File util, generic crypto, and key query

This CL merges several CLs from the widevine repo: http://go/wvgerrit/18012 Add support for querying allowed usage for key. http://go/wvgerrit/17971 Add per-origin storage. http://go/wvgerrit/18152 Add OEMCrypto's generic crypto operations to CDM. http://go/wvgerrit/17911 QueryKeyControlInfo => QueryOemCryptoSessionId Note: numbering in wv_cdm_types.h was added in this CL and will be back ported to wvgerrit in a future CL. Change-Id: Idb9e9a67e94f62f25dc16c5307f75a08b3430b64
2016-09-14 12:44:09 -07:00
parent 24124ea6e3
commit eb3f8b786a
56 changed files with 4632 additions and 2083 deletions
--- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
@@ -15,7 +15,6 @@
 #include "license_protocol.pb.h"
 #include "log.h"
 #include "properties.h"
-#include "scoped_ptr.h"
 #include "string_conversions.h"
 #include "wv_cdm_constants.h"
 #include "wv_cdm_event_listener.h"
@@ -55,11 +54,13 @@ class UsagePropertySet : public CdmClientPropertySet {

 bool CdmEngine::seeded_ = false;

-CdmEngine::CdmEngine()
+CdmEngine::CdmEngine(FileSystem* file_system)
    : cert_provisioning_(NULL),
      cert_provisioning_requested_security_level_(kLevelDefault),
+      file_system_(file_system),
      usage_session_(NULL),
      last_usage_information_update_time_(0) {
+  assert(file_system);
  Properties::Init();
  if (!seeded_) {
    Clock clock;
@@ -79,25 +80,22 @@ CdmEngine::~CdmEngine() {

 CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,
                                       CdmClientPropertySet* property_set,
-                                       const std::string& origin,
                                       const CdmSessionId& forced_session_id,
                                       WvCdmEventListener* event_listener) {
-  return OpenSession(key_system, property_set, origin, event_listener,
+  return OpenSession(key_system, property_set, event_listener,
                     &forced_session_id, NULL);
 }

 CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,
                                       CdmClientPropertySet* property_set,
-                                       const std::string& origin,
                                       WvCdmEventListener* event_listener,
                                       CdmSessionId* session_id) {
-  return OpenSession(key_system, property_set, origin, event_listener,
-                     NULL, session_id);
+  return OpenSession(key_system, property_set, event_listener, NULL,
+                     session_id);
 }

 CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,
                                       CdmClientPropertySet* property_set,
-                                       const std::string& origin,
                                       WvCdmEventListener* event_listener,
                                       const CdmSessionId* forced_session_id,
                                       CdmSessionId* session_id) {
@@ -119,7 +117,8 @@ CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,
    }
  }

-  scoped_ptr<CdmSession> new_session(new CdmSession(origin));
+  scoped_ptr<CdmSession> new_session(new CdmSession(file_system_));
+
  CdmResponseType sts = new_session->Init(property_set, forced_session_id,
                                          event_listener);
  if (sts != NO_ERROR) {
@@ -141,7 +140,7 @@ CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,

 CdmResponseType CdmEngine::OpenKeySetSession(
    const CdmKeySetId& key_set_id, CdmClientPropertySet* property_set,
-    const std::string& origin, WvCdmEventListener* event_listener) {
+    WvCdmEventListener* event_listener) {
  LOGI("CdmEngine::OpenKeySetSession");

  if (key_set_id.empty()) {
@@ -150,9 +149,8 @@ CdmResponseType CdmEngine::OpenKeySetSession(
  }

  CdmSessionId session_id;
-  CdmResponseType sts =
-      OpenSession(KEY_SYSTEM, property_set, origin, event_listener,
-                  NULL /* forced_session_id */, &session_id);
+  CdmResponseType sts = OpenSession(KEY_SYSTEM, property_set, event_listener,
+                                    NULL /* forced_session_id */, &session_id);

  if (sts != NO_ERROR) return sts;

@@ -313,7 +311,9 @@ CdmResponseType CdmEngine::AddKey(const CdmSessionId& session_id,
  }

  CdmResponseType sts = iter->second->AddKey(key_data);
-  *key_set_id = iter->second->key_set_id();
+  if (key_set_id) {
+    *key_set_id = iter->second->key_set_id();
+  }

  switch (sts) {
    case KEY_ADDED:
@@ -425,8 +425,8 @@ CdmResponseType CdmEngine::RenewKey(const CdmSessionId& session_id,
 }

 CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
-                                       const std::string& key,
-                                       std::string* value) {
+                                       const std::string& query_token,
+                                       std::string* query_response) {
  LOGI("CdmEngine::QueryStatus");
  CryptoSession crypto_session;
  if (security_level == kLevel3) {
@@ -434,36 +434,41 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
    if (NO_ERROR != status) return INVALID_QUERY_STATUS;
  }

-  if (key == QUERY_KEY_SECURITY_LEVEL) {
+  if (!query_response) {
+    LOGE("CdmEngine::QueryStatus: no query response destination");
+    return INVALID_PARAMETERS_ENG_6;
+  }
+
+  if (query_token == QUERY_KEY_SECURITY_LEVEL) {
    CdmSecurityLevel security_level = crypto_session.GetSecurityLevel();
    switch (security_level) {
      case kSecurityLevelL1:
-        *value = QUERY_VALUE_SECURITY_LEVEL_L1;
+        *query_response = QUERY_VALUE_SECURITY_LEVEL_L1;
        break;
      case kSecurityLevelL2:
-        *value = QUERY_VALUE_SECURITY_LEVEL_L2;
+        *query_response = QUERY_VALUE_SECURITY_LEVEL_L2;
        break;
      case kSecurityLevelL3:
-        *value = QUERY_VALUE_SECURITY_LEVEL_L3;
+        *query_response = QUERY_VALUE_SECURITY_LEVEL_L3;
        break;
      case kSecurityLevelUninitialized:
      case kSecurityLevelUnknown:
-        *value = QUERY_VALUE_SECURITY_LEVEL_UNKNOWN;
+        *query_response = QUERY_VALUE_SECURITY_LEVEL_UNKNOWN;
        break;
      default:
        LOGW("CdmEngine::QueryStatus: Unknown security level: %d",
             security_level);
        return UNKNOWN_ERROR;
    }
-  } else if (key == QUERY_KEY_DEVICE_ID) {
+  } else if (query_token == QUERY_KEY_DEVICE_ID) {
    std::string deviceId;
    if (!crypto_session.GetDeviceUniqueId(&deviceId)) {
      LOGW("CdmEngine::QueryStatus: GetDeviceUniqueId failed");
      return UNKNOWN_ERROR;
    }

-    *value = deviceId;
-  } else if (key == QUERY_KEY_SYSTEM_ID) {
+    *query_response = deviceId;
+  } else if (query_token == QUERY_KEY_SYSTEM_ID) {
    uint32_t system_id;
    if (!crypto_session.GetSystemId(&system_id)) {
      LOGW("CdmEngine::QueryStatus: GetSystemId failed");
@@ -472,35 +477,36 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,

    std::ostringstream system_id_stream;
    system_id_stream << system_id;
-    *value = system_id_stream.str();
-  } else if (key == QUERY_KEY_PROVISIONING_ID) {
+    *query_response = system_id_stream.str();
+  } else if (query_token == QUERY_KEY_PROVISIONING_ID) {
    std::string provisioning_id;
    if (!crypto_session.GetProvisioningId(&provisioning_id)) {
      LOGW("CdmEngine::QueryStatus: GetProvisioningId failed");
      return UNKNOWN_ERROR;
    }

-    *value = provisioning_id;
-  } else if (key == QUERY_KEY_CURRENT_HDCP_LEVEL ||
-             key == QUERY_KEY_MAX_HDCP_LEVEL) {
+    *query_response = provisioning_id;
+  } else if (query_token == QUERY_KEY_CURRENT_HDCP_LEVEL ||
+             query_token == QUERY_KEY_MAX_HDCP_LEVEL) {
    CryptoSession::HdcpCapability current_hdcp;
    CryptoSession::HdcpCapability max_hdcp;
    if (!crypto_session.GetHdcpCapabilities(&current_hdcp, &max_hdcp)) {
      LOGW("CdmEngine::QueryStatus: GetHdcpCapabilities failed");
      return UNKNOWN_ERROR;
    }
-
-    *value = MapHdcpVersion(key == QUERY_KEY_CURRENT_HDCP_LEVEL ? current_hdcp
-                                                                : max_hdcp);
-  } else if (key == QUERY_KEY_USAGE_SUPPORT) {
+    *query_response =
+        MapHdcpVersion(query_token == QUERY_KEY_CURRENT_HDCP_LEVEL ?
+                       current_hdcp : max_hdcp);
+  } else if (query_token == QUERY_KEY_USAGE_SUPPORT) {
    bool supports_usage_reporting;
    if (!crypto_session.UsageInformationSupport(&supports_usage_reporting)) {
      LOGW("CdmEngine::QueryStatus: UsageInformationSupport failed");
      return UNKNOWN_ERROR;
    }

