From 534589fd2e0524ba880397c8fd32f7895abc4ad1 Mon Sep 17 00:00:00 2001 From: Lu Chen Date: Wed, 23 Mar 2022 20:03:39 -0700 Subject: [PATCH 1/3] Include SPOID in provisioning 4 request Merged from https://widevine-internal-review.googlesource.com/148554 This change was merged to master but missed in tm-dev when we stopped the auto merging to tm-dev. Manually cherry picked it. Test: ran OPK unit tests Bug: 230820162 Bug: 180530495 Change-Id: Ib23f07f84096650beb4dd1950105db01e004d484 --- .../core/include/certificate_provisioning.h | 8 ++- .../cdm/core/src/certificate_provisioning.cpp | 57 ++++++++++++++++--- 2 files changed, 55 insertions(+), 10 deletions(-) diff --git a/libwvdrmengine/cdm/core/include/certificate_provisioning.h b/libwvdrmengine/cdm/core/include/certificate_provisioning.h index 05c0cad5..8189958b 100644 --- a/libwvdrmengine/cdm/core/include/certificate_provisioning.h +++ b/libwvdrmengine/cdm/core/include/certificate_provisioning.h @@ -82,12 +82,18 @@ class CertificateProvisioning { const std::string& origin, const std::string& spoid, CdmProvisioningRequest* request, std::string* default_url); CdmResponseType GetProvisioning40RequestInternal( - wvutil::FileSystem* file_system, CdmProvisioningRequest* request, + wvutil::FileSystem* file_system, const std::string& origin, + const std::string& spoid, CdmProvisioningRequest* request, std::string* default_url); CdmResponseType FillEncryptedClientId( const std::string& client_token, video_widevine::ProvisioningRequest& provisioning_request, const ServiceCertificate& service_certificate); + CdmResponseType FillEncryptedClientIdWithAdditionalParameter( + const std::string& client_token, + const CdmAppParameterMap& additional_parameter, + video_widevine::ProvisioningRequest& provisioning_request, + const ServiceCertificate& service_certificate); CdmResponseType HandleProvisioning40Response( wvutil::FileSystem* file_system, const std::string& response_message); diff --git a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp index 2f2f2339..50ae4410 100644 --- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp +++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp @@ -57,6 +57,11 @@ const std::string kCpProductionServiceCertificate = wvutil::a2bs_hex( "8598ed5751b38694419242a875d9e00d5a5832933024b934859ec8be78adccbb" "1ec7127ae9afeef9c5cd2e15bd3048e8ce652f7d8c5d595a0323238c598a28"); +// Used in provisioning 4 client identification name value pairs. +const std::string kKeyAppParameterSpoid = "spoid"; +const std::string kKeyAppParameterProviderId = "provider_id"; +const std::string kKeyAppParameterStableId = "stable_id"; + // Retrieves |stored_oem_cert| from |file_handle|, and load the OEM private key // to |crypto_session|. Returns true if all operations are successful. bool RetrieveOemCertificateAndLoadPrivateKey(CryptoSession& crypto_session, @@ -212,7 +217,8 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequestInternal( if (crypto_session_->GetPreProvisionTokenType() == kClientTokenBootCertChain) { - return GetProvisioning40RequestInternal(file_system, request, default_url); + return GetProvisioning40RequestInternal(file_system, origin, spoid, request, + default_url); } // Prepare device provisioning request. @@ -304,7 +310,8 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequestInternal( } CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal( - wvutil::FileSystem* file_system, CdmProvisioningRequest* request, + wvutil::FileSystem* file_system, const std::string& origin, + const std::string& spoid, CdmProvisioningRequest* request, std::string* default_url) { if (!crypto_session_->IsOpen()) { LOGE("Crypto session is not open"); @@ -340,7 +347,27 @@ CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal( } } - CdmResponseType status = NO_ERROR; + // Retrieve the Spoid, but put it to the client identification instead, so it + // is encrypted. + CdmAppParameterMap additional_parameter; + CdmResponseType status = + SetSpoidParameter(origin, spoid, &provisioning_request); + if (status != NO_ERROR) return status; + if (provisioning_request.has_spoid()) { + additional_parameter[kKeyAppParameterSpoid] = provisioning_request.spoid(); + provisioning_request.clear_spoid(); + } + if (provisioning_request.has_provider_id()) { + additional_parameter[kKeyAppParameterProviderId] = + provisioning_request.provider_id(); + provisioning_request.clear_provider_id(); + } + if (provisioning_request.has_stable_id()) { + additional_parameter[kKeyAppParameterStableId] = + provisioning_request.stable_id(); + provisioning_request.clear_stable_id(); + } + if (stored_oem_cert.empty()) { // This is the first stage provisioning. default_url->assign(kProvisioningServerUrl + @@ -354,16 +381,18 @@ CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal( // Since |stored_oem_cert| is empty, the client identification token will be // retrieved from OEMCrypto, which is the BCC in this case. - status = FillEncryptedClientId(stored_oem_cert, provisioning_request, - wv_service_cert); + status = FillEncryptedClientIdWithAdditionalParameter( + stored_oem_cert, additional_parameter, provisioning_request, + wv_service_cert); if (status != NO_ERROR) return status; } else { // This is the second stage provisioning. default_url->assign(kProvisioningServerUrl); // Since |stored_oem_cert| is non-empty, it will be used as the client // identification token. - status = FillEncryptedClientId(stored_oem_cert, provisioning_request, - *service_certificate_); + status = FillEncryptedClientIdWithAdditionalParameter( + stored_oem_cert, additional_parameter, provisioning_request, + *service_certificate_); if (status != NO_ERROR) return status; } @@ -408,6 +437,17 @@ CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal( CdmResponseType CertificateProvisioning::FillEncryptedClientId( const std::string& client_token, ProvisioningRequest& provisioning_request, const ServiceCertificate& service_certificate) { + CdmAppParameterMap app_parameter; + return FillEncryptedClientIdWithAdditionalParameter( + client_token, app_parameter, provisioning_request, service_certificate); +} + +CdmResponseType +CertificateProvisioning::FillEncryptedClientIdWithAdditionalParameter( + const std::string& client_token, + const CdmAppParameterMap& additional_parameter, + ProvisioningRequest& provisioning_request, + const ServiceCertificate& service_certificate) { if (!crypto_session_->IsOpen()) { return UNKNOWN_ERROR; } @@ -418,8 +458,7 @@ CdmResponseType CertificateProvisioning::FillEncryptedClientId( if (status != NO_ERROR) return status; video_widevine::ClientIdentification client_id; - CdmAppParameterMap app_parameter; - status = id.Prepare(app_parameter, kEmptyString, &client_id); + status = id.Prepare(additional_parameter, kEmptyString, &client_id); if (status != NO_ERROR) return status; if (!service_certificate.has_certificate()) { From 1069ae39ccfdbdf35493623f1ac34a1f15d5514b Mon Sep 17 00:00:00 2001 From: Alex Dale Date: Mon, 2 May 2022 11:39:16 -0700 Subject: [PATCH 2/3] Resize OEMCrypto buffer-based results on success. [ Merge of http://go/wvgerrit/151191 ] Within the CDM and OEMCrypto tests, there were a few OEMCrypto function calls where the final size of the output buffers were not being resized. For several of these functions, an initial call is made with zero-length output buffers, expecting OEMCrypto to return ERROR_SHORT_BUFFER; followed by a call with buffers at least as large as specified by