>
#include <binder/ActivityManager.h>
-#include <binder/AppOpsManager.h>
#include <binder/BinderService.h>
#include <binder/IServiceManager.h>
#include <binder/PermissionCache.h>
@@ -75,6 +75,9 @@
const char* SensorService::WAKE_LOCK_NAME = "SensorService_wakelock";
uint8_t SensorService::sHmacGlobalKey[128] = {};
bool SensorService::sHmacGlobalKeyIsValid = false;
+std::map<String16, int> SensorService::sPackageTargetVersion;
+Mutex SensorService::sPackageTargetVersionLock;
+AppOpsManager SensorService::sAppOpsManager;
#define SENSOR_SERVICE_DIR "/data/system/sensor_service"
#define SENSOR_SERVICE_HMAC_KEY_FILE SENSOR_SERVICE_DIR "/hmac_key"
@@ -1394,6 +1397,14 @@
checkWakeLockStateLocked();
}
+ {
+ Mutex::Autolock packageLock(sPackageTargetVersionLock);
+ auto iter = sPackageTargetVersion.find(c->mOpPackageName);
+ if (iter != sPackageTargetVersion.end()) {
+ sPackageTargetVersion.erase(iter);
+ }
+ }
+
SensorDevice& dev(SensorDevice::getInstance());
dev.notifyConnectionDestroyed(c);
}
@@ -1539,6 +1550,10 @@
if (err == NO_ERROR) {
connection->updateLooperRegistration(mLooper);
+ if (sensor->getSensor().getRequiredPermission().size() > 0) {
+ connection->mHandleToAppOp[handle] = sensor->getSensor().getRequiredAppOp();
+ }
+
mLastNSensorRegistrations.editItemAt(mNextSensorRegIndex) =
SensorRegistrationInfo(handle, connection->getPackageName(),
samplingPeriodNs, maxBatchReportLatencyNs, true);
@@ -1663,13 +1678,50 @@
bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
const String16& opPackageName) {
- const String8& requiredPermission = sensor.getRequiredPermission();
-
- if (requiredPermission.length() <= 0) {
+ // Check if a permission is required for this sensor
+ if (sensor.getRequiredPermission().length() <= 0) {
return true;
}
+ const int32_t opCode = sensor.getRequiredAppOp();
+ const int32_t appOpMode = sAppOpsManager.checkOp(opCode,
+ IPCThreadState::self()->getCallingUid(), opPackageName);
+
+ // Ensure that the AppOp is allowed
+ //
+ // This check is also required to ensure that the user hasn't revoked the necessary permissions
+ // to access the Step Detector and Step Counter when the application targets pre-Q. Without this
+ // check, if the user revokes the pre-Q install-time GMS Core AR permission, the app would
+ // still be able to receive Step Counter and Step Detector events.
+ bool canAccess = false;
+ if (opCode >= 0 && appOpMode == AppOpsManager::MODE_ALLOWED) {
+ if (hasPermissionForSensor(sensor)) {
+ canAccess = true;
+ } else if (sensor.getType() == SENSOR_TYPE_STEP_COUNTER ||
+ sensor.getType() == SENSOR_TYPE_STEP_DETECTOR) {
+ int targetSdkVersion = getTargetSdkVersion(opPackageName);
+ // Allow access to the sensor if the application targets pre-Q, which is before the
+ // requirement to hold the AR permission to access Step Counter and Step Detector events
+ // was introduced.
+ if (targetSdkVersion > 0 && targetSdkVersion <= __ANDROID_API_P__) {
+ canAccess = true;
+ }
+ }
+ }
+
+ if (canAccess) {
+ sAppOpsManager.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName);
+ } else {
+ ALOGE("%s a sensor (%s) without holding its required permission: %s",
+ operation, sensor.getName().string(), sensor.getRequiredPermission().string());
+ }
+
+ return canAccess;
+}
+
+bool SensorService::hasPermissionForSensor(const Sensor& sensor) {
bool hasPermission = false;
+ const String8& requiredPermission = sensor.getRequiredPermission();
// Runtime permissions can't use the cache as they may change.
if (sensor.isRequiredPermissionRuntime()) {
@@ -1678,25 +1730,31 @@
} else {
hasPermission = PermissionCache::checkCallingPermission(String16(requiredPermission));
}
+ return hasPermission;
+}
- if (!hasPermission) {
- ALOGE("%s a sensor (%s) without holding its required permission: %s",
- operation, sensor.getName().string(), sensor.getRequiredPermission().string());
- return false;
- }
-
- const int32_t opCode = sensor.getRequiredAppOp();
- if (opCode >= 0) {
- AppOpsManager appOps;
- if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
- != AppOpsManager::MODE_ALLOWED) {
- ALOGE("%s a sensor (%s) without enabled required app op: %d",
- operation, sensor.getName().string(), opCode);
- return false;
+int SensorService::getTargetSdkVersion(const String16& opPackageName) {
+ Mutex::Autolock packageLock(sPackageTargetVersionLock);
+ int targetSdkVersion = -1;
+ auto entry = sPackageTargetVersion.find(opPackageName);
+ if (entry != sPackageTargetVersion.end()) {
+ targetSdkVersion = entry->second;
+ } else {
+ sp<IBinder> binder = defaultServiceManager()->getService(String16("package_native"));
+ if (binder != nullptr) {
+ sp<content::pm::IPackageManagerNative> packageManager =
+ interface_cast<content::pm::IPackageManagerNative>(binder);
+ if (packageManager != nullptr) {
+ binder::Status status = packageManager->getTargetSdkVersionForPackage(
+ opPackageName, &targetSdkVersion);
+ if (!status.isOk()) {
+ targetSdkVersion = -1;
+ }
+ }
}
+ sPackageTargetVersion[opPackageName] = targetSdkVersion;
}
-
- return true;
+ return targetSdkVersion;
}
void SensorService::checkWakeLockState() {
diff --git a/services/sensorservice/SensorService.h b/services/sensorservice/SensorService.h
index 5076967..e6ec96d 100644
--- a/services/sensorservice/SensorService.h
+++ b/services/sensorservice/SensorService.h
@@ -20,6 +20,7 @@
#include "SensorList.h"
#include "RecentEventLogger.h"
+#include <binder/AppOpsManager.h>
#include <binder/BinderService.h>
#include <binder/IUidObserver.h>
#include <cutils/compiler.h>
@@ -243,6 +244,8 @@
sensors_event_t const* buffer, const int count);
static bool canAccessSensor(const Sensor& sensor, const char* operation,
const String16& opPackageName);
+ static bool hasPermissionForSensor(const Sensor& sensor);
+ static int getTargetSdkVersion(const String16& opPackageName);
// SensorService acquires a partial wakelock for delivering events from wake up sensors. This
// method checks whether all the events from these wake up sensors have been delivered to the
// corresponding applications, if yes the wakelock is released.
