diff options
author | Tatenda Chipeperekwa <tatendac@codeaurora.org> | 2013-11-06 15:05:31 -0800 |
---|---|---|
committer | Steve Kondik <shade@chemlab.org> | 2014-04-05 15:20:33 -0700 |
commit | a4574911a4ec4e8bc2a31e21aeec2995ffdfb0ae (patch) | |
tree | 8d90e1e39747c725131defb3fabeadaa5e55c08e | |
parent | e53500ffbc7f889a78c516f1def41d7626d93831 (diff) | |
download | android_frameworks_native-next.tar.gz android_frameworks_native-next.tar.bz2 android_frameworks_native-next.zip |
sf: vds: Add support for secure virtual displaysnext
1. Propagate secure flag on display creation
In SurfaceFlinger we have information that tells us whether a
display is secure or not. We need to propagate this information
when creating the corresponding virtual display, allowing us to
configure output buffers with the correct (secure) usage flags.
2. Use secure heap only for sessions that need HW level protection
Use MM heap only if the secure session needs hardware level
protection. At the present moment we are assuming that only displays
with the GRALLOC_USAGE_HW_ENCODER need hardware level protection.
Change-Id: I7e0d42ba3a81d1f5c42b1074e3018826b38b7a8d
3 files changed, 39 insertions, 7 deletions
diff --git a/services/surfaceflinger/DisplayHardware/VirtualDisplaySurface.cpp b/services/surfaceflinger/DisplayHardware/VirtualDisplaySurface.cpp index 1ce450f58..40794a6a0 100644 --- a/services/surfaceflinger/DisplayHardware/VirtualDisplaySurface.cpp +++ b/services/surfaceflinger/DisplayHardware/VirtualDisplaySurface.cpp @@ -46,7 +46,8 @@ VirtualDisplaySurface::VirtualDisplaySurface(HWComposer& hwc, int32_t &hwcDisplayId, const sp<IGraphicBufferProducer>& sink, const sp<BufferQueue>& bq, - const String8& name) + const String8& name, + bool secure) : ConsumerBase(bq), mHwc(hwc), mDisplayId(NO_MEMORY), @@ -55,7 +56,8 @@ VirtualDisplaySurface::VirtualDisplaySurface(HWComposer& hwc, mProducerSlotSource(0), mDbgState(DBG_STATE_IDLE), mDbgLastCompositionType(COMPOSITION_UNKNOWN), - mForceHwcCopy(false) + mForceHwcCopy(false), + mSecure(false) { mSource[SOURCE_SINK] = sink; mSource[SOURCE_SCRATCH] = bq; @@ -79,6 +81,11 @@ VirtualDisplaySurface::VirtualDisplaySurface(HWComposer& hwc, { mDefaultOutputFormat = HAL_PIXEL_FORMAT_IMPLEMENTATION_DEFINED; mForceHwcCopy = true; + //Set secure flag only if the session requires HW protection, currently + //there is no other way to distinguish different security protection levels + //This allows Level-3 sessions(eg.simulated displayes) to get + //buffers from IOMMU heap and not MM (secure) heap. + mSecure = secure; } // XXX: With this debug property we can allow screenrecord to be composed @@ -103,6 +110,7 @@ VirtualDisplaySurface::VirtualDisplaySurface(HWComposer& hwc, VDS_LOGV("creation: sinkFormat: 0x%x sinkUsage: 0x%x mForceHwcCopy: %d", mOutputFormat, sinkUsage, mForceHwcCopy); + setOutputUsage(); resetPerFrameState(); ConsumerBase::mName = String8::format("VDS: %s", mDisplayName.string()); @@ -115,6 +123,22 @@ VirtualDisplaySurface::VirtualDisplaySurface(HWComposer& hwc, VirtualDisplaySurface::~VirtualDisplaySurface() { } +// helper to update the output usage when the display is secure +void VirtualDisplaySurface::setOutputUsage() { + mOutputUsage = GRALLOC_USAGE_HW_COMPOSER; + if (mSecure) { + //TODO: Currently, the framework can only say whether the display + //and its