diff --git a/libwvdrmengine/cdm/core/include/crypto_session.h b/libwvdrmengine/cdm/core/include/crypto_session.h index b48cd4aa..23ed6a0c 100644 --- a/libwvdrmengine/cdm/core/include/crypto_session.h +++ b/libwvdrmengine/cdm/core/include/crypto_session.h @@ -302,7 +302,7 @@ class CryptoSession { // Returns a system-wide singleton instance of SystemFallbackPolicy // to be used for communicating OTA keybox provisioning state between // apps. Returns a null pointer if OTA provisioning is not supported, - // or if the device has already been provisioned. + // or not required. static okp::SystemFallbackPolicy* GetOkpFallbackPolicy(); // Generates an OTA provisioning request. diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp index 349cd368..018f38df 100644 --- a/libwvdrmengine/cdm/core/src/crypto_session.cpp +++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp @@ -3041,8 +3041,6 @@ okp::SystemFallbackPolicy* CryptoSession::GetOkpFallbackPolicy() { // If not set, then OTA keybox provisioning is not supported or // not needed. if (!okp_fallback_policy_l1_) return nullptr; - // May have already been initialized. - if (okp_fallback_policy_l1_->IsProvisioned()) return nullptr; return okp_fallback_policy_l1_.get(); }; return WithStaticFieldReadLock("GetOkpFallbackPolicy", getter); @@ -3053,8 +3051,11 @@ CdmResponseType CryptoSession::PrepareOtaProvisioningRequest( RETURN_IF_NULL(request, PARAMETER_NULL); RETURN_IF_NOT_OPEN(CRYPTO_SESSION_NOT_OPEN); size_t buffer_length = 0; - OEMCryptoResult status = OEMCrypto_GenerateOTARequest( - oec_session_id_, nullptr, &buffer_length, use_test_key); + OEMCryptoResult status = + WithOecWriteLock("PrepareOtaProvisioningRequest", [&] { + return OEMCrypto_GenerateOTARequest( + oec_session_id_, nullptr, &buffer_length, use_test_key ? 1 : 0); + }); if (status != OEMCrypto_ERROR_SHORT_BUFFER) return MapOEMCryptoResult(status, UNKNOWN_ERROR, "PrepareOtaProvisioningRequest"); @@ -3064,8 +3065,10 @@ CdmResponseType CryptoSession::PrepareOtaProvisioningRequest( } request->resize(buffer_length); uint8_t* buf = reinterpret_cast(&request->front()); - status = OEMCrypto_GenerateOTARequest(oec_session_id_, buf, &buffer_length, + status = WithOecWriteLock("PrepareOtaProvisioningRequest", [&] { + return OEMCrypto_GenerateOTARequest(oec_session_id_, buf, &buffer_length, use_test_key ? 1 : 0); + }); if (OEMCrypto_SUCCESS != status) { request->clear(); } else if (buffer_length != request->size()) { @@ -3078,9 +3081,15 @@ CdmResponseType CryptoSession::PrepareOtaProvisioningRequest( CdmResponseType CryptoSession::LoadOtaProvisioning( bool use_test_key, const std::string& response) { RETURN_IF_NOT_OPEN(CRYPTO_SESSION_NOT_OPEN); - const OEMCryptoResult status = OEMCrypto_ProcessOTAKeybox( - oec_session_id_, reinterpret_cast(response.data()), - response.size(), use_test_key ? 1 : 0); + const OEMCryptoResult status = WithOecWriteLock("LoadOtaProvisioning", [&] { + return OEMCrypto_ProcessOTAKeybox( + oec_session_id_, reinterpret_cast(response.data()), + response.size(), use_test_key ? 1 : 0); + }); + if (status == OEMCrypto_SUCCESS) { + WithOecWriteLock("LoadOtaProvisioning", + [&] { needs_keybox_provisioning_ = false; }); + } return MapOEMCryptoResult(status, UNKNOWN_ERROR, "LoadOtaProvisioning"); }