@@ -343,6 +346,10 @@
sp<UidPolicy> mUidPolicy;
sp<SensorPrivacyPolicy> mSensorPrivacyPolicy;
+
+ static AppOpsManager sAppOpsManager;
+ static std::map<String16, int> sPackageTargetVersion;
+ static Mutex sPackageTargetVersionLock;
};
} // namespace android
diff --git a/services/surfaceflinger/RefreshRateOverlay.cpp b/services/surfaceflinger/RefreshRateOverlay.cpp
index fcde8da..d3fe7b6 100644
--- a/services/surfaceflinger/RefreshRateOverlay.cpp
+++ b/services/surfaceflinger/RefreshRateOverlay.cpp
@@ -38,7 +38,8 @@
}
mLayer = mClient->getLayerUser(mIBinder);
- mLayer->setCrop_legacy(Rect(0, 0, 200, 100), true);
+ mLayer->setCrop_legacy(Rect(50, 70, 200, 100), true);
+ mLayer->setCornerRadius(15.0f);
mLayer->setLayer(INT32_MAX - 2);
return true;
diff --git a/services/surfaceflinger/RegionSamplingThread.cpp b/services/surfaceflinger/RegionSamplingThread.cpp
index 252ff0d..0d14267 100644
--- a/services/surfaceflinger/RegionSamplingThread.cpp
+++ b/services/surfaceflinger/RegionSamplingThread.cpp
@@ -377,10 +377,15 @@
mFlinger.traverseLayersInDisplay(device, filterVisitor);
};
- const uint32_t usage = GRALLOC_USAGE_SW_READ_OFTEN | GRALLOC_USAGE_HW_RENDER;
- sp<GraphicBuffer> buffer =
- new GraphicBuffer(sampledArea.getWidth(), sampledArea.getHeight(),
- PIXEL_FORMAT_RGBA_8888, 1, usage, "RegionSamplingThread");
+ sp<GraphicBuffer> buffer = nullptr;
+ if (mCachedBuffer && mCachedBuffer->getWidth() == sampledArea.getWidth() &&
+ mCachedBuffer->getHeight() == sampledArea.getHeight()) {
+ buffer = mCachedBuffer;
+ } else {
+ const uint32_t usage = GRALLOC_USAGE_SW_READ_OFTEN | GRALLOC_USAGE_HW_RENDER;
+ buffer = new GraphicBuffer(sampledArea.getWidth(), sampledArea.getHeight(),
+ PIXEL_FORMAT_RGBA_8888, 1, usage, "RegionSamplingThread");
+ }
// When calling into SF, we post a message into the SF message queue (so the
// screen capture runs on the main thread). This message blocks until the
@@ -415,6 +420,12 @@
for (size_t d = 0; d < activeDescriptors.size(); ++d) {
activeDescriptors[d].listener->onSampleCollected(lumas[d]);
}
+
+ // Extend the lifetime of mCachedBuffer from the previous frame to here to ensure that:
+ // 1) The region sampling thread is the last owner of the buffer, and the freeing of the buffer
+ // happens in this thread, as opposed to the main thread.
+ // 2) The listener(s) receive their notifications prior to freeing the buffer.
+ mCachedBuffer = buffer;
ATRACE_INT(lumaSamplingStepTag, static_cast<int>(samplingStep::noWorkNeeded));
}
diff --git a/services/surfaceflinger/RegionSamplingThread.h b/services/surfaceflinger/RegionSamplingThread.h
index 9796429..72b2042 100644
--- a/services/surfaceflinger/RegionSamplingThread.h
+++ b/services/surfaceflinger/RegionSamplingThread.h
@@ -24,13 +24,13 @@
#include <android-base/thread_annotations.h>
#include <binder/IBinder.h>
+#include <ui/GraphicBuffer.h>
#include <ui/Rect.h>
#include <utils/StrongPointer.h>
#include "Scheduler/IdleTimer.h"
namespace android {
-class GraphicBuffer;
class IRegionSamplingListener;
class Layer;
class Scheduler;
@@ -121,6 +121,8 @@
std::unordered_map<wp<IBinder>, Descriptor, WpHash> mDescriptors GUARDED_BY(mMutex);
std::chrono::nanoseconds lastSampleTime GUARDED_BY(mMutex);
bool mDiscardedFrames GUARDED_BY(mMutex) = false;
+
+ sp<GraphicBuffer> mCachedBuffer GUARDED_BY(mMutex) = nullptr;
};
} // namespace android