Added an OTA keybox provisioner.

[ Merge of http://go/wvgerrit/133729 ] [ Cherry pick of http://ag/15836224 ] The OtaKeyboxProvisioner is a system-wide provisioner for sharing the provisioning workflow between CDM engines. Bug: 189232882 Test: GtsMediaTestCases Change-Id: I873af3087cc05e1831bdd1d2c14fb002b73e6902 Added keybox provisioning proto fields. [ Merge of http://go/wvgerrit/133730 and http://go/ag/15113032 ] This CL copies over the required license_protocol.proto changes that are required for OTA keybox provisioning. These fields are defined in the server-side certificate_provisioning.proto, defined in http://cl/377533774. Note, changes are slightly different from server proto due to the RVC version of license_protocol.proto being out of date with SC and newer changes. Bug: 189232882 Test: run_x86_64_tests Change-Id: I55fcf6a7ac2ba4b6026b9acc63e822ff33c431d9 Added OTA keybox provisioning device files. [ Merge of http://go/wvgerrit/133743 and http://go/ag/15421141 ] This change adds a new set of proto messages/fields the CDM's device files for recording device and engine information around OTA keybox provisioning (OKP). To make cleanup and thread protection possible, there is a single file which will contain all the information for the device as a whole and each CDM engine tied to an app/origin. Bug: 189232882 Test: Linux unit tests Change-Id: Iaf80cd6342f32657e04416750d9b278d935821a5 Client ID for OKP requests. [ Merge of http://go/wvgerrit/133744 and http://go/ag/15645331 ] Extended the CDM ClientIdentification class to support a subset of client info used for OKP requests. Bug: 189232882 Test: Android unit tests Change-Id: I6aafb4f2164efe69bc733ece0a912f0e91893b91
2021-09-15 02:56:19 -07:00
parent bac33dbc6e
commit 3acc64a478
13 changed files with 586 additions and 30 deletions
--- a/libwvdrmengine/cdm/core/src/device_files.proto
+++ b/libwvdrmengine/cdm/core/src/device_files.proto
@@ -125,6 +125,71 @@ message UsageTableInfo {
  optional bool use_lru = 3 [default = false];
 }

+// Stores information related to a device's experience with OTA Keybox
+// Provisioning (OKP).  Only devices which both support OKP and require
+// OKP should create this file.  Otherwise, this information is not
+// needed.
+message OtaKeyboxProvisioningInfo {
+  // Engine-specific information about OKP.
+  message OkpEngineInfo {
+    // Engine identifier.
+    optional bytes app_id = 1;
+    optional bytes origin = 2;
+    reserved 3 to 5;  // Reserved for future engine composite keys.
+    // Counters for engine-specific OKP events.
+    // These counters are reset after a certain amount of time
+    // (OKP period) since the last event.
+    // Number of calls to openSession() where it is recommended
+    // to the app to try keybox provisioning.
+    optional uint32 try_okp_counter = 6;
+    // Number of calls to getProvisionRequest().
+    optional uint32 generate_request_counter = 7;
+    // Number of failed calls to provideProvisionRequest().
+    optional uint32 failed_response_counter = 8;
+
+    // The value of |last_event_time| and |backoff_start_time| are set
+    // using the system's wall-clock in epoch seconds.  A value of
+    // zero indicates it's not set.
+
+    // Time of the last engine OKP event (change of the above counters;
+    // the beginning of the current OKP period).
+    // Zero indicates no event has yet occurred.
+    optional int64 last_event_time = 9;
+    // Beginning of an app/origin backoff period.
+    // Zero indicates that engine is not in a backoff state.
+    optional int64 backoff_start_time = 10;
+    // Intended length of “backoff period”.  This will be assigned a
+    // random duration initially, then double each time an engine
+    // enters a backoff state.  This is base on Google's recommended
+    // exponential backoff rules.
+    // Value of 0 indicates that backoff has not yet occurred.
+    optional int64 backoff_duration = 11;
+  }
+
+  enum OkpDeviceState {
+    // Not yet checked for provisioning state.  This should be a
+    // transitory state only.  Device which do not need OTA Keybox
+    // Provisioning should simply not store this file.
+    OKP_UNKNOWN = 0;
+    // OEMCrypto has reported that keybox provisioning is required and
+    // that the device supports OKP.  Device may or may not be in the
+    // process of performing provisioning.
+    OKP_NEEDS_PROVISIONING = 1;
+    // The device has successfully provisioned its keybox.
+    OKP_PROVISIONED = 2;
+  }
+  // Device-wide OKP state.
+  optional OkpDeviceState state = 1;
+  // Time when the CDM service first discovers that it needs to
+  // provision the L1 keybox.
+  optional int64 first_checked_time = 2;
+  // System time of when a successful provisioning request has been
+  // received.  Only relevant if |state| is OKP_PROVISIONED.
+  optional int64 provisioning_time = 3;
+  // A list of all records for each identifiable engine.
+  repeated OkpEngineInfo engine_infos = 4;
+}
+
 message File {
  enum FileType {
    DEVICE_CERTIFICATE = 1;
@@ -132,6 +197,7 @@ message File {
    USAGE_INFO = 3;
    HLS_ATTRIBUTES = 4;
    USAGE_TABLE_INFO = 5;
+    OKP_INFO = 6;
  }

  enum FileVersion { VERSION_1 = 1; }
@@ -143,6 +209,7 @@ message File {
  optional UsageInfo usage_info = 5;
  optional HlsAttributes hls_attributes = 6;
  optional UsageTableInfo usage_table_info = 7;
+  optional OtaKeyboxProvisioningInfo okp_info = 8;
 }

 message HashedFile {