[ Merge of http://go/wvgerrit/150849 ]
[ Cherry-pick of http://ag/17919183 ]
DeviceFiles uses a static variable for tracking license IDs which
have been reserved by a CDM session before officially storing the
license on the device. This variable was not protected by a mutex,
and a rare race condition would arise, either crashing the service
or getting it stuck in a loop.
This CL adds a mutex for protecting the set of reserved IDs.
Bug: 226555704
Test: device_files_unittest
Change-Id: Icdea88673c76c267b4b7db79697ec52ae8e2581e
[ Merge of http://go/wvgerrit/149389 ]
[ Cherry-pick of http://ag/17511529 ]
When re-initializing OEMCrypto for testing purposes, the
UsageTableHeader must be reset as well. This is to inform future
sessions to load or create a new header before creating new entries.
Bug: 219075437
Test: request_license_test and MediaDrmTests GTS
Change-Id: Ie8bc72bc7ea079d21587e114223fcb67547c756a
[ Merge of http://go/wvgerrit/146329 ]
A rare race condition was found where a key is selected as the session
is closed. This results in a null pointer dereference in
CryptoSession::SelectKey(). Two additional checks have been added to
SelectKey() to prevent this from occuring.
Bug: 217749078
Test: CDM unit tests, atest GtsMediaTestCases
Change-Id: Iec390cc7d1f28ddc18a30a68bc78922ec4fdbb89
Merge from Widevine repo of http://go/wvgerrit/139332
In the OEMCryptoUsageTableTest.VerifyUsageTimes test, move the call to
UpdateUsageEntry to before sleeping.
Bug: 183440648
Change-Id: Ie6c1d064462cd82c20b1eaa2fc1c1bb31b36d04b
[ Merge of http://go/wvgerrit/143370 ]
Devices without a keybox may not have access to a device ID if the OEM
uses the device ID from the keybox as its source of truth. For
devices which have lost their keybox, OEMCrypto_GetDeviceID() was
assumed to return ERROR_KEYBOX_INVALID if that was the case; however,
Qualcomm's implementation was returning ERROR_NO_DEVICEID. Given that
both error codes are appropriate, the CDM has been updated to accept
both as an indication that the device ID cannot be retrieved, and that
the null device ID should be returned.
Bug: 190504842
Bug: 214113125
Test: Manual test
Change-Id: I8fb8a1bddfe895062b707b51fcadffd983adb40e
Merge from Widevine repo of http://go/wvgerrit/142349
If a provisioning request is sent, but no response is loaded, we
should fall back to L3. This covers the case where the OTA request is
malformed and the provisioning server ignores it.
This might happen if the device has a bad KM key.
Test: manual testing
Bug: 210807585
Change-Id: I951241539ace97b668868d5abf8a9811d874fb28
Merge from Widevine repo of http://go/wvgerrit/142150
For an EVT device, without a keybox or with a test keybox, we want it
to fall back to L3. However, when running the unit or integration
tests it should continue running tests with test keybox. This will
allow us to test L1 oemcrypto on an EVT device, while still using an
EVT device for dogfooding video content at the L3 level.
Bug: 210807585
Change-Id: I30c35134239db35bb39f11f75220063181987763
Merge from Widevine repo of http://go/wvgerrit/142149
This CL updates the TestCryptoSession so that it will recover from
initializing without a keybox. This allows unit and integration tests
to be run using a test keybox on a device that does not have any
keybox.
Bug: 161925952
Change-Id: I8639bd733a50ae5af3a7c786347b5a06a9d783ce
Merge from Widevine repo of http://go/wvgerrit/142049
This CL is test only code. A nonce flood was causing the OTA test to
be a little flaky when run on the automatic testing platform Luci.
Bug: 205889158
Change-Id: I4f3e5d8469b899e565c430bd46994e098c5d94e6
[ Merge of http://go/wvgerrit/142089 ]
Qualcomm's implementation of GenerateOTARequest requires an open
session before attempting to generate an OTA keybox request. When
checking for OTA keybox support, the dynamic layer was not opening
a session, getting a different error than expected. Coincidentally,
this would trick the dynamic layer to thinking it was supported, but
hides useful error information.
