Add Sandbox ID support

Merge from master branch of Widevine repo of http://go/wvgerrit/66078
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64022

This CL updates OEMCrypto ref code, unit tests, and core code for
setting the sandbox id before initializing OEMCrypto.

Test: unit tests only
Test: tested as part of http://go/ag/5501993
Bug: 115834255
Change-Id: Id9831680fe4db1c69413815931cae4bc80df0c01

libwvdrmengine/cdm/core/include/properties.h

@@ -64,6 +64,7 @@ class Properties {
                                      std::string* base_path);
   static bool GetFactoryKeyboxPath(std::string* keybox);
   static bool GetOEMCryptoPath(std::string* library_name);
+  static bool GetSandboxId(std::string *sandbox_id);
   static bool AlwaysUseKeySetIds();
   static bool UseProviderIdInProvisioningRequest();
 

libwvdrmengine/cdm/core/src/crypto_session.cpp

@@ -216,7 +216,14 @@ void CryptoSession::Init() {
   AutoLock auto_lock(crypto_lock_);
   session_count_ += 1;
   if (!initialized_) {
+    std::string sandbox_id;
     OEMCryptoResult sts;
+    if (Properties::GetSandboxId(&sandbox_id) && !sandbox_id.empty()) {
+      sts = OEMCrypto_SetSandbox(
+          reinterpret_cast<const uint8_t*>(sandbox_id.c_str()),
+          sandbox_id.length());
+      // TODO(blueeyes): it might be worth saving the sandbox id in a metric.
+    }
     M_TIME(sts = OEMCrypto_Initialize(), metrics_, oemcrypto_initialize_, sts);
     if (OEMCrypto_SUCCESS != sts) {
       LOGE("OEMCrypto_Initialize failed: %d", sts);

libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp

@@ -41,6 +41,8 @@ static const size_t kMaxGenericEncryptChunkSize = 100*1024;
 const OEMCryptoResult kOemCryptoResultVendorSpecificError1 =
     static_cast<OEMCryptoResult>(10008);
 
+typedef OEMCryptoResult (*L1_SetSandbox_t)(const uint8_t* sandbox_id,
+                                           size_t sandbox_id_length);
 typedef OEMCryptoResult (*L1_Initialize_t)(void);
 typedef OEMCryptoResult (*L1_Terminate_t)(void);
 typedef OEMCryptoResult (*L1_OpenSession_t)(OEMCrypto_SESSION* session);
@@ -279,6 +281,7 @@ typedef uint32_t (*L1_ResourceRatingTier_t)(void);
 struct FunctionPointers {
   uint32_t version;
   L1_Initialize_t Initialize;
+  L1_SetSandbox_t SetSandbox;
   L1_Terminate_t Terminate;
   L1_OpenSession_t OpenSession;
   L1_CloseSession_t CloseSession;
@@ -398,6 +401,8 @@ class WatchDog {
 
   // Called by worker thread.
   void DoInit() {
+    // TODO(b/117558570): Level3 does not currently support sandbox.
+    // Level3_SetSandbox(&sandbox_id_[0], sandbox_id_.length());
     status_ = Level3_Initialize();
   }
 
@@ -569,6 +574,11 @@ class Adapter {
     }
   }
 
+  void SetSandbox(const uint8_t* sandbox_id,
+                  size_t sandbox_id_length) {
+    sandbox_id_.assign(sandbox_id, sandbox_id + sandbox_id_length);
+  }
+
   OEMCryptoResult Initialize() {
     /*
      * To avoid changing the function signature and function contract, use a
@@ -652,6 +662,13 @@ class Adapter {
           wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L3_INVALID_L1);
       return false;
     }
+    if (!sandbox_id_.empty()) {
+      level1_.SetSandbox = (L1_SetSandbox_t)dlsym(level1_library_,
+                                                  QUOTE(OEMCrypto_SetSandbox));
+      if (level1_.SetSandbox != NULL) {
+        level1_.SetSandbox(&sandbox_id_[0], sandbox_id_.size());
+      }
+    }
     OEMCryptoResult st = level1_.Initialize();
     if (st != OEMCrypto_SUCCESS) {
       LOGW("Could not initialize L1. Falling Back to L3.");
@@ -961,6 +978,7 @@ class Adapter {
   struct FunctionPointers level3_;
   std::map<OEMCrypto_SESSION, LevelSession> session_map_;
   wvcdm::Lock session_map_lock_;
+  std::vector<uint8_t> sandbox_id_;
   // This is just for debugging the map between session ids.
   // If we add this to the level 3 session id, then the external session
   // id will match the internal session id in the last two digits.
@@ -1212,6 +1230,16 @@ OEMCryptoResult OEMCrypto_CreateOldUsageEntry(
 }
 }  // namespace wvcdm
 
+extern "C" OEMCryptoResult OEMCrypto_SetSandbox(const uint8_t* sandbox_id,
+                                                size_t sandbox_id_length) {
+  if (!gAdapter.get()) {
+    gAdapter.reset(new Adapter());
+  }
+  gAdapter->SetSandbox(sandbox_id, sandbox_id_length);
+  return OEMCrypto_SUCCESS;
+}
+
+
 extern "C" OEMCryptoResult OEMCrypto_Initialize(void) {
   if (!gAdapter.get()) {
     gAdapter.reset(new Adapter());

libwvdrmengine/cdm/src/properties_android.cpp

@@ -151,6 +151,17 @@ bool Properties::GetOEMCryptoPath(std::string* library_name) {
   return true;
 }
 
+bool Properties::GetSandboxId(std::string* /* sandbox_id */) {
+  // TODO(fredgc): If needed, we could support android running on a VM by
+  // reading the sandbox ID from the file system.  If the file system
+  // does not have a sandbox id, we would generate a random
+  // one. Another option is to have sandbox id be a system property.
+  // However, that is enough work not to do it pre-emptively.  This
+  // TODO is just to let future coders know that the framework is in
+  // place, and should be pretty easy to plumb.
+  return false;
+}
+
 bool Properties::AlwaysUseKeySetIds() {
   return false;
 }