Make change and version bump to AV1A.240603.001

Snap for 11919749 from faa07f65f8 to vic-widevine-partner-release

Change-Id: I85e66acee5a394aa7f88f8db9c9f5e97caa9d0f6

libwvdrmengine/aconfig/Android.bp

@@ -15,6 +15,7 @@
 aconfig_declarations {
     name: "wv_media_drm_flags",
     package: "com.android.mediadrm.widevine.flags",
+    container: "vendor",
     srcs: [
         "wv_media_drm_flags.aconfig",
     ],

libwvdrmengine/aconfig/wv_media_drm_flags.aconfig

@@ -1,4 +1,5 @@
 package: "com.android.mediadrm.widevine.flags"
+container: "vendor"
 
 flag {
   name: "update_cdm_version_to_18_0_2"

libwvdrmengine/cdm/core/test/cdm_engine_test.cpp

@@ -191,7 +191,6 @@ class WvCdmEngineTest : public WvCdmEnginePreProvTest {
     EXPECT_EQ(KEY_MESSAGE, result);
 
     key_msg_ = request.message;
-    server_url_ = request.url;
   }
 
   std::string GetKeyRequestResponse(const std::string& server_url,
@@ -295,8 +294,6 @@ class WvCdmEngineTest : public WvCdmEnginePreProvTest {
         << "Expected request type " << key_request_type << " was not found. "
         << "metrics: " << wvutil::b2a_hex(serialized_metrics);
   }
-
-  std::string server_url_;
 };
 
 // Tests to validate service certificate
@@ -401,22 +398,15 @@ TEST_F(WvCdmEngineTest, LoadKey) {
 // command line.
 TEST_F(WvCdmEngineTest, LicenseRenewalSpecifiedServer) {
   EnsureProvisioned();
-  GenerateKeyRequest(binary_key_id(), kCencMimeType);
-  VerifyNewKeyResponse(config_.license_server(), config_.client_auth());
-
-  GenerateRenewalRequest();
-  if (!server_url_.empty()) {
-    // If the license server put a URL for the renewal in the license, we should
-    // be able to verify the renewal against that server.
-    VerifyRenewalKeyResponse(server_url_, config_.client_auth());
-  } else {
-    // If the license server did not give us a URL, we won't verify it.
-    LOGE("License server did not set renewal URL. license_url=%s.",
-         config_.license_server().c_str());
-    // This is OK when you are using a local, debug, license server, but it
-    // should NOT happen if using UAT or UAT nightly.
-    EXPECT_EQ(std::string::npos, config_.license_server().find("proxy.uat"));
-  }
+  LicenseHolder holder("CDM_SpecifyRenewalUrl", &cdm_engine_, config_);
+  ASSERT_NO_FATAL_FAILURE(holder.OpenSession());
+  ASSERT_NO_FATAL_FAILURE(holder.FetchLicense());
+  ASSERT_NO_FATAL_FAILURE(holder.LoadLicense());
+  CdmKeyRequest request;
+  const CdmResponseType result =
+      cdm_engine_.GenerateRenewalRequest(holder.session_id(), &request);
+  ASSERT_EQ(KEY_MESSAGE, result);
+  EXPECT_EQ(request.url, "url_as_specified_in_integration_console");
 }
 
 // This test generates a renewal and then requests it from the server specified

libwvdrmengine/cdm/core/test/license_holder.cpp

@@ -183,10 +183,13 @@ CdmResponseType LicenseHolder::DecryptClearLead(const std::string& key_id) {
   const std::vector<uint8_t> iv(KEY_IV_SIZE, 0);
   CdmDecryptionParametersV16 params(key_id);
   params.is_secure = false;
-  CdmDecryptionSample sample(input.data(), output.data(), 0, input.size(), iv);
+  CdmDecryptionSample sample1(input.data(), output.data(), 0, input.size(), iv);
+  CdmDecryptionSample sample2(input.data(), output.data(), 0, input.size(), iv);
   CdmDecryptionSubsample subsample(input.size(), 0);
-  sample.subsamples.push_back(subsample);
-  params.samples.push_back(sample);
+  sample1.subsamples.push_back(subsample);
+  sample2.subsamples.push_back(subsample);
+  params.samples.push_back(sample1);
+  params.samples.push_back(sample2);
   return cdm_engine_->DecryptV16(session_id_, params);
 }
 

libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp

@@ -159,10 +159,12 @@ HdcpLevel mapHdcpLevel(const std::string& level) {
   }
 }
 
-bool isRootOrShell() {
-  const uid_t AID_ROOT = 0, AID_SHELL = 2000;
+bool isCsrAccessAllowed() {
+  const uid_t AID_ROOT   = 0;
+  const uid_t AID_SYSTEM = 1000;
+  const uid_t AID_SHELL  = 2000;
   const uid_t uid = AIBinder_getCallingUid();
-  return (uid == AID_ROOT || uid == AID_SHELL);
+  return (uid == AID_ROOT || uid == AID_SYSTEM || uid == AID_SHELL);
 }
 
 bool IsAtscKeySetId(const CdmKeySetId& keySetId) {
@@ -1282,7 +1284,7 @@ static WvStatus getDeviceSignedCsrPayload(
         value = StrToVector(serialized_metrics);
       }
     }
-  } else if (name == "bootCertificateChain" && isRootOrShell()) {
+  } else if (name == "bootCertificateChain" && isCsrAccessAllowed()) {
     std::string boot_certificate_chain;
     CdmResponseType res = mCDM->QueryStatus(
         wvcdm::kLevelDefault, wvcdm::QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN,
@@ -1294,7 +1296,7 @@ static WvStatus getDeviceSignedCsrPayload(
     } else {
       value = StrToVector(boot_certificate_chain);
     }
-  } else if (name == "verifiedDeviceInfo" && isRootOrShell()) {
+  } else if (name == "verifiedDeviceInfo" && isCsrAccessAllowed()) {
     std::string verified_device_info;
     CdmResponseType res = mCDM->QueryStatus(wvcdm::kLevelDefault,
                                             wvcdm::QUERY_KEY_DEVICE_INFORMATION,
@@ -1306,7 +1308,7 @@ static WvStatus getDeviceSignedCsrPayload(
     } else {
       value = StrToVector(verified_device_info);
     }
-  } else if (name == "deviceSignedCsrPayload" && isRootOrShell()) {
+  } else if (name == "deviceSignedCsrPayload" && isCsrAccessAllowed()) {
     std::string signed_csr_payload;
     status =
         getDeviceSignedCsrPayload(mCDM, mCertificateSigningRequestChallenge,
@@ -1508,10 +1510,10 @@ static WvStatus getDeviceSignedCsrPayload(
     } else {
       return toNdkScopedAStatus(Status::BAD_VALUE);
     }
-  } else if (name == "certificateSigningRequestChallenge" && isRootOrShell()) {
+  } else if (name == "certificateSigningRequestChallenge" && isCsrAccessAllowed()) {
     mCertificateSigningRequestChallenge =
         std::string(_value.begin(), _value.end());
-  } else if (name == "deviceInfo" && isRootOrShell()) {
+  } else if (name == "deviceInfo" && isCsrAccessAllowed()) {
     mDeviceInfo = std::string(_value.begin(), _value.end());
   } else {
     ALOGE("App set unknown byte array property %s", name.c_str());

libwvdrmengine/version.txt

@@ -1 +1 @@
-AV1A.240515.001
+AV1A.240603.001