-    *value = supports_usage_reporting ? QUERY_VALUE_TRUE : QUERY_VALUE_FALSE;
-  } else if (key == QUERY_KEY_NUMBER_OF_OPEN_SESSIONS) {
+    *query_response =
+        supports_usage_reporting ? QUERY_VALUE_TRUE : QUERY_VALUE_FALSE;
+  } else if (query_token == QUERY_KEY_NUMBER_OF_OPEN_SESSIONS) {
    size_t number_of_open_sessions;
    if (!crypto_session.GetNumberOfOpenSessions(&number_of_open_sessions)) {
      LOGW("CdmEngine::QueryStatus: GetNumberOfOpenSessions failed");
@@ -509,8 +515,8 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,

    std::ostringstream open_sessions_stream;
    open_sessions_stream << number_of_open_sessions;
-    *value = open_sessions_stream.str();
-  } else if (key == QUERY_KEY_MAX_NUMBER_OF_SESSIONS) {
+    *query_response = open_sessions_stream.str();
+  } else if (query_token == QUERY_KEY_MAX_NUMBER_OF_SESSIONS) {
    size_t maximum_number_of_sessions;
    if (!crypto_session.GetMaxNumberOfSessions(&maximum_number_of_sessions)) {
      LOGW("CdmEngine::QueryStatus: GetMaxNumberOfOpenSessions failed");
@@ -519,8 +525,8 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,

    std::ostringstream max_sessions_stream;
    max_sessions_stream << maximum_number_of_sessions;
-    *value = max_sessions_stream.str();
-  } else if (key == QUERY_KEY_OEMCRYPTO_API_VERSION) {
+    *query_response = max_sessions_stream.str();
+  } else if (query_token == QUERY_KEY_OEMCRYPTO_API_VERSION) {
    uint32_t api_version;
    if (!crypto_session.GetApiVersion(&api_version)) {
      LOGW("CdmEngine::QueryStatus: GetApiVersion failed");
@@ -529,10 +535,10 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,

    std::ostringstream api_version_stream;
    api_version_stream << api_version;
-    *value = api_version_stream.str();
+    *query_response = api_version_stream.str();
  } else {
-    LOGW("CdmEngine::QueryStatus: Unknown status requested, key = %s",
-         key.c_str());
+    LOGW("CdmEngine::QueryStatus: Unknown status requested, token = %s",
+         query_token.c_str());
    return INVALID_QUERY_KEY;
  }

@@ -540,7 +546,7 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
 }

 CdmResponseType CdmEngine::QuerySessionStatus(const CdmSessionId& session_id,
-                                              CdmQueryMap* key_info) {
+                                              CdmQueryMap* query_response) {
  LOGI("CdmEngine::QuerySessionStatus");
  CdmSessionMap::iterator iter = sessions_.find(session_id);
  if (iter == sessions_.end()) {
@@ -548,7 +554,7 @@ CdmResponseType CdmEngine::QuerySessionStatus(const CdmSessionId& session_id,
         session_id.c_str());
    return SESSION_NOT_FOUND_8;
  }
-  return iter->second->QueryStatus(key_info);
+  return iter->second->QueryStatus(query_response);
 }

 bool CdmEngine::IsReleaseSession(const CdmSessionId& session_id) {
@@ -574,7 +580,7 @@ bool CdmEngine::IsOfflineSession(const CdmSessionId& session_id) {
 }

 CdmResponseType CdmEngine::QueryKeyStatus(const CdmSessionId& session_id,
-                                          CdmQueryMap* key_info) {
+                                          CdmQueryMap* query_response) {
  LOGI("CdmEngine::QueryKeyStatus");
  CdmSessionMap::iterator iter = sessions_.find(session_id);
  if (iter == sessions_.end()) {
@@ -582,19 +588,72 @@ CdmResponseType CdmEngine::QueryKeyStatus(const CdmSessionId& session_id,
         session_id.c_str());
    return SESSION_NOT_FOUND_9;
  }
-  return iter->second->QueryKeyStatus(key_info);
+  return iter->second->QueryKeyStatus(query_response);
 }

