Restrict reserved Client ID fields.

[ Merge of http://go/wvgerrit/108904 ] Client ID name-value fields in the license request share the same namespace with app parameters and WV standard device information. As a result, it was possible for applications to provide parameters that could potentially fool the license server with spoof values. This CL restricts the use of the fields that are common across both the Android CDM and CE CDM. Currently, Android specific fields are restricted by the MediaDrmPlugin layer, and there are no CE CDM specific fields currently defined. The non-HIDL DRM plugin does not restrict these fields; however, it will be removed in S. Bug: 171723566 Test: Android integration test Change-Id: I5ad9ead73c5aff712dff8133953de5ddc3296452
2020-12-01 19:05:34 -08:00
parent c2df654ecc
commit 78f4bca3a9
2 changed files with 39 additions and 3 deletions
--- a/libwvdrmengine/cdm/core/include/cdm_engine.h
+++ b/libwvdrmengine/cdm/core/include/cdm_engine.h
@@ -75,6 +75,10 @@ class CdmEngine {
  // app_parameters: Additional, application-specific parameters that factor
  //                 into the request generation. This is ignored for release
  //                 and renewal requests.
+  //                 Certain app parameter keys are reserved for CDM
+  //                 device identification on the license server.  These
+  //                 parameters will be overwritten by the CDM request
+  //                 generator.
  // key_request: This must be non-null and point to a CdmKeyRequest. The
  //              message field will be filled with the key request, the
  //              type field will be filled with the key request type,