From 0880898d995d46acca29f45963468701798415c8 Mon Sep 17 00:00:00 2001
From: Robert Shih <robertshih@google.com>
Date: Wed, 8 Nov 2023 19:48:57 -0800
Subject: [PATCH] Allow system user csr access

Bug: 296971609
Test: Oppo rkp_factory_extraction_tool
Change-Id: I0e51bc52cc269e69fb3d3f056dfa7fbaa414e6a5
---
 libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp b/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp
index 31802659..ed4041c5 100644
--- a/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp
+++ b/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp
@@ -159,10 +159,12 @@ HdcpLevel mapHdcpLevel(const std::string& level) {
   }
 }
 
-bool isRootOrShell() {
-  const uid_t AID_ROOT = 0, AID_SHELL = 2000;
+bool isCsrAccessAllowed() {
+  const uid_t AID_ROOT   = 0;
+  const uid_t AID_SYSTEM = 1000;
+  const uid_t AID_SHELL  = 2000;
   const uid_t uid = AIBinder_getCallingUid();
-  return (uid == AID_ROOT || uid == AID_SHELL);
+  return (uid == AID_ROOT || uid == AID_SYSTEM || uid == AID_SHELL);
 }
 
 bool IsAtscKeySetId(const CdmKeySetId& keySetId) {
@@ -1282,7 +1284,7 @@ static WvStatus getDeviceSignedCsrPayload(
         value = StrToVector(serialized_metrics);
       }
     }
-  } else if (name == "bootCertificateChain" && isRootOrShell()) {
+  } else if (name == "bootCertificateChain" && isCsrAccessAllowed()) {
     std::string boot_certificate_chain;
     CdmResponseType res = mCDM->QueryStatus(
         wvcdm::kLevelDefault, wvcdm::QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN,
@@ -1294,7 +1296,7 @@ static WvStatus getDeviceSignedCsrPayload(
     } else {
       value = StrToVector(boot_certificate_chain);
     }
-  } else if (name == "verifiedDeviceInfo" && isRootOrShell()) {
+  } else if (name == "verifiedDeviceInfo" && isCsrAccessAllowed()) {
     std::string verified_device_info;
     CdmResponseType res = mCDM->QueryStatus(wvcdm::kLevelDefault,
                                             wvcdm::QUERY_KEY_DEVICE_INFORMATION,
@@ -1306,7 +1308,7 @@ static WvStatus getDeviceSignedCsrPayload(
     } else {
       value = StrToVector(verified_device_info);
     }
-  } else if (name == "deviceSignedCsrPayload" && isRootOrShell()) {
+  } else if (name == "deviceSignedCsrPayload" && isCsrAccessAllowed()) {
     std::string signed_csr_payload;
     status =
         getDeviceSignedCsrPayload(mCDM, mCertificateSigningRequestChallenge,
@@ -1508,10 +1510,10 @@ static WvStatus getDeviceSignedCsrPayload(
     } else {
       return toNdkScopedAStatus(Status::BAD_VALUE);
     }
-  } else if (name == "certificateSigningRequestChallenge" && isRootOrShell()) {
+  } else if (name == "certificateSigningRequestChallenge" && isCsrAccessAllowed()) {
     mCertificateSigningRequestChallenge =
         std::string(_value.begin(), _value.end());
-  } else if (name == "deviceInfo" && isRootOrShell()) {
+  } else if (name == "deviceInfo" && isCsrAccessAllowed()) {
     mDeviceInfo = std::string(_value.begin(), _value.end());
   } else {
     ALOGE("App set unknown byte array property %s", name.c_str());