OEMCrypto. However, for some operations, OEMCrypto makes an estimate on the final size on the first call, specifying the exact size only after performing the operations. This is the case for the wrapped key returned by OEMCrypto_LoadProvisioning(). The provisioning response contains a padded + encrypted DRM key. OEMCrypto does not know the actual size of the key until decrypted, and the actual DRM key might be smaller. There was a OEMCrypto test for OEMCrypto_BuildInformation() which was enforcing the wrong behaviour. This has been updated. Bug: 230661565 Test: oemcrypto_test Change-Id: Iad297d56ffbb085894641fdf8698ce5fd18edbf2 --- .../cdm/core/src/crypto_session.cpp | 37 +++++------ .../core/src/oemcrypto_adapter_dynamic.cpp | 15 +++-- .../oemcrypto/test/oec_session_util.cpp | 16 ++++- .../oemcrypto/test/oemcrypto_test.cpp | 61 +++++++++++++------ 4 files changed, 85 insertions(+), 44 deletions(-) diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp index c4a65104..2c2c780d 100644 --- a/libwvdrmengine/cdm/core/src/crypto_session.cpp +++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp @@ -2099,6 +2099,11 @@ CdmResponseType CryptoSession::LoadProvisioning( metrics_, oemcrypto_load_provisioning_, status); }); + if (status == OEMCrypto_SUCCESS) { + wrapped_private_key->resize(wrapped_private_key_length); + return NO_ERROR; + } + wrapped_private_key->clear(); return MapOEMCryptoResult(status, LOAD_PROVISIONING_ERROR, "LoadProvisioning"); } @@ -2283,29 +2288,25 @@ bool CryptoSession::GetBuildInformation(RequestedSecurityLevel security_level, RequestedSecurityLevelToString(security_level)); RETURN_IF_UNINITIALIZED(false); RETURN_IF_NULL(info, false); - - OEMCryptoResult build_information; - std::string buf; - size_t buf_length = 0; - WithOecReadLock("GetBuildInformation", [&] { - build_information = - OEMCrypto_BuildInformation(&buf[0], &buf_length, security_level); + size_t info_length = 128; + info->assign(info_length, '\0'); + OEMCryptoResult result = WithOecReadLock("GetBuildInformation", [&] { + return OEMCrypto_BuildInformation(&info->front(), &info_length, + security_level); }); - if (build_information == OEMCrypto_ERROR_SHORT_BUFFER) { - buf.resize(buf_length); - WithOecReadLock("GetBuildInformation Attempt 2", [&] { - build_information = - OEMCrypto_BuildInformation(&buf[0], &buf_length, security_level); + if (result == OEMCrypto_ERROR_SHORT_BUFFER) { + info->assign(info_length, '\0'); + result = WithOecReadLock("GetBuildInformation Attempt 2", [&] { + return OEMCrypto_BuildInformation(&info->front(), &info_length, + security_level); }); } - - if (build_information == OEMCrypto_SUCCESS) { - *info = buf; - } else { - LOGE("Unexpected return value"); + if (result != OEMCrypto_SUCCESS) { + LOGE("GetBuildInformation failed: result = %d", result); + info->clear(); return false; } - + info->resize(info_length); return true; } diff --git a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp index 97c00d65..0a2ecc63 100644 --- a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp +++ b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp @@ -1737,14 +1737,19 @@ OEMCryptoResult OEMCrypto_BuildInformation( if (fcn->BuildInformation_V16 == nullptr) { return OEMCrypto_ERROR_NOT_IMPLEMENTED; } + if (buffer_length == nullptr) return OEMCrypto_ERROR_INVALID_CONTEXT; + if (buffer == nullptr && *buffer_length > 0) + return OEMCrypto_ERROR_INVALID_CONTEXT; + constexpr size_t kMaxBuildInfoLength = 128; const char* build_info = fcn->BuildInformation_V16(); - size_t max_length = strnlen(build_info, 128); - if (*buffer_length < max_length) { - *buffer_length = max_length; + if (build_info == nullptr) return OEMCrypto_ERROR_UNKNOWN_FAILURE; + const size_t