Merge "Add new PowerAdvisor interface for SF to pass hints to the power HAL."
diff --git a/cmds/atrace/atrace.cpp b/cmds/atrace/atrace.cpp
index 2561e0a..94eaf05 100644
--- a/cmds/atrace/atrace.cpp
+++ b/cmds/atrace/atrace.cpp
@@ -209,6 +209,7 @@
{ "binder_driver", "Binder Kernel driver", 0, {
{ REQ, "events/binder/binder_transaction/enable" },
{ REQ, "events/binder/binder_transaction_received/enable" },
+ { REQ, "events/binder/binder_transaction_alloc_buf/enable" },
{ OPT, "events/binder/binder_set_priority/enable" },
} },
{ "binder_lock", "Binder global lock trace", 0, {
diff --git a/cmds/atrace/atrace.rc b/cmds/atrace/atrace.rc
index 579cfaf..9be1077 100644
--- a/cmds/atrace/atrace.rc
+++ b/cmds/atrace/atrace.rc
@@ -57,6 +57,8 @@
chmod 0666 /sys/kernel/tracing/events/binder/binder_transaction/enable
chmod 0666 /sys/kernel/debug/tracing/events/binder/binder_transaction_received/enable
chmod 0666 /sys/kernel/tracing/events/binder/binder_transaction_received/enable
+ chmod 0666 /sys/kernel/debug/tracing/events/binder/binder_transaction_alloc_buf/enable
+ chmod 0666 /sys/kernel/tracing/events/binder/binder_transaction_alloc_buf/enable
chmod 0666 /sys/kernel/debug/tracing/events/binder/binder_lock/enable
chmod 0666 /sys/kernel/tracing/events/binder/binder_lock/enable
chmod 0666 /sys/kernel/debug/tracing/events/binder/binder_locked/enable
diff --git a/data/etc/aosp_excluded_hardware.xml b/data/etc/aosp_excluded_hardware.xml
index 013f278..c12f435 100644
--- a/data/etc/aosp_excluded_hardware.xml
+++ b/data/etc/aosp_excluded_hardware.xml
@@ -18,4 +18,5 @@
<!-- This should be used to exclude this feature from aosp targets. As aosp configurations
may or may not have a valid location provider -->
<unavailable-feature name="android.hardware.location.network" />
+ <unavailable-feature name="android.software.device_id_attestation" />
</permissions>
diff --git a/libs/binder/IServiceManager.cpp b/libs/binder/IServiceManager.cpp
index 17e098c..d0ed31e 100644
--- a/libs/binder/IServiceManager.cpp
+++ b/libs/binder/IServiceManager.cpp
@@ -149,12 +149,13 @@
const bool isVendorService =
strcmp(ProcessState::self()->getDriverName().c_str(), "/dev/vndbinder") == 0;
const long timeout = uptimeMillis() + 5000;
- if (!gSystemBootCompleted) {
+ if (!gSystemBootCompleted && !isVendorService) {
+ // Vendor code can't access system properties
char bootCompleted[PROPERTY_VALUE_MAX];
property_get("sys.boot_completed", bootCompleted, "0");
gSystemBootCompleted = strcmp(bootCompleted, "1") == 0 ? true : false;
}
- // retry interval in millisecond.
