Add mechanism for a task's windows to be trusted overlays (SF)
- Add a layer state to indicate that this layer and its children
in the hierarchy are trusted. This can only be set by callers
holding ACCESS_SURFACE_FLINGER, and will be used for the PIP
task layer to indicate that activities in PIP are trusted (as
they are controlled only by the user and SystemUI)
Bug: 191529039
Test: TBD
Change-Id: Id92ccb087bd0d8dbaeeef3ba50b67fe015e53db8
diff --git a/libs/gui/LayerState.cpp b/libs/gui/LayerState.cpp
index 2d99fc1..076c90d 100644
--- a/libs/gui/LayerState.cpp
+++ b/libs/gui/LayerState.cpp
@@ -64,6 +64,7 @@
fixedTransformHint(ui::Transform::ROT_INVALID),
frameNumber(0),
autoRefresh(false),
+ isTrustedOverlay(false),
bufferCrop(Rect::INVALID_RECT),
destinationFrame(Rect::INVALID_RECT),
releaseBufferListener(nullptr) {
@@ -170,6 +171,7 @@
SAFE_PARCEL(output.write, stretchEffect);
SAFE_PARCEL(output.write, bufferCrop);
SAFE_PARCEL(output.write, destinationFrame);
+ SAFE_PARCEL(output.writeBool, isTrustedOverlay);
return NO_ERROR;
}
@@ -300,6 +302,7 @@
SAFE_PARCEL(input.read, stretchEffect);
SAFE_PARCEL(input.read, bufferCrop);
SAFE_PARCEL(input.read, destinationFrame);
+ SAFE_PARCEL(input.readBool, &isTrustedOverlay);
return NO_ERROR;
}
@@ -532,6 +535,10 @@
what |= eAutoRefreshChanged;
autoRefresh = other.autoRefresh;
}
+ if (other.what & eTrustedOverlayChanged) {
+ what |= eTrustedOverlayChanged;
+ isTrustedOverlay = other.isTrustedOverlay;
+ }
if (other.what & eReleaseBufferListenerChanged) {
if (releaseBufferListener) {
ALOGW("Overriding releaseBufferListener");
diff --git a/libs/gui/SurfaceComposerClient.cpp b/libs/gui/SurfaceComposerClient.cpp
index 6ea070ea..96da8ef 100644
--- a/libs/gui/SurfaceComposerClient.cpp
+++ b/libs/gui/SurfaceComposerClient.cpp
@@ -1656,6 +1656,19 @@
return *this;
}
+SurfaceComposerClient::Transaction& SurfaceComposerClient::Transaction::setTrustedOverlay(
+ const sp<SurfaceControl>& sc, bool isTrustedOverlay) {
+ layer_state_t* s = getLayerState(sc);
+ if (!s) {
+ mStatus = BAD_INDEX;
+ return *this;
+ }
+
+ s->what |= layer_state_t::eTrustedOverlayChanged;
+ s->isTrustedOverlay = isTrustedOverlay;
+ return *this;
+}
+
SurfaceComposerClient::Transaction& SurfaceComposerClient::Transaction::setApplyToken(
const sp<IBinder>& applyToken) {
mApplyToken = applyToken;
diff --git a/libs/gui/include/gui/LayerState.h b/libs/gui/include/gui/LayerState.h
index 465e34c..3e57ff6 100644
--- a/libs/gui/include/gui/LayerState.h
+++ b/libs/gui/include/gui/LayerState.h
@@ -118,6 +118,7 @@
eBlurRegionsChanged = 0x800'00000000,
eAutoRefreshChanged = 0x1000'00000000,
eStretchChanged = 0x2000'00000000,
+ eTrustedOverlayChanged = 0x4000'00000000,
};
layer_state_t();
@@ -225,6 +226,10 @@
// in shared buffer mode.
bool autoRefresh;
+ // An inherited state that indicates that this surface control and its children
+ // should be trusted for input occlusion detection purposes
+ bool isTrustedOverlay;
+
// Stretch effect to be applied to this layer
StretchEffect stretchEffect;
diff --git a/libs/gui/include/gui/SurfaceComposerClient.h b/libs/gui/include/gui/SurfaceComposerClient.h
index c2963b5..baa0567 100644
--- a/libs/gui/include/gui/SurfaceComposerClient.h
+++ b/libs/gui/include/gui/SurfaceComposerClient.h
@@ -537,6 +537,9 @@
// in shared buffer mode.
Transaction& setAutoRefresh(const sp<SurfaceControl>& sc, bool autoRefresh);
+ // Sets that this surface control and its children are trusted overlays for input
+ Transaction& setTrustedOverlay(const sp<SurfaceControl>& sc, bool isTrustedOverlay);
+
// Queues up transactions using this token in SurfaceFlinger. By default, all transactions
// from a client are placed on the same queue. This can be used to prevent multiple
// transactions from blocking each other.