Merges to android Pi release (part 6)

These are a set of CLs merged from the wv cdm repo to the android repo.

* Enable Cast for Android Things build.

  Author: Thoren Paulson <thoren@google.com>

  [ Merge of http://go/wvgerrit/29941 ]

  Added a path to make_cast_libwvlevel3 for Android Things. Added the new
  system id to the preprocessor guards in android_keybox.cpp. Guarded the
  references to stderr in page_allocator.cpp because for some reason they
  don't get resolved when we link against the resulting library.

  BUG: 63443584

* Resolve memory leaks in use of OpenSSL.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32700 ]

  Use of EVP_CIPHER_CTX requires a call to EVP_CIPHER_CTX_cleanup().

* Memory leak in OpenSSL RSA key handling.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32621 ]

  This fixes a range of tests. --gtest_filter="CdmDecrypt*" runs
  five tests and still loses 5 objects totalling 1320 bytes (down
  from 6200 bytes).

* Unit test and mock OEMCrypto memory leaks.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32640 ]

  More memory leak cleanup. All remaining leaks are due
  to calls to CRYPTO_malloc() without the matching free
  (i.e., calls into openssl).

* Clean up memory leaks in tests.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32600 ]

  This is the first pass at cleaning up memory leaks. These leaks
  were affecting a lot of tests, making it hard to identify more
  serious leaks.

  Switch to unique_ptr<> pointers for CdmEngine in
  generic_crypto_unittest tests for FileSystem object in
  mock OEMCrypto's CryptoEngine object.

* Fix broken tests - linux-only & address sanitizer failures.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32460 ]

  Fix broken test:
    WvCdmEnginePreProvTestStaging.ServiceCertificateInitialNoneTest

  Fix failures found by address sanitizer:
    DeviceFilesUsageInfoTest.RetrieveByProviderSessionToken
    DeviceFilesUsageInfoTest.UpdateUsageInfo

  NOTE: address sanitizer cannot handle EXPECT_CALL macros containing
  a call with a Contains matcher as an argument, e.g.:

  EXPECT_CALL(file,
              Write(Contains(certificate, wrapped_private_key, 0),
                    Gt(certificate.size() + wrapped_private_key.size())))

  The address sanitizer reports a crash, issues a report, and stops. A
  temporary fix is to replace the "Contains()" argument with "_".

* Usage license handling corrections

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/28540 ]

  Validate that offline licenses that do not contain a provider session
  token are not handled by the TEE.

  BUG: 38490468

  Test: WV Unit/integration tests, GtsMediaTestCases,
        WvCdmRequestLicenseTest.ReleaseRetryL3OfflineKeySessionUsageDisabledTest

* UsageTableEntry::CopyOldUsageEntry memcpy read out of range.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32220 ]

  The function copies the pst from a variable length input vector
  into a 256 byte character array. But the length argument was a
  fixed value - MAC_KEY_SIZE. Depending on the actual PST length this
  can lead to memcpy reading out of bounds or the PST getting truncated.

BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
  commit in the chain.

Change-Id: I81a4593d7d04d0ef6069ce48d0601b6fbdd85de9

libwvdrmengine/cdm/test/request_license_test.cpp

@@ -1369,8 +1369,12 @@ TEST_F(WvCdmRequestLicenseTest, PerOriginProvisioningSupportsOldPaths) {
   // Make sure that the cert exists.
   std::vector<std::string> files;
   ASSERT_TRUE(FileUtils::List(base_path, &files));
-  ASSERT_EQ(1u, files.size());
-  EXPECT_EQ(kOldFileName, files[0]);
+  ASSERT_LE(1u, files.size());
+  bool found_it = false;
+  for(std::string file: files) {
+    if (file == std::string(kOldFileName)) found_it = true;
+  }
+  EXPECT_TRUE(found_it);
 
   // Reprovision the default identifier.
   Provision(kDefaultCdmIdentifier, kLevel3);
@@ -1942,6 +1946,81 @@ TEST_F(WvCdmRequestLicenseTest, ReleaseRetryL3OfflineKeyTest) {
   VerifyKeyRequestResponse(g_license_server, client_auth);
 }
 