build_info_length = strnlen(build_info, kMaxBuildInfoLength); + if (*buffer_length < build_info_length) { + *buffer_length = build_info_length; return OEMCrypto_ERROR_SHORT_BUFFER; } - *buffer_length = max_length; - memcpy(buffer, build_info, *buffer_length); + *buffer_length = build_info_length; + memcpy(buffer, build_info, build_info_length); return OEMCrypto_SUCCESS; } return fcn->BuildInformation(buffer, buffer_length); diff --git a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp index a01c1fd3..5e6f7ec7 100644 --- a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp +++ b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp @@ -237,6 +237,9 @@ RoundTrip:: // We need to fill in core request and verify signature only for calls other // than OEMCryptoMemory buffer overflow test. Any test other than buffer // overflow will pass true. + if (result == OEMCrypto_SUCCESS) { + gen_signature.resize(gen_signature_length); + } if (!verify_request || result != OEMCrypto_SUCCESS) return result; if (global_features.api_version >= kCoreMessagesAPI) { std::string core_message(reinterpret_cast(data.data()), @@ -466,11 +469,14 @@ OEMCryptoResult ProvisioningRoundTrip::LoadResponse(Session* session) { sizeof(response_data_)); } size_t wrapped_key_length = 0; - const OEMCryptoResult sts = LoadResponseNoRetry(session, &wrapped_key_length); + OEMCryptoResult sts = LoadResponseNoRetry(session, &wrapped_key_length); if (sts != OEMCrypto_ERROR_SHORT_BUFFER) return sts; - wrapped_rsa_key_.clear(); wrapped_rsa_key_.assign(wrapped_key_length, 0); - return LoadResponseNoRetry(session, &wrapped_key_length); + sts = LoadResponseNoRetry(session, &wrapped_key_length); + if (sts == OEMCrypto_SUCCESS) { + wrapped_rsa_key_.resize(wrapped_key_length); + } + return sts; } #ifdef TEST_OEMCRYPTO_V15 @@ -1589,6 +1595,7 @@ void Session::LoadOEMCert(bool verify_cert) { public_cert.resize(public_cert_length); ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_GetOEMPublicCertificate( public_cert.data(), &public_cert_length)); + public_cert.resize(public_cert_length); ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_LoadOEMPrivateKey(session_id())); // The cert is a PKCS7 signed data type. First, parse it into an OpenSSL @@ -1871,6 +1878,8 @@ void Session::UpdateUsageEntry(std::vector* header_buffer) { OEMCrypto_UpdateUsageEntry( session_id(), header_buffer->data(), &header_buffer_length, encrypted_usage_entry_.data(), &entry_buffer_length)); + header_buffer->resize(header_buffer_length); + encrypted_usage_entry_.resize(entry_buffer_length); } void Session::LoadUsageEntry(uint32_t index, const vector& buffer) { @@ -1915,6 +1924,7 @@ void Session::GenerateReport(const std::string& pst, if (expected_result != OEMCrypto_SUCCESS) { return; } + pst_report_buffer_.resize(length); EXPECT_EQ(wvutil::Unpacked_PST_Report::report_size(pst.length()), length); vector computed_signature(SHA_DIGEST_LENGTH); key_deriver_.ClientSignPstReport(pst_report_buffer_, &computed_signature); diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp index c011dcdf..7a2e5147 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp @@ -308,6 +308,9 @@ TEST_F(OEMCryptoClientTest, VersionNumber) { sts = OEMCrypto_BuildInformation(&build_info[0], &buf_length); } ASSERT_EQ(OEMCrypto_SUCCESS, sts); + if (build_info.size() != buf_length) { + build_info.resize(buf_length); + } cout << " BuildInformation: " << build_info << endl; OEMCrypto_WatermarkingSupport support = OEMCrypto_GetWatermarkingSupport(); cout << " WatermarkingSupport: " << support << endl; @@ -484,7 +487,23 @@ TEST_F(OEMCryptoClientTest, CheckNullBuildInformationAPI17) { ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT, sts); size_t buf_length = 0; sts = OEMCrypto_BuildInformation(nullptr, &buf_length); - ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT, sts); + // Previous versions of the test expected the wrong error code. + // Although OEMCrypto_ERROR_INVALID_CONTEXT is still accepted by + // the tests, vendors should return OEMCrypto_ERROR_SHORT_BUFFER if + // |buffer| is null and |buf_length| is zero, assigning + // the correct length to |buf_length|. + // TODO(231514699): Remove case for ERROR_INVALID_CONTEXT. + ASSERT_TRUE(OEMCrypto_ERROR_SHORT_BUFFER == sts || + OEMCrypto_ERROR_INVALID_CONTEXT == sts); + if (sts == OEMCrypto_ERROR_INVALID_CONTEXT) { + printf( + "Warning: OEMCrypto_BuildInformation should return " + "ERROR_SHORT_BUFFER.\n"); + } + if (sts == OEMCrypto_ERROR_SHORT_BUFFER) { + constexpr size_t kZero = 0; + ASSERT_GT(buf_length, kZero); + } } TEST_F(OEMCryptoClientTest, CheckMaxNumberOfSessionsAPI10) { @@ -988,9 +1007,9 @@ TEST_F(OEMCryptoKeyboxTest, NormalGetDeviceId) { uint8_t dev_id[128] = {0}; size_t dev_id_len = 128; sts = OEMCrypto_GetDeviceID(dev_id, &dev_id_len); + ASSERT_EQ(OEMCrypto_SUCCESS, sts); cout << " NormalGetDeviceId: dev_id = " << MaybeHex(dev_id, dev_id_len) << " len = " << dev_id_len << endl; - ASSERT_EQ(OEMCrypto_SUCCESS, sts); } TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryGetDeviceIdForHugeIdLength) { @@ -1133,7 +1152,6 @@ TEST_F(OEMCryptoProv30Test, GetDeviceId) { dev_id.resize(dev_id_len); cout << " NormalGetDeviceId: dev_id = " << MaybeHex(dev_id) << " len = " << dev_id_len << endl; - ASSERT_EQ(OEMCrypto_SUCCESS, sts); } // The OEM certificate must be valid. @@ -1333,6 +1351,9 @@ TEST_F(OEMCryptoProv40Test, GenerateCertificateKeyPairSuccess) { public_key_signature.data(), &public_key_signature_size, wrapped_private_key.data(), &wrapped_private_key_size, &key_type), OEMCrypto_SUCCESS); + public_key.resize(public_key_size); + public_key_signature.resize(public_key_signature_size); + wrapped_private_key.resize(wrapped_private_key_size); // Parse the public key generated to make sure it is correctly formatted. if (key_type == OEMCrypto_PrivateKeyType::OEMCrypto_RSA_Private_Key) { ASSERT_NO_FATAL_FAILURE( @@ -1543,6 +1564,7 @@ class OEMCryptoSessionTests : public OEMCryptoClientTest { &header_buffer_length); if (expect_success) { ASSERT_EQ(OEMCrypto_SUCCESS, sts); + encrypted_usage_header_.resize(header_buffer_length); } else { ASSERT_NE(OEMCrypto_SUCCESS, sts); } @@ -6065,11 +6087,10 @@ TEST_F(OEMCryptoLoadsCertificate, RSAPerformance) { licenseRequest.size()); } - uint8_t* signature = new uint8_t[signature_length]; - sts = OEMCrypto_GenerateRSASignature(s.session_id(), licenseRequest.data(), - licenseRequest.size(), signature, - &signature_length, kSign_RSASSA_PSS); - delete[] signature; + std::vector signature(signature_length, 0); + sts = OEMCrypto_GenerateRSASignature( + s.session_id(), licenseRequest.data(), licenseRequest.size(), + signature.data(), &signature_length, kSign_RSASSA_PSS); ASSERT_EQ(OEMCrypto_SUCCESS, sts); count++; } @@ -6243,7 +6264,7 @@ class OEMCryptoLoadsCertificateAlternates : public OEMCryptoLoadsCertificate { EXPECT_NE(OEMCrypto_SUCCESS, sts) << "Signed with forbidden padding scheme=" << (int)scheme << ", size=" << (int)size; - vector zero(signature_length, 0); + const vector zero(signature.size(), 0); ASSERT_EQ(zero, signature); // signature should not be computed. } @@ -6265,19 +6286,19 @@ class OEMCryptoLoadsCertificateAlternates : public OEMCryptoLoadsCertificate { ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, sts); ASSERT_NE(static_cast(0), signature_length); - uint8_t* signature = new uint8_t[signature_length]; - sts = OEMCrypto_GenerateRSASignature(s.session_id(), licenseRequest.data(), - licenseRequest.size(), signature, - &signature_length, scheme); + std::vector