Handle SPOID calculation for L3
[ Merge of http://go/wvgerrit/101443 ] The WVDrmPlugin has a single CdmIdentifier. The CdmIdentifier contains a SPOID that is calculated from the device ID (keybox or OEM cert), an application reverse domain name and possibly an origin. The CdmIdentifier is set and SPOID calculated on certain calls into WVDrmPlugin. Once it is set, it will not be recalculated. We prevent certain operations such as modifying the origin once the CdmIdentifier has been set as this will require recalculating the SPOID. Recalculating the SPOID may affect open sessions or calls in progress. In a similar way, modifying the security level, will affect the Device ID value and in turn the SPOID. The security level cannot be modified if any sessions are open. This does leave open the possibility that the SPOID may be calculated at one security level, sessions are then closed, and the security level is then changed without an error being flagged. The provisioning certificate file name is based on the SPOID. When the SPOID does not match the security level, either the provisioning information may not be found even though that security level has been provisionined or the provisioning information may be stored in an incorrect location if provisioning occurs. The correct solution is to prevent modifications to the security level once the CdmIdentifier is set. This is a behavior change and might impact apps. We will reevaluate this for the next release. For now, we will work around this. When the CdmIdentifier is set for L3, we will calculate SPOIDs with both L1 and L3 device IDs and check if provisioning previously occurred with SPOIDs calculated for that level. If so, use that level, otherwise use L3. Bug: 147703382 Test: Android unit/integration tests, GtsMediaDrmTests Change-Id: Ia64adfc5848e431ee3876af03eebdb4b6eb83116
This commit is contained in:
Rahul Frias
@@ -2006,6 +2006,13 @@ Status WVDrmPlugin::queryProperty(const std::string& property,
|
||||
return Status::OK;
|
||||
}
|
||||
|
||||
bool WVDrmPlugin::isProvisioned(wvcdm::CdmSecurityLevel securityLevel,
|
||||
const std::string& origin,
|
||||
const std::string& spoid,
|
||||
bool atsc_mode_enabled) const {
|
||||
return mCDM->IsProvisioned(securityLevel, origin, spoid, atsc_mode_enabled);
|
||||
}
|
||||
|
||||
Status WVDrmPlugin::mapAndNotifyOfCdmResponseType(
|
||||
const std::vector<uint8_t>& sessionId, CdmResponseType res) {
|
||||
notifyOfCdmResponseType(sessionId, res);
|
||||
@@ -2189,23 +2196,97 @@ bool WVDrmPlugin::CdmIdentifierBuilder::set_use_atsc_mode(bool enable) {
|
||||
}
|
||||
|
||||
Status WVDrmPlugin::CdmIdentifierBuilder::calculateSpoid() {
|
||||
if (mUseSpoid) {
|
||||
std::string deviceId;
|
||||
if (!mUseSpoid)
|
||||
return Status::OK;
|
||||
|
||||
// Calculate SPOID for default security level if appropriate
|
||||
std::string deviceId;
|
||||
if (mParent.getRequestedSecurityLevel() == wvcdm::kLevelDefault) {
|
||||
Status res = getOemcryptoDeviceId(&deviceId);
|
||||
if (res != Status::OK) return res;
|
||||
|
||||
uint8_t hash[SHA256_DIGEST_LENGTH];
|
||||
SHA256_CTX ctx;
|
||||
SHA256_Init(&ctx);
|
||||
SHA256_Update(&ctx, deviceId.data(), deviceId.length());
|
||||
SHA256_Update(&ctx, mCdmIdentifier.app_package_name.data(),
|
||||
mCdmIdentifier.app_package_name.length());
|
||||
SHA256_Update(&ctx, origin().data(), origin().length());
|
||||
SHA256_Final(hash, &ctx);
|
||||
|
||||
mCdmIdentifier.spoid =
|
||||
std::string(reinterpret_cast<char*>(hash), SHA256_DIGEST_LENGTH);
|
||||
return calculateSpoid(deviceId, &mCdmIdentifier.spoid);
|
||||
}
|
||||
|
||||
// If requested security level is L3, possibilities are
|
||||
// (a) L3 has not been provisioned
|
||||
// (b) L3 was provisioned with L3 device ID in the CdmIdentifier
|
||||
// (c) L3 was provisioned (incorrectly) with L1 device ID in the CdmIdentifier
|
||||
// Check (b) first. Get L3 device ID, calculate SPOID and if provisioned
|
||||
// with this SPOID, return this SPOID.
|
||||
// Check (c) next. Get L1 device ID, calculate SPOID and if provisioned
|
||||
// with this SPOID, return this SPOID.
