1 /*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <stdint.h>
18 #include <sys/types.h>
19
20 #include <binder/PermissionCache.h>
21 #include <binder/IPCThreadState.h>
22
23 #include <private/android_filesystem_config.h>
24
25 #include "Client.h"
26 #include "Layer.h"
27 #include "SurfaceFlinger.h"
28
29 namespace android {
30
31 // ---------------------------------------------------------------------------
32
33 const String16 sAccessSurfaceFlinger("android.permission.ACCESS_SURFACE_FLINGER");
34
35 // ---------------------------------------------------------------------------
36
Client(const sp<SurfaceFlinger> & flinger)37 Client::Client(const sp<SurfaceFlinger>& flinger)
38 : Client(flinger, nullptr)
39 {
40 }
41
Client(const sp<SurfaceFlinger> & flinger,const sp<Layer> & parentLayer)42 Client::Client(const sp<SurfaceFlinger>& flinger, const sp<Layer>& parentLayer)
43 : mFlinger(flinger),
44 mParentLayer(parentLayer)
45 {
46 }
47
~Client()48 Client::~Client()
49 {
50 // We need to post a message to remove our remaining layers rather than
51 // do so directly by acquiring the SurfaceFlinger lock. If we were to
52 // attempt to directly call the lock it becomes effectively impossible
53 // to use sp<Client> while holding the SF lock as descoping it could
54 // then trigger a dead-lock.
55
56 const size_t count = mLayers.size();
57 for (size_t i=0 ; i<count ; i++) {
58 sp<Layer> l = mLayers.valueAt(i).promote();
59 if (l == nullptr) {
60 continue;
61 }
62 mFlinger->postMessageAsync(new LambdaMessage([flinger = mFlinger, l]() {
63 flinger->removeLayer(l);
64 }));
65 }
66 }
67
updateParent(const sp<Layer> & parentLayer)68 void Client::updateParent(const sp<Layer>& parentLayer) {
69 Mutex::Autolock _l(mLock);
70
71 // If we didn't ever have a parent, then we must instead be
72 // relying on permissions and we never need a parent.
73 if (mParentLayer != nullptr) {
74 mParentLayer = parentLayer;
75 }
76 }
77
getParentLayer(bool * outParentDied) const78 sp<Layer> Client::getParentLayer(bool* outParentDied) const {
79 Mutex::Autolock _l(mLock);
80 sp<Layer> parent = mParentLayer.promote();
81 if (outParentDied != nullptr) {
82 *outParentDied = (mParentLayer != nullptr && parent == nullptr);
83 }
84 return parent;
85 }
86
initCheck() const87 status_t Client::initCheck() const {
88 return NO_ERROR;
89 }
90
attachLayer(const sp<IBinder> & handle,const sp<Layer> & layer)91 void Client::attachLayer(const sp<IBinder>& handle, const sp<Layer>& layer)
92 {
93 Mutex::Autolock _l(mLock);
94 mLayers.add(handle, layer);
95 }
96
detachLayer(const Layer * layer)97 void Client::detachLayer(const Layer* layer)
98 {
99 Mutex::Autolock _l(mLock);
100 // we do a linear search here, because this doesn't happen often
101 const size_t count = mLayers.size();
102 for (size_t i=0 ; i<count ; i++) {
103 if (mLayers.valueAt(i) == layer) {
104 mLayers.removeItemsAt(i, 1);
105 break;
106 }
107 }
108 }
109
isAttached(const sp<IBinder> & handle) const110 bool Client::isAttached(const sp<IBinder>& handle) const
111 {
112 Mutex::Autolock _l(mLock);
113 sp<Layer> lbc;
114 wp<Layer> layer(mLayers.valueFor(handle));
115 if (layer != 0) {
116 return true;
117 }
118 return false;
119 }
120
onTransact(uint32_t code,const Parcel & data,Parcel * reply,uint32_t flags)121 status_t Client::onTransact(
122 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
123 {
124 // these must be checked
125 IPCThreadState* ipc = IPCThreadState::self();
126 const int pid = ipc->getCallingPid();
127 const int uid = ipc->getCallingUid();
128 const int self_pid = getpid();
129 // If we are called from another non root process without the GRAPHICS, SYSTEM, or ROOT
130 // uid we require the sAccessSurfaceFlinger permission.