Bug: 210823889
Test: Android manual testing
Change-Id: I60662d2d9d411c0f999b619d6088aabdba55e2c3
[ Merge of http://go/wvgerrit/141949 ]
If the debug count for ignoring an L1 keybox is still non-zero after
successfully processing an OTA keybox request, the dynamic layer MUST
return a failure to the CDM to keep the CDM and dynamic layer in
agreement that the L1 keybox should continue be treated as invalid.
This will trigger a fallback; but the fallback can be canceled via
the debugging app.
Bug: 210823889
Test: Android manual testing
Change-Id: I75f50ba605d17872c0e8abffc1eee13ff539f01c
Added a test script for developers to run while testing OTA keybox
provisioning. Writes to a special file on a device which alters how
the CDM treats L1's keybox.
Bug: 187646550
Test: Ran set_debug_count.sh
Change-Id: Ie9e2121565cda64cca392144c415e6bcfc024ef4
[ Merge of http://go/wvgerrit/140934 ]
It was assumed that L1 would be tried before first reverting to L3 when
performing OTA keybox provisioning. If an app automatically defaults
to L3, it may get into a provisioning loop if the device wants to
perform keybox provisioning.
Now, OpenSession() will check the security level before suggesting OTA
keybox provisioning back to the app.
Bug: 187646550
Test: Manual tests on Android
Change-Id: Icd8f0915b0cc0d06c545b43bf8c1ccac793ce0b2
[ Cherry-pick of http://ag/16416872 ]
[ Merge of http://go/wvgerrit/140849 ]
The CDM session was incorrectly recording the "license SDK version" as
the "license service version" in the session metrics. This
discrepancy reduces the quality of devices' metrics and limits
debugging capabilities for the Widevine metric monitoring services.
Bug: 193177333
Test: Linux unit tests
Change-Id: Ic58cf7bc4fde777bb590c05777b76f5ff5c2f1ea
(cherry picked from commit 78278c3eb4)
(cherry picked from commit 8aabf20134)
Merge from Widevine repo of http://go/wvgerrit/139336
When pretending we have no keybox, we should also have no system id or
device id. This should reproduce our problem with the test app.
Bug: 206570220
Test: reproduced problem using TestOPK app
Change-Id: I893336ce8e1fd2272f5b511676e1da28654639a7
Merge from Widevine repo of http://go/wvgerrit/139498
If L1 OEMCrypto fails to initialize, we won't try again.
Bug: 206670307
Change-Id: I27474f7a23feeaf3fc58453ddb064e5afb49e117
[ Merge of http://go/wvgerrit/139343 ]
The CDM needs to report a system ID to apps on devices where L1
OEMCrypto implementations that are currently waiting for a new
keybox. A placeholder system ID is now used. This ID cannot be
used for DRM certificate requests or license requests.
Device ID has a similar issue, but it might not effect all devices.
If getting the device ID fails due to a missing keybox, it will
return an empty device ID.
Bug: 206570220
Bug: 205896558
Bug: 205041153
Test: Android unit tests
Change-Id: I04cdac95fd9a22a181b796c3b58f27cfa3ee684c
Merge from Widevine repo of http://go/wvgerrit/139333
This is a workaround for devices that don't have a
keybox installed.
Bug: 206570220
Bug: 205896558
Bug: 205041153
Test: verified device falls back to L3 using TestOKP app
Change-Id: Id929b48ddaa7114a81765095aac536705f69e68c
Merge from Widevine repo of http://go/wvgerrit/135467
The v16 state diagram says that a nonce should be included in all
license requests. The unit tests were not honoring this
requirement. This CL updates the unit tests to match the
spec.
Test: ran unit tests on luci
Bug: 186565384
Change-Id: Ib3e03593538235e2eae3da1732109f0e9bfd97bd
[ Merge of http://go/wvgerrit/138289 and http://go/ag/16210935 ]
Update the android version number test to accept "12" or "12L"
Bug: 205491167
Test: wv unit/integration tests
Change-Id: If11e7c6f3a89263ab78d274aa8d776991d3942e9
[ Merge of http://go/wvgerrit/136432 ]
Once OTA keybox succeeds, the |needs_keybox_provisioning_| flag is
cleared. Access to the system fallback policy is allowed after
provisioning to check status.
