commit de50968a01d70ad46db3cbba87f06daf4facf336
author TreeHugger Robot <treehugger-gerrit@google.com> Fri Jan 05 18:55:21 2018 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Fri Jan 05 18:55:21 2018 +0000
tree 034630aabdcd1390f9dcd115c2dcb6492d5f8168
parent cdd574e12df39e0921a4b2f3f34955f49b9a3d40
parent 03480e23a6abd6c25aa3b689f736eb9c051eb8c3

Merge "Restore ability of system to screenshot secure layers."

services/surfaceflinger/SurfaceFlinger.cpp

diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index 7e308e8..db13b99 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@@ -4400,6 +4400,9 @@
     int syncFd = -1;
     std::optional<status_t> captureResult;
 
+    const int uid = IPCThreadState::self()->getCallingUid();
+    const bool forSystem = uid == AID_GRAPHICS || uid == AID_SYSTEM;
+
     sp<LambdaMessage> message = new LambdaMessage([&]() {
         // If there is a refresh pending, bug out early and tell the binder thread to try again
         // after the refresh.
@@ -4416,7 +4419,7 @@
         {
             Mutex::Autolock _l(mStateLock);
             result = captureScreenImplLocked(renderArea, traverseLayers, (*outBuffer).get(),
-                                             useIdentityTransform, &fd);
+                                             useIdentityTransform, forSystem, &fd);
         }
 
         {
@@ -4513,6 +4516,7 @@
                                                  TraverseLayersFunction traverseLayers,
                                                  ANativeWindowBuffer* buffer,
                                                  bool useIdentityTransform,
+                                                 bool forSystem,
                                                  int* outSyncFd) {
     ATRACE_CALL();
 
@@ -4522,7 +4526,10 @@
         secureLayerIsVisible = secureLayerIsVisible || (layer->isVisible() && layer->isSecure());
     });
 
-    if (secureLayerIsVisible) {
+    // We allow the system server to take screenshots of secure layers for
+    // use in situations like the Screen-rotation animation and place
+    // the impetus on WindowManager to not persist them.
+    if (secureLayerIsVisible && !forSystem) {
         ALOGW("FB is protected: PERMISSION_DENIED");
         return PERMISSION_DENIED;
     }

services/surfaceflinger/SurfaceFlinger.h

diff --git a/services/surfaceflinger/SurfaceFlinger.h b/services/surfaceflinger/SurfaceFlinger.h
index 2477bdc..8030fbd 100644
--- a/services/surfaceflinger/SurfaceFlinger.h
+++ b/services/surfaceflinger/SurfaceFlinger.h
@@ -524,7 +524,7 @@
     status_t captureScreenImplLocked(const RenderArea& renderArea,
                                      TraverseLayersFunction traverseLayers,
                                      ANativeWindowBuffer* buffer, bool useIdentityTransform,
-                                     int* outSyncFd);
+                                     bool forSystem, int* outSyncFd);
     void traverseLayersInDisplay(const sp<const DisplayDevice>& display, int32_t minLayerZ,
                                  int32_t maxLayerZ, const LayerVector::Visitor& visitor);