Allow system user csr access

Bug: 296971609 Test: Oppo rkp_factory_extraction_tool Change-Id: I0e51bc52cc269e69fb3d3f056dfa7fbaa414e6a5
2023-11-08 19:48:57 -08:00
parent 0500d27ce5
commit 0880898d99
1 changed files with 10 additions and 8 deletions
--- a/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp
+++ b/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp
@@ -159,10 +159,12 @@ HdcpLevel mapHdcpLevel(const std::string& level) {
  }
 }

-bool isRootOrShell() {
-  const uid_t AID_ROOT = 0, AID_SHELL = 2000;
+bool isCsrAccessAllowed() {
+  const uid_t AID_ROOT   = 0;
+  const uid_t AID_SYSTEM = 1000;
+  const uid_t AID_SHELL  = 2000;
  const uid_t uid = AIBinder_getCallingUid();
-  return (uid == AID_ROOT || uid == AID_SHELL);
+  return (uid == AID_ROOT || uid == AID_SYSTEM || uid == AID_SHELL);
 }

 bool IsAtscKeySetId(const CdmKeySetId& keySetId) {
@@ -1282,7 +1284,7 @@ static WvStatus getDeviceSignedCsrPayload(
        value = StrToVector(serialized_metrics);
      }
    }
-  } else if (name == "bootCertificateChain" && isRootOrShell()) {
+  } else if (name == "bootCertificateChain" && isCsrAccessAllowed()) {
    std::string boot_certificate_chain;
    CdmResponseType res = mCDM->QueryStatus(
        wvcdm::kLevelDefault, wvcdm::QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN,
@@ -1294,7 +1296,7 @@ static WvStatus getDeviceSignedCsrPayload(
    } else {
      value = StrToVector(boot_certificate_chain);
    }
-  } else if (name == "verifiedDeviceInfo" && isRootOrShell()) {
+  } else if (name == "verifiedDeviceInfo" && isCsrAccessAllowed()) {
    std::string verified_device_info;
    CdmResponseType res = mCDM->QueryStatus(wvcdm::kLevelDefault,
                                            wvcdm::QUERY_KEY_DEVICE_INFORMATION,
@@ -1306,7 +1308,7 @@ static WvStatus getDeviceSignedCsrPayload(
    } else {
      value = StrToVector(verified_device_info);
    }
-  } else if (name == "deviceSignedCsrPayload" && isRootOrShell()) {
+  } else if (name == "deviceSignedCsrPayload" && isCsrAccessAllowed()) {
    std::string signed_csr_payload;
    status =
        getDeviceSignedCsrPayload(mCDM, mCertificateSigningRequestChallenge,
@@ -1508,10 +1510,10 @@ static WvStatus getDeviceSignedCsrPayload(
    } else {
      return toNdkScopedAStatus(Status::BAD_VALUE);
    }
-  } else if (name == "certificateSigningRequestChallenge" && isRootOrShell()) {
+  } else if (name == "certificateSigningRequestChallenge" && isCsrAccessAllowed()) {
    mCertificateSigningRequestChallenge =
        std::string(_value.begin(), _value.end());
-  } else if (name == "deviceInfo" && isRootOrShell()) {
+  } else if (name == "deviceInfo" && isCsrAccessAllowed()) {
    mDeviceInfo = std::string(_value.begin(), _value.end());
  } else {
    ALOGE("App set unknown byte array property %s", name.c_str());