Bug: 203177668
Test: ExoPlayer test
Change-Id: I2d28c896c554cfbc9b008340bb415d4c7fac62f2
[ Merge of http://go/wvgerrit/136330 ]
This changes adds a custom debug property for changing the fallback
policy used for the system. Depending on the value set, the device
will either use a "fast" fallback (30 seconds) or "default" fallback
(~1 day with exponential backoff). Setting this property to either
"fast" or "default" will end the current fallback if it has been
triggered.
Bug: 187646550
Test: Android unit tests
Change-Id: I5271f96139c1e468242f7fa742668cc791ffcf91
[ Merge of http://go/wvgerrit/136529 and http://go/ag/15407954 ]
This allows OEMs to raise the priority of the widevine drm service to
help with decrypt performance for high resolution/frame rate content.
Changes in a future version should help reduce the need to raise the
priority.
Change suggested by Amlogic.
Bug: 194152960
Test: GtsMediaTestCases
Change-Id: I04f4258c6fc7391827573037ff8ae1a58922ce6d
[ Merge of http://go/wvgerrit/136329 ]
CDM core has been updated to support very short fallback durations in
the case of failures during OTA keybox provisioning. This is intended
to be used during testing via specialized developer apps or GTS tests.
Bug: 187646550
Test: Android unit tests
Change-Id: I8a75d2e1c404d6caed535b087e8dd29da5c21b83
test: adb reboot while playing netflix and check logcat
to make sure session are closed.
[ Merge of http://go/wvgerrit/133063 ]
bug: 193099676
Change-Id: I375695673b0c366e09fb857f5ae7a9cb6b946779
(cherry picked from commit e28f98cc82)
Merge from Widevine repo of http://go/wvgerrit/135984
If the MediaDrm property string debugIgnoreKeyboxCount is set to 1,
then the keybox will be ignored on the next initialization. This will
force an OTA keybox reprovisioning.
Equivalently, a 1 may be written to the file
L1/debug_ignore_keybox_count.txt.
In order to test a failed reprovisioning step, a value of 2 may be
used.
Bug: 187646550
Change-Id: Ie7d34a8b355398855f4ec43dd95dd73c5907bdeb
Merge from Widevine repo of http://go/wvgerrit/135982
The basic test was failing when using the testbed oemcrypto
because the testbed deletes its keybox on each
initialization. The test would terminate and re-initialize
oemcrypto whenever all the crypto sessions are deleted. This
has been fixed by holding a crypto session alive until the
end of the test.
bug: 187646550
Test: test only code
Change-Id: I48a3771bf5fd4aae8d262b8c7bf42f004d9b9f4c
Merge from Widevine repo of http://go/wvgerrit/134728
This variable was written to, but the value was never read. Newer
compilers would complain about this. This patch removes the unused
variable.
Bug: 202400919
Change-Id: I87cae291d41b18db91a4c4f8a76edb537635db2c
Merge from Widevine repo of http://go/wvgerrit/131308
These tests will be released on the sc-widevine-release branch, but
not as part of the initial Android S release.
Change-Id: I6dae85fe72c6d09759e43c5e40bbc0776b57b089
Merge from Widevine repo of http://go/wvgerrit/131247
test: opk_all_tests with go/wvgerrit/129283
bug: 193817424
Change-Id: I4dac732a7d2dcbbcdac2d9b445dc87ef71a35349
Merge from Widevine repo of http://go/wvgerrit/131305
The OPK tools are choking on non-ASCII characters when running on the
fuzz bots. This patch removes the problem characters from the header.
This brings these curly quotes in-line with the rest of the quotes in
the header.
Bug: 192275441
Change-Id: I9ba57abcd1275663601efc2a9170d7ab6aa4b4b8
Merge from Widevine repo of http://go/wvgerrit/125263
and http://go/wvgerrit/135749
Define a |major.minor| version in the
serialization layer and check for compatibility
between REE and TEE before accepting connections.
bug: 158857733
test: opk_all_tests
Change-Id: Iad44a1f50a27c6bca4959c6d41c9b361712dbde8