131 // We grant an exception in the case that the Client has a "parent layer", as its
132 // effects will be scoped to that layer.
133 if (CC_UNLIKELY(pid != self_pid && uid != AID_GRAPHICS && uid != AID_SYSTEM && uid != 0)
134 && (getParentLayer() == nullptr)) {
135 // we're called from a different process, do the real check
136 if (!PermissionCache::checkCallingPermission(sAccessSurfaceFlinger))
137 {
138 ALOGE("Permission Denial: "
139 "can't openGlobalTransaction pid=%d, uid<=%d", pid, uid);
140 return PERMISSION_DENIED;
141 }
142 }
143 return BnSurfaceComposerClient::onTransact(code, data, reply, flags);
144 }
145
createSurface(const String8 & name,uint32_t w,uint32_t h,PixelFormat format,uint32_t flags,const sp<IBinder> & parentHandle,int32_t windowType,int32_t ownerUid,sp<IBinder> * handle,sp<IGraphicBufferProducer> * gbp)146 status_t Client::createSurface(
147 const String8& name,
148 uint32_t w, uint32_t h, PixelFormat format, uint32_t flags,
149 const sp<IBinder>& parentHandle, int32_t windowType, int32_t ownerUid,
150 sp<IBinder>* handle,
151 sp<IGraphicBufferProducer>* gbp)
152 {
153 bool parentDied;
154 sp<Layer> parentLayer;
155 if (!parentHandle) parentLayer = getParentLayer(&parentDied);
156 if (parentHandle == nullptr && parentDied) {
157 return NAME_NOT_FOUND;
158 }
159
160 /*
161 * createSurface must be called from the GL thread so that it can
162 * have access to the GL context.
163 */
164 class MessageCreateLayer : public MessageBase {
165 SurfaceFlinger* flinger;
166 Client* client;
167 sp<IBinder>* handle;
168 sp<IGraphicBufferProducer>* gbp;
169 status_t result;
170 const String8& name;
171 uint32_t w, h;
172 PixelFormat format;
173 uint32_t flags;
174 const sp<IBinder>& parentHandle;
175 const sp<Layer>& parentLayer;
176 int32_t windowType;
177 int32_t ownerUid;
178 public:
179 MessageCreateLayer(SurfaceFlinger* flinger,
180 const String8& name, Client* client,
181 uint32_t w, uint32_t h, PixelFormat format, uint32_t flags,
182 sp<IBinder>* handle, int32_t windowType, int32_t ownerUid,
183 sp<IGraphicBufferProducer>* gbp,
184 const sp<IBinder>& parentHandle,
185 const sp<Layer>& parentLayer)
186 : flinger(flinger), client(client),
187 handle(handle), gbp(gbp), result(NO_ERROR),
188 name(name), w(w), h(h), format(format), flags(flags),
189 parentHandle(parentHandle), parentLayer(parentLayer),
190 windowType(windowType), ownerUid(ownerUid) {
191 }
192 status_t getResult() const { return result; }
193 virtual bool handler() {
194 result = flinger->createLayer(name, client, w, h, format, flags,
195 windowType, ownerUid, handle, gbp, parentHandle, parentLayer);
196 return true;
197 }
198 };
199
200 sp<MessageBase> msg = new MessageCreateLayer(mFlinger.get(),
201 name, this, w, h, format, flags, handle,
202 windowType, ownerUid, gbp, parentHandle, parentLayer);
203 mFlinger->postMessageSync(msg);
204 return static_cast<MessageCreateLayer*>( msg.get() )->getResult();
205 }
206
destroySurface(const sp<IBinder> & handle)207 status_t Client::destroySurface(const sp<IBinder>& handle) {
208 return mFlinger->onLayerRemoved(this, handle);
209 }
210
clearLayerFrameStats(const sp<IBinder> & handle) const211 status_t Client::clearLayerFrameStats(const sp<IBinder>& handle) const {
212 return mFlinger->clearLayerFrameStats(this, handle);
213 }
214
getLayerFrameStats(const sp<IBinder> & handle,FrameStats * outStats) const215 status_t Client::getLayerFrameStats(const sp<IBinder>& handle, FrameStats* outStats) const {
216 return mFlinger->getLayerFrameStats(this, handle, outStats);
217 }
218
219 // ---------------------------------------------------------------------------
220 }; // namespace android
221