getOfflineLicenseKeySetIds() respects plugin security level.

[ Merge of http://go/wvgerrit/208430 ] The MediaDrm plugin API getOfflineLicenseKeySetIds() was listing both L1 and L3 offline licenses. While this is generally acceptable, apps might force set L3 via the setStringProperty(), which should cause the DRM plugin to behave as if it is L3 only. This change will cause the WVDrmPlugin list L3 only if the app had set the security level to L3. Bug: 357863269 Bug: 372105842 Test: DRM Compliance ATP via ABTD Test: libwvdrmdrmplugin_hal_test on Oriole Change-Id: I1a6e10b7eb880eef4ba36ed31b12ebfe8617f002 (cherry picked from commit 26b888b094)
2024-10-08 15:29:47 -07:00
parent 894beae755
commit 71fce8f352
3 changed files with 85 additions and 11 deletions
--- a/libwvdrmengine/mediadrm/include/WVDrmPlugin.h
+++ b/libwvdrmengine/mediadrm/include/WVDrmPlugin.h
@@ -82,7 +82,7 @@ class WVDrmPlugin : public ::aidl::android::hardware::drm::BnDrmPlugin,
  ::ndk::ScopedAStatus getNumberOfSessions(
      ::aidl::android::hardware::drm::NumberOfSessions* _aidl_return) override;
  ::ndk::ScopedAStatus getOfflineLicenseKeySetIds(
-      std::vector<::aidl::android::hardware::drm::KeySetId>* _aidl_return)
+      std::vector<::aidl::android::hardware::drm::KeySetId>* keySetIds)
      override;
  ::ndk::ScopedAStatus getOfflineLicenseState(
      const ::aidl::android::hardware::drm::KeySetId& in_keySetId,
--- a/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp
+++ b/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp
@@ -965,21 +965,27 @@ Status WVDrmPlugin::unprovisionDevice() {
 }

 ::ndk::ScopedAStatus WVDrmPlugin::getOfflineLicenseKeySetIds(
-    vector<::aidl::android::hardware::drm::KeySetId>* _aidl_return) {
-  _aidl_return->clear();
+    vector<::aidl::android::hardware::drm::KeySetId>* keySetIds) {
+  keySetIds->clear();
  CdmIdentifier identifier;
  const auto status = mCdmIdentifierBuilder.getCdmIdentifier(&identifier);
  if (status != Status::OK) {
    return toNdkScopedAStatus(status);
  }

-  const std::vector<CdmSecurityLevel> levels = {wvcdm::kSecurityLevelL1,
-                                                wvcdm::kSecurityLevelL3};
+  std::vector<CdmSecurityLevel> levelsToList;
+  if (mPropertySet.security_level() != wvcdm::QUERY_VALUE_SECURITY_LEVEL_L3) {
+    // Do not list L1 offline licenses if the DRM plugin is in
+    // L3-only mode.
+    levelsToList.push_back(wvcdm::kSecurityLevelL1);
+  }
+  // Always list L3, as "default" may imply either.
+  levelsToList.push_back(wvcdm::kSecurityLevelL3);

  std::vector<CdmKeySetId> allKeySetIds;
  CdmResponseType res(wvcdm::UNKNOWN_ERROR);
  bool success = false;
-  for (auto level : levels) {
+  for (const auto& level : levelsToList) {
    std::vector<CdmKeySetId> levelKeySetIds;
    res = mCDM->ListStoredLicenses(level, identifier, &levelKeySetIds);

@@ -1004,15 +1010,13 @@ Status WVDrmPlugin::unprovisionDevice() {
  // Filter out key sets based on ATSC mode.
  const auto isAllowedKeySetId =
      mPropertySet.use_atsc_mode() ? IsAtscKeySetId : IsNotAtscKeySetId;
-  std::vector<KeySetId> keySetIds;
+  keySetIds->reserve(allKeySetIds.size());
  for (const CdmKeySetId& keySetId : allKeySetIds) {
    if (isAllowedKeySetId(keySetId)) {
-      keySetIds.push_back(KeySetId{StrToVector(keySetId)});
+      keySetIds->push_back(KeySetId{StrToVector(keySetId)});
    }
  }
-
-  *_aidl_return = std::move(keySetIds);
-  return toNdkScopedAStatus(mapCdmResponseType(wvcdm::NO_ERROR));
+  return ::ndk::ScopedAStatus::ok();
 }

 ::ndk::ScopedAStatus WVDrmPlugin::getOfflineLicenseState(
--- a/libwvdrmengine/mediadrm/test/WVDrmPlugin_hal_test.cpp
+++ b/libwvdrmengine/mediadrm/test/WVDrmPlugin_hal_test.cpp
@@ -2884,6 +2884,8 @@ TEST_F(WVDrmPluginHalTest, GetOfflineLicenseKeySetIds_NonAtscMode) {
  std::vector<KeySetId> offlineKeySetIds;
  const auto ret = mPlugin->getOfflineLicenseKeySetIds(&offlineKeySetIds);
  ASSERT_TRUE(ret.isOk());
+
+  // Transform back into CDM types.
  std::vector<CdmKeySetId> offlineCdmKeySetIds;
  for (const auto &keySetId : offlineKeySetIds) {
    offlineCdmKeySetIds.emplace_back(keySetId.keySetId.begin(),
@@ -2929,6 +2931,8 @@ TEST_F(WVDrmPluginHalTest, GetOfflineLicenseKeySetIds_AtscMode) {
  std::vector<KeySetId> offlineKeySetIds;
  const auto ret = mPlugin->getOfflineLicenseKeySetIds(&offlineKeySetIds);
  ASSERT_TRUE(ret.isOk());
+
+  // Transform back into CDM types.
  std::vector<CdmKeySetId> offlineCdmKeySetIds;
  for (const auto &keySetId : offlineKeySetIds) {
    offlineCdmKeySetIds.emplace_back(keySetId.keySetId.begin(),
@@ -2939,6 +2943,72 @@ TEST_F(WVDrmPluginHalTest, GetOfflineLicenseKeySetIds_AtscMode) {
  EXPECT_EQ(expectedCdmKeySetIds, offlineCdmKeySetIds);
 }

