Support Per-Origin Provisioning

This is a merge of several Widevine-side commits that, cumulatively,
allow callers to specify an origin to be used to isolate data storage
as specified in the W3C Encrypted Media Extension specification.
Separate origins have separate certificates, and consequently cannot
share device identifiers with each other.

The changes included in this are:

Add Ability to Check for Existing Certificates
    http://go/wvgerrit/13974
Add Ability to Remove the Certificate
    http://go/wvgerrit/13975
Make CDM Origin-Aware
    http://go/wvgerrit/13977
Add Per-Origin Storage to Widevine CDM on Android
    http://go/wvgerrit/14026
Remove Automatic Origin Generation
    http://go/wvgerrit/14031

Bug: 19771858
Change-Id: I6a01c705d9b6b4887a9c7e6ff4399a125f781569

libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp

@@ -74,7 +74,8 @@ DrmPlugin::KeyStatusType ConvertFromCdmKeyStatus(CdmKeyStatus keyStatus) {
 
 WVDrmPlugin::WVDrmPlugin(WvContentDecryptionModule* cdm,
                          WVGenericCryptoInterface* crypto)
-  : mCDM(cdm), mCrypto(crypto), mCryptoSessionsMutex(), mCryptoSessions() {}
+  : mCDM(cdm), mCrypto(crypto), mOrigin(), mCryptoSessionsMutex(),
+    mCryptoSessions() {}
 
 WVDrmPlugin::~WVDrmPlugin() {
   typedef map<CdmSessionId, CryptoSession>::iterator mapIterator;
@@ -93,7 +94,8 @@ WVDrmPlugin::~WVDrmPlugin() {
 status_t WVDrmPlugin::openSession(Vector<uint8_t>& sessionId) {
   CdmSessionId cdmSessionId;
   CdmResponseType res =
-      mCDM->OpenSession("com.widevine", &mPropertySet, this, &cdmSessionId);
+      mCDM->OpenSession("com.widevine", &mPropertySet, determineOrigin(), this,
+                        &cdmSessionId);
 
   if (!isCdmResponseTypeSuccess(res)) {
     return mapAndNotifyOfCdmResponseType(sessionId, res);
@@ -234,8 +236,8 @@ status_t WVDrmPlugin::getKeyRequest(
   string cdmDefaultUrl;
   CdmResponseType res = mCDM->GenerateKeyRequest(
       cdmSessionId, cdmKeySetId, cdmInitDataType, processedInitData,
-      cdmLicenseType, cdmParameters, &mPropertySet, &keyRequest,
-      &cdmKeyRequestType, &cdmDefaultUrl);
+      cdmLicenseType, cdmParameters, &mPropertySet, determineOrigin(),
+      &keyRequest, &cdmKeyRequestType, &cdmDefaultUrl);
   *keyRequestType = ConvertFromCdmKeyRequestType(cdmKeyRequestType);
 
   if (isCdmResponseTypeSuccess(res)) {
@@ -361,6 +363,7 @@ status_t WVDrmPlugin::getProvisionRequest(const String8& cert_type,
 
   CdmResponseType res = mCDM->GetProvisioningRequest(cdmCertType,
                                                      cdmCertAuthority,
+                                                     determineOrigin(),
                                                      &cdmProvisionRequest,
                                                      &cdmDefaultUrl);
 
@@ -384,7 +387,8 @@ status_t WVDrmPlugin::provideProvisionResponse(
   CdmProvisioningResponse cdmResponse(response.begin(), response.end());
   string cdmCertificate;
   string cdmWrappedKey;
-  CdmResponseType res = mCDM->HandleProvisioningResponse(cdmResponse,
+  CdmResponseType res = mCDM->HandleProvisioningResponse(determineOrigin(),
+                                                         cdmResponse,
                                                          &cdmCertificate,
                                                          &cdmWrappedKey);
   if (isCdmResponseTypeSuccess(res)) {
@@ -403,8 +407,8 @@ status_t WVDrmPlugin::provideProvisionResponse(
 }
 
 status_t WVDrmPlugin::unprovisionDevice() {
-  CdmResponseType res1 = mCDM->Unprovision(kSecurityLevelL1);
-  CdmResponseType res3 = mCDM->Unprovision(kSecurityLevelL3);
+  CdmResponseType res1 = mCDM->Unprovision(kSecurityLevelL1, determineOrigin());
+  CdmResponseType res3 = mCDM->Unprovision(kSecurityLevelL3, determineOrigin());
   if (!isCdmResponseTypeSuccess(res1))
   {
     return mapCdmResponseType(res1);
@@ -511,6 +515,8 @@ status_t WVDrmPlugin::getPropertyString(const String8& name,
     return queryProperty(QUERY_KEY_MAX_NUMBER_OF_SESSIONS, value);
   } else if (name == "appId") {
     value = mPropertySet.app_id().c_str();
+  } else if (name == "origin") {
+    value = mOrigin.c_str();
   } else {
     ALOGE("App requested unknown string property %s", name.string());
     return android::ERROR_DRM_CANNOT_HANDLE;
@@ -609,6 +615,18 @@ status_t WVDrmPlugin::setPropertyString(const String8& name,
       ALOGE("App tried to set the application id while sessions are opened.");
       return kErrorSessionIsOpen;
     }
+  } else if (name == "origin") {
+    size_t sessionCount = 0;
+    {
+      Mutex::Autolock lock(mCryptoSessionsMutex);
+      sessionCount = mCryptoSessions.size();
+    }
+    if (sessionCount == 0) {
+      mOrigin = value.string();
+    } else {
+      ALOGE("App tried to set the origin while sessions are opened.");
+      return kErrorSessionIsOpen;
+    }
   } else {
     ALOGE("App set unknown string property %s", name.string());
     return android::ERROR_DRM_CANNOT_HANDLE;
@@ -1009,4 +1027,8 @@ bool WVDrmPlugin::InitDataResemblesPSSH(const Vector<uint8_t>& initData) {
   return id == kPsshTag;
 }
 
+const char* WVDrmPlugin::determineOrigin() const {
+  return mOrigin.empty() ? EMPTY_ORIGIN : mOrigin.c_str();
+}
+
 }  // namespace wvdrm