+ // retry interval in millisecond; note that vendor services stay at 100ms
const long sleepTime = gSystemBootCompleted ? 1000 : 100;
int n = 0;
diff --git a/services/surfaceflinger/BufferLayer.cpp b/services/surfaceflinger/BufferLayer.cpp
index aae3931..e128df7 100644
--- a/services/surfaceflinger/BufferLayer.cpp
+++ b/services/surfaceflinger/BufferLayer.cpp
@@ -63,7 +63,7 @@
mRefreshPending(false) {
ALOGV("Creating Layer %s", name.string());
- mFlinger->getRenderEngine().genTextures(1, &mTextureName);
+ mTextureName = mFlinger->getNewTexture();
mTexture.init(Texture::TEXTURE_EXTERNAL, mTextureName);
if (flags & ISurfaceComposerClient::eNonPremultiplied) mPremultipliedAlpha = false;
@@ -701,7 +701,12 @@
sp<IGraphicBufferConsumer> consumer;
BufferQueue::createBufferQueue(&producer, &consumer, true);
mProducer = new MonitoredProducer(producer, mFlinger, this);
- mConsumer = new BufferLayerConsumer(consumer, mFlinger->getRenderEngine(), mTextureName, this);
+ {
+ // Grab the SF state lock during this since it's the only safe way to access RenderEngine
+ Mutex::Autolock lock(mFlinger->mStateLock);
+ mConsumer = new BufferLayerConsumer(consumer, mFlinger->getRenderEngine(), mTextureName,
+ this);
+ }
mConsumer->setConsumerUsageBits(getEffectiveUsage(0));
mConsumer->setContentsChangedListener(this);
mConsumer->setName(mName);
diff --git a/services/surfaceflinger/Client.cpp b/services/surfaceflinger/Client.cpp
index 077469b..0b59147 100644
--- a/services/surfaceflinger/Client.cpp
+++ b/services/surfaceflinger/Client.cpp
@@ -170,48 +170,8 @@
}
}
- /*
- * createSurface must be called from the GL thread so that it can
- * have access to the GL context.
- */
- class MessageCreateLayer : public MessageBase {
- SurfaceFlinger* flinger;
- Client* client;
- sp<IBinder>* handle;
- sp<IGraphicBufferProducer>* gbp;
- status_t result;
- const String8& name;
- uint32_t w, h;
- PixelFormat format;
- uint32_t flags;
- sp<Layer>* parent;
- int32_t windowType;
- int32_t ownerUid;
- public:
- MessageCreateLayer(SurfaceFlinger* flinger,
- const String8& name, Client* client,
- uint32_t w, uint32_t h, PixelFormat format, uint32_t flags,
- sp<IBinder>* handle, int32_t windowType, int32_t ownerUid,
- sp<IGraphicBufferProducer>* gbp,
- sp<Layer>* parent)
- : flinger(flinger), client(client),
- handle(handle), gbp(gbp), result(NO_ERROR),
- name(name), w(w), h(h), format(format), flags(flags),
- parent(parent), windowType(windowType), ownerUid(ownerUid) {
- }
- status_t getResult() const { return result; }
- virtual bool handler() {
- result = flinger->createLayer(name, client, w, h, format, flags,
- windowType, ownerUid, handle, gbp, parent);
- return true;
- }
- };
-
- sp<MessageBase> msg = new MessageCreateLayer(mFlinger.get(),
- name, this, w, h, format, flags, handle,
- windowType, ownerUid, gbp, &parent);
- mFlinger->postMessageSync(msg);
- return static_cast<MessageCreateLayer*>( msg.get() )->getResult();
+ return mFlinger->createLayer(name, this, w, h, format, flags, windowType,
+ ownerUid, handle, gbp, &parent);
}
status_t Client::destroySurface(const sp<IBinder>& handle) {
diff --git a/services/surfaceflinger/ColorLayer.h b/services/surfaceflinger/ColorLayer.h
index 6a6e7c0..3408045 100644
--- a/services/surfaceflinger/ColorLayer.h
+++ b/services/surfaceflinger/ColorLayer.h
@@ -35,6 +35,9 @@
bool isVisible() const override;
void setPerFrameData(const sp<const DisplayDevice>& display) override;
+
+protected:
+ FloatRect computeCrop(const sp<const DisplayDevice>& /*display*/) const override { return {}; }
};
} // namespace android
diff --git a/services/surfaceflinger/ContainerLayer.h b/services/surfaceflinger/ContainerLayer.h