+TEST_F(WVDrmPluginHalTest, GetOfflineLicenseKeySetIds_L1AndL3) {
+  const std::vector<CdmKeySetId> cdmKeySetIdsL1 = {"ksid1111", "ksid2222",
+                                                   "ksid3333", "ksid4444"};
+  const std::vector<CdmKeySetId> cdmKeySetIdsL3 = {"ksid5555", "ksid6666",
+                                                   "ksid7777", "ksid8888"};
+  // Expected key set IDs are the combination of both L1 and L3.
+  std::vector<CdmKeySetId> cdmKeySetIds = cdmKeySetIdsL1;
+  cdmKeySetIds.insert(cdmKeySetIds.end(), cdmKeySetIdsL3.begin(),
+                      cdmKeySetIdsL3.end());
+
+  EXPECT_CALL(*mCdm, ListStoredLicenses(kSecurityLevelL1, _, NotNull()))
+      .WillOnce(DoAll(SetArgPointee<2>(cdmKeySetIdsL1),
+                      testing::Return(CdmResponseType(wvcdm::NO_ERROR))));
+  EXPECT_CALL(*mCdm, ListStoredLicenses(kSecurityLevelL3, _, NotNull()))
+      .WillOnce(DoAll(SetArgPointee<2>(cdmKeySetIdsL3),
+                      testing::Return(CdmResponseType(wvcdm::NO_ERROR))));
+
+  // In if security level is default, then both L1 and L3
+  // offline licenses should be returned.
+  mPlugin->setPropertyString("securityLevel",
+                             wvcdm::QUERY_VALUE_SECURITY_LEVEL_DEFAULT);
+
+  std::vector<KeySetId> offlineKeySetIds;
+  const auto ret = mPlugin->getOfflineLicenseKeySetIds(&offlineKeySetIds);
+  ASSERT_TRUE(ret.isOk());
+
+  // Transform back into CDM types.
+  std::vector<CdmKeySetId> offlineCdmKeySetIds;
+  for (const auto &keySetId : offlineKeySetIds) {
+    offlineCdmKeySetIds.emplace_back(keySetId.keySetId.begin(),
+                                     keySetId.keySetId.end());
+  }
+
+  EXPECT_EQ(cdmKeySetIds.size(), offlineCdmKeySetIds.size());
+  EXPECT_EQ(cdmKeySetIds, offlineCdmKeySetIds);
+}
+
+TEST_F(WVDrmPluginHalTest, GetOfflineLicenseKeySetIds_L3Only) {
+  const std::vector<CdmKeySetId> cdmKeySetIdsL3 = {"ksid1111", "ksid2222",
+                                                   "ksid3333", "ksid4444"};
+
+  EXPECT_CALL(*mCdm, ListStoredLicenses(kSecurityLevelL1, _, NotNull()))
+      .Times(0);
+  EXPECT_CALL(*mCdm, ListStoredLicenses(kSecurityLevelL3, _, NotNull()))
+      .WillOnce(DoAll(SetArgPointee<2>(cdmKeySetIdsL3),
+                      testing::Return(CdmResponseType(wvcdm::NO_ERROR))));
+
+  // After setting L3 mode, only L3 key set IDs should be returned.
+  mPlugin->setPropertyString("securityLevel",
+                             wvcdm::QUERY_VALUE_SECURITY_LEVEL_L3);
+
+  std::vector<KeySetId> offlineKeySetIds;
+  const auto ret = mPlugin->getOfflineLicenseKeySetIds(&offlineKeySetIds);
+  ASSERT_TRUE(ret.isOk());
+
+  // Transform back into CDM types.
+  std::vector<CdmKeySetId> offlineCdmKeySetIds;
+  for (const auto &keySetId : offlineKeySetIds) {
+    offlineCdmKeySetIds.emplace_back(keySetId.keySetId.begin(),
+                                     keySetId.keySetId.end());
+  }
+
+  EXPECT_EQ(cdmKeySetIdsL3.size(), offlineCdmKeySetIds.size());
+  EXPECT_EQ(cdmKeySetIdsL3, offlineCdmKeySetIds);
+}
+
 TEST_F(WVDrmPluginHalTest, GetOfflineLicenseState) {
  EXPECT_CALL(*mCdm, QueryStatus(_, QUERY_KEY_SECURITY_LEVEL, _))
      .WillRepeatedly(DoAll(SetArgPointee<2>(QUERY_VALUE_SECURITY_LEVEL_L1),