widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merges to android Pi release (part: 1)

Browse Source 
Below are a set of CLs being merged from the wv cdm repo to the android repo.

* Fix handling of OEM Cert public key.

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/27921 ]

  This is a potential fix for b/36656190. Set aside public
  key on first call to get the public key, and use it afterwards.
  This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(),
  which has side-effect of staging the OEM private key.

  This also fixes a problem where the public cert string was
  not being trimmed to match the size returned by
  OEMCrypto_GetOEMPublicCertificate().

* Complete provisioning request/response for Provisioning 3.0

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/27780 ]

  Fix bug on provisioning request path where GenerateDerivedKeys()
  was being called when preparing to generate the signature.

  Add message signature verification, and call correct OEMCrypto
  routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30).

* Implement Cdm::deleteAllUsageRecords()

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/27780 ]

  Delete all usage records for current origin.  Removes usage
  records from file system and retains the PSTs.  The deletes
  any usage entries matching those PSTs held by OEMCrypto.

  BUG: 35319024

* Remove stringencoders library from third_party.

  Author: Jacob Trimble <modmaker@google.com>

  [ Merge of http://go/wvgerrit/27585 ]

  We have a fork of the stringencoders library that we use for base64
  encoding.  This reimplements base64 encoding to remove the extra
  dependency and to reduce the amount of code.

* Add Cdm::deleteUsageRecord() based on key_set_id.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/27605 ]

  Delete specified usage record from file system usage info and
  from OEMCrypto.

  BUG: 35319024

* Modifiable OEMCrypto

  Author: Fred Gylys-Colwell <fredgc@google.com>

  [ Merge of http://go/wvgerrit/24729 ]

  This CL adds a new variant of the OEMCrypto mock code that adjusts its
  behavior based on a configuration file.  This is intended for
  testing.

  For example, a tester can set current_hdcp to 2 in the options.txt
  file, push it to the device, and verify that a license is granted for
  HDCP 2.0.  Then the tester can edit the value of current_hdcp to 1 and
  push the file to the device.  Playback should stop because the license
  is no longer valid.

  This variant uses a real level 1 liboemcrypto.so to push data to a
  secure buffer.  That means we can test playback for a license that
  requires secure buffers on an Android device with real secure buffers.

  BUG: 35141278
  BUG: 37353534

BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
      commit in the chain.

Change-Id: I58443c510919e992bb455192e70373490a00e2b6
This commit is contained in:
Rahul Frias
2018-01-05 17:05:18 -08:00
parent e34f83cdce
commit 0419b55222
120 changed files with 5402 additions and 6827 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libwvdrmengine/cdm/src/ami_adapter.cpp
View File

@@ -22,6 +22,10 @@ AmiAdapter::~AmiAdapter() {
analytics_item_.selfrecord();
}
metrics::Report* AmiAdapter::NewReport() const {
return new AmiAdapter(analytics_item_.getSessionID());
}
void AmiAdapter::UpdateString(const std::string& metric_id,
const std::string& value) {
analytics_item_.setCString(metric_id.c_str(), value.c_str());

17
libwvdrmengine/cdm/src/file_utils.cpp
View File

@@ -15,6 +15,14 @@
#include "log.h"
#include "properties.h"
namespace {
const char* kSecurityLevelPathCompatibilityExclusionList[] = {
"ay64.dat", "ay64.dat2", "ay64.dat3"};
size_t kSecurityLevelPathCompatibilityExclusionListSize =
sizeof(kSecurityLevelPathCompatibilityExclusionList) /
sizeof(*kSecurityLevelPathCompatibilityExclusionList);
} // namespace
namespace wvcdm {
bool IsCurrentOrParentDirectory(char* dir) {
@@ -250,6 +258,15 @@ void FileUtils::SecurityLevelPathBackwardCompatibility(
for (size_t i = 0; i < files.size(); ++i) {
std::string from = from_dir + files[i];
bool exclude = false;
for (size_t j = 0; j < kSecurityLevelPathCompatibilityExclusionListSize;
++j) {
if (files[i] == kSecurityLevelPathCompatibilityExclusionList[j]) {
exclude = true;
break;
}
}
if (exclude) continue;
if (!FileUtils::IsRegularFile(from)) continue;
for (size_t j = 0; j < security_dirs.size(); ++j) {

3
libwvdrmengine/cdm/src/log.cpp
View File

@@ -22,9 +22,6 @@
#include "log.h"
#include <utils/Log.h>
#include <stdio.h>
#include <stdarg.h>
/*
* Uncomment the line below if you want to have the LOGV messages to print
* IMPORTANT : this will affect all of CDM