-CdmResponseType CdmEngine::QueryKeyControlInfo(const CdmSessionId& session_id,
-                                               CdmQueryMap* key_info) {
-  LOGI("CdmEngine::QueryKeyControlInfo");
+CdmResponseType CdmEngine::QueryKeyAllowedUsage(const CdmSessionId& session_id,
+                                                const std::string& key_id,
+                                                CdmKeyAllowedUsage* key_usage) {
+  LOGI("CdmEngine::QueryKeyAllowedUsage");
+  if (!key_usage) {
+    LOGE("CdmEngine::QueryKeyAllowedUsage: no response destination");
+    return INVALID_PARAMETERS_ENG_12;
+  }
  CdmSessionMap::iterator iter = sessions_.find(session_id);
  if (iter == sessions_.end()) {
-    LOGE("CdmEngine::QueryKeyControlInfo: session_id not found = %s",
+    LOGE("CdmEngine::QueryKeyAllowedUsage: session_id not found = %s",
+         session_id.c_str());
+    return SESSION_NOT_FOUND_12;
+  }
+  return iter->second->QueryKeyAllowedUsage(key_id, key_usage);
+}
+
+CdmResponseType CdmEngine::QueryKeyAllowedUsage(const std::string& key_id,
+                                                CdmKeyAllowedUsage* key_usage) {
+  LOGI("CdmEngine::QueryKeyAllowedUsage (all sessions)");
+  CdmResponseType session_sts;
+  CdmKeyAllowedUsage found_in_this_session;
+  bool found = false;
+  if (!key_usage) {
+    LOGE("CdmEngine::QueryKeyAllowedUsage: no response destination");
+    return INVALID_PARAMETERS_ENG_7;
+  }
+  key_usage->Clear();
+  for (CdmSessionMap::iterator iter = sessions_.begin();
+       iter != sessions_.end(); ++iter) {
+    session_sts = iter->second->QueryKeyAllowedUsage(key_id,
+                                                     &found_in_this_session);
+    if (session_sts == NO_ERROR) {
+      if (found) {
+        // Found another key. If usage settings do not match, fail.
+        if (!key_usage->Equals(found_in_this_session)) {
+          key_usage->Clear();
+          return KEY_CONFLICT_1;
+        }
+      } else {
+        *key_usage = found_in_this_session;
+        found = true;
+      }
+    } else if (session_sts != KEY_NOT_FOUND_1) {
+      LOGE("CdmEngine::QueryKeyAllowedUsage (all sessions) FAILED = %d",
+           session_sts);
+      key_usage->Clear();
+      return session_sts;
+    }
+  }
+  return (found) ? NO_ERROR : KEY_NOT_FOUND_2;
+}
+
+CdmResponseType CdmEngine::QueryOemCryptoSessionId(
+    const CdmSessionId& session_id, CdmQueryMap* query_response) {
+  LOGI("CdmEngine::QueryOemCryptoSessionId");
+  CdmSessionMap::iterator iter = sessions_.find(session_id);
+  if (iter == sessions_.end()) {
+    LOGE("CdmEngine::QueryOemCryptoSessionId: session_id not found = %s",
         session_id.c_str());
    return SESSION_NOT_FOUND_10;
  }
-  return iter->second->QueryKeyControlInfo(key_info);
+  return iter->second->QueryOemCryptoSessionId(query_response);
 }

