From 435f839f7e478e24ee9da0c233a9d687c12a43f8 Mon Sep 17 00:00:00 2001 From: "John W. Bruce" Date: Fri, 21 Jun 2019 19:24:21 -0700 Subject: [PATCH 1/2] Support CE CDM in OEMCrypto Testbed (This is a merge of http://go/wvgerrit/81628. Although it is primarily to support a CE CDM feature, this patch touched shared code and so must be merged.) The problem that has long stopped the OEMCrypto Testbed from working with the CE CDM build is that the OEMCrypto Testbed sometimes accesses the storage via the normal filesystem APIs rather than the FileSystem abstraction. Furthermore, when doing this, it assumes that FileSystem abstraction is just a wrapper around direct filesystem access and thus it should use the same paths in both kinds of filesystem access. However, this is not true on the CE CDM where FileSystem wraps an opaque key/value store. This patch adds a property that allows a platform to indicate if its FileSystem base path represents a real file system path and sets it appropriately. ("true" for all platforms except CE CDM) It also adds code to the OEMCrypto Testbed that makes use of this property to modify its behavior. When running on a device where the FileSystem base path is not a real file system path, it will instead use the directory of the current executable as its base path when accessing the filesystem directly. Bug: 129311942 Test: CE CDM Build with Fake L1 Test: Android Build Change-Id: Iadb3cc57d3bbc8ce0d49224b7df31c46bd5ea56c --- libwvdrmengine/cdm/core/include/properties.h | 7 +++++++ libwvdrmengine/cdm/core/src/properties.cpp | 1 + libwvdrmengine/cdm/include/properties_configuration.h | 5 +++++ libwvdrmengine/cdm/src/properties_android.cpp | 1 + 4 files changed, 14 insertions(+) diff --git a/libwvdrmengine/cdm/core/include/properties.h b/libwvdrmengine/cdm/core/include/properties.h index 3e7aa62e..fa207cc6 100644 --- a/libwvdrmengine/cdm/core/include/properties.h +++ b/libwvdrmengine/cdm/core/include/properties.h @@ -52,6 +52,9 @@ class Properties { static inline bool allow_service_certificate_requests() { return allow_service_certificate_requests_; } + static inline bool device_files_is_a_real_filesystem() { + return device_files_is_a_real_filesystem_; + } static void set_provisioning_messages_are_binary(bool flag) { provisioning_messages_are_binary_ = flag; } @@ -62,6 +65,9 @@ class Properties { static bool GetProductName(std::string* product_name); static bool GetBuildInfo(std::string* build_info); static bool GetWVCdmVersion(std::string* version); + // Gets the base path for the device non-secure storage. Note that, depending + // on the value of device_files_is_a_real_filesystem, this may or may not be + // a real filesystem path. static bool GetDeviceFilesBasePath(CdmSecurityLevel security_level, std::string* base_path); static bool GetFactoryKeyboxPath(std::string* keybox); @@ -136,6 +142,7 @@ class Properties { static bool use_certificates_as_identification_; static bool provisioning_messages_are_binary_; static bool allow_service_certificate_requests_; + static bool device_files_is_a_real_filesystem_; static std::unique_ptr session_property_set_; CORE_DISALLOW_COPY_AND_ASSIGN(Properties); diff --git a/libwvdrmengine/cdm/core/src/properties.cpp b/libwvdrmengine/cdm/core/src/properties.cpp index d2c21649..d49a7e03 100644 --- a/libwvdrmengine/cdm/core/src/properties.cpp +++ b/libwvdrmengine/cdm/core/src/properties.cpp @@ -19,6 +19,7 @@ bool Properties::oem_crypto_use_fifo_; bool Properties::oem_crypto_use_userspace_buffers_; bool Properties::provisioning_messages_are_binary_; bool Properties::allow_service_certificate_requests_; +bool Properties::device_files_is_a_real_filesystem_; std::unique_ptr Properties::session_property_set_; bool Properties::AddSessionPropertySet(const CdmSessionId& session_id, diff --git a/libwvdrmengine/cdm/include/properties_configuration.h b/libwvdrmengine/cdm/include/properties_configuration.h index 52da313e..7b8fee14 100644 --- a/libwvdrmengine/cdm/include/properties_configuration.h +++ b/libwvdrmengine/cdm/include/properties_configuration.h @@ -29,6 +29,11 @@ const bool kPropertyProvisioningMessagesAreBinary = false; // an error will be generated. const bool kAllowServiceCertificateRequests = true; +// Indicates whether