Require permission to create trusted displays
Bug: 162627132
Test: atest VirtualDisplayTest#testTrustedVirtualDisplay
Test: atest
frameworks/base/packages/SystemUI/tests/src/com/android/systemui/bubbles
Test: atest DisplayTest
Test: atest VirtualDisplayTest#testTrustedVirtualDisplay
Test: atest VirtualDisplayTest#testUntrustedSysDecorVirtualDisplay
Test: adb logcat -b events
Change-Id: Id06b2013ef5fdeadf321f14f8b611c733031d54d
Merged-In: Id06b2013ef5fdeadf321f14f8b611c733031d54d
diff --git a/services/core/java/com/android/server/display/DisplayManagerService.java b/services/core/java/com/android/server/display/DisplayManagerService.java
index 24661d6..8528686 100644
--- a/services/core/java/com/android/server/display/DisplayManagerService.java
+++ b/services/core/java/com/android/server/display/DisplayManagerService.java
@@ -86,6 +86,7 @@
import android.os.UserManager;
import android.provider.Settings;
import android.text.TextUtils;
+import android.util.EventLog;
import android.util.IntArray;
import android.util.Pair;
import android.util.Slog;
@@ -2191,10 +2192,16 @@
}
}
- if (callingUid == Process.SYSTEM_UID
- || checkCallingPermission(ADD_TRUSTED_DISPLAY, "createVirtualDisplay()")) {
- flags |= VIRTUAL_DISPLAY_FLAG_TRUSTED;
- } else {
+ if (callingUid != Process.SYSTEM_UID && (flags & VIRTUAL_DISPLAY_FLAG_TRUSTED) != 0) {
+ if (!checkCallingPermission(ADD_TRUSTED_DISPLAY, "createVirtualDisplay()")) {
+ EventLog.writeEvent(0x534e4554, "162627132", callingUid,
+ "Attempt to create a trusted display without holding permission!");
+ throw new SecurityException("Requires ADD_TRUSTED_DISPLAY permission to "
+ + "create a trusted virtual display.");
+ }
+ }
+
+ if ((flags & VIRTUAL_DISPLAY_FLAG_TRUSTED) == 0) {
flags &= ~VIRTUAL_DISPLAY_FLAG_SHOULD_SHOW_SYSTEM_DECORATIONS;
}