signature(signature_length, 0); + sts = OEMCrypto_GenerateRSASignature( + s.session_id(), licenseRequest.data(), licenseRequest.size(), + signature.data(), &signature_length, scheme); ASSERT_EQ(OEMCrypto_SUCCESS, sts) << "Failed to sign with padding scheme=" << (int)scheme - << ", size=" << (int)size; + << ", size=" << size; + signature.resize(signature_length); ASSERT_NO_FATAL_FAILURE( s.PreparePublicKey(encoded_rsa_key_.data(), encoded_rsa_key_.size())); - ASSERT_NO_FATAL_FAILURE(s.VerifyRSASignature(licenseRequest, signature, - signature_length, scheme)); - delete[] signature; + ASSERT_NO_FATAL_FAILURE(s.VerifyRSASignature( + licenseRequest, signature.data(), signature_length, scheme)); } void DisallowDeriveKeys() { @@ -6622,7 +6643,8 @@ class OEMCryptoCastReceiverTest : public OEMCryptoLoadsCertificateAlternates { ASSERT_EQ(OEMCrypto_SUCCESS, sts) << "Failed to sign with padding scheme=" << (int)scheme - << ", size=" << (int)message.size(); + << ", size=" << message.size(); + signature.resize(signature_length); ASSERT_NO_FATAL_FAILURE( s.PreparePublicKey(encoded_rsa_key_.data(), encoded_rsa_key_.size())); @@ -9393,6 +9415,9 @@ class OEMCryptoUsageTableDefragTest : public OEMCryptoUsageTableTest { new_size, encrypted_usage_header_.data(), &header_buffer_length); // For the second call, we always demand the expected result. ASSERT_EQ(expected_result, sts); + if (sts == OEMCrypto_SUCCESS) { + encrypted_usage_header_.resize(header_buffer_length); + } } }; From af5f57a46cd210258748e04fd7b1af8f29525a12 Mon Sep 17 00:00:00 2001 From: Edwin Wong Date: Fri, 29 Apr 2022 20:31:18 +0000 Subject: [PATCH 3/3] Only use libbinder_ndk for aidl service. [ Merged from http://go/wvgerrit/151169 ] Test: Netflix and Google TV streaming and downloaded playback Test: unit tests Test: atest VtsAidlHalDrmTargetTest Test: adb shell readelf -d /vendor/bin/hw/android.hardware.drm-service.widevine Test: adb shell readelf -d /vendor/lib64/libwvaidl.so Bug: 230791937 Change-Id: Ia60d9fc838bf228b40d99b076a837ae789fa2d03 --- libwvdrmengine/Android.bp | 20 ++++++++++++------- libwvdrmengine/aidl_src/WVDrmFactory.cpp | 6 ++---- libwvdrmengine/aidl_src/service.cpp | 3 ++- libwvdrmengine/aidl_src/serviceLazy.cpp | 3 ++- libwvdrmengine/cdm/test/coverage-test.mk | 2 +- libwvdrmengine/cdm/test/integration-test.mk | 2 +- libwvdrmengine/cdm/test/unit-test.mk | 2 +- libwvdrmengine/cdm/util/src/log.cpp | 8 ++++---- libwvdrmengine/mediadrm/Android.bp | 1 - .../mediadrm/aidl_src/WVDrmPlugin.cpp | 4 ++-- libwvdrmengine/mediadrm/test/Android.mk | 2 +- libwvdrmengine/oemcrypto/test/common.mk | 2 +- libwvdrmengine/vts/vendor_module/Android.bp | 2 +- 13 files changed, 31 insertions(+), 26 deletions(-) diff --git a/libwvdrmengine/Android.bp b/libwvdrmengine/Android.bp index 3ddef22d..1cb3d02c 100644 --- a/libwvdrmengine/Android.bp +++ b/libwvdrmengine/Android.bp @@ -107,10 +107,10 @@ cc_defaults { "android.hardware.drm@1.2", "android.hardware.drm@1.3", "libbase", + "libbinder", "libhidlbase", "liblog", "libutils", - "libbinder", ], } @@ -131,7 +131,6 @@ cc_defaults { "libbase", "libbinder_ndk", "liblog", - "libhwbinder", "libutils", "libwvaidl", ], @@ -261,7 +260,11 @@ cc_binary { srcs: ["aidl_src/service.cpp"], - shared_libs: ["libbinder"], + include_dirs: [ + "frameworks/native/libs/binder/include", + ], + + shared_libs: ["libbinder_ndk"], init_rc: ["aidl_src/android.hardware.drm-service.widevine.rc"], vintf_fragments: ["manifest_android.hardware.drm-service.widevine.xml"], @@ -280,7 +283,11 @@ cc_binary { srcs: ["aidl_src/serviceLazy.cpp"], - shared_libs: ["libbinder"], + include_dirs: [ + "frameworks/native/libs/binder/include", + ], + + shared_libs: ["libbinder_ndk"], init_rc: ["aidl_src/android.hardware.drm-service-lazy.widevine.rc"], vintf_fragments: ["manifest_android.hardware.drm-service.widevine.xml"], @@ -324,7 +331,7 @@ cc_library_static { ], shared_libs: [ - "libbinder", + "libbinder_ndk", "libcrypto", "libhidlbase", "liblog", @@ -358,7 +365,7 @@ cc_library_static { ], shared_libs: [ - "libbinder", + "libbinder_ndk", "libcrypto", "libhidlbase", "liblog", @@ -520,7 +527,6 @@ cc_library_shared { shared_libs: [ "android.hardware.drm-V1-ndk", "libbase", - "libbinder", "libbinder_ndk", "libcrypto", "libcutils", diff --git a/libwvdrmengine/aidl_src/WVDrmFactory.cpp b/libwvdrmengine/aidl_src/WVDrmFactory.cpp index 537409cd..fed48a64 100644 --- a/libwvdrmengine/aidl_src/WVDrmFactory.cpp +++ b/libwvdrmengine/aidl_src/WVDrmFactory.cpp @@ -49,8 +49,7 @@ bool WVDrmFactory::isCryptoSchemeSupported(const Uuid& in_uuid) { const std::vector& in_initData, std::shared_ptr<::aidl::android::hardware::drm::ICryptoPlugin>* _aidl_return) { - const auto& self = android::IPCThreadState::self(); - const char* sid = self->getCallingSid(); + const char* sid = AIBinder_getCallingSid(); sid = sid ? (std::strstr(sid, "mediadrmserver") ? sid : "app") : "nullptr"; ALOGI("[%s] calling %s", sid, __PRETTY_FUNCTION__); @@ -73,8 +72,7 @@ bool WVDrmFactory::isCryptoSchemeSupported(const Uuid& in_uuid) { ::ndk::ScopedAStatus WVDrmFactory::createDrmPlugin( const Uuid& in_uuid, const string& in_appPackageName, std::shared_ptr<::aidl::android::hardware::drm::IDrmPlugin>* _aidl_return) { - const auto& self = ::android::IPCThreadState::self(); - const char* sid = self->getCallingSid(); + const char* sid = AIBinder_getCallingSid(); sid = sid ? (std::strstr(sid, "mediadrmserver") ? sid : "app") : "nullptr"; ALOGI("[%s][%s] calling %s", sid, in_appPackageName.c_str(), __PRETTY_FUNCTION__); diff --git a/libwvdrmengine/aidl_src/service.cpp b/libwvdrmengine/aidl_src/service.cpp index 5670fae2..d6f39630 100644 --- a/libwvdrmengine/aidl_src/service.cpp +++ b/libwvdrmengine/aidl_src/service.cpp @@ -19,7 +19,6 @@ #include #include #include -#include #include "WVCreatePluginFactories.h" #include "WVDrmFactory.h" @@ -31,6 +30,8 @@ int main(int /* argc */, char** /* argv */) { ABinderProcess_setThreadPoolMaxThreadCount(8); std::shared_ptr drmFactory = createDrmFactory(); + AIBinder_setRequestingSid(drmFactory->asBinder().get(), true); + const std::string drmInstance = std::string(WVDrmFactory::descriptor) + "/widevine"; binder_status_t status = AServiceManager_addService( diff --git a/libwvdrmengine/aidl_src/serviceLazy.cpp b/libwvdrmengine/aidl_src/serviceLazy.cpp index 33a082ad..0bbb00d9 100644 --- a/libwvdrmengine/aidl_src/serviceLazy.cpp +++ b/libwvdrmengine/aidl_src/serviceLazy.cpp @@ -19,7 +19,6 @@ #include #include #include -#include #include "WVCreatePluginFactories.h" #include "WVDrmFactory.h" @@ -31,6 +30,8 @@ int main(int /* argc */, char** /* argv */) { ABinderProcess_setThreadPoolMaxThreadCount(8); std::shared_ptr drmFactory = createDrmFactory(); + AIBinder_setRequestingSid(drmFactory->asBinder().get(), true); + const std::string drmInstance = std::string(WVDrmFactory::descriptor) + "/widevine"; binder_status_t status = AServiceManager_registerLazyService( diff --git a/libwvdrmengine/cdm/test/coverage-test.mk b/libwvdrmengine/cdm/test/coverage-test.mk index d511a072..963ec633 100644 --- a/libwvdrmengine/cdm/test/coverage-test.mk +++ b/libwvdrmengine/cdm/test/coverage-test.mk @@ -9,7 +9,7 @@ HIDL_EXTENSION := _hidl LIB_BINDER := libhidlbase else HIDL_EXTENSION := -LIB_BINDER := libbinder +LIB_BINDER := libbinder_ndk endif LOCAL_LICENSE_CONDITIONS := by_exception_only diff --git a/libwvdrmengine/cdm/test/integration-test.mk