subsequent session are secure or not. However, there is + //no mechanism to distinguish the different levels of security. + //The current solution assumes WV L3 protection. + mOutputUsage |= GRALLOC_USAGE_PROTECTED; +#ifdef QCOM_BSP + mOutputUsage |= GRALLOC_USAGE_PRIVATE_MM_HEAP | + GRALLOC_USAGE_PRIVATE_UNCACHED; +#endif + } +} + status_t VirtualDisplaySurface::beginFrame() { if (mDisplayId < 0) return NO_ERROR; @@ -171,7 +195,7 @@ status_t VirtualDisplaySurface::prepareFrame(CompositionType compositionType) { // format/usage and get a new buffer when the GLES driver calls // dequeueBuffer(). mOutputFormat = mDefaultOutputFormat; - mOutputUsage = GRALLOC_USAGE_HW_COMPOSER; + setOutputUsage(); refreshOutputBuffer(); } diff --git a/services/surfaceflinger/DisplayHardware/VirtualDisplaySurface.h b/services/surfaceflinger/DisplayHardware/VirtualDisplaySurface.h index 4a8a0eadd..0ba00d7f7 100644 --- a/services/surfaceflinger/DisplayHardware/VirtualDisplaySurface.h +++ b/services/surfaceflinger/DisplayHardware/VirtualDisplaySurface.h @@ -74,7 +74,8 @@ public: VirtualDisplaySurface(HWComposer& hwc, int32_t &hwcDisplayId, const sp<IGraphicBufferProducer>& sink, const sp<BufferQueue>& bq, - const String8& name); + const String8& name, + bool secure); // // DisplaySurface interface @@ -117,6 +118,7 @@ private: void updateQueueBufferOutput(const QueueBufferOutput& qbo); void resetPerFrameState(); status_t refreshOutputBuffer(); + void setOutputUsage(); // Both the sink and scratch buffer pools have their own set of slots // ("source slots", or "sslot"). We have to merge these into the single @@ -145,6 +147,9 @@ private: // or not. int32_t mDisplayId; + // secure flag + bool mSecure; + // // Inter-frame state // diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp index d9323cc00..df7b67309 100644 --- a/services/surfaceflinger/SurfaceFlinger.cpp +++ b/services/surfaceflinger/SurfaceFlinger.cpp @@ -1333,7 +1333,8 @@ void SurfaceFlinger::configureVirtualDisplay(int32_t &hwcDisplayId, if(!wfdVirtual) { // This is for non-wfd virtual display scenarios(e.g. SSD/SR/CTS) sp<VirtualDisplaySurface> vds = new VirtualDisplaySurface(*mHwc, - hwcDisplayId, state.surface, bq, state.displayName); + hwcDisplayId, state.surface, bq, state.displayName, + state.isSecure); dispSurface = vds; // There won't be any interaction with HWC for this virtual display. // so the GLES driver can pass buffers directly to the sink. @@ -1352,7 +1353,8 @@ void SurfaceFlinger::configureVirtualDisplay(int32_t &hwcDisplayId, // WFD virtual display instance gets valid hwcDisplayId and // SSD/SR will get invalid hwcDisplayId sp<VirtualDisplaySurface> vds = new VirtualDisplaySurface(*mHwc, - hwcDisplayId, state.surface, bq, state.displayName); + hwcDisplayId, state.surface, bq, state.displayName, + state.isSecure); dispSurface = vds; // There won't be any interaction with HWC for this virtual // display, so the GLES driver can pass buffers directly to the @@ -1368,7 +1370,8 @@ void SurfaceFlinger::configureVirtualDisplay(int32_t &hwcDisplayId, // mForceHwcCopy (which is based on Usage Flags) sp<VirtualDisplaySurface> vds = new VirtualDisplaySurface(*mHwc, - hwcDisplayId, state.surface, bq, state.displayName); + hwcDisplayId, state.surface, bq, state.displayName, + state.isSecure); dispSurface = vds; if (hwcDisplayId >= 0) { producer = vds; |