2
libwvdrmengine/cdm/src/properties_android.cpp
View File

@@ -19,7 +19,7 @@ const char kL2Dir[] = "/L2/";
const char kL3Dir[] = "/L3/";
const char kFactoryKeyboxPath[] = "/factory/wv.keys";
const char kWVCdmVersion[] = "v5.1.0-android";
const char kWVCdmVersion[] = "v5.0.0-android";
bool GetAndroidProperty(const char* key, std::string* value) {
char val[PROPERTY_VALUE_MAX];

199
libwvdrmengine/cdm/src/wv_content_decryption_module.cpp
View File

@@ -7,6 +7,7 @@
#include "initialization_data.h"
#include "license.h"
#include "log.h"
#include "metrics_front_end.h"
#include "properties.h"
#include "service_certificate.h"
#include "wv_cdm_constants.h"
@@ -20,10 +21,22 @@ namespace wvcdm {
Lock WvContentDecryptionModule::session_sharing_id_generation_lock_;
WvContentDecryptionModule::WvContentDecryptionModule() {}
WvContentDecryptionModule::WvContentDecryptionModule() {
// TODO (b/36497276)
// replace call to new AmiAdapter() and remove ami_apdater.*
report_root_ = NULL; // new AmiAdapter();
front_end_ = new metrics::MetricsFrontEnd(report_root_);
metrics::MetricsFrontEnd::OverrideInstance(front_end_);
}
WvContentDecryptionModule::~WvContentDecryptionModule() {
DisablePolicyTimer(true /* Force. */);
DisablePolicyTimer(true);
metrics::MetricsFrontEnd::OverrideInstance(NULL);
delete front_end_;
delete report_root_;
front_end_ = NULL;
report_root_ = NULL;
}
bool WvContentDecryptionModule::IsSupported(const std::string& init_data_type) {
@@ -53,9 +66,16 @@ CdmResponseType WvContentDecryptionModule::OpenSession(
}
CdmEngine* cdm_engine = EnsureCdmForIdentifier(identifier);
CdmResponseType sts = cdm_engine->OpenSession(key_system, property_set,
event_listener, session_id);
cdm_engine->GetMetrics()->cdm_engine_open_session_.Increment(sts);
CdmResponseType sts;
M_TIME(
sts = cdm_engine->OpenSession(
key_system,
property_set,
event_listener,
session_id),
cdm_engine->GetMetrics(),
cdm_engine_open_session_,
sts);
if (sts == NO_ERROR) {
cdm_by_session_id_[*session_id] = cdm_engine;
}
@@ -64,18 +84,20 @@ CdmResponseType WvContentDecryptionModule::OpenSession(
CdmResponseType WvContentDecryptionModule::CloseSession(
const CdmSessionId& session_id) {
LOGV("WvContentDecryptionModule::CloseSession. id: %s", session_id.c_str());
CdmEngine* cdm_engine = GetCdmForSessionId(session_id);
// TODO(rfrias): Avoid reusing the error codes from CdmEngine.
if (!cdm_engine) return SESSION_NOT_FOUND_1;
CdmResponseType sts = cdm_engine->CloseSession(session_id);
cdm_engine->GetMetrics()->cdm_engine_close_session_.Increment(sts);
CdmResponseType sts;
M_TIME(
sts = cdm_engine->CloseSession(
session_id),
cdm_engine->GetMetrics(),
cdm_engine_close_session_,
sts);
if (sts == NO_ERROR) {
cdm_by_session_id_.erase(session_id);
}
DisablePolicyTimer(false /* Do not force. */);
DisablePolicyTimer(false);
return sts;
}
@@ -93,8 +115,14 @@ CdmResponseType WvContentDecryptionModule::GenerateKeyRequest(
CdmEngine* cdm_engine = EnsureCdmForIdentifier(identifier);
CdmResponseType sts;
if (license_type == kLicenseTypeRelease) {
sts = cdm_engine->OpenKeySetSession(key_set_id, property_set, NULL);
cdm_engine->GetMetrics()->cdm_engine_open_key_set_session_.Increment(sts);
M_TIME(
sts = cdm_engine->OpenKeySetSession(
key_set_id,
property_set,
NULL),
cdm_engine->GetMetrics(),
cdm_engine_open_key_set_session_,
sts);
if (sts != NO_ERROR) return sts;
cdm_by_session_id_[key_set_id] = cdm_engine;
}
@@ -132,11 +160,6 @@ CdmResponseType WvContentDecryptionModule::AddKey(
CdmEngine* cdm_engine = session_id.empty() ? GetCdmForSessionId(*key_set_id)
: GetCdmForSessionId(session_id);
if (!cdm_engine) return SESSION_NOT_FOUND_3;
// Save key_set_id, as CDM will return an empty key_set_id on release
CdmKeySetId release_key_set_id;
