Jason BARSTOW wrote: > > > > Hello, > > I'm still toying with if and how to implement multiapp support on my system > (it has a custom driver). I have some questions about security and surface > content sharing. > > Consider a system with two DFB processes running using Fusion - call these > P1 and P2 (P1 is the master). > In this system, P1 and P2 share host mapping views of the video memory. > Either process can issue blit operations using surfaces allocated from the > video memory. > > Q1. Are there any API level functions that make it easy for P2 to read > back the contents of a surface belonging to P1?
Not in the public API. You can enumerate surface objects with the internal API. > Q2. If P1 or P2 are windowing - I understand these are rendered down by P1 > to the layer surface. Is that correct? In most implementations each process does (calls) the screen compositing itself. > Can P1 read back this combined (composited) surface? > Can P2 read back this combined (composited) surface? Usually, yes. > Q3. Is it trivial for P2 to spoof a surface handle to access any part of > the shared video memory and thereby have access to all content? It's not trivial, but possible. To solve it, only the master process could have access to all memory. Others could do an RPC call to the master for composition, if they cannot read other windows' contents. -- Best regards, Denis Oliver Kropp .------------------------------------------. | DirectFB - Hardware accelerated graphics | | http://www.directfb.org/ | "------------------------------------------" _______________________________________________ directfb-dev mailing list [email protected] http://mail.directfb.org/cgi-bin/mailman/listinfo/directfb-dev
