diff options
author | Lajos Molnar <lajos@google.com> | 2016-08-02 07:07:05 -0700 |
---|---|---|
committer | gitbuildkicker <android-build@google.com> | 2016-09-27 15:56:38 -0700 |
commit | bc8a45f506a8be33250c523d71fab637a5fdaf81 (patch) | |
tree | 1d866da046cd517b5f0e7ce9b8b303b713810599 /media/libstagefright/include/OMXNodeInstance.h | |
parent | 4b459da1ee3bb52ddfcc649dc2686975a9d72ab7 (diff) | |
download | frameworks_av-bc8a45f506a8be33250c523d71fab637a5fdaf81.zip frameworks_av-bc8a45f506a8be33250c523d71fab637a5fdaf81.tar.gz frameworks_av-bc8a45f506a8be33250c523d71fab637a5fdaf81.tar.bz2 |
IOMX: work against metadata buffer spoofing
- Prohibit direct set/getParam/Settings for extensions meant for
OMXNodeInstance alone. This disallows enabling metadata mode
without the knowledge of OMXNodeInstance.
- Do not share metadata mode buffers cross process.
- Disallow setting up metadata mode/tunneling/input surface
after first sendCommand.
- Disallow store-meta for input cross process.
- Disallow emptyBuffer for surface input (via IOMX).
- Fix checking for input surface.
Bug: 29422020
Change-Id: I801c77b80e703903f62e42d76fd2e76a34e4bc8e
(cherry picked from commit f8a4cb410115045278f534e54b41ac78d6bf6c07)
Diffstat (limited to 'media/libstagefright/include/OMXNodeInstance.h')
-rw-r--r-- | media/libstagefright/include/OMXNodeInstance.h | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/media/libstagefright/include/OMXNodeInstance.h b/media/libstagefright/include/OMXNodeInstance.h index babf5b7..bd33ab7 100644 --- a/media/libstagefright/include/OMXNodeInstance.h +++ b/media/libstagefright/include/OMXNodeInstance.h @@ -21,6 +21,7 @@ #include "OMX.h" #include <utils/RefBase.h> +#include <utils/SortedVector.h> #include <utils/threads.h> namespace android { @@ -71,7 +72,7 @@ struct OMXNodeInstance { status_t useBuffer( OMX_U32 portIndex, const sp<IMemory> ¶ms, - OMX::buffer_id *buffer, OMX_U32 allottedSize); + OMX::buffer_id *buffer, OMX_U32 allottedSize, OMX_BOOL crossProcess); status_t useGraphicBuffer( OMX_U32 portIndex, const sp<GraphicBuffer> &graphicBuffer, @@ -101,7 +102,7 @@ struct OMXNodeInstance { status_t allocateBufferWithBackup( OMX_U32 portIndex, const sp<IMemory> ¶ms, - OMX::buffer_id *buffer, OMX_U32 allottedSize); + OMX::buffer_id *buffer, OMX_U32 allottedSize, OMX_BOOL crossProcess); status_t freeBuffer(OMX_U32 portIndex, OMX::buffer_id buffer); @@ -146,6 +147,9 @@ private: OMX_HANDLETYPE mHandle; sp<IOMXObserver> mObserver; bool mDying; + bool mSailed; // configuration is set (no more meta-mode changes) + bool mQueriedProhibitedExtensions; + SortedVector<OMX_INDEXTYPE> mProhibitedExtensions; bool mIsSecure; // Lock only covers mGraphicBufferSource. We can't always use mLock @@ -191,6 +195,8 @@ private: OMX::buffer_id findBufferID(OMX_BUFFERHEADERTYPE *bufferHeader); void invalidateBufferID(OMX::buffer_id buffer); + bool isProhibitedIndex_l(OMX_INDEXTYPE index); + status_t useGraphicBuffer2_l( OMX_U32 portIndex, const sp<GraphicBuffer> &graphicBuffer, OMX::buffer_id *buffer); |