if (session_id.empty() && key_set_id != NULL) {
release_key_set_id = *key_set_id;
}
CdmResponseType sts;
M_TIME(
sts = cdm_engine->AddKey(
@@ -147,8 +170,8 @@ CdmResponseType WvContentDecryptionModule::AddKey(
cdm_engine_add_key_,
sts);
if (sts == KEY_ADDED && session_id.empty()) { // license type release
cdm_engine->CloseKeySetSession(release_key_set_id);
cdm_by_session_id_.erase(release_key_set_id);
cdm_engine->CloseKeySetSession(*key_set_id);
cdm_by_session_id_.erase(*key_set_id);
}
return sts;
}
@@ -175,8 +198,13 @@ CdmResponseType WvContentDecryptionModule::RemoveKeys(
const CdmSessionId& session_id) {
CdmEngine* cdm_engine = GetCdmForSessionId(session_id);
if (!cdm_engine) return SESSION_NOT_FOUND_5;
CdmResponseType sts = cdm_engine->RemoveKeys(session_id);
cdm_engine->GetMetrics()->cdm_engine_remove_keys_.Increment(sts);
CdmResponseType sts;
M_TIME(
sts = cdm_engine->RemoveKeys(
session_id),
cdm_engine->GetMetrics(),
cdm_engine_remove_keys_,
sts);
return sts;
}
@@ -258,15 +286,20 @@ CdmResponseType WvContentDecryptionModule::HandleProvisioningResponse(
CdmResponseType WvContentDecryptionModule::Unprovision(
CdmSecurityLevel level, const CdmIdentifier& identifier) {
CdmEngine* cdm_engine = EnsureCdmForIdentifier(identifier);
CdmResponseType sts = cdm_engine->Unprovision(level);
cdm_engine->GetMetrics()->cdm_engine_unprovision_.Increment(sts, level);
CdmResponseType sts;
M_TIME(
sts = cdm_engine->Unprovision(
level),
cdm_engine->GetMetrics(),
cdm_engine_unprovision_,
sts,
level);
return sts;
}
CdmResponseType WvContentDecryptionModule::GetUsageInfo(
const std::string& app_id, const CdmIdentifier& identifier,
CdmUsageInfo* usage_info) {
CdmEngine* cdm_engine = EnsureCdmForIdentifier(identifier);
const std::string& app_id, CdmUsageInfo* usage_info) {
CdmEngine* cdm_engine = EnsureCdmForIdentifier(kDefaultCdmIdentifier);
CdmResponseType sts;
M_TIME(
sts = cdm_engine->GetUsageInfo(
@@ -281,9 +314,8 @@ CdmResponseType WvContentDecryptionModule::GetUsageInfo(
CdmResponseType WvContentDecryptionModule::GetUsageInfo(
const std::string& app_id,
const CdmSecureStopId& ssid,
const CdmIdentifier& identifier,
CdmUsageInfo* usage_info) {
CdmEngine* cdm_engine = EnsureCdmForIdentifier(identifier);
CdmEngine* cdm_engine = EnsureCdmForIdentifier(kDefaultCdmIdentifier);
CdmResponseType sts;
M_TIME(
sts = cdm_engine->GetUsageInfo(
@@ -297,19 +329,28 @@ CdmResponseType WvContentDecryptionModule::GetUsageInfo(
}
CdmResponseType WvContentDecryptionModule::ReleaseAllUsageInfo(
const std::string& app_id, const CdmIdentifier& identifier) {
CdmEngine* cdm_engine = EnsureCdmForIdentifier(identifier);
CdmResponseType sts = cdm_engine->ReleaseAllUsageInfo(app_id);
cdm_engine->GetMetrics()->cdm_engine_release_all_usage_info_.Increment(sts);
const std::string& app_id) {
CdmEngine* cdm_engine = EnsureCdmForIdentifier(kDefaultCdmIdentifier);
CdmResponseType sts;
M_TIME(
sts = cdm_engine->ReleaseAllUsageInfo(
app_id),
cdm_engine->GetMetrics(),
cdm_engine_release_all_usage_info_,
sts);
return sts;
}
CdmResponseType WvContentDecryptionModule::ReleaseUsageInfo(
const CdmUsageInfoReleaseMessage& message,
const CdmIdentifier& identifier) {
CdmEngine* cdm_engine = EnsureCdmForIdentifier(identifier);
CdmResponseType sts = cdm_engine->ReleaseUsageInfo(message);
cdm_engine->GetMetrics()->cdm_engine_release_usage_info_.Increment(sts);
const CdmUsageInfoReleaseMessage& message) {
CdmEngine* cdm_engine = EnsureCdmForIdentifier(kDefaultCdmIdentifier);
CdmResponseType sts;
M_TIME(
sts = cdm_engine->ReleaseUsageInfo(
message),
cdm_engine->GetMetrics(),
cdm_engine_release_usage_info_,
sts);
return sts;
}
@@ -325,11 +366,15 @@ CdmResponseType WvContentDecryptionModule::Decrypt(
CdmSessionId local_session_id = session_id;
