From 491dfe7690bf23c1fd2bc032a06dcbbf92d22e90 Mon Sep 17 00:00:00 2001
From: Alex Dale <sigquit@google.com>
Date: Tue, 7 Mar 2023 13:32:37 -0800
Subject: [PATCH] Add mutex to CdmEngine for use of cert_provisioning_.

[ Merge of http://go/wvgerrit/167500 ]
[ PoC http://ag/21891126 ]

Bug: 258188673
Test: sts-tradefed run sts-dynamic-develop -m StsHostTestCases \
    -t android.security.sts.Bug_258188673
Test: GtsMediaTestCases
Change-Id: If71a0e7a81f376cf28688a590b6cb9dcea699545
Merged-In: If71a0e7a81f376cf28688a590b6cb9dcea699545
---
 libwvdrmengine/cdm/core/include/cdm_engine.h | 2 ++
 libwvdrmengine/cdm/core/src/cdm_engine.cpp   | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/libwvdrmengine/cdm/core/include/cdm_engine.h b/libwvdrmengine/cdm/core/include/cdm_engine.h
index 734cad36..adc398d7 100644
--- a/libwvdrmengine/cdm/core/include/cdm_engine.h
+++ b/libwvdrmengine/cdm/core/include/cdm_engine.h
@@ -394,6 +394,8 @@ class CdmEngine {
   CdmSessionMap session_map_;
   CdmReleaseKeySetMap release_key_sets_;
   std::unique_ptr<CertificateProvisioning> cert_provisioning_;
+  // Lock must be acquired before using |cert_provisioning_|.
+  std::mutex cert_provisioning_mutex_;
   FileSystem* file_system_;
   Clock clock_;
   std::string spoid_;
diff --git a/libwvdrmengine/cdm/core/src/cdm_engine.cpp b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
index aa96dd12..9aef2c5c 100644
--- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
@@ -62,7 +62,6 @@ class UsagePropertySet : public CdmClientPropertySet {
 CdmEngine::CdmEngine(FileSystem* file_system,
                      std::shared_ptr<metrics::EngineMetrics> metrics)
     : metrics_(metrics),
-      cert_provisioning_(),
       file_system_(file_system),
       spoid_(EMPTY_SPOID),
       usage_session_(),
@@ -915,6 +914,7 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
   }
 
   // TODO(b/141705730): Remove usage entries on provisioning.
+  std::unique_lock<std::mutex> cert_lock(cert_provisioning_mutex_);
   if (!cert_provisioning_) {
     cert_provisioning_.reset(
         new CertificateProvisioning(metrics_->GetCryptoMetrics()));
@@ -944,6 +944,7 @@ CdmResponseType CdmEngine::HandleProvisioningResponse(
     std::string* wrapped_key) {
   LOGI("response_size = %zu, security_level = %s", response.size(),
        SecurityLevelToString(requested_security_level));
+  std::unique_lock<std::mutex> cert_lock(cert_provisioning_mutex_);
   if (response.empty()) {
     LOGE("Empty provisioning response");
     cert_provisioning_.reset();