commit c5e6fb0fd3a82bc0290b443db4611f4fc304a6ab
author Naseer Ahmed <naseer@codeaurora.org> Thu Mar 07 13:42:20 2013 -0500
committer Gerrit - the friendly Code Review server <code-review@localhost> Fri Mar 22 17:10:30 2013 -0700
tree 68cbfaca02ffec64d39e3f8158bf49eb603f1197
parent 9c301a18c67f6fd21a4f8f699b3880cb246fda7f

gralloc: Align protected allocations with the spec

The specification for GRALLOC_USAGE_PROTECTED indicates that
allocations with that flag must be protected by securing with
hardware. If such protection is not possible, the buffer must not
be composited. In our current software only the MM_HEAP is
secured. If we allocate protected buffers from any other heap we
block those from being displayed.

CRs-fixed: 465012
Change-Id: I9d47aba3d28192db3fcc394fd6b38efe42ae118b

libgralloc/alloc_controller.cpp

diff --git a/libgralloc/alloc_controller.cpp b/libgralloc/alloc_controller.cpp
index 9af52c9..8ef5611 100644
--- a/libgralloc/alloc_controller.cpp
+++ b/libgralloc/alloc_controller.cpp
@@ -175,7 +175,6 @@
 {
     int ionFlags = 0;
     int ret;
-    bool noncontig = false;
 
     data.uncached = useUncached(usage);
     data.allocType = 0;
@@ -183,24 +182,33 @@
     if(usage & GRALLOC_USAGE_PRIVATE_UI_CONTIG_HEAP)
         ionFlags |= ION_HEAP(ION_SF_HEAP_ID);
 
-    if(usage & GRALLOC_USAGE_PRIVATE_SYSTEM_HEAP) {
+    if(usage & GRALLOC_USAGE_PRIVATE_SYSTEM_HEAP)
         ionFlags |= ION_HEAP(ION_SYSTEM_HEAP_ID);
-        noncontig = true;
-    }
 
-    if(usage & GRALLOC_USAGE_PRIVATE_IOMMU_HEAP) {
+    if(usage & GRALLOC_USAGE_PRIVATE_IOMMU_HEAP)
         ionFlags |= ION_HEAP(ION_IOMMU_HEAP_ID);
-        noncontig = true;
-    }
 
-    if(usage & GRALLOC_USAGE_PRIVATE_MM_HEAP)
-        ionFlags |= ION_HEAP(ION_CP_MM_HEAP_ID);
+    //MM Heap is exclusively a secure heap.
+    if(usage & GRALLOC_USAGE_PRIVATE_MM_HEAP) {
+        //XXX: Right now the MM heap is the only secure heap we have. When we
+        //have other secure heaps, we can change this.
+        if(usage & GRALLOC_USAGE_PROTECTED) {
+            ionFlags |= ION_HEAP(ION_CP_MM_HEAP_ID);
+            ionFlags |= ION_SECURE;
+        }
+        else {
+            ALOGW("GRALLOC_USAGE_PRIVATE_MM_HEAP \
+                  cannot be used as an insecure heap!\
+                  trying to use IOMMU instead !!");
+            ionFlags |= ION_HEAP(ION_IOMMU_HEAP_ID);
+        }
+    }
 
     if(usage & GRALLOC_USAGE_PRIVATE_ADSP_HEAP)
         ionFlags |= ION_HEAP(ION_ADSP_HEAP_ID);
 
-    if(usage & GRALLOC_USAGE_PROTECTED && !noncontig)
-        ionFlags |= ION_SECURE;
+    if(usage & GRALLOC_USAGE_PROTECTED)
+         data.allocType |= private_handle_t::PRIV_FLAGS_SECURE_BUFFER;
 
     // if no flags are set, default to
     // SF + IOMMU heaps, so that bypass can work
@@ -218,16 +226,11 @@
     {
         ALOGW("Falling back to system heap");
         data.flags = ION_HEAP(ION_SYSTEM_HEAP_ID);
-        noncontig = true;
         ret = mIonAlloc->alloc_buffer(data);
     }
 
     if(ret >= 0 ) {
         data.allocType |= private_handle_t::PRIV_FLAGS_USES_ION;
-        if(noncontig)
-            data.allocType |= private_handle_t::PRIV_FLAGS_NONCONTIGUOUS_MEM;
-        if(ionFlags & ION_SECURE)
-            data.allocType |= private_handle_t::PRIV_FLAGS_SECURE_BUFFER;
     }
 
     return ret;