if (validate_key_id &&
Properties::GetSessionSharingId(session_id) != 0) {
bool status = cdm_engine->FindSessionForKey(
*parameters.key_id, &local_session_id);
cdm_engine->GetMetrics()->cdm_engine_find_session_for_key_
.Increment(status);
if (!status && parameters.is_encrypted) return KEY_NOT_FOUND_IN_SESSION;
bool status;
M_TIME(
status = cdm_engine->FindSessionForKey(
*parameters.key_id,
&local_session_id),
cdm_engine->GetMetrics(),
cdm_engine_find_session_for_key_,
status);
if (!status) return KEY_NOT_FOUND_IN_SESSION;
}
CdmResponseType sts;
M_TIME(
@@ -338,8 +383,7 @@ CdmResponseType WvContentDecryptionModule::Decrypt(
parameters),
cdm_engine->GetMetrics(),
cdm_engine_decrypt_,
sts,
metrics::Pow2Bucket(parameters.encrypt_length));
sts);
return sts;
}
@@ -356,15 +400,7 @@ bool WvContentDecryptionModule::IsValidServiceCertificate(
ServiceCertificate cert;
CdmResponseType status = cert.Init(certificate);
if (status != NO_ERROR) return false;
return cert.HasCertificate();
}
void WvContentDecryptionModule::GetSerializedMetrics(
std::string* serialized_metrics) {
AutoLock auto_lock(cdms_lock_);
CloseCdmsWithoutSessions();
metrics_.SerializeToString(serialized_metrics);
metrics_.Clear();
return cert.HasCertificate();
}
WvContentDecryptionModule::CdmInfo::CdmInfo()
@@ -382,14 +418,9 @@ CdmEngine* WvContentDecryptionModule::EnsureCdmForIdentifier(
cdms_[identifier].file_system.SetOrigin(identifier.origin);
cdms_[identifier].file_system.SetIdentifier(
identifier.spoid + identifier.origin);
// Set the app package name for use by metrics.
cdms_[identifier].cdm_engine->GetMetrics()
->SetAppPackageName(identifier.app_package_name);
}
CdmEngine* cdm_engine = cdms_[identifier].cdm_engine.get();
return cdm_engine;
return cdms_[identifier].cdm_engine.get();
}
CdmEngine* WvContentDecryptionModule::GetCdmForSessionId(
@@ -400,34 +431,6 @@ CdmEngine* WvContentDecryptionModule::GetCdmForSessionId(
return it->second;
}
// This method requires that the caller first acquire cdms_lock_.
void WvContentDecryptionModule::CloseCdmsWithoutSessions() {
for (auto it = cdms_.begin(); it != cdms_.end();) {
if (it->second.cdm_engine->SessionSize() != 0) {
++it;
} else {
// Retrieve the metrics from the engine and any completed
// sessions. Clear the metrics from any completed sessions.
metrics::EngineMetrics* engine_metrics =
it->second.cdm_engine->GetMetrics();
// engine_metrics should never be null.
if (engine_metrics != NULL) {
engine_metrics->Serialize(
metrics_.add_metric_sub_group(),
false, // Report complete AND incomplete sessions.
true); // Clear session metrics after reporting.
} else {
// Engine metrics should never be null.
LOGI("WvContentDecryptionModule::CloseCdmsWithoutSessions."
"engine_metrics was unexpectedly NULL.");
}
// The CDM is no longer used for this identifier, delete it.
it = cdms_.erase(it);
}
}
}
void WvContentDecryptionModule::EnablePolicyTimer() {
AutoLock auto_lock(policy_timer_lock_);
if (!policy_timer_.IsRunning())
@@ -435,19 +438,23 @@ void WvContentDecryptionModule::EnablePolicyTimer() {
}
void WvContentDecryptionModule::DisablePolicyTimer(bool force) {
bool cdms_is_empty = false;
bool has_sessions = false;
{
AutoLock auto_lock(cdms_lock_);
CloseCdmsWithoutSessions();
cdms_is_empty = cdms_.empty();
for (auto it = cdms_.begin(); it != cdms_.end();) {
if (it->second.cdm_engine->SessionSize() != 0) {
has_sessions = true;
++it;
} else {
// The CDM is no longer used for this identifier, delete it.
it = cdms_.erase(it);
}
}
}
AutoLock auto_lock(policy_timer_lock_);
if(force || cdms_is_empty) {
if (policy_timer_.IsRunning()) {
policy_timer_.Stop();
}
}
if ((!has_sessions || force) && policy_timer_.IsRunning())
policy_timer_.Stop();
}
void WvContentDecryptionModule::OnTimerEvent() {