 /*
@@ -606,8 +665,7 @@ CdmResponseType CdmEngine::QueryKeyControlInfo(const CdmSessionId& session_id,
 */
 CdmResponseType CdmEngine::GetProvisioningRequest(
    CdmCertificateType cert_type, const std::string& cert_authority,
-    const std::string& origin, CdmProvisioningRequest* request,
-    std::string* default_url) {
+    CdmProvisioningRequest* request, std::string* default_url) {
  if (!request) {
    LOGE("CdmEngine::GetProvisioningRequest: invalid output parameters");
    return INVALID_PROVISIONING_REQUEST_PARAM_1;
@@ -624,7 +682,7 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
  }
  CdmResponseType ret = cert_provisioning_->GetProvisioningRequest(
      cert_provisioning_requested_security_level_, cert_type, cert_authority,
-      origin, request, default_url);
+      file_system_->origin(), request, default_url);
  if (ret != NO_ERROR) {
    cert_provisioning_.reset(NULL);  // Release resources.
  }
@@ -639,8 +697,8 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
 * Returns NO_ERROR for success and  CdmResponseType error code if fails.
 */
 CdmResponseType CdmEngine::HandleProvisioningResponse(
-    const std::string& origin, const CdmProvisioningResponse& response,
-    std::string* cert, std::string* wrapped_key) {
+    const CdmProvisioningResponse& response, std::string* cert,
+    std::string* wrapped_key) {
  if (response.empty()) {
    LOGE("CdmEngine::HandleProvisioningResponse: Empty provisioning response.");
    cert_provisioning_.reset(NULL);
@@ -672,7 +730,7 @@ CdmResponseType CdmEngine::HandleProvisioningResponse(
      return EMPTY_PROVISIONING_CERTIFICATE_2;
    }
    CdmSecurityLevel security_level = crypto_session.GetSecurityLevel();
-    if (!IsProvisioned(security_level, origin)) {
+    if (!IsProvisioned(security_level)) {
      LOGE(
          "CdmEngine::HandleProvisioningResponse: provisioning object "
          "missing.");
@@ -682,7 +740,7 @@ CdmResponseType CdmEngine::HandleProvisioningResponse(
  }

  CdmResponseType ret = cert_provisioning_->HandleProvisioningResponse(
-      origin, response, cert, wrapped_key);
+      file_system_, response, cert, wrapped_key);
  // Release resources only on success. It is possible that a provisioning
  // attempt was made after this one was requested but before the response was
  // received, which will cause this attempt to fail. Not releasing will
@@ -691,28 +749,25 @@ CdmResponseType CdmEngine::HandleProvisioningResponse(
  return ret;
 }

-bool CdmEngine::IsProvisioned(CdmSecurityLevel security_level,
-                              const std::string& origin) {
-  DeviceFiles handle;
+bool CdmEngine::IsProvisioned(CdmSecurityLevel security_level) {
+  DeviceFiles handle(file_system_);
  if (!handle.Init(security_level)) {
    LOGE("CdmEngine::IsProvisioned: unable to initialize device files");
    return false;
  }
-  return handle.HasCertificate(origin);
+  return handle.HasCertificate();
 }

-CdmResponseType CdmEngine::Unprovision(CdmSecurityLevel security_level,
-                                       const std::string& origin) {
-  DeviceFiles handle;
+CdmResponseType CdmEngine::Unprovision(CdmSecurityLevel security_level) {
+  DeviceFiles handle(file_system_);
  if (!handle.Init(security_level)) {
    LOGE("CdmEngine::Unprovision: unable to initialize device files");
    return UNPROVISION_ERROR_1;
  }

-  if (origin != EMPTY_ORIGIN) {
-    if (!handle.RemoveCertificate(origin)) {
-      LOGE("CdmEngine::Unprovision: unable to delete certificate for origin %s",
-           origin.c_str());
+  if (!file_system_->origin().empty()) {
+    if (!handle.RemoveCertificate()) {
+      LOGE("CdmEngine::Unprovision: unable to delete certificate");
      return UNPROVISION_ERROR_2;
    }
    return NO_ERROR;
@@ -743,15 +798,19 @@ CdmResponseType CdmEngine::GetUsageInfo(const std::string& app_id,
  if (NULL == usage_property_set_.get()) {
    usage_property_set_.reset(new UsagePropertySet());
  }
+  if (!usage_info) {
+    LOGE("CdmEngine::GetUsageInfo: no usage info destination");
+    return INVALID_PARAMETERS_ENG_8;
+  }
  usage_property_set_->set_security_level(kLevelDefault);
  usage_property_set_->set_app_id(app_id);
-  usage_session_.reset(new CdmSession(EMPTY_ORIGIN));
+  usage_session_.reset(new CdmSession(file_system_));
  CdmResponseType status = usage_session_->Init(usage_property_set_.get());
  if (NO_ERROR != status) {
    LOGE("CdmEngine::GetUsageInfo: session init error");
    return status;
  }
-  DeviceFiles handle;
+  DeviceFiles handle(file_system_);
  if (!handle.Init(usage_session_->GetSecurityLevel())) {
    LOGE("CdmEngine::GetUsageInfo: device file init error");
    return GET_USAGE_INFO_ERROR_1;
@@ -763,7 +822,7 @@ CdmResponseType CdmEngine::GetUsageInfo(const std::string& app_id,
                                &license_response)) {
    usage_property_set_->set_security_level(kLevel3);
    usage_property_set_->set_app_id(app_id);
-    usage_session_.reset(new CdmSession(EMPTY_ORIGIN));
+    usage_session_.reset(new CdmSession(file_system_));
    status = usage_session_->Init(usage_property_set_.get());
    if (NO_ERROR != status) {
      LOGE("CdmEngine::GetUsageInfo: session init error");
@@ -808,6 +867,10 @@ CdmResponseType CdmEngine::GetUsageInfo(const std::string& app_id,
  // Return a random usage report from a random security level
  SecurityLevel security_level = ((rand() % 2) == 0) ? kLevelDefault : kLevel3;
  CdmResponseType status = UNKNOWN_ERROR;
+  if (!usage_info) {
+    LOGE("CdmEngine::GetUsageInfo: no usage info destination");
+    return INVALID_PARAMETERS_ENG_9;
+  }
  do {
    status = GetUsageInfo(app_id, security_level, usage_info);

