widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow system user csr access

Browse Source 
Bug: 296971609
Test: Oppo rkp_factory_extraction_tool
Change-Id: I0e51bc52cc269e69fb3d3f056dfa7fbaa414e6a5
This commit is contained in:
Robert Shih
2023-11-08 19:48:57 -08:00
parent cce17b9b68
commit 83b2c78732
1 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp
View File

@@ -154,10 +154,12 @@ HdcpLevel mapHdcpLevel(const std::string& level) {
} }
} }
bool isRootOrShell() { bool isCsrAccessAllowed() {
const uid_t AID_ROOT = 0, AID_SHELL = 2000; const uid_t AID_ROOT = 0;
const uid_t AID_SYSTEM = 1000;
const uid_t AID_SHELL = 2000;
const uid_t uid = AIBinder_getCallingUid(); const uid_t uid = AIBinder_getCallingUid();
return (uid == AID_ROOT || uid == AID_SHELL); return (uid == AID_ROOT || uid == AID_SYSTEM || uid == AID_SHELL);
} }
} // namespace } // namespace
@@ -1238,7 +1240,7 @@ static WvStatus getDeviceSignedCsrPayload(
value = StrToVector(serialized_metrics); value = StrToVector(serialized_metrics);
} }
} }
} else if (name == "bootCertificateChain" && isRootOrShell()) { } else if (name == "bootCertificateChain" && isCsrAccessAllowed()) {
std::string boot_certificate_chain; std::string boot_certificate_chain;
CdmResponseType res = mCDM->QueryStatus( CdmResponseType res = mCDM->QueryStatus(
wvcdm::kLevelDefault, wvcdm::QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN, wvcdm::kLevelDefault, wvcdm::QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN,
@@ -1250,7 +1252,7 @@ static WvStatus getDeviceSignedCsrPayload(
} else { } else {
value = StrToVector(boot_certificate_chain); value = StrToVector(boot_certificate_chain);
} }
} else if (name == "verifiedDeviceInfo" && isRootOrShell()) { } else if (name == "verifiedDeviceInfo" && isCsrAccessAllowed()) {
std::string verified_device_info; std::string verified_device_info;
CdmResponseType res = mCDM->QueryStatus(wvcdm::kLevelDefault, CdmResponseType res = mCDM->QueryStatus(wvcdm::kLevelDefault,
wvcdm::QUERY_KEY_DEVICE_INFORMATION, wvcdm::QUERY_KEY_DEVICE_INFORMATION,
@@ -1262,7 +1264,7 @@ static WvStatus getDeviceSignedCsrPayload(
} else { } else {
value = StrToVector(verified_device_info); value = StrToVector(verified_device_info);
} }
} else if (name == "deviceSignedCsrPayload" && isRootOrShell()) { } else if (name == "deviceSignedCsrPayload" && isCsrAccessAllowed()) {
std::string signed_csr_payload; std::string signed_csr_payload;
status = status =
getDeviceSignedCsrPayload(mCDM, mCertificateSigningRequestChallenge, getDeviceSignedCsrPayload(mCDM, mCertificateSigningRequestChallenge,
@@ -1464,10 +1466,10 @@ static WvStatus getDeviceSignedCsrPayload(
} else { } else {
return toNdkScopedAStatus(Status::BAD_VALUE); return toNdkScopedAStatus(Status::BAD_VALUE);
} }
} else if (name == "certificateSigningRequestChallenge" && isRootOrShell()) { } else if (name == "certificateSigningRequestChallenge" && isCsrAccessAllowed()) {
mCertificateSigningRequestChallenge = mCertificateSigningRequestChallenge =
std::string(_value.begin(), _value.end()); std::string(_value.begin(), _value.end());
} else if (name == "deviceInfo" && isRootOrShell()) { } else if (name == "deviceInfo" && isCsrAccessAllowed()) {
mDeviceInfo = std::string(_value.begin(), _value.end()); mDeviceInfo = std::string(_value.begin(), _value.end());
} else { } else {
ALOGE("App set unknown byte array property %s", name.c_str()); ALOGE("App set unknown byte array property %s", name.c_str());