From c33960cb7c06f73a728547540016052949753705 Mon Sep 17 00:00:00 2001 From: Cong Lin Date: Mon, 11 Mar 2024 10:35:18 -0700 Subject: [PATCH 1/4] Fix default cipher mode for CAS unit test [ Merge of http://go/wvgerrit/194571 ] Default to OEMCrypto_CipherMode_CBC instead of OEMCrypto_CipherMode_CENC which is not used by CAS. Test: CAS unit tests Bug: 325639114 Bug: 322928572 Merged from https://widevine-internal-review.googlesource.com/193650 Change-Id: I8876d5262643015fb6a322eae6444ef4001d146d --- libwvdrmengine/oemcrypto/test/oec_session_util.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp index 36db07a6..4ffb714e 100644 --- a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp +++ b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp @@ -1414,6 +1414,7 @@ void EntitledMessage::LoadCasKeys(bool load_even, bool load_odd, even_key.content_key_data_iv = entitled_key_array_[0].content_key_data_iv; even_key.content_key_data = entitled_key_array_[0].content_key_data; even_key.content_iv = entitled_key_array_[0].content_iv; + even_key.cipher_mode = OEMCrypto_CipherMode_CBC; } if (has_odd) { odd_key.entitlement_key_id = entitled_key_array_[1].entitlement_key_id; @@ -1421,6 +1422,7 @@ void EntitledMessage::LoadCasKeys(bool load_even, bool load_odd, odd_key.content_key_data_iv = entitled_key_array_[1].content_key_data_iv; odd_key.content_key_data = entitled_key_array_[1].content_key_data; odd_key.content_iv = entitled_key_array_[1].content_iv; + odd_key.cipher_mode = OEMCrypto_CipherMode_CBC; } OEMCryptoResult sts = OEMCrypto_LoadCasECMKeys( From 95b50d39ba12380eb90dc1de56d942808ae6c57b Mon Sep 17 00:00:00 2001 From: Jacob Trimble Date: Mon, 3 Apr 2023 17:55:19 +0000 Subject: [PATCH 2/4] Add SCP support for Android files SCP uses the JNI headers in generated code, so several targets need the include path; this will have no effect on non-SCP builds. Also, in "protected" builds, there is a generated library that needs to be linked in the final binary, but this doesn't exist in the "analysis" step; we create an empty static library if it doesn't exist so it works on all cases. Merged from https://widevine-internal-review.googlesource.com/169850 Merged from https://widevine-internal-review.googlesource.com/176177 Bug: 262635528 Change-Id: Ib676d55efbcbec81de9c3123bc70afb570d6caa5 (cherry picked from commit b9482eb23c261788a4432de7566f1b1de1cf9379) --- libwvdrmengine/Android.bp | 83 +++++++++++++++++++++++++++++- libwvdrmengine/cdm/Android.bp | 5 +- libwvdrmengine/copy_scp_runtime.sh | 11 ++++ libwvdrmengine/level3/Android.bp | 3 ++ 4 files changed, 100 insertions(+), 2 deletions(-) create mode 100755 libwvdrmengine/copy_scp_runtime.sh diff --git a/libwvdrmengine/Android.bp b/libwvdrmengine/Android.bp index 4e21fc5f..1f58ec20 100644 --- a/libwvdrmengine/Android.bp +++ b/libwvdrmengine/Android.bp @@ -220,6 +220,7 @@ cc_library_static { ], header_libs: [ + "jni_headers", "libbase_headers", "libutils_headers", ], @@ -252,6 +253,82 @@ filegroup { ], } +genrule { + name: "libscp_runtime_genrule_x86", + + srcs: [ + "copy_scp_runtime.sh", + ], + out: [ + "libscp_runtime_x86.a", + ], + cmd: "$(in) libscp_runtime_x86.a $(out)", +} + +genrule { + name: "libscp_runtime_genrule_x64", + + srcs: [ + "copy_scp_runtime.sh", + ], + out: [ + "libscp_runtime_x64.a", + ], + cmd: "$(in) libscp_runtime_x86_64.a $(out)", +} + +genrule { + name: "libscp_runtime_genrule_arm", + + srcs: [ + "copy_scp_runtime.sh", + ], + out: [ + "libscp_runtime_arm.a", + ], + cmd: "$(in) libscp_runtime_armeabi-v7a.a $(out)", +} + +genrule { + name: "libscp_runtime_genrule_arm64", + + srcs: [ + "copy_scp_runtime.sh", + ], + out: [ + "libscp_runtime_arm64.a", + ], + cmd: "$(in) libscp_runtime_arm64-v8a.a $(out)", +} + +cc_prebuilt_library_static { + name: "libscp_runtime", + + vendor_available: true, + arch: { + x86: { + srcs: [ + ":libscp_runtime_genrule_x86", + ], + }, + x86_64: { + srcs: [ + ":libscp_runtime_genrule_x64", + ], + }, + arm: { + srcs: [ + ":libscp_runtime_genrule_arm", + ], + }, + arm64: { + srcs: [ + ":libscp_runtime_genrule_arm64", + ], + }, + }, +} + // ---------------------------------------------------------------------------- // Builds