Handle SPOID calculation for L3

[ Merge of http://go/wvgerrit/101443 ] The WVDrmPlugin has a single CdmIdentifier. The CdmIdentifier contains a SPOID that is calculated from the device ID (keybox or OEM cert), an application reverse domain name and possibly an origin. The CdmIdentifier is set and SPOID calculated on certain calls into WVDrmPlugin. Once it is set, it will not be recalculated. We prevent certain operations such as modifying the origin once the CdmIdentifier has been set as this will require recalculating the SPOID. Recalculating the SPOID may affect open sessions or calls in progress. In a similar way, modifying the security level, will affect the Device ID value and in turn the SPOID. The security level cannot be modified if any sessions are open. This does leave open the possibility that the SPOID may be calculated at one security level, sessions are then closed, and the security level is then changed without an error being flagged. The provisioning certificate file name is based on the SPOID. When the SPOID does not match the security level, either the provisioning information may not be found even though that security level has been provisionined or the provisioning information may be stored in an incorrect location if provisioning occurs. The correct solution is to prevent modifications to the security level once the CdmIdentifier is set. This is a behavior change and might impact apps. We will reevaluate this for the next release. For now, we will work around this. When the CdmIdentifier is set for L3, we will calculate SPOIDs with both L1 and L3 device IDs and check if provisioning previously occurred with SPOIDs calculated for that level. If so, use that level, otherwise use L3. Bug: 147703382 Test: Android unit/integration tests, GtsMediaDrmTests Change-Id: Ia64adfc5848e431ee3876af03eebdb4b6eb83116
2020-06-04 02:53:40 -07:00
parent 05fbb3dd87
commit 7e689a1828
5 changed files with 470 additions and 13 deletions
--- a/libwvdrmengine/mediadrm/include_hidl/WVDrmPlugin.h
+++ b/libwvdrmengine/mediadrm/include_hidl/WVDrmPlugin.h
@@ -413,12 +413,15 @@ struct WVDrmPlugin : public IDrmPlugin, IDrmPluginListener,
    const WVDrmPlugin& mParent;

    Status calculateSpoid();
+    Status calculateSpoid(const std::string& deviceID, std::string* spoid);

    // Gets the device-unique ID from OEMCrypto. This must be private, since
    // this value must not be exposed to applications on SPOID devices. Code
    // outside this class should use getDeviceUniqueId() to get the
    // application-safe device-unique ID.
    Status getOemcryptoDeviceId(std::string* id);
+    Status getOemcryptoDeviceId(wvcdm::SecurityLevel securityLevel,
+                                std::string* id);

    // The unique identifier is meant to ensure that two clients with the
    // same spoid, origin and app package name still get different cdm engine
@@ -450,6 +453,11 @@ struct WVDrmPlugin : public IDrmPlugin, IDrmPluginListener,
  Status queryProperty(const std::string& property,
        std::vector<uint8_t>& vector_value) const;

+  bool isProvisioned(wvcdm::CdmSecurityLevel securityLevel,
+                     const std::string& origin,
+                     const std::string& spoid,
+                     bool atsc_mode_enabled) const;
+
  Status mapAndNotifyOfCdmResponseType(const std::vector<uint8_t>& sessionId,
        CdmResponseType res);