|
||||
// On any errors in (c) or not provisioned return L3 SPOID.
|
||||
Status res = getOemcryptoDeviceId(wvcdm::kLevel3, &deviceId);
|
||||
if (res != Status::OK) return res;
|
||||
|
||||
std::string spoidL3;
|
||||
res = calculateSpoid(deviceId, &spoidL3);
|
||||
if (res != Status::OK) return res;
|
||||
|
||||
bool atsc_mode_enabled =
|
||||
mCdmIdentifier.app_package_name == wvcdm::ATSC_APP_PACKAGE_NAME;
|
||||
|
||||
if (mParent.isProvisioned(wvcdm::kSecurityLevelL3, origin(), spoidL3,
|
||||
atsc_mode_enabled)) {
|
||||
mCdmIdentifier.spoid = spoidL3;
|
||||
return Status::OK;
|
||||
}
|
||||
|
||||
// Not provisioned with CdmIdentifier containing SPOID with L3 device ID.
|
||||
// Try SPOID with L1 device ID.
|
||||
std::string deviceIdLevelDefault;
|
||||
res = getOemcryptoDeviceId(wvcdm::kLevelDefault, &deviceIdLevelDefault);
|
||||
if (res != Status::OK) {
|
||||
mCdmIdentifier.spoid = spoidL3;
|
||||
return Status::OK;
|
||||
}
|
||||
|
||||
// If the L3 and default security level IDs are identical then the
|
||||
// device does not support L1.
|
||||
if (deviceId == deviceIdLevelDefault) {
|
||||
mCdmIdentifier.spoid = spoidL3;
|
||||
return Status::OK;
|
||||
}
|
||||
|
||||
std::string spoidLevelDefault;
|
||||
res = calculateSpoid(deviceIdLevelDefault, &spoidLevelDefault);
|
||||
if (res != Status::OK) {
|
||||
mCdmIdentifier.spoid = spoidL3;
|
||||
return Status::OK;
|
||||
}
|
||||
|
||||
if (mParent.isProvisioned(wvcdm::kSecurityLevelL1, origin(),
|
||||
spoidLevelDefault, atsc_mode_enabled)) {
|
||||
mCdmIdentifier.spoid = spoidLevelDefault;
|
||||
return Status::OK;
|
||||
}
|
||||
|
||||
// Not provisioned with CdmIdentifier containing SPOID with L1 or L3
|
||||
// device ID. Return L3 SPOID.
|
||||
mCdmIdentifier.spoid = spoidL3;
|
||||
return Status::OK;
|
||||
}
|
||||
|
||||
Status WVDrmPlugin::CdmIdentifierBuilder::calculateSpoid(
|
||||
const std::string& deviceId, std::string* spoid) {
|
||||
if (spoid == nullptr)
|
||||
return Status::ERROR_DRM_CANNOT_HANDLE;
|
||||
|
||||
if (!mUseSpoid) {
|
||||
spoid->clear();
|
||||
return Status::OK;
|
||||
}
|
||||
|
||||
uint8_t hash[SHA256_DIGEST_LENGTH];
|
||||
SHA256_CTX ctx;
|
||||
SHA256_Init(&ctx);
|
||||
SHA256_Update(&ctx, deviceId.data(), deviceId.length());
|
||||
SHA256_Update(&ctx, mAppPackageName.data(), mAppPackageName.length());
|
||||
SHA256_Update(&ctx, origin().data(), origin().length());
|
||||
SHA256_Final(hash, &ctx);
|
||||
|
||||
*spoid = std::string(reinterpret_cast<char*>(hash), SHA256_DIGEST_LENGTH);
|
||||
return Status::OK;
|
||||
}
|
||||
|
||||
@@ -2214,6 +2295,12 @@ Status WVDrmPlugin::CdmIdentifierBuilder::getOemcryptoDeviceId(
|
||||
return mParent.queryProperty(wvcdm::QUERY_KEY_DEVICE_ID, *id);
|
||||
}
|
||||
|
||||
Status WVDrmPlugin::CdmIdentifierBuilder::getOemcryptoDeviceId(
|
||||
wvcdm::SecurityLevel securityLevel,
|
||||
std::string* id) {
|
||||
return mParent.queryProperty(securityLevel, wvcdm::QUERY_KEY_DEVICE_ID, *id);
|
||||
}
|
||||
|
||||
uint32_t WVDrmPlugin::CdmIdentifierBuilder::getNextUniqueId() {
|
||||
// Start with 1. 0 is reserved for the default cdm identifier.
|
||||
static uint32_t unique_id = 1;
|
||||
|
||||
Reference in New Issue
Block a user