libwvaidl.so // @@ -293,6 +370,7 @@ cc_library { "libprotobuf-cpp-lite", "libutils", "libwv_odk", + "libscp_runtime", "libwvdrmcryptoplugin_aidl", "libwvdrmdrmplugin_aidl", "libwvlevel3", @@ -309,7 +387,10 @@ cc_library { "wv_media_drm_flags_c_lib", ], - header_libs: ["libstagefright_foundation_headers"], + header_libs: [ + "jni_headers", + "libstagefright_foundation_headers", + ], owner: "widevine", diff --git a/libwvdrmengine/cdm/Android.bp b/libwvdrmengine/cdm/Android.bp index 2e6d1c1c..3aa28d58 100644 --- a/libwvdrmengine/cdm/Android.bp +++ b/libwvdrmengine/cdm/Android.bp @@ -38,7 +38,10 @@ cc_library_static { "external/protobuf/src", ], - header_libs: ["libutils_headers"], + header_libs: [ + "jni_headers", + "libutils_headers", + ], static_libs: ["libcdm_protos"], shared_libs: ["libcrypto"], diff --git a/libwvdrmengine/copy_scp_runtime.sh b/libwvdrmengine/copy_scp_runtime.sh new file mode 100755 index 00000000..36228ea4 --- /dev/null +++ b/libwvdrmengine/copy_scp_runtime.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +# During the protection step, there will be a "libscp_runtime*.a" file in the +# root directory; link it to a different folder so it can be loaded with +# cc_prebuilt_library_static. During the analysis step, it doesn't exist, so +# create a placeholder archive. + +if [[ ! -e $1 ]]; then + printf '!\n' >"$1" +fi +cp "$1" "$2" diff --git a/libwvdrmengine/level3/Android.bp b/libwvdrmengine/level3/Android.bp index 272763bf..2ac99a52 100644 --- a/libwvdrmengine/level3/Android.bp +++ b/libwvdrmengine/level3/Android.bp @@ -44,6 +44,9 @@ cc_library_static { "vendor/widevine/libwvdrmengine/oemcrypto/odk/include", "vendor/widevine/libwvdrmengine/oemcrypto/odk/src", ], + header_libs: [ + "jni_headers", + ], srcs: [ "src/generate_entropy_android.cpp", From e24c8dcb8660886176ac46c3de66a76893ffd899 Mon Sep 17 00:00:00 2001 From: Rahul Frias Date: Wed, 17 Apr 2024 01:33:26 +0000 Subject: [PATCH 3/4] Revert "Add SCP support for Android files" This reverts commit 95b50d39ba12380eb90dc1de56d942808ae6c57b. Reason for revert: Rikers changes should go on main. We can decide that partner OEMs can pick up this feature for V once it has been well tested on main. Change-Id: I129303cbc86e267aba013a7c314724e51477dc82 --- libwvdrmengine/Android.bp | 83 +----------------------------- libwvdrmengine/cdm/Android.bp | 5 +- libwvdrmengine/copy_scp_runtime.sh | 11 ---- libwvdrmengine/level3/Android.bp | 3 -- 4 files changed, 2 insertions(+), 100 deletions(-) delete mode 100755 libwvdrmengine/copy_scp_runtime.sh diff --git a/libwvdrmengine/Android.bp b/libwvdrmengine/Android.bp index 1f58ec20..4e21fc5f 100644 --- a/libwvdrmengine/Android.bp +++ b/libwvdrmengine/Android.bp @@ -220,7 +220,6 @@ cc_library_static { ], header_libs: [ - "jni_headers", "libbase_headers", "libutils_headers", ], @@ -253,82 +252,6 @@ filegroup { ], } -genrule { - name: "libscp_runtime_genrule_x86", - - srcs: [ - "copy_scp_runtime.sh", - ], - out: [ - "libscp_runtime_x86.a", - ], - cmd: "$(in) libscp_runtime_x86.a $(out)", -} - -genrule { - name: "libscp_runtime_genrule_x64", - - srcs: [ - "copy_scp_runtime.sh", - ], - out: [ - "libscp_runtime_x64.a", - ], - cmd: "$(in) libscp_runtime_x86_64.a $(out)", -} - -genrule { - name: "libscp_runtime_genrule_arm", - - srcs: [ - "copy_scp_runtime.sh", - ], - out: [ - "libscp_runtime_arm.a", - ], - cmd: "$(in) libscp_runtime_armeabi-v7a.a $(out)", -} - -genrule { - name: "libscp_runtime_genrule_arm64", - - srcs: [ - "copy_scp_runtime.sh", - ], - out: [ - "libscp_runtime_arm64.a", - ], - cmd: "$(in) libscp_runtime_arm64-v8a.a $(out)", -} - -cc_prebuilt_library_static { - name: "libscp_runtime", - - vendor_available: true, - arch: { - x86: { - srcs: [ - ":libscp_runtime_genrule_x86", - ], - }, - x86_64: { - srcs: [ - ":libscp_runtime_genrule_x64", - ], - }, - arm: { - srcs: [ - ":libscp_runtime_genrule_arm", - ], - }, - arm64: { - srcs: [ - ":libscp_runtime_genrule_arm64", - ], - }, - }, -} - // ---------------------------------------------------------------------------- // Builds libwvaidl.so // @@ -370,7 +293,6 @@ cc_library { "libprotobuf-cpp-lite", "libutils", "libwv_odk", - "libscp_runtime", "libwvdrmcryptoplugin_aidl", "libwvdrmdrmplugin_aidl", "libwvlevel3", @@ -387,10 +309,7 @@ cc_library { "wv_media_drm_flags_c_lib", ], - header_libs: [ - "jni_headers", - "libstagefright_foundation_headers", - ], + header_libs: ["libstagefright_foundation_headers"], owner: "widevine", diff --git a/libwvdrmengine/cdm/Android.bp b/libwvdrmengine/cdm/Android.bp index 3aa28d58..2e6d1c1c 100644 --- a/libwvdrmengine/cdm/Android.bp +++ b/libwvdrmengine/cdm/Android.bp @@ -38,10 +38,7 @@ cc_library_static { "external/protobuf/src", ], - header_libs: [ - "jni_headers", - "libutils_headers", - ], + header_libs: ["libutils_headers"], static_libs: ["libcdm_protos"], shared_libs: ["libcrypto"], diff --git a/libwvdrmengine/copy_scp_runtime.sh b/libwvdrmengine/copy_scp_runtime.sh deleted file mode 100755 index 36228ea4..00000000 --- a/libwvdrmengine/copy_scp_runtime.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -# During the protection step, there will be a "libscp_runtime*.a" file in the -# root directory; link it to a different folder so it can be loaded with -# cc_prebuilt_library_static. During the analysis step, it doesn't exist, so -# create a placeholder archive. - -if [[ ! -e $1 ]]; then - printf '!\n' >"$1" -fi -cp "$1" "$2" diff --git a/libwvdrmengine/level3/Android.bp b/libwvdrmengine/level3/Android.bp index 2ac99a52..272763bf 100644 --- a/libwvdrmengine/level3/Android.bp +++ b/libwvdrmengine/level3/Android.bp @@ -44,9 +44,6 @@ cc_library_static { "vendor/widevine/libwvdrmengine/oemcrypto/odk/include", "vendor/widevine/libwvdrmengine/oemcrypto/odk/src", ], - header_libs: [ - "jni_headers", - ], srcs: [ "src/generate_entropy_android.cpp", From 1caf26737b55ead61cd2b4f744f28d6c259b84e4 Mon Sep 17 00:00:00 2001 From: Spandan Das Date: Thu, 18 Apr 2024 17:07:45 +0000 Subject: [PATCH 4/4] Use prefer for source vs prebuilts selection of widevine widevine currenty uses `use_source_config_var` and product variables to ensure that products gets the correct selection of source or prebuilts of widevine apex. `use_source_config_var` is being deprecated from Soong to unfiy the mechanisms for source vs prebuilt selection. This CL transitions widevine to a different mechanism `prefer` for prebuilt selection to aid the deprecation. Test: lunch cf_x86_64_phone-trunk_staging-userdebug; m nothing; aninja -t path droid vendor/widevine/libwvdrmengine/apex/prebuilt/com.google.android.widevine.nonupdatable.apks; // no path exists, i.e. uses source Test: lunch osprey-trunk_staging-userdebug; m nothing; aninja -t path droid vendor/widevine/libwvdrmengine/apex/prebuilt/com.google.android.widevine.nonupdatable.apks; // path exists; i.e. uses prebuilts Bug: 332379718 Change-Id: I78800aee49f1de83ea2ce8160923362871806d87 --- libwvdrmengine/apex/prebuilt/Android.bp | 28 ++++++++++++++++++------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/libwvdrmengine/apex/prebuilt/Android.bp b/libwvdrmengine/apex/prebuilt/Android.bp index bb2aaef3..7aff21f3 100644 --- a/libwvdrmengine/apex/prebuilt/Android.bp +++ b/libwvdrmengine/apex/prebuilt/Android.bp @@ -25,27 +25,39 @@ package { default_applicable_licenses: ["vendor_widevine_license"], } -apex_set { +soong_config_module_type { + name: "widevine_apex_set", + module_type: "apex_set", + config_namespace: "widevine", + bool_variables: ["source_build"], + properties: ["prefer"], +} + +widevine_apex_set { name: "com.google.android.widevine.nonupdatable", apex_name: "com.google.android.widevine", owner: "google", set: "com.google.android.widevine.nonupdatable.apks", vendor: true, - use_source_config_var: { - config_namespace: "widevine", - var_name: "source_build", + prefer: true, + soong_config_variables: { + source_build: { + prefer: false, + }, }, } -apex_set { +widevine_apex_set { name: "com.google.android.widevine.lazy", apex_name: "com.google.android.widevine.lazy", owner: "google", set: "com.google.android.widevine.lazy.apks", vendor: true, - use_source_config_var: { - config_namespace: "widevine", - var_name: "source_build", + prefer: true, + soong_config_variables: { + source_build: { + prefer: false, + }, }, }