From 59fcc2013891b32c50b9db30ba7fad52ce649900 Mon Sep 17 00:00:00 2001
From: Edwin Wong <edwinwong@google.com>
Date: Fri, 1 Dec 2017 16:44:53 -0800
Subject: [PATCH] Move persistent data to /data/vendor.

Widevine persistent data is stored in /data/mediadrm, HALs
are not allowed to access files in /data. Move persistent
data to /data/vendor/mediadrm/widevine for older devices,
and persistent data will not be saved under /data/vendor.

Test: Play Movies & Tv, Netflix

bug: 36601695
Change-Id: I31fdd43b7db327bf6d8343dc95e9883ae6bce70d
---
 libwvdrmengine/Android.mk                     | 19 +++++++++++++++++
 libwvdrmengine/cdm/src/properties_android.cpp |  2 +-
 libwvdrmengine/cdm/test/test_vectors.h        |  2 +-
 libwvdrmengine/move_widevine_data.sh          | 21 +++++++++++++++++++
 ...droid.hardware.drm@1.0-service.widevine.rc | 13 +++++++++++-
 5 files changed, 54 insertions(+), 3 deletions(-)
 create mode 100755 libwvdrmengine/move_widevine_data.sh

diff --git a/libwvdrmengine/Android.mk b/libwvdrmengine/Android.mk
index c974aa4e..98b28a68 100644
--- a/libwvdrmengine/Android.mk
+++ b/libwvdrmengine/Android.mk
@@ -3,6 +3,24 @@
 #
 LOCAL_PATH := $(call my-dir)
 
+# -----------------------------------------------------------------------------
+#  Copies move script to /system/bin.
+#  The mv command preserves SELinux labels(i.e. media_data_file).
+#  We need to run restorecon to put the correct context after the move.
+#  However, restorecon is not implemented for /vendor/bin, so we put
+#  the script in /system/bin.
+#
+include $(CLEAR_VARS)
+
+LOCAL_SRC_FILES := move_widevine_data.sh
+LOCAL_MODULE_CLASS := EXECUTABLES
+LOCAL_MODULE := $(LOCAL_SRC_FILES)
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_OWNER := widevine
+
+
+include $(BUILD_PREBUILT)
+
 # -----------------------------------------------------------------------------
 # Builds android.hardware.drm@1.0-service.widevine
 #
@@ -30,6 +48,7 @@ LOCAL_HEADER_LIBRARIES := \
 
 LOCAL_MODULE := android.hardware.drm@1.0-service.widevine
 LOCAL_INIT_RC := src_hidl/android.hardware.drm@1.0-service.widevine.rc
+LOCAL_REQUIRED_MODULES := move_widevine_data.sh
 LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/bin/hw
 LOCAL_PROPRIETARY_MODULE := true
 LOCAL_MODULE_OWNER := widevine
diff --git a/libwvdrmengine/cdm/src/properties_android.cpp b/libwvdrmengine/cdm/src/properties_android.cpp
index 4317f99a..fe456c7f 100644
--- a/libwvdrmengine/cdm/src/properties_android.cpp
+++ b/libwvdrmengine/cdm/src/properties_android.cpp
@@ -13,7 +13,7 @@
 
 namespace {
 
-const char kBasePathPrefix[] = "/data/mediadrm/IDM";
+const char kBasePathPrefix[] = "/data/vendor/mediadrm/IDM";
 const char kL1Dir[] = "/L1/";
 const char kL2Dir[] = "/L2/";
 const char kL3Dir[] = "/L3/";
diff --git a/libwvdrmengine/cdm/test/test_vectors.h b/libwvdrmengine/cdm/test/test_vectors.h
index 50b7dd9c..5bef0aa8 100644
--- a/libwvdrmengine/cdm/test/test_vectors.h
+++ b/libwvdrmengine/cdm/test/test_vectors.h
@@ -12,7 +12,7 @@ static const std::string kExistentFile = "/system/bin/sh";
 static const std::string kExistentDir = "/system/bin";
 static const std::string kNonExistentFile = "/system/bin/enoext";
 static const std::string kNonExistentDir = "/system/bin_enoext";
-static const std::string kTestDir = "/data/mediadrm/IDM0/";
+static const std::string kTestDir = "/data/vendor/mediadrm/IDM0/";
 
 }  // namespace test_vectors
 }  // namespace wvcdm
diff --git a/libwvdrmengine/move_widevine_data.sh b/libwvdrmengine/move_widevine_data.sh
new file mode 100755
index 00000000..3dd30e96
--- /dev/null
+++ b/libwvdrmengine/move_widevine_data.sh
@@ -0,0 +1,21 @@
+#!/system/bin/sh
+
+DEST_PATH="/data/vendor/mediadrm"
+FILES_MOVED="/data/vendor/mediadrm/files_moved"
+SRC_PATH="/data/mediadrm"
+
+if [ ! -f "$FILES_MOVED" ]; then
+  for i in "$SRC_PATH/IDM"*; do
+    dest_path=$DEST_PATH/"${i#$SRC_PATH/}"
+    if [ -d "$i" ]; then
+      mkdir -p $dest_path -m 700
+      mv $i "$DEST_PATH"
+      find $dest_path -print0 | while IFS= read -r -d '' file
+        do
+          chgrp media "$file"
+        done
+    fi
+  done
+  restorecon -R "$DEST_PATH"
+  echo 1 > "$FILES_MOVED"
+fi
diff --git a/libwvdrmengine/src_hidl/android.hardware.drm@1.0-service.widevine.rc b/libwvdrmengine/src_hidl/android.hardware.drm@1.0-service.widevine.rc
index db9288ff..f4328932 100644
--- a/libwvdrmengine/src_hidl/android.hardware.drm@1.0-service.widevine.rc
+++ b/libwvdrmengine/src_hidl/android.hardware.drm@1.0-service.widevine.rc
@@ -1,6 +1,17 @@
+on property:init.svc.mediadrm=running
+    mkdir /data/vendor/mediadrm 0770 media mediadrm
+    start vendor.move_data_sh
+
+service vendor.move_data_sh /system/bin/move_widevine_data.sh
+    class late_start
+    user media
+    group media mediadrm system
+    disabled
+    oneshot
+
 service vendor.drm-widevine-hal-1-0 /vendor/bin/hw/android.hardware.drm@1.0-service.widevine
     class hal
     user media
-    group mediadrm drmrpc
+    group media mediadrm drmrpc
     ioprio rt 4
     writepid /dev/cpuset/foreground/tasks