From 6e5ab021d8382b3bd0db413c17ae5c9e2c6e5541 Mon Sep 17 00:00:00 2001 From: Alex Dale Date: Tue, 7 Mar 2023 13:32:37 -0800 Subject: [PATCH] Add mutex to CdmEngine for use of cert_provisioning_. [ Merge of http://go/wvgerrit/167618 ] [ PoC http://ag/21922303 ] Bug: 258188673 Test: sts-tradefed run sts-dynamic-develop -m StsHostTestCases \ -t android.security.sts.Bug_258188673 Test: GtsMediaTestCases Change-Id: If71a0e7a81f376cf28688a590b6cb9dcea699545 --- libwvdrmengine/cdm/core/include/cdm_engine.h | 2 ++ libwvdrmengine/cdm/core/src/cdm_engine.cpp | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/libwvdrmengine/cdm/core/include/cdm_engine.h b/libwvdrmengine/cdm/core/include/cdm_engine.h index 313fc80e..18381a79 100644 --- a/libwvdrmengine/cdm/core/include/cdm_engine.h +++ b/libwvdrmengine/cdm/core/include/cdm_engine.h @@ -442,6 +442,8 @@ class CdmEngine { CdmSessionMap session_map_; CdmReleaseKeySetMap release_key_sets_; std::unique_ptr cert_provisioning_; + // Lock must be acquired before using |cert_provisioning_|. + std::mutex cert_provisioning_mutex_; wvutil::FileSystem* file_system_; wvutil::Clock clock_; std::string spoid_; diff --git a/libwvdrmengine/cdm/core/src/cdm_engine.cpp b/libwvdrmengine/cdm/core/src/cdm_engine.cpp index ffa37ac0..06122ba5 100644 --- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp +++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp @@ -65,7 +65,6 @@ class UsagePropertySet : public CdmClientPropertySet { CdmEngine::CdmEngine(wvutil::FileSystem* file_system, std::shared_ptr metrics) : metrics_(metrics), - cert_provisioning_(), file_system_(file_system), spoid_(EMPTY_SPOID), usage_session_(), @@ -1084,6 +1083,7 @@ CdmResponseType CdmEngine::GetProvisioningRequest( } // TODO(b/141705730): Remove usage entries on provisioning. + std::unique_lock cert_lock(cert_provisioning_mutex_); if (!cert_provisioning_) { cert_provisioning_.reset( new CertificateProvisioning(metrics_->GetCryptoMetrics())); @@ -1113,6 +1113,7 @@ CdmResponseType CdmEngine::HandleProvisioningResponse( std::string* wrapped_key) { LOGI("response_size = %zu, security_level = %s", response.size(), RequestedSecurityLevelToString(requested_security_level)); + std::unique_lock cert_lock(cert_provisioning_mutex_); if (response.empty()) { LOGE("Empty provisioning response"); cert_provisioning_.reset();