From 8e0a3f560092630af3b50f793e36a1c5179f59bd Mon Sep 17 00:00:00 2001 From: Rahul Frias Date: Fri, 16 Feb 2024 14:36:10 -0800 Subject: [PATCH] Revert CDM changes from oemcrypto 18.4 [ Merge of TBD ] The merge of oemcrypto-v18 cdm branch to udc-widevine-dev caused a number of CDM/plugin fixes to be lost. This undoes the non-oemcrypto changes in http://go/ag/26105061 Bug: 290252845 Test: WVTS, unittests on panther Change-Id: I2bb99f423bda351eee30276cb0e26e3d9e27fa7d --- libwvdrmengine/Android.bp | 24 +++++++++++++++++++ libwvdrmengine/cdm/core/src/cdm_session.cpp | 10 ++++++-- libwvdrmengine/cdm/src/properties_android.cpp | 20 +++++++++------- libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp | 18 +++++++------- 4 files changed, 54 insertions(+), 18 deletions(-) diff --git a/libwvdrmengine/Android.bp b/libwvdrmengine/Android.bp index 8d3931f0..ee4714e8 100644 --- a/libwvdrmengine/Android.bp +++ b/libwvdrmengine/Android.bp @@ -216,6 +216,10 @@ cc_library_static { "libutils_headers", ], + generated_headers: [ + "wv_android_build_id", + ], + shared_libs: [ "libbinder_ndk", "libcrypto", @@ -352,3 +356,23 @@ cc_fuzz { ], }, } + +python_binary_host { + name: "wv-android-build-id-gen", + srcs: [ + "wv-android-build-id-gen.py", + ], + version: { + py3: { + embedded_launcher: true, + }, + }, +} + +genrule { + name: "wv_android_build_id", + srcs: ["apex/apex_manifest.json"], + tools: ["wv-android-build-id-gen"], + cmd: "$(location wv-android-build-id-gen) < $(in) > $(out)", + out: ["wv_android_build_id.h"], +} diff --git a/libwvdrmengine/cdm/core/src/cdm_session.cpp b/libwvdrmengine/cdm/core/src/cdm_session.cpp index af6828ae..6d7e1815 100644 --- a/libwvdrmengine/cdm/core/src/cdm_session.cpp +++ b/libwvdrmengine/cdm/core/src/cdm_session.cpp @@ -263,8 +263,14 @@ CdmResponseType CdmSession::RestoreOfflineSession(const CdmKeySetId& key_set_id, usage_entry_ = std::move(license_data.usage_entry); usage_entry_index_ = license_data.usage_entry_index; - CdmResponseType result = LoadPrivateOrLegacyKey( - license_data.drm_certificate, license_data.wrapped_private_key); + // If ATSC mode is enabled, use ATSC DRM cert/private key, rather than any + // cert/private key embedded in the license. + CdmResponseType result = + atsc_mode_enabled_ + ? LoadPrivateKey() + : LoadPrivateOrLegacyKey(license_data.drm_certificate, + license_data.wrapped_private_key); + if (result != NO_ERROR) return result; // Attempts to restore a released offline license are treated as a release diff --git a/libwvdrmengine/cdm/src/properties_android.cpp b/libwvdrmengine/cdm/src/properties_android.cpp index 39f61680..1c572438 100644 --- a/libwvdrmengine/cdm/src/properties_android.cpp +++ b/libwvdrmengine/cdm/src/properties_android.cpp @@ -2,17 +2,19 @@ // source code may only be used and distributed under the Widevine License // Agreement. -#include -#include +#include "properties.h" +#include "properties_configuration.h" +#include "wv_android_build_id.h" +#include #include #include +#include + #include "log.h" -#include "properties.h" -#include "properties_configuration.h" -#include "widevine_apex_info.h" #include "wv_android_constants.h" +#include "widevine_apex_info.h" namespace { @@ -135,15 +137,17 @@ bool Properties::GetWVCdmVersion(std::string* version) { return false; } - std::string apex_version = ""; + std::string build_number; #ifdef __ANDROID_APEX__ { auto info = widevine::apex::GetApexInfo(); - apex_version = "@" + std::to_string(info->version); + build_number = std::to_string(info->version); } +#else + build_number = WV_ANDROID_BUILD_ID; #endif - *version = kWVAndroidCdmVersion + apex_version; + *version = kWVAndroidCdmVersion + "@" + build_number; return true; } diff --git a/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp b/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp index 7b4da59a..63ea5260 100644 --- a/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp +++ b/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp @@ -154,10 +154,12 @@ HdcpLevel mapHdcpLevel(const std::string& level) { } } -bool isRootOrShell() { - const uid_t AID_ROOT = 0, AID_SHELL = 2000; +bool isCsrAccessAllowed() { + const uid_t AID_ROOT = 0; + const uid_t AID_SYSTEM = 1000; + const uid_t AID_SHELL = 2000; const uid_t uid = AIBinder_getCallingUid(); - return (uid == AID_ROOT || uid == AID_SHELL); + return (uid == AID_ROOT || uid == AID_SYSTEM || uid == AID_SHELL); } bool IsAtscKeySetId(const CdmKeySetId& keySetId) { @@ -1277,7 +1279,7 @@ static WvStatus getDeviceSignedCsrPayload( value = StrToVector(serialized_metrics); } } - } else if (name == "bootCertificateChain" && isRootOrShell()) { + } else if (name == "bootCertificateChain" && isCsrAccessAllowed()) { std::string boot_certificate_chain; CdmResponseType res = mCDM->QueryStatus( wvcdm::kLevelDefault, wvcdm::QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN, @@ -1289,7 +1291,7 @@ static WvStatus getDeviceSignedCsrPayload( } else { value = StrToVector(boot_certificate_chain); } - } else if (name == "verifiedDeviceInfo" && isRootOrShell()) { + } else if (name == "verifiedDeviceInfo" && isCsrAccessAllowed()) { std::string verified_device_info; CdmResponseType res = mCDM->QueryStatus(wvcdm::kLevelDefault, wvcdm::QUERY_KEY_DEVICE_INFORMATION, @@ -1301,7 +1303,7 @@ static WvStatus getDeviceSignedCsrPayload( } else { value = StrToVector(verified_device_info); } - } else if (name == "deviceSignedCsrPayload" && isRootOrShell()) { + } else if (name == "deviceSignedCsrPayload" && isCsrAccessAllowed()) { std::string signed_csr_payload; status = getDeviceSignedCsrPayload(mCDM, mCertificateSigningRequestChallenge, @@ -1503,10 +1505,10 @@ static WvStatus getDeviceSignedCsrPayload( } else { return toNdkScopedAStatus(Status::BAD_VALUE); } - } else if (name == "certificateSigningRequestChallenge" && isRootOrShell()) { + } else if (name == "certificateSigningRequestChallenge" && isCsrAccessAllowed()) { mCertificateSigningRequestChallenge = std::string(_value.begin(), _value.end()); - } else if (name == "deviceInfo" && isRootOrShell()) { + } else if (name == "deviceInfo" && isCsrAccessAllowed()) { mDeviceInfo = std::string(_value.begin(), _value.end()); } else { ALOGE("App set unknown byte array property %s", name.c_str());