From 48bfaab32ff1142951d80a06660d4e9350c6d77f Mon Sep 17 00:00:00 2001 From: Alex Dale Date: Tue, 7 Mar 2023 13:32:37 -0800 Subject: [PATCH] Add mutex to CdmEngine for use of cert_provisioning_. [ Merge of http://go/wvgerrit/167529 ] [ PoC http://ag/21900113 ] Bug: 258188673 Test: sts-tradefed run sts-dynamic-develop -m StsHostTestCases \ -t android.security.sts.Bug_258188673 Test: GtsMediaTestCases Change-Id: If71a0e7a81f376cf28688a590b6cb9dcea699545 Merged-In: If71a0e7a81f376cf28688a590b6cb9dcea699545 --- libwvdrmengine/cdm/core/include/cdm_engine.h | 2 ++ libwvdrmengine/cdm/core/src/cdm_engine.cpp | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/libwvdrmengine/cdm/core/include/cdm_engine.h b/libwvdrmengine/cdm/core/include/cdm_engine.h index 2bc0a7a8..42366f41 100644 --- a/libwvdrmengine/cdm/core/include/cdm_engine.h +++ b/libwvdrmengine/cdm/core/include/cdm_engine.h @@ -438,6 +438,8 @@ class CdmEngine { CdmSessionMap session_map_; CdmReleaseKeySetMap release_key_sets_; std::unique_ptr cert_provisioning_; + // Lock must be acquired before using |cert_provisioning_|. + std::mutex cert_provisioning_mutex_; wvutil::FileSystem* file_system_; wvutil::Clock clock_; std::string spoid_; diff --git a/libwvdrmengine/cdm/core/src/cdm_engine.cpp b/libwvdrmengine/cdm/core/src/cdm_engine.cpp index d7d4bb58..353cf870 100644 --- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp +++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp @@ -65,7 +65,6 @@ class UsagePropertySet : public CdmClientPropertySet { CdmEngine::CdmEngine(wvutil::FileSystem* file_system, std::shared_ptr metrics) : metrics_(metrics), - cert_provisioning_(), file_system_(file_system), spoid_(EMPTY_SPOID), usage_session_(), @@ -1064,6 +1063,7 @@ CdmResponseType CdmEngine::GetProvisioningRequest( } // TODO(b/141705730): Remove usage entries on provisioning. + std::unique_lock cert_lock(cert_provisioning_mutex_); if (!cert_provisioning_) { cert_provisioning_.reset( new CertificateProvisioning(metrics_->GetCryptoMetrics())); @@ -1093,6 +1093,7 @@ CdmResponseType CdmEngine::HandleProvisioningResponse( std::string* wrapped_key) { LOGI("response_size = %zu, security_level = %s", response.size(), RequestedSecurityLevelToString(requested_security_level)); + std::unique_lock cert_lock(cert_provisioning_mutex_); if (response.empty()) { LOGE("Empty provisioning response"); cert_provisioning_.reset();