Add mechanism for a task's windows to be trusted overlays (SF)

- Add a layer state to indicate that this layer and its children
  in the hierarchy are trusted. This can only be set by callers
  holding ACCESS_SURFACE_FLINGER, and will be used for the PIP
  task layer to indicate that activities in PIP are trusted (as
  they are controlled only by the user and SystemUI)

Bug: 191529039
Test: TBD

Change-Id: Id92ccb087bd0d8dbaeeef3ba50b67fe015e53db8
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index 2cc8109..f44ae71 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@@ -4156,6 +4156,15 @@
     if (what & layer_state_t::eAutoRefreshChanged) {
         layer->setAutoRefresh(s.autoRefresh);
     }
+    if (what & layer_state_t::eTrustedOverlayChanged) {
+        if (privileged) {
+            if (layer->setTrustedOverlay(s.isTrustedOverlay)) {
+                flags |= eTraversalNeeded;
+            }
+        } else {
+            ALOGE("Attempt to set trusted overlay without permission ACCESS_SURFACE_FLINGER");
+        }
+    }
     if (what & layer_state_t::eStretchChanged) {
         if (layer->setStretchEffect(s.stretchEffect)) {
             flags |= eTraversalNeeded;