From c6d7d6e69b7a435a26209926cb85cbb7fc10f787 Mon Sep 17 00:00:00 2001 From: Robert Shih Date: Wed, 16 Feb 2022 13:35:09 -0800 Subject: [PATCH 1/3] wv aidl: fix native handle memory leak [ Merge of go/wvgerrit/145971 ] Bug: 219754570 Test: atest GtsMediaTestCases Change-Id: Id4705d5bc10ba6dfbe878f2d95fdd9ae9d2e9f1d Merged-In: Id4705d5bc10ba6dfbe878f2d95fdd9ae9d2e9f1d --- libwvdrmengine/mediacrypto/aidl_src/WVCryptoPlugin.cpp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libwvdrmengine/mediacrypto/aidl_src/WVCryptoPlugin.cpp b/libwvdrmengine/mediacrypto/aidl_src/WVCryptoPlugin.cpp index d2a26ef0..3bd457d6 100644 --- a/libwvdrmengine/mediacrypto/aidl_src/WVCryptoPlugin.cpp +++ b/libwvdrmengine/mediacrypto/aidl_src/WVCryptoPlugin.cpp @@ -144,6 +144,7 @@ SharedBufferBase::~SharedBufferBase() { const char* detailedError = ""; *_aidl_return = 0; // bytes decrypted + native_handle_t* handle = nullptr; uint8_t* srcPtr = nullptr; void* destPtr = nullptr; // Convert parameters to the form the CDM wishes to consume them in. @@ -159,6 +160,7 @@ SharedBufferBase::~SharedBufferBase() { } const auto NON_SECURE = DestinationBuffer::Tag::nonsecureMemory; + const auto SECURE = DestinationBuffer::Tag::secureMemory; if (in_args.destination.getTag() == NON_SECURE) { const SharedBuffer& dest = in_args.destination.get(); if (mSharedBufferMap.find(dest.bufferId) == mSharedBufferMap.end()) { @@ -218,10 +220,8 @@ SharedBufferBase::~SharedBufferBase() { } destPtr = static_cast( dest->mBase + in_args.destination.get().offset); - } else if (in_args.destination.getTag() == - DestinationBuffer::Tag::secureMemory) { - native_handle_t* handle = android::makeFromAidl( - in_args.destination.get()); + } else if (in_args.destination.getTag() == SECURE) { + handle = android::makeFromAidl(in_args.destination.get()); destPtr = static_cast(handle); } } // lock_guard scope @@ -276,6 +276,7 @@ SharedBufferBase::~SharedBufferBase() { // Decrypt std::string errorDetailMsg; Status res = attemptDecrypt(params, hasProtectedData, &errorDetailMsg); + native_handle_delete(handle); if (res != Status::OK) { detailedError = errorDetailMsg.data(); return toNdkScopedAStatus(res, detailedError); From ea1d5d68918e8a5414c0950fff76def5560cbf7a Mon Sep 17 00:00:00 2001 From: Robert Shih Date: Fri, 18 Feb 2022 18:14:38 -0800 Subject: [PATCH 2/3] wv aidl: no set security level opening default session Bug: 219538389 Test: atest WidevineDashPolicyTests#testL3ValidateKeyOutputProtection Change-Id: I5912a93fd0b7a144694ec3b251a129d839b8b149 --- .../mediadrm/aidl_src/WVDrmPlugin.cpp | 24 +++++++------------ 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/libwvdrmengine/mediadrm/aidl_src/WVDrmPlugin.cpp b/libwvdrmengine/mediadrm/aidl_src/WVDrmPlugin.cpp index f3660d98..4ecb1897 100644 --- a/libwvdrmengine/mediadrm/aidl_src/WVDrmPlugin.cpp +++ b/libwvdrmengine/mediadrm/aidl_src/WVDrmPlugin.cpp @@ -263,6 +263,11 @@ SecurityLevel WVDrmPlugin::mapSecurityLevel(const std::string& level) { ::ndk::ScopedAStatus WVDrmPlugin::openSession(SecurityLevel in_securityLevel, vector* _aidl_return) { vector sessionId; + if (SecurityLevel::DEFAULT == in_securityLevel) { + auto err = openSessionCommon(sessionId); + *_aidl_return = sessionId; + return toNdkScopedAStatus(err); + } if (SecurityLevel::UNKNOWN == in_securityLevel) { *_aidl_return = sessionId; @@ -279,8 +284,7 @@ SecurityLevel WVDrmPlugin::mapSecurityLevel(const std::string& level) { } if (wvcdm::QUERY_VALUE_SECURITY_LEVEL_L3 == native_security_level && - in_securityLevel >= SecurityLevel::SW_SECURE_DECODE && - in_securityLevel != SecurityLevel::DEFAULT) { + in_securityLevel >= SecurityLevel::SW_SECURE_DECODE) { *_aidl_return = sessionId; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); } @@ -292,25 +296,13 @@ SecurityLevel WVDrmPlugin::mapSecurityLevel(const std::string& level) { setPropertyString("securityLevel", std::string(wvcdm_security_level)); - SecurityLevel securityLevel = in_securityLevel; - if (SecurityLevel::DEFAULT == in_securityLevel) { - std::string level; - Status status = queryProperty(wvcdm::kLevelDefault, - wvcdm::QUERY_KEY_SECURITY_LEVEL, level); - if (status == Status::OK) { - securityLevel = mapSecurityLevel(level); - } else { - ALOGE("openSession: failed to query security level, status=%d", status); - } - } - status = openSessionCommon(sessionId); if (Status::OK == status) { SecurityLevel currentSecurityLevel = SecurityLevel::UNKNOWN; const auto ret = getSecurityLevel(sessionId, ¤tSecurityLevel); - if (!ret.isOk() || securityLevel != currentSecurityLevel) { + if (!ret.isOk() || in_securityLevel != currentSecurityLevel) { ALOGE("Failed to open session with the requested security level=%d", - securityLevel); + in_securityLevel); closeSession(sessionId); sessionId.clear(); status = Status::ERROR_DRM_INVALID_STATE; From 0684df3b6cd471a46a57c82d35df6e53af2097ae Mon Sep 17 00:00:00 2001 From: Robert Shih Date: Fri, 18 Feb 2022 17:11:58 -0800 Subject: [PATCH 3/3] Update cipher mode enumeration in AIDL WvDrmPlugin To match the v17 change. [ Merge of go/wvgerrit/146231 ] Bug: 216585596 Test: atset WidevineGenericOpsTests Change-Id: I7eb25a5db30a82cf8015e3c19af419c02a1d5002 Merged-In: I7eb25a5db30a82cf8015e3c19af419c02a1d5002 --- libwvdrmengine/mediadrm/aidl_include/WVGenericCryptoInterface.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libwvdrmengine/mediadrm/aidl_include/WVGenericCryptoInterface.h b/libwvdrmengine/mediadrm/aidl_include/WVGenericCryptoInterface.h index d4712779..0a71fde1 100644 --- a/libwvdrmengine/mediadrm/aidl_include/WVGenericCryptoInterface.h +++ b/libwvdrmengine/mediadrm/aidl_include/WVGenericCryptoInterface.h @@ -25,7 +25,7 @@ class WVGenericCryptoInterface { const uint8_t* key_id, size_t key_id_length) { return OEMCrypto_SelectKey(session, key_id, key_id_length, - OEMCrypto_CipherMode_CBC); + OEMCrypto_CipherMode_CBCS); } virtual OEMCryptoResult encrypt(OEMCrypto_SESSION session,