b/libwvdrmengine/cdm/test/integration-test.mk index b5638969..3eb314c8 100644 --- a/libwvdrmengine/cdm/test/integration-test.mk +++ b/libwvdrmengine/cdm/test/integration-test.mk @@ -12,7 +12,7 @@ HIDL_EXTENSION := _hidl LIB_BINDER := libhidlbase else HIDL_EXTENSION := -LIB_BINDER := libbinder +LIB_BINDER := libbinder_ndk endif LOCAL_MODULE := $(test_name) diff --git a/libwvdrmengine/cdm/test/unit-test.mk b/libwvdrmengine/cdm/test/unit-test.mk index f0e26743..8b099d9c 100644 --- a/libwvdrmengine/cdm/test/unit-test.mk +++ b/libwvdrmengine/cdm/test/unit-test.mk @@ -12,7 +12,7 @@ HIDL_EXTENSION := _hidl LIB_BINDER := libhidlbase else HIDL_EXTENSION := -LIB_BINDER := libbinder +LIB_BINDER := libbinder_ndk endif LOCAL_MODULE := $(test_name) diff --git a/libwvdrmengine/cdm/util/src/log.cpp b/libwvdrmengine/cdm/util/src/log.cpp index d9fc58ae..c8598bf2 100644 --- a/libwvdrmengine/cdm/util/src/log.cpp +++ b/libwvdrmengine/cdm/util/src/log.cpp @@ -26,7 +26,7 @@ #ifdef IS_HIDL # include #else // AIDL is the default -# include +# include #endif #include #include @@ -82,10 +82,10 @@ uint32_t GetLoggingUid() { return tl_logging_uid_; } uint32_t GetIpcCallingUid() { #ifdef IS_HIDL const auto self = android::hardware::IPCThreadState::selfOrNull(); -#else // AIDL is the default - const auto self = android::IPCThreadState::selfOrNull(); -#endif return self ? self->getCallingUid() : UNKNOWN_UID; +#else // AIDL is the default + return AIBinder_getCallingUid(); +#endif } void InitLogging() {} diff --git a/libwvdrmengine/mediadrm/Android.bp b/libwvdrmengine/mediadrm/Android.bp index 091e5b0e..5552dede 100644 --- a/libwvdrmengine/mediadrm/Android.bp +++ b/libwvdrmengine/mediadrm/Android.bp @@ -102,7 +102,6 @@ cc_library_static { shared_libs: [ "libbase", - "libbinder", "libbinder_ndk", "libcrypto", "liblog", diff --git a/libwvdrmengine/mediadrm/aidl_src/WVDrmPlugin.cpp b/libwvdrmengine/mediadrm/aidl_src/WVDrmPlugin.cpp index 9556a8e0..8600c26d 100644 --- a/libwvdrmengine/mediadrm/aidl_src/WVDrmPlugin.cpp +++ b/libwvdrmengine/mediadrm/aidl_src/WVDrmPlugin.cpp @@ -10,6 +10,7 @@ #include "WVDrmPlugin.h" #include +#include #include #include #include @@ -1634,8 +1635,7 @@ Status WVDrmPlugin::unprovisionDevice() { return toNdkScopedAStatus(Status::BAD_VALUE); } - const auto& self = android::IPCThreadState::self(); - const char* sid = self->getCallingSid(); + const char* sid = AIBinder_getCallingSid(); if (!sid || (!strstr(sid, ":mediashell_app:") && !strstr(sid, ":mediadrmserver:") && !strstr(sid, ":setupwraith_app:"))) { diff --git a/libwvdrmengine/mediadrm/test/Android.mk b/libwvdrmengine/mediadrm/test/Android.mk index f9500ee4..41386199 100644 --- a/libwvdrmengine/mediadrm/test/Android.mk +++ b/libwvdrmengine/mediadrm/test/Android.mk @@ -39,7 +39,7 @@ LOCAL_SHARED_LIBRARIES := \ android.hardware.drm@1.3 \ android.hardware.drm@1.4 \ android.hidl.memory@1.0 \ - libbinder \ + libbinder_ndk \ libbase \ libcrypto \ libdl \ diff --git a/libwvdrmengine/oemcrypto/test/common.mk b/libwvdrmengine/oemcrypto/test/common.mk index 7b3991c9..fb173896 100644 --- a/libwvdrmengine/oemcrypto/test/common.mk +++ b/libwvdrmengine/oemcrypto/test/common.mk @@ -6,7 +6,7 @@ HIDL_EXTENSION := _hidl LIB_BINDER := libhidlbase else HIDL_EXTENSION := -LIB_BINDER := libbinder +LIB_BINDER := libbinder_ndk endif ifeq ($(filter mips mips64, $(TARGET_ARCH)),) diff --git a/libwvdrmengine/vts/vendor_module/Android.bp b/libwvdrmengine/vts/vendor_module/Android.bp index c14e1f09..9610dfe6 100644 --- a/libwvdrmengine/vts/vendor_module/Android.bp +++ b/libwvdrmengine/vts/vendor_module/Android.bp @@ -57,7 +57,7 @@ cc_library_shared { shared_libs: [ "libbase", - "libbinder", + "libbinder_ndk", "libcrypto", "liblog", "libssl",