From 18be093969225a464309f294eac68169dcb6dd29 Mon Sep 17 00:00:00 2001
From: David Liu <dwliu@google.com>
Date: Mon, 10 May 2021 16:13:04 -0700
Subject: [PATCH] Add SetupWraith into allow list of invoke signRSA API, and
 remove priv_app from the allow list and modify the error message.

Doc: https://docs.google.com/document/d/19LFE0xWE6E-TfM8MQbxk2lCyNeW-nALBrGA6VX6Donc/edit?resourcekey=0-pe8SXOdScbmqtVQHRDubVw#

Test: Manual

Bug: b/175603696
Change-Id: Ibde963798d3fc5d4696b2d547f0ef3beab579d38
---
 libwvdrmengine/mediadrm/src_hidl/WVDrmPlugin.cpp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/libwvdrmengine/mediadrm/src_hidl/WVDrmPlugin.cpp b/libwvdrmengine/mediadrm/src_hidl/WVDrmPlugin.cpp
index 0b2ff24b..abb2af61 100644
--- a/libwvdrmengine/mediadrm/src_hidl/WVDrmPlugin.cpp
+++ b/libwvdrmengine/mediadrm/src_hidl/WVDrmPlugin.cpp
@@ -1780,9 +1780,11 @@ Return<void> WVDrmPlugin::signRSA(
 
   const auto& self = android::hardware::IPCThreadState::self();
   const char* sid = self->getCallingSid();
-  if (!sid || (!strstr(sid, "mediashell_app") && !strstr(sid, "priv_app")
-               && !strstr(sid, "mediadrmserver"))) {
-    ALOGE("Only mediashell/priv-app/mediadrmserver can call signRSA");
+  if (!sid || (!strstr(sid, ":mediashell_app:")
+              && !strstr(sid, ":mediadrmserver:")
+              && !strstr(sid, ":setupwraith_app:"))) {
+    ALOGE("Only mediashell/mediadrmserver/setupwraith_app can call signRSA, "
+          "but actually: %s", sid);
     _hidl_cb(Status::ERROR_DRM_UNKNOWN, hidl_vec<uint8_t>());
     return Void();
   }