@@ -833,7 +896,7 @@ CdmResponseType CdmEngine::GetUsageInfo(const std::string& app_id,
  usage_property_set_->set_security_level(requested_security_level);
  usage_property_set_->set_app_id(app_id);

-  usage_session_.reset(new CdmSession(EMPTY_ORIGIN));
+  usage_session_.reset(new CdmSession(file_system_));

  CdmResponseType status = usage_session_->Init(usage_property_set_.get());
  if (NO_ERROR != status) {
@@ -841,7 +904,7 @@ CdmResponseType CdmEngine::GetUsageInfo(const std::string& app_id,
    return status;
  }

-  DeviceFiles handle;
+  DeviceFiles handle(file_system_);
  if (!handle.Init(usage_session_->GetSecurityLevel())) {
    LOGE("CdmEngine::GetUsageInfo: unable to initialize device files");
    return GET_USAGE_INFO_ERROR_3;
@@ -853,12 +916,15 @@ CdmResponseType CdmEngine::GetUsageInfo(const std::string& app_id,
    return GET_USAGE_INFO_ERROR_4;
  }

+  if (!usage_info) {
+    LOGE("CdmEngine::GetUsageInfo: no usage info destination");
+    return INVALID_PARAMETERS_ENG_10;
+  }
  if (0 == license_info.size()) {
    usage_info->resize(0);
    return NO_ERROR;
  }

-  std::string server_url;
  usage_info->resize(kUsageReportsPerRequest);

  uint32_t index = rand() % license_info.size();
@@ -901,7 +967,7 @@ CdmResponseType CdmEngine::ReleaseAllUsageInfo(const std::string& app_id) {

  CdmResponseType status = NO_ERROR;
  for (int j = kSecurityLevelL1; j < kSecurityLevelUnknown; ++j) {
-    DeviceFiles handle;
+    DeviceFiles handle(file_system_);
    if (handle.Init(static_cast<CdmSecurityLevel>(j))) {
      std::vector<std::string> provider_session_tokens;
      if (!handle.DeleteAllUsageInfoForApp(app_id, &provider_session_tokens)) {
@@ -914,7 +980,7 @@ CdmResponseType CdmEngine::ReleaseAllUsageInfo(const std::string& app_id) {
                ? kLevel3
                : kLevelDefault;
        usage_property_set_->set_security_level(security_level);
-        usage_session_.reset(new CdmSession(EMPTY_ORIGIN));
+        usage_session_.reset(new CdmSession(file_system_));
        usage_session_->Init(usage_property_set_.get());
        CdmResponseType status2 = usage_session_->
            DeleteMultipleUsageInformation(provider_session_tokens);
@@ -966,7 +1032,12 @@ CdmResponseType CdmEngine::LoadUsageSession(const CdmKeySetId& key_set_id,
    return SESSION_NOT_FOUND_11;
  }