index 84b75f4..06cfbcd 100644
--- a/services/surfaceflinger/ContainerLayer.h
+++ b/services/surfaceflinger/ContainerLayer.h
@@ -35,6 +35,8 @@
bool isVisible() const override;
void setPerFrameData(const sp<const DisplayDevice>& display) override;
+
+ bool isCreatedFromMainThread() const override { return true; }
};
} // namespace android
diff --git a/services/surfaceflinger/Layer.cpp b/services/surfaceflinger/Layer.cpp
index b4b3f4a..11c3db0 100644
--- a/services/surfaceflinger/Layer.cpp
+++ b/services/surfaceflinger/Layer.cpp
@@ -127,17 +127,26 @@
// drawing state & current state are identical
mDrawingState = mCurrentState;
- const auto& hwc = flinger->getHwComposer();
- const auto& activeConfig = hwc.getActiveConfig(HWC_DISPLAY_PRIMARY);
- nsecs_t displayPeriod = activeConfig->getVsyncPeriod();
- mFrameTracker.setDisplayRefreshPeriod(displayPeriod);
-
CompositorTiming compositorTiming;
flinger->getCompositorTiming(&compositorTiming);
mFrameEventHistory.initializeCompositorTiming(compositorTiming);
}
-void Layer::onFirstRef() {}
+void Layer::onFirstRef() NO_THREAD_SAFETY_ANALYSIS {
+ if (!isCreatedFromMainThread()) {
+ // Grab the SF state lock during this since it's the only way to safely access HWC
+ mFlinger->mStateLock.lock();
+ }
+
+ const auto& hwc = mFlinger->getHwComposer();
+ const auto& activeConfig = hwc.getActiveConfig(HWC_DISPLAY_PRIMARY);
+ nsecs_t displayPeriod = activeConfig->getVsyncPeriod();
+ mFrameTracker.setDisplayRefreshPeriod(displayPeriod);
+
+ if (!isCreatedFromMainThread()) {
+ mFlinger->mStateLock.unlock();
+ }
+}
Layer::~Layer() {
sp<Client> c(mClientRef.promote());
@@ -342,20 +351,25 @@
win.intersect(s.crop, &win);
}
- Rect bounds = win;
const auto& p = mDrawingParent.promote();
+ FloatRect floatWin = win.toFloatRect();
+ FloatRect parentBounds = floatWin;
if (p != nullptr) {
- // Look in computeScreenBounds recursive call for explanation of
- // why we pass false here.
- bounds = p->computeScreenBounds(false /* reduceTransparentRegion */);
+ // We pass an empty Region here for reasons mirroring that of the case described in
+ // the computeScreenBounds reduceTransparentRegion=false case.
+ parentBounds = p->computeBounds(Region());
}
- Transform t = getTransform();
+ Transform t = s.active.transform;
- FloatRect floatWin = win.toFloatRect();
- if (p != nullptr) {
+
+ if (p != nullptr || !s.finalCrop.isEmpty()) {
floatWin = t.transform(floatWin);
- floatWin = floatWin.intersect(bounds.toFloatRect());
+ floatWin = floatWin.intersect(parentBounds);
+
+ if (!s.finalCrop.isEmpty()) {
+ floatWin = floatWin.intersect(s.finalCrop.toFloatRect());
+ }
floatWin = t.inverse().transform(floatWin);
}
@@ -1250,7 +1264,15 @@
return true;
}
-bool Layer::setMatrix(const layer_state_t::matrix22_t& matrix) {
+bool Layer::setMatrix(const layer_state_t::matrix22_t& matrix,
+ bool allowNonRectPreservingTransforms) {
+ Transform t;
+ t.set(matrix.dsdx, matrix.dtdy, matrix.dtdx, matrix.dsdy);
+
+ if (!allowNonRectPreservingTransforms && !t.preserveRects()) {
+ ALOGW("Attempt to set rotation matrix without permission ACCESS_SURFACE_FLINGER ignored");
+ return false;
+ }
mCurrentState.sequence++;
mCurrentState.requested.transform.set(matrix.dsdx, matrix.dtdy, matrix.dtdx, matrix.dsdy);
mCurrentState.modified = true;
diff --git a/services/surfaceflinger/Layer.h b/services/surfaceflinger/Layer.h
index fb94058..03720a9 100644
--- a/services/surfaceflinger/Layer.h
+++ b/services/surfaceflinger/Layer.h
@@ -195,7 +195,7 @@
// Set a 2x2 transformation matrix on the layer. This transform
// will be applied after parent transforms, but before any final
// producer specified transform.
