Merge "Revert CDM changes from oemcrypto 18.4" into udc-widevine-dev

libwvdrmengine/Android.bp

@@ -216,6 +216,10 @@ cc_library_static {
         "libutils_headers",
     ],
 
+    generated_headers: [
+        "wv_android_build_id",
+    ],
+
     shared_libs: [
         "libbinder_ndk",
         "libcrypto",
@@ -352,3 +356,23 @@ cc_fuzz {
         ],
     },
 }
+
+python_binary_host {
+    name: "wv-android-build-id-gen",
+    srcs: [
+        "wv-android-build-id-gen.py",
+    ],
+    version: {
+        py3: {
+            embedded_launcher: true,
+        },
+    },
+}
+
+genrule {
+    name: "wv_android_build_id",
+    srcs: ["apex/apex_manifest.json"],
+    tools: ["wv-android-build-id-gen"],
+    cmd: "$(location wv-android-build-id-gen) < $(in) > $(out)",
+    out: ["wv_android_build_id.h"],
+}

libwvdrmengine/cdm/core/src/cdm_session.cpp

@@ -261,8 +261,14 @@ CdmResponseType CdmSession::RestoreOfflineSession(const CdmKeySetId& key_set_id,
   usage_entry_ = std::move(license_data.usage_entry);
   usage_entry_index_ = license_data.usage_entry_index;
 
-  CdmResponseType result = LoadPrivateOrLegacyKey(
+  // If ATSC mode is enabled, use ATSC DRM cert/private key, rather than any
-      license_data.drm_certificate, license_data.wrapped_private_key);
+  // cert/private key embedded in the license.
+  CdmResponseType result =
+      atsc_mode_enabled_
+          ? LoadPrivateKey()
+          : LoadPrivateOrLegacyKey(license_data.drm_certificate,
+                                   license_data.wrapped_private_key);
+
   if (result != NO_ERROR) return result;
 
   // Attempts to restore a released offline license are treated as a release

libwvdrmengine/cdm/src/properties_android.cpp

@@ -2,17 +2,19 @@
 // source code may only be used and distributed under the Widevine License
 // Agreement.
 
-#include <android-base/properties.h>
+#include "properties.h"
-#include <unistd.h>
+#include "properties_configuration.h"
+#include "wv_android_build_id.h"
 
+#include <unistd.h>
 #include <sstream>
 #include <string>
 
+#include <android-base/properties.h>
+
 #include "log.h"
-#include "properties.h"
-#include "properties_configuration.h"
-#include "widevine_apex_info.h"
 #include "wv_android_constants.h"
+#include "widevine_apex_info.h"
 
 namespace {
 
@@ -135,15 +137,17 @@ bool Properties::GetWVCdmVersion(std::string* version) {
     return false;
   }
 
-  std::string apex_version = "";
+  std::string build_number;
 #ifdef __ANDROID_APEX__
   {
     auto info = widevine::apex::GetApexInfo();
-    apex_version = "@" + std::to_string(info->version);
+    build_number = std::to_string(info->version);
   }
+#else
+  build_number = WV_ANDROID_BUILD_ID;
 #endif
 
-  *version = kWVAndroidCdmVersion + apex_version;
+  *version = kWVAndroidCdmVersion + "@" + build_number;
   return true;
 }
 

libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp

@@ -154,10 +154,12 @@ HdcpLevel mapHdcpLevel(const std::string& level) {
   }
 }
 
-bool isRootOrShell() {
+bool isCsrAccessAllowed() {
-  const uid_t AID_ROOT = 0, AID_SHELL = 2000;
+  const uid_t AID_ROOT   = 0;
+  const uid_t AID_SYSTEM = 1000;
+  const uid_t AID_SHELL  = 2000;
   const uid_t uid = AIBinder_getCallingUid();
-  return (uid == AID_ROOT || uid == AID_SHELL);
+  return (uid == AID_ROOT || uid == AID_SYSTEM || uid == AID_SHELL);
 }
 
 bool IsAtscKeySetId(const CdmKeySetId& keySetId) {
@@ -1277,7 +1279,7 @@ static WvStatus getDeviceSignedCsrPayload(
         value = StrToVector(serialized_metrics);
       }
     }
-  } else if (name == "bootCertificateChain" && isRootOrShell()) {
+  } else if (name == "bootCertificateChain" && isCsrAccessAllowed()) {
     std::string boot_certificate_chain;
     CdmResponseType res = mCDM->QueryStatus(
         wvcdm::kLevelDefault, wvcdm::QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN,
@@ -1289,7 +1291,7 @@ static WvStatus getDeviceSignedCsrPayload(
     } else {
       value = StrToVector(boot_certificate_chain);
     }
-  } else if (name == "verifiedDeviceInfo" && isRootOrShell()) {
+  } else if (name == "verifiedDeviceInfo" && isCsrAccessAllowed()) {
     std::string verified_device_info;
     CdmResponseType res = mCDM->QueryStatus(wvcdm::kLevelDefault,
                                             wvcdm::QUERY_KEY_DEVICE_INFORMATION,
@@ -1301,7 +1303,7 @@ static WvStatus getDeviceSignedCsrPayload(
     } else {
       value = StrToVector(verified_device_info);
     }
-  } else if (name == "deviceSignedCsrPayload" && isRootOrShell()) {
+  } else if (name == "deviceSignedCsrPayload" && isCsrAccessAllowed()) {
     std::string signed_csr_payload;
     status =
         getDeviceSignedCsrPayload(mCDM, mCertificateSigningRequestChallenge,
@@ -1503,10 +1505,10 @@ static WvStatus getDeviceSignedCsrPayload(
     } else {
       return toNdkScopedAStatus(Status::BAD_VALUE);
     }
-  } else if (name == "certificateSigningRequestChallenge" && isRootOrShell()) {
+  } else if (name == "certificateSigningRequestChallenge" && isCsrAccessAllowed()) {
     mCertificateSigningRequestChallenge =
         std::string(_value.begin(), _value.end());
-  } else if (name == "deviceInfo" && isRootOrShell()) {
+  } else if (name == "deviceInfo" && isCsrAccessAllowed()) {
     mDeviceInfo = std::string(_value.begin(), _value.end());
   } else {
     ALOGE("App set unknown byte array property %s", name.c_str());