Careful with screenshots containing secure layers!
For purposes of the screen rotation animation the system server is allowed
to capture secure (not protected) layers and trusted not to persist screenshots
which may contain secure layers. However when displaying the screen rotation animation,
the layer the screenshot is placed on will itself not be secure, so if we record
the animation the recording will contain persisted versions of the secure content. Make sure
we use the new API from SurfaceFlinger to set FLAG_SECURE if our screenshot contains secure
content.
Bug: 69703445
Test: Transaction_test#SetFlagsSecureEuidSystem
Change-Id: I1b016fb1ad56eccd712442a71cc134e5fa3b1ac6
diff --git a/core/java/android/hardware/display/DisplayManagerInternal.java b/core/java/android/hardware/display/DisplayManagerInternal.java
index 8231985..c955137 100644
--- a/core/java/android/hardware/display/DisplayManagerInternal.java
+++ b/core/java/android/hardware/display/DisplayManagerInternal.java
@@ -25,6 +25,7 @@
import android.view.Display;
import android.view.DisplayInfo;
import android.view.Surface;
+import android.view.SurfaceControl;
import android.view.SurfaceControl.Transaction;
/**
@@ -64,13 +65,12 @@
public abstract boolean isProximitySensorAvailable();
/**
- * Take a screenshot of the specified display into the provided {@link Surface}.
+ * Take a screenshot of the specified display and return a buffer.
*
* @param displayId The display id to take the screenshot of.
- * @param outSurface The {@link Surface} to take the screenshot into.
- * @return True if the screenshot is taken.
+ * @return The buffer or null if we have failed.
*/
- public abstract boolean screenshot(int displayId, Surface outSurface);
+ public abstract SurfaceControl.ScreenshotGraphicBuffer screenshot(int displayId);
/**
* Returns information about the specified logical display.
diff --git a/core/java/android/view/SurfaceControl.java b/core/java/android/view/SurfaceControl.java
index ec62e19..79363ed 100644
--- a/core/java/android/view/SurfaceControl.java
+++ b/core/java/android/view/SurfaceControl.java
@@ -439,10 +439,13 @@
public static class ScreenshotGraphicBuffer {
private final GraphicBuffer mGraphicBuffer;
private final ColorSpace mColorSpace;
+ private final boolean mContainsSecureLayers;
- public ScreenshotGraphicBuffer(GraphicBuffer graphicBuffer, ColorSpace colorSpace) {
+ public ScreenshotGraphicBuffer(GraphicBuffer graphicBuffer, ColorSpace colorSpace,
+ boolean containsSecureLayers) {
mGraphicBuffer = graphicBuffer;
mColorSpace = colorSpace;
+ mContainsSecureLayers = containsSecureLayers;
}
/**
@@ -453,13 +456,16 @@
* @param usage Hint indicating how the buffer will be used
* @param unwrappedNativeObject The native object of GraphicBuffer
* @param namedColorSpace Integer value of a named color space {@link ColorSpace.Named}
+ * @param containsSecureLayer Indicates whether this graphic buffer contains captured contents
+ * of secure layers, in which case the screenshot should not be persisted.
*/
private static ScreenshotGraphicBuffer createFromNative(int width, int height, int format,
- int usage, long unwrappedNativeObject, int namedColorSpace) {
+ int usage, long unwrappedNativeObject, int namedColorSpace,
+ boolean containsSecureLayers) {
GraphicBuffer graphicBuffer = GraphicBuffer.createFromExisting(width, height, format,
usage, unwrappedNativeObject);
ColorSpace colorSpace = ColorSpace.get(ColorSpace.Named.values()[namedColorSpace]);
- return new ScreenshotGraphicBuffer(graphicBuffer, colorSpace);
+ return new ScreenshotGraphicBuffer(graphicBuffer, colorSpace, containsSecureLayers);
}
public ColorSpace getColorSpace() {
@@ -469,6 +475,10 @@
public GraphicBuffer getGraphicBuffer() {
return mGraphicBuffer;
}
+
+ public boolean containsSecureLayers() {
+ return mContainsSecureLayers;
+ }
}
/**
diff --git a/core/jni/android_view_SurfaceControl.cpp b/core/jni/android_view_SurfaceControl.cpp
index c254266..13bcbf6 100644
--- a/core/jni/android_view_SurfaceControl.cpp
+++ b/core/jni/android_view_SurfaceControl.cpp
@@ -250,10 +250,11 @@
Rect sourceCrop = rectFromObj(env, sourceCropObj);
sp<GraphicBuffer> buffer;
+ bool capturedSecureLayers = false;
status_t res = ScreenshotClient::capture(displayToken, dataspace,
ui::PixelFormat::RGBA_8888,
sourceCrop, width, height,
- useIdentityTransform, rotation, captureSecureLayers, &buffer);
+ useIdentityTransform, rotation, captureSecureLayers, &buffer, capturedSecureLayers);
if (res != NO_ERROR) {
return NULL;
}
@@ -266,7 +267,8 @@
buffer->getPixelFormat(),
(jint)buffer->getUsage(),
(jlong)buffer.get(),
- namedColorSpace);
+ namedColorSpace,
+ capturedSecureLayers);
}
static jobject nativeCaptureLayers(JNIEnv* env, jclass clazz, jobject layerHandleToken,
@@ -1455,7 +1457,7 @@
MakeGlobalRefOrDie(env, screenshotGraphicsBufferClazz);
gScreenshotGraphicBufferClassInfo.builder = GetStaticMethodIDOrDie(env,
screenshotGraphicsBufferClazz,
- "createFromNative", "(IIIIJI)Landroid/view/SurfaceControl$ScreenshotGraphicBuffer;");
+ "createFromNative", "(IIIIJIZ)Landroid/view/SurfaceControl$ScreenshotGraphicBuffer;");
jclass displayedContentSampleClazz = FindClassOrDie(env,
"android/hardware/display/DisplayedContentSample");