sf: Add support for Secure Display.
- Add secure UI layers to primary and remove other layers from
internal and external list for Secure Display usecase.
- Dont let secure UI layers to be captured on screen
- Secure display content is rendered in sRGB dataspace and it
expects the display to output in sRGB. Hence force sRGB color
mode to avoid conversion to P3.
- Limit protected contents for secure UI
- Do not switch to protected GPU context for secure camera usecases.
Change-Id: Ib0c1a591450ae5d3680e3571f9c27acc5c9bb519
CRs-Fixed: 2627348
diff --git a/services/surfaceflinger/CompositionEngine/include/compositionengine/LayerFECompositionState.h b/services/surfaceflinger/CompositionEngine/include/compositionengine/LayerFECompositionState.h
index d8ce629..484ff79 100644
--- a/services/surfaceflinger/CompositionEngine/include/compositionengine/LayerFECompositionState.h
+++ b/services/surfaceflinger/CompositionEngine/include/compositionengine/LayerFECompositionState.h
@@ -188,6 +188,8 @@
Rect cursorFrame;
virtual ~LayerFECompositionState();
+ bool isSecureDisplay{false};
+ bool isSecureCamera{false};
// Debugging
virtual void dump(std::string& out) const;
diff --git a/services/surfaceflinger/CompositionEngine/include/compositionengine/Output.h b/services/surfaceflinger/CompositionEngine/include/compositionengine/Output.h
index a5711a3..38c9123 100644
--- a/services/surfaceflinger/CompositionEngine/include/compositionengine/Output.h
+++ b/services/surfaceflinger/CompositionEngine/include/compositionengine/Output.h
@@ -147,6 +147,8 @@
Region dirtyRegion;
};
+ bool hasSecureDisplay{false};
+
virtual ~Output();
// Returns true if the output is valid. This is meant to be checked post-
diff --git a/services/surfaceflinger/CompositionEngine/src/Output.cpp b/services/surfaceflinger/CompositionEngine/src/Output.cpp
index 248933e..315c542 100644
--- a/services/surfaceflinger/CompositionEngine/src/Output.cpp
+++ b/services/surfaceflinger/CompositionEngine/src/Output.cpp
@@ -688,12 +688,23 @@
}
// respect hdrDataSpace only when there is no legacy HDR support
- const bool isHdr = hdrDataSpace != ui::Dataspace::UNKNOWN &&
+ bool isHdr = hdrDataSpace != ui::Dataspace::UNKNOWN &&
!mDisplayColorProfile->hasLegacyHdrSupport(hdrDataSpace) && !isHdrClientComposition;
+
+ auto layers = getOutputLayersOrderedByZ();
+ bool hasSecureDisplay = std::any_of(layers.begin(), layers.end(), [](auto* layer) {
+ return layer->getLayerFE().getCompositionState()->isSecureDisplay;
+ });
+
if (isHdr) {
bestDataSpace = hdrDataSpace;
}
+ if (hasSecureDisplay) {
+ bestDataSpace = ui::Dataspace::V0_SRGB;
+ isHdr = false;
+ }
+
ui::RenderIntent intent;
switch (refreshArgs.outputColorSetting) {
case OutputColorSetting::kManaged:
@@ -823,8 +834,20 @@
ALOGV("hasClientComposition");
+
+ auto layers = getOutputLayersOrderedByZ();
+ bool hasSecureCamera = std::any_of(layers.begin(), layers.end(), [](auto* layer) {
+ return layer->getLayerFE().getCompositionState()->isSecureCamera;
+ });
+
+ bool hasSecureDisplay = std::any_of(layers.begin(), layers.end(), [](auto* layer) {
+ return layer->getLayerFE().getCompositionState()->isSecureDisplay;
+ });
+
auto& renderEngine = getCompositionEngine().getRenderEngine();
- const bool supportsProtectedContent = renderEngine.supportsProtectedContent();
+ const bool supportsProtectedContent = renderEngine.supportsProtectedContent() &&
+ !hasSecureCamera && !hasSecureDisplay;
+
renderengine::DisplaySettings clientCompositionDisplay;
clientCompositionDisplay.physicalDisplay = outputState.destinationClip;
@@ -856,7 +879,6 @@
// least one layer has protected content, we need to use a secure back
// buffer.
if (outputState.isSecure && supportsProtectedContent) {
- auto layers = getOutputLayersOrderedByZ();
bool needsProtected = std::any_of(layers.begin(), layers.end(), [](auto* layer) {
return layer->getLayerFE().getCompositionState()->hasProtectedContent;
});
diff --git a/services/surfaceflinger/Layer.cpp b/services/surfaceflinger/Layer.cpp
index 3d67a6b..7140da1 100644
--- a/services/surfaceflinger/Layer.cpp
+++ b/services/surfaceflinger/Layer.cpp
@@ -67,9 +67,11 @@
#include "MonitoredProducer.h"
#include "SurfaceFlinger.h"
#include "TimeStats/TimeStats.h"
+#include "QtiGralloc.h"
#define DEBUG_RESIZE 0
+using android::hardware::graphics::common::V1_0::BufferUsage;
namespace android {
using base::StringAppendF;
@@ -477,6 +479,8 @@
compositionState->geomBufferUsesDisplayInverseTransform = getTransformToDisplayInverse();
compositionState->geomUsesSourceCrop = usesSourceCrop();
compositionState->isSecure = isSecure();
+ compositionState->isSecureDisplay = isSecureDisplay();
+ compositionState->isSecureCamera = isSecureCamera();
compositionState->type = type;
compositionState->appId = appId;
@@ -763,6 +767,17 @@
return (s.flags & layer_state_t::eLayerSecure);
}
+bool Layer::isSecureDisplay() const {
+ sp<const GraphicBuffer> buffer = getBuffer();
+ return buffer && (buffer->getUsage() & GRALLOC_USAGE_PRIVATE_SECURE_DISPLAY);
+}
+
+bool Layer::isSecureCamera() const {
+ sp<const GraphicBuffer> buffer = getBuffer();
+ bool protected_buffer = buffer && (buffer->getUsage() & BufferUsage::PROTECTED);
+ bool camera_output = buffer && (buffer->getUsage() & BufferUsage::CAMERA_OUTPUT);
+ return protected_buffer && camera_output;
+}
// ----------------------------------------------------------------------------
// transaction
// ----------------------------------------------------------------------------
diff --git a/services/surfaceflinger/Layer.h b/services/surfaceflinger/Layer.h
index be80f78..ddaa09a 100644
--- a/services/surfaceflinger/Layer.h
+++ b/services/surfaceflinger/Layer.h
@@ -468,6 +468,9 @@
*/
bool isSecure() const;
+ bool isSecureCamera() const;
+ bool isSecureDisplay() const;
+
/*
* isVisible - true if this layer is visible, false otherwise
*/
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index a97c1c7..862f983 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@@ -5934,6 +5934,9 @@
Region clearRegion = Region::INVALID_REGION;
traverseLayers([&](Layer* layer) {
+ if (layer->isSecureDisplay()) {
+ return;
+ }
const bool supportProtectedContent = false;
Region clip(renderArea.getBounds());
compositionengine::LayerFE::ClientCompositionTargetSettings targetSettings{