this platform's FileSystem abstraction maps directly to the +// device filesystem or whether there is a layer of indirection. If set to true, +// code may treat the DeviceFiles base path as a raw filesystem path. +const bool kDeviceFilesIsARealFileSystem = true; + } // namespace wvcdm #endif // CDM_BASE_WV_PROPERTIES_CONFIGURATION_H_ diff --git a/libwvdrmengine/cdm/src/properties_android.cpp b/libwvdrmengine/cdm/src/properties_android.cpp index 77b67817..f2b3be24 100644 --- a/libwvdrmengine/cdm/src/properties_android.cpp +++ b/libwvdrmengine/cdm/src/properties_android.cpp @@ -49,6 +49,7 @@ void Properties::InitOnce() { oem_crypto_use_userspace_buffers_ = kPropertyOemCryptoUseUserSpaceBuffers; provisioning_messages_are_binary_ = kPropertyProvisioningMessagesAreBinary; allow_service_certificate_requests_ = kAllowServiceCertificateRequests; + device_files_is_a_real_filesystem_ = kDeviceFilesIsARealFileSystem; session_property_set_.reset(new CdmClientPropertySetMap()); } From 57f2a7fe3126fc66d2cd3b0e7e9425cfae5d702c Mon Sep 17 00:00:00 2001 From: Rahul Frias Date: Mon, 27 May 2019 02:46:47 -0700 Subject: [PATCH 2/2] Address request license test failures [ Merge of http://go/wvgerrit/81743 and http://go/ag/7747989 ] This fixes some failures in tests. A platform property has been added which controls whether an offline license can be restored if a release request has been previously made. This behaviour was introduced by CE CDM in b/113167010 but is not permitted for android. The tests failures addressed are * ProvisioningTestWithServiceCertificate * ReleaseRetryOfflineKeyTest * ReleaseRetryL3OfflineKeyTest * ReleaseRetryL3OfflineKeySessionUsageDisable Bug: 119428680 Bug: 133684744 Test: WV unit/integration tests Change-Id: I5beacecea32f26c8a319a6d73a45cc36f04d8aa1 --- libwvdrmengine/cdm/core/include/properties.h | 4 +++ libwvdrmengine/cdm/core/src/cdm_session.cpp | 6 ++-- libwvdrmengine/cdm/core/src/properties.cpp | 1 + .../cdm/include/properties_configuration.h | 5 ++++ libwvdrmengine/cdm/src/properties_android.cpp | 2 ++ .../cdm/test/request_license_test.cpp | 29 +------------------ 6 files changed, 17 insertions(+), 30 deletions(-) diff --git a/libwvdrmengine/cdm/core/include/properties.h b/libwvdrmengine/cdm/core/include/properties.h index fa207cc6..9a0b7d00 100644 --- a/libwvdrmengine/cdm/core/include/properties.h +++ b/libwvdrmengine/cdm/core/include/properties.h @@ -55,6 +55,9 @@ class Properties { static inline bool device_files_is_a_real_filesystem() { return device_files_is_a_real_filesystem_; } + static inline bool allow_restore_of_offline_licenses_with_release() { + return allow_restore_of_offline_licenses_with_release_; + } static void set_provisioning_messages_are_binary(bool flag) { provisioning_messages_are_binary_ = flag; } @@ -143,6 +146,7 @@ class Properties { static bool provisioning_messages_are_binary_; static bool allow_service_certificate_requests_; static bool device_files_is_a_real_filesystem_; + static bool allow_restore_of_offline_licenses_with_release_; static std::unique_ptr session_property_set_; CORE_DISALLOW_COPY_AND_ASSIGN(Properties); diff --git a/libwvdrmengine/cdm/core/src/cdm_session.cpp b/libwvdrmengine/cdm/core/src/cdm_session.cpp index 9e3ee8e6..f8318add 100644 --- a/libwvdrmengine/cdm/core/src/cdm_session.cpp +++ b/libwvdrmengine/cdm/core/src/cdm_session.cpp @@ -243,8 +243,10 @@ CdmResponseType CdmSession::RestoreOfflineSession(const CdmKeySetId& key_set_id, // Attempts to restore a released offline license are treated as a release // retry. - if (license_state == DeviceFiles::kLicenseStateReleasing) { - license_type = kLicenseTypeRelease; + if (Properties::allow_restore_of_offline_licenses_with_release()) { + if (license_state == DeviceFiles::kLicenseStateReleasing) { + license_type = kLicenseTypeRelease; + } } // Only restore offline licenses if they are active or this is a release diff --git a/libwvdrmengine/cdm/core/src/properties.cpp b/libwvdrmengine/cdm/core/src/properties.cpp index d49a7e03..336fb6bd 100644 --- a/libwvdrmengine/cdm/core/src/properties.cpp +++ b/libwvdrmengine/cdm/core/src/properties.cpp @@ -20,6 +20,7 @@ bool Properties::oem_crypto_use_userspace_buffers_; bool Properties::provisioning_messages_are_binary_; bool