-  DeviceFiles handle;
+  if (!release_message) {
+    LOGE("CdmEngine::LoadUsageSession: no release message destination");
+    return INVALID_PARAMETERS_ENG_11;
+  }
+
+  DeviceFiles handle(file_system_);
  if (!handle.Init(iter->second->GetSecurityLevel())) {
    LOGE("CdmEngine::LoadUsageSession: unable to initialize device files");
    return LOAD_USAGE_INFO_FILE_ERROR;
@@ -1061,6 +1132,61 @@ CdmResponseType CdmEngine::Decrypt(const CdmSessionId& session_id,
  return session_iter->second->Decrypt(parameters);
 }

+CdmResponseType CdmEngine::GenericEncrypt(
+      const std::string& session_id, const std::string& in_buffer,
+      const std::string& key_id, const std::string& iv,
+      CdmEncryptionAlgorithm algorithm, std::string* out_buffer) {
+  CdmSessionMap::iterator iter = sessions_.find(session_id);
+  if (iter == sessions_.end()) {
+    LOGE("CdmEngine::GenericEncrypt: session_id not found = %s ",
+         session_id.c_str());
+    return SESSION_NOT_FOUND_13;
+  }
+  return iter->second->GenericEncrypt(in_buffer, key_id, iv, algorithm,
+                                      out_buffer);
+}
+
+CdmResponseType CdmEngine::GenericDecrypt(
+      const std::string& session_id, const std::string& in_buffer,
+      const std::string& key_id, const std::string& iv,
+      CdmEncryptionAlgorithm algorithm,
+      std::string* out_buffer) {
+  CdmSessionMap::iterator iter = sessions_.find(session_id);
+  if (iter == sessions_.end()) {
+    LOGE("CdmEngine::GenericDecrypt: session_id not found = %s ",
+         session_id.c_str());
+    return SESSION_NOT_FOUND_14;
+  }
+  return iter->second->GenericDecrypt(in_buffer, key_id, iv, algorithm,
+                                      out_buffer);
+}
+
+CdmResponseType CdmEngine::GenericSign(
+    const std::string& session_id, const std::string& message,
+    const std::string& key_id, CdmSigningAlgorithm algorithm,
+    std::string* signature) {
+  CdmSessionMap::iterator iter = sessions_.find(session_id);
+  if (iter == sessions_.end()) {
+    LOGE("CdmEngine::GenericSign: session_id not found = %s ",
+         session_id.c_str());
+    return SESSION_NOT_FOUND_15;
+  }
+  return iter->second->GenericSign(message, key_id, algorithm, signature);
+}
+
+CdmResponseType CdmEngine::GenericVerify(
+    const std::string& session_id, const std::string& message,
+    const std::string& key_id, CdmSigningAlgorithm algorithm,
+    const std::string& signature) {
+  CdmSessionMap::iterator iter = sessions_.find(session_id);
+  if (iter == sessions_.end()) {
+    LOGE("CdmEngine::GenericVerify: session_id not found = %s ",
+         session_id.c_str());
+    return SESSION_NOT_FOUND_16;
+  }
+  return iter->second->GenericVerify(message, key_id, algorithm, signature);
+}
+
 bool CdmEngine::IsKeyLoaded(const KeyId& key_id) {
  for (CdmSessionMap::iterator iter = sessions_.begin();
       iter != sessions_.end(); ++iter) {
@@ -1083,7 +1209,8 @@ bool CdmEngine::FindSessionForKey(const KeyId& key_id,

  CdmSessionMap::iterator session_iter = sessions_.end();
  int64_t seconds_remaining = 0;
-  for (CdmSessionMap::iterator iter = sessions_.begin(); iter != sessions_.end(); ++iter) {
+  for (CdmSessionMap::iterator iter = sessions_.begin();
+       iter != sessions_.end(); ++iter) {
    CdmSessionId local_session_id = iter->second->session_id();
    if (Properties::GetSessionSharingId(local_session_id) ==
        session_sharing_id) {
@@ -1196,9 +1323,8 @@ void CdmEngine::DeleteAllUsageReportsUponFactoryReset() {
  Properties::GetDeviceFilesBasePath(kSecurityLevelL3,
                                     &device_base_path_level3);

-  File file;
-  if (!file.Exists(device_base_path_level1) &&
-      !file.Exists(device_base_path_level3)) {
+  if (!file_system_->Exists(device_base_path_level1) &&
+      !file_system_->Exists(device_base_path_level3)) {
    scoped_ptr<CryptoSession> crypto_session(new CryptoSession());
    CdmResponseType status = crypto_session->Open(
        cert_provisioning_requested_security_level_);