+TEST_F(WvCdmRequestLicenseTest,
+       ReleaseRetryL3OfflineKeySessionUsageDisabledTest) {
+  Unprovision();
+
+  TestWvCdmClientPropertySet property_set;
+  property_set.set_security_level(QUERY_VALUE_SECURITY_LEVEL_L3);
+
+  // The default offline asset "offline_clip2" has the session usage table
+  // entry enabled in the replay control portion of the key control block.
+  // To have it disabled we must use "offline_clip1", so replace the last
+  // char in init data with '1'
+  std::string key_id;
+  std::string client_auth;
+  GetOfflineConfiguration(&key_id, &client_auth);
+  key_id[key_id.size()-1] = '1';
+
+  CdmResponseType sts = decryptor_.OpenSession(
+      g_key_system, &property_set, kDefaultCdmIdentifier, NULL, &session_id_);
+
+  if (NEED_PROVISIONING == sts) {
+    std::string provisioning_server_url;
+    CdmCertificateType cert_type = kCertificateWidevine;
+    std::string cert_authority, cert, wrapped_key;
+    EXPECT_EQ(NO_ERROR, decryptor_.GetProvisioningRequest(
+                            cert_type, cert_authority, kDefaultCdmIdentifier,
+                            &key_msg_, &provisioning_server_url));
+    EXPECT_EQ(provisioning_server_url, g_config->provisioning_server());
+    std::string response =
+        GetCertRequestResponse(g_config->provisioning_server());
+    EXPECT_NE(0, static_cast<int>(response.size()));
+    EXPECT_EQ(NO_ERROR, decryptor_.HandleProvisioningResponse(
+                            kDefaultCdmIdentifier, response, &cert,
+                            &wrapped_key));
+    EXPECT_EQ(NO_ERROR,
+              decryptor_.OpenSession(g_key_system, &property_set,
+                                     kDefaultCdmIdentifier, NULL,
+                                     &session_id_));
+  } else {
+    EXPECT_EQ(NO_ERROR, sts);
+  }
+
+  decryptor_.OpenSession(g_key_system, &property_set, kDefaultCdmIdentifier,
+                         NULL, &session_id_);
+  GenerateKeyRequest(key_id, kLicenseTypeOffline, &property_set);
+  VerifyKeyRequestResponse(g_license_server, client_auth);
+
+  CdmKeySetId key_set_id = key_set_id_;
+  EXPECT_FALSE(key_set_id_.empty());
+  decryptor_.CloseSession(session_id_);
+
+  session_id_.clear();
+  key_set_id_.clear();
+  decryptor_.OpenSession(g_key_system, &property_set, kDefaultCdmIdentifier,
+                         NULL, &session_id_);
+  EXPECT_EQ(wvcdm::KEY_ADDED, decryptor_.RestoreKey(session_id_, key_set_id));
+  decryptor_.CloseSession(session_id_);
+
+  session_id_.clear();
+  key_set_id_.clear();
+  GenerateKeyRelease(key_set_id, &property_set, NULL);
+
+  session_id_.clear();
+  decryptor_.OpenSession(g_key_system, &property_set, kDefaultCdmIdentifier,
+                         NULL, &session_id_);
+  EXPECT_EQ(wvcdm::GET_RELEASED_LICENSE_ERROR,
+            decryptor_.RestoreKey(session_id_, key_set_id));
+  decryptor_.CloseSession(session_id_);
+
+  session_id_.clear();
+  key_set_id_.clear();
+  GenerateKeyRelease(key_set_id, &property_set, NULL);
+  key_set_id_ = key_set_id;
+  VerifyKeyRequestResponse(g_license_server, client_auth);
+}
+
 TEST_F(WvCdmRequestLicenseTest, ExpiryOnReleaseOfflineKeyTest) {
   Unprovision();
   Provision(kLevelDefault);
@@ -3652,14 +3731,14 @@ TEST(VersionNumberTest, VersionNumberChangeCanary) {
   char release_number[PROPERTY_VALUE_MAX];
   ASSERT_GT(property_get("ro.build.version.release", release_number, "Unknown"),
             0);
-  EXPECT_STREQ("8.0.0", release_number)
+  EXPECT_STREQ("8.1.0", release_number)
       << "The Android version number has changed. You need to update this test "
          "and also possibly update the Widevine version number in "
          "properties_android.cpp.";
 
   std::string widevine_version;
   ASSERT_TRUE(Properties::GetWVCdmVersion(&widevine_version));
-  EXPECT_EQ("v5.0.0-android", widevine_version)
+  EXPECT_EQ("v5.1.0-android", widevine_version)
       << "The Widevine CDM version number has changed. Did you forget to "
          "update this test after changing it?";
 }

libwvdrmengine/cdm/test/unit-test.mk

@@ -42,7 +42,7 @@ LOCAL_SHARED_LIBRARIES := \
     libcutils \
     libdl \
     liblog \
-    libmedia \
+    libmedia_omx \
     libprotobuf-cpp-lite \
     libssl \
     libstagefright_foundation \
@@ -51,10 +51,13 @@ LOCAL_SHARED_LIBRARIES := \
 LOCAL_CFLAGS += -DUNIT_TEST
 
 LOCAL_MODULE_OWNER := widevine
+LOCAL_PROPRIETARY_MODULE := true
 
 # When built, explicitly put it in the DATA/bin directory.
 LOCAL_MODULE_PATH := $(TARGET_OUT_DATA)/bin
 
+LOCAL_PROPRIETARY_MODULE := true
+
 ifneq ($(TARGET_ENABLE_MEDIADRM_64), true)
 LOCAL_MODULE_TARGET_ARCH := arm x86 mips
 endif