- bool setMatrix(const layer_state_t::matrix22_t& matrix);
+ bool setMatrix(const layer_state_t::matrix22_t& matrix, bool allowNonRectPreservingTransforms);
// This second set of geometry attributes are controlled by
// setGeometryAppliesWithResize, and their default mode is to be
@@ -297,6 +297,11 @@
*/
virtual bool isFixedSize() const { return true; }
+ // Most layers aren't created from the main thread, and therefore need to
+ // grab the SF state lock to access HWC, but ContainerLayer does, so we need
+ // to avoid grabbing the lock again to avoid deadlock
+ virtual bool isCreatedFromMainThread() const { return false; }
+
bool isPendingRemoval() const { return mPendingRemoval; }
@@ -556,7 +561,7 @@
uint32_t getEffectiveUsage(uint32_t usage) const;
- FloatRect computeCrop(const sp<const DisplayDevice>& display) const;
+ virtual FloatRect computeCrop(const sp<const DisplayDevice>& display) const;
// Compute the initial crop as specified by parent layers and the
// SurfaceControl for this layer. Does not include buffer crop from the
// IGraphicBufferProducer client, as that should not affect child clipping.
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index e39e623..32c313b 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@@ -501,6 +501,27 @@
postMessageAsync(new LambdaMessage([this] { readPersistentProperties(); }));
}
+uint32_t SurfaceFlinger::getNewTexture() {
+ {
+ std::lock_guard lock(mTexturePoolMutex);
+ if (!mTexturePool.empty()) {
+ uint32_t name = mTexturePool.back();
+ mTexturePool.pop_back();
+ ATRACE_INT("TexturePoolSize", mTexturePool.size());
+ return name;
+ }
+
+ // The pool was too small, so increase it for the future
+ ++mTexturePoolSize;
+ }
+
+ // The pool was empty, so we need to get a new texture name directly using a
+ // blocking call to the main thread
+ uint32_t name = 0;
+ postMessageSync(new LambdaMessage([&]() { getRenderEngine().genTextures(1, &name); }));
+ return name;
+}
+
void SurfaceFlinger::deleteTextureAsync(uint32_t texture) {
postMessageAsync(new LambdaMessage([=] { getRenderEngine().deleteTextures(1, &texture); }));
}
@@ -1758,6 +1779,17 @@
getBE().mTotalTime += elapsedTime;
}
getBE().mLastSwapTime = currentTime;
+
+ {
+ std::lock_guard lock(mTexturePoolMutex);
+ const size_t refillCount = mTexturePoolSize - mTexturePool.size();
+ if (refillCount > 0) {
+ const size_t offset = mTexturePool.size();
+ mTexturePool.resize(mTexturePoolSize);
+ getRenderEngine().genTextures(refillCount, mTexturePool.data() + offset);
+ ATRACE_INT("TexturePoolSize", mTexturePool.size());
+ }
+ }
}
void SurfaceFlinger::rebuildLayerStacks() {
@@ -3268,6 +3300,18 @@
return flags;
}
+bool callingThreadHasUnscopedSurfaceFlingerAccess() {
+ IPCThreadState* ipc = IPCThreadState::self();
+ const int pid = ipc->getCallingPid();
+ const int uid = ipc->getCallingUid();
+
+ if ((uid != AID_GRAPHICS && uid != AID_SYSTEM) &&
+ !PermissionCache::checkPermission(sAccessSurfaceFlinger, pid, uid)) {
+ return false;
+ }
+ return true;
+}
+
uint32_t SurfaceFlinger::setClientStateLocked(const ComposerState& composerState) {
const layer_state_t& s = composerState.state;
sp<Client> client(static_cast<Client*>(composerState.client.get()));
@@ -3349,7 +3393,22 @@
flags |= eTraversalNeeded;
}
if (what & layer_state_t::eMatrixChanged) {
- if (layer->setMatrix(s.matrix))
+ // TODO: b/109894387
+ //
+ // SurfaceFlinger's renderer is not prepared to handle cropping in the face of arbitrary
+ // rotation. To see the problem observe that if we have a square parent, and a child
+ // of the same size, then we rotate the child 45 degrees around it's center, the child
+ // must now be cropped to a non rectangular 8 sided region.
+ //
+ // Of course we can fix this in the future. For now, we are lucky, SurfaceControl is
+ // private API, and the WindowManager only uses rotation in one case, which is on a top
+ // level layer in which cropping is not an issue.
+ //
+ // However given that abuse of rotation matrices could lead to surfaces extending outside
+ // of cropped areas, we need to prevent non-root clients without permission ACCESS_SURFACE_FLINGER
+ // (a.k.a. everyone except WindowManager and tests) from setting non rectangle preserving
+ // transformations.