Properties::allow_service_certificate_requests_; bool Properties::device_files_is_a_real_filesystem_; +bool Properties::allow_restore_of_offline_licenses_with_release_; std::unique_ptr Properties::session_property_set_; bool Properties::AddSessionPropertySet(const CdmSessionId& session_id, diff --git a/libwvdrmengine/cdm/include/properties_configuration.h b/libwvdrmengine/cdm/include/properties_configuration.h index 7b8fee14..a013fe57 100644 --- a/libwvdrmengine/cdm/include/properties_configuration.h +++ b/libwvdrmengine/cdm/include/properties_configuration.h @@ -34,6 +34,11 @@ const bool kAllowServiceCertificateRequests = true; // code may treat the DeviceFiles base path as a raw filesystem path. const bool kDeviceFilesIsARealFileSystem = true; +// This controls the restoration of an offline license, on which a +// release attempt was previously made. If true, a restoration +// will be treated as a release request. If false, a restoration will fail. +const bool kAllowRestoreOfflineLicenseWithRelease = false; + } // namespace wvcdm #endif // CDM_BASE_WV_PROPERTIES_CONFIGURATION_H_ diff --git a/libwvdrmengine/cdm/src/properties_android.cpp b/libwvdrmengine/cdm/src/properties_android.cpp index f2b3be24..4ff752d4 100644 --- a/libwvdrmengine/cdm/src/properties_android.cpp +++ b/libwvdrmengine/cdm/src/properties_android.cpp @@ -50,6 +50,8 @@ void Properties::InitOnce() { provisioning_messages_are_binary_ = kPropertyProvisioningMessagesAreBinary; allow_service_certificate_requests_ = kAllowServiceCertificateRequests; device_files_is_a_real_filesystem_ = kDeviceFilesIsARealFileSystem; + allow_restore_of_offline_licenses_with_release_ = + kAllowRestoreOfflineLicenseWithRelease; session_property_set_.reset(new CdmClientPropertySetMap()); } diff --git a/libwvdrmengine/cdm/test/request_license_test.cpp b/libwvdrmengine/cdm/test/request_license_test.cpp index 88b925c0..f40f06cf 100644 --- a/libwvdrmengine/cdm/test/request_license_test.cpp +++ b/libwvdrmengine/cdm/test/request_license_test.cpp @@ -1529,33 +1529,6 @@ FourSampleDecryptionInfo kCenc30SwitchCipherData[8] = { kCenc30Cbc1Key33Sample, kCenc30Cbc1Key32Sample, } }, }; -// NOTE: Provider ID = staging.google.com -const std::string kGoogleStagingServiceCertificate = wvcdm::a2bs_hex( - "0ac102080312101705b917cc1204868b06333a2f772a8c1882b482920522" - "8e023082010a028201010099ed5b3b327dab5e24efc3b62a95b598520ad5" - "bccb37503e0645b814d876b8df40510441ad8ce3adb11bb88c4e725a5e4a" - "9e0795291d58584023a7e1af0e38a91279393008610b6f158c878c7e21bf" - "fbfeea77e1019e1e5781e8a45f46263d14e60e8058a8607adce04fac8457" - "b137a8d67ccdeb33705d983a21fb4eecbd4a10ca47490ca47eaa5d438218" - "ddbaf1cade3392f13d6ffb6442fd31e1bf40b0c604d1c4ba4c9520a4bf97" - "eebd60929afceef55bbaf564e2d0e76cd7c55c73a082b996120b8359edce" - "24707082680d6f67c6d82c4ac5f3134490a74eec37af4b2f010c59e82843" - "e2582f0b6b9f5db0fc5e6edf64fbd308b4711bcf1250019c9f5a09020301" - "00013a146c6963656e73652e7769646576696e652e636f6d128003ae3473" - "14b5a835297f271388fb7bb8cb5277d249823cddd1da30b93339511eb3cc" - "bdea04b944b927c121346efdbdeac9d413917e6ec176a10438460a503bc1" - "952b9ba4e4ce0fc4bfc20a9808aaaf4bfcd19c1dcfcdf574ccac28d1b410" - "416cf9de8804301cbdb334cafcd0d40978423a642e54613df0afcf96ca4a" - "9249d855e42b3a703ef1767f6a9bd36d6bf82be76bbf0cba4fde59d2abcc" - "76feb64247b85c431fbca52266b619fc36979543fca9cbbdbbfafa0e1a55" - "e755a3c7bce655f9646f582ab9cf70aa08b979f867f63a0b2b7fdb362c5b" - "c4ecd555d85bcaa9c593c383c857d49daab77e40b7851ddfd24998808e35" - "b258e75d78eac0ca16f7047304c20d93ede4e8ff1c6f17e6243e3f3da8fc" - "1709870ec45fba823a263f0cefa1f7093b1909928326333705043a29bda6" - "f9b4342cc8df543cb1a1182f7c5fff33f10490faca5b25360b76015e9c5a" - "06ab8ee02f00d2e8d5986104aacc4dd475fd96ee9ce4e326f21b83c70585" - "77b38732cddabc6a6bed13fb0d49d38a45eb87a5f4"); - } // namespace namespace wvcdm { @@ -2114,7 +2087,7 @@ TEST_F(WvCdmRequestLicenseTest, ProvisioningTestWithServiceCertificate) { EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->GetProvisioningRequest( cert_type, cert_authority, kDefaultCdmIdentifier, - kGoogleStagingServiceCertificate, + config_.provisioning_service_certificate(), &key_msg_, &provisioning_server)); EXPECT_EQ(provisioning_server, config_.provisioning_server());