Allow root to create secure virtual displays. Bug: 324890339 Test: SurfaceFlinger_test Change-Id: I6b49f3dfc3d66dd7d5e66f99b9947245fc708bc0

commit: e58a92b735a026c2a86346e5963b8e679154e419 [log] [tgz]
author: Patrick Williams <pdwilliams@google.com> Thu Feb 29 14:52:25 2024 -0600
committer: Patrick Williams <pdwilliams@google.com> Tue Mar 19 16:20:20 2024 -0500
tree: 0057ad402aefe19d316890eb3a1ae309b97efb13
parent: 8127c23d2eab39f28a854ce5b1cde94645b4b537 [diff] [blame]
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index bf210af..5ec9578 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp

@@ -578,11 +578,11 @@
 
 sp<IBinder> SurfaceFlinger::createDisplay(const String8& displayName, bool secure,
                                           float requestedRefreshRate) {
-    // onTransact already checks for some permissions, but adding an additional check here.
-    // This is to ensure that only system and graphics can request to create a secure
+    // SurfaceComposerAIDL checks for some permissions, but adding an additional check here.
+    // This is to ensure that only root, system, and graphics can request to create a secure
     // display. Secure displays can show secure content so we add an additional restriction on it.
     const int uid = IPCThreadState::self()->getCallingUid();
-    if (secure && uid != AID_GRAPHICS && uid != AID_SYSTEM) {
+    if (secure && uid != AID_ROOT && uid != AID_GRAPHICS && uid != AID_SYSTEM) {
         ALOGE("Only privileged processes can create a secure display");
         return nullptr;
     }
commit	e58a92b735a026c2a86346e5963b8e679154e419	[log] [tgz]
author	Patrick Williams <pdwilliams@google.com>	Thu Feb 29 14:52:25 2024 -0600
committer	Patrick Williams <pdwilliams@google.com>	Tue Mar 19 16:20:20 2024 -0500
tree	0057ad402aefe19d316890eb3a1ae309b97efb13
parent	8127c23d2eab39f28a854ce5b1cde94645b4b537 [diff] [blame]