+ if (layer->setMatrix(s.matrix, callingThreadHasUnscopedSurfaceFlingerAccess()))
flags |= eTraversalNeeded;
}
if (what & layer_state_t::eTransparentRegionChanged) {
@@ -3515,10 +3574,13 @@
// Tack on our counter whether there is a hit or not, so everyone gets a tag
String8 uniqueName = name + "#" + String8(std::to_string(dupeCounter).c_str());
+ // Grab the state lock since we're accessing mCurrentState
+ Mutex::Autolock lock(mStateLock);
+
// Loop over layers until we're sure there is no matching name
while (matchFound) {
matchFound = false;
- mDrawingState.traverseInZOrder([&](Layer* layer) {
+ mCurrentState.traverseInZOrder([&](Layer* layer) {
if (layer->getName() == uniqueName) {
matchFound = true;
uniqueName = name + "#" + String8(std::to_string(++dupeCounter).c_str());
@@ -4398,12 +4460,10 @@
case INJECT_VSYNC:
{
// codes that require permission check
- IPCThreadState* ipc = IPCThreadState::self();
- const int pid = ipc->getCallingPid();
- const int uid = ipc->getCallingUid();
- if ((uid != AID_GRAPHICS && uid != AID_SYSTEM) &&
- !PermissionCache::checkPermission(sAccessSurfaceFlinger, pid, uid)) {
- ALOGE("Permission Denial: can't access SurfaceFlinger pid=%d, uid=%d", pid, uid);
+ if (!callingThreadHasUnscopedSurfaceFlingerAccess()) {
+ IPCThreadState* ipc = IPCThreadState::self();
+ ALOGE("Permission Denial: can't access SurfaceFlinger pid=%d, uid=%d",
+ ipc->getCallingPid(), ipc->getCallingUid());
return PERMISSION_DENIED;
}
break;
diff --git a/services/surfaceflinger/SurfaceFlinger.h b/services/surfaceflinger/SurfaceFlinger.h
index 87e0699..2e9062e 100644
--- a/services/surfaceflinger/SurfaceFlinger.h
+++ b/services/surfaceflinger/SurfaceFlinger.h
@@ -322,6 +322,10 @@
return getDefaultDisplayDeviceLocked();
}
+ // Obtains a name from the texture pool, or, if the pool is empty, posts a
+ // synchronous message to the main thread to obtain one on the fly
+ uint32_t getNewTexture();
+
// utility function to delete a texture on the main thread
void deleteTextureAsync(uint32_t texture);
@@ -851,6 +855,13 @@
std::atomic<bool> mRefreshPending{false};
+ // We maintain a pool of pre-generated texture names to hand out to avoid
+ // layer creation needing to run on the main thread (which it would
+ // otherwise need to do to access RenderEngine).
+ std::mutex mTexturePoolMutex;
+ uint32_t mTexturePoolSize = 0;
+ std::vector<uint32_t> mTexturePool;
+
/* ------------------------------------------------------------------------
* Feature prototyping
*/
diff --git a/services/vr/hardware_composer/Android.bp b/services/vr/hardware_composer/Android.bp
index 90edf69..0c91b07 100644
--- a/services/vr/hardware_composer/Android.bp
+++ b/services/vr/hardware_composer/Android.bp
@@ -115,6 +115,7 @@
cc_binary {
name: "vr_hwc",
+ vintf_fragments: ["manifest_vr_hwc.xml"],
srcs: [
"vr_hardware_composer_service.cpp"
],
diff --git a/services/vr/hardware_composer/manifest_vr_hwc.xml b/services/vr/hardware_composer/manifest_vr_hwc.xml
new file mode 100644
index 0000000..1068cac
--- /dev/null
+++ b/services/vr/hardware_composer/manifest_vr_hwc.xml
@@ -0,0 +1,11 @@
+<manifest version="1.0" type="framework">
+ <hal>
+ <name>android.hardware.graphics.composer</name>
+ <transport>hwbinder</transport>
+ <version>2.1</version>
+ <interface>
+ <name>IComposer</name>
+ <instance>vr</instance>
+ </interface>
+ </hal>
+</manifest>