Prevent usage of client provided address on
non-secure devices spoofed as being secure.
b/23223325
merge of go/wvgerrit/15420 from widevine repo
Change-Id: I1d4f3a652b3d5e78fca508f92005cfa8df5ec6db
Prevent usage of client provided address on
non-secure devices spoofed as being secure.
b/23223325
merge of go/wvgerrit/15420 from widevine repo
Change-Id: I1d4f3a652b3d5e78fca508f92005cfa8df5ec6db
This is a copy of the widevine CL:
https://widevine-internal-review.googlesource.com/#/c/12742/
If a session is closed at the same time as an OnTimerEvent is
processing an event, there could be a race condition between the two
threads. This CL adds a lock that prevents a session from being
removed from the list while the timer is currently processing an
event.
If CloseSession is called while the OnTimerEvent method is active, the
session will be added to a dead list, and deleted when the timer event
has finished.
This CL does not address the main problem in bug 19252886, but
one bugreport, netflix_log_3.txt, indicates there may have been
a problem with the CDM timer.
bug: 19252886
Change-Id: I17190edaeb3eef1295d4d204232cc4262cb5fa9b
Netflix reported that after pulling power while their app is active,
the app isn't able to restart. This is because the license file for
session keys isn't getting synched to disk, so the data is still in
the buffer cache when the device shuts down. Calling fflush and fsync
on the file ensures the data is persisted to disk. fclose alone
doesn't do fsync.
In testing, I also noticed that the license file was being rewritten
every second which is hard on the flash filesystem. The timer thread
was modified to avoid these frequent writes.
Merge of https://widevine-internal-review.googlesource.com/#/c/12431/
from the widevine cdm repo.
bug: 19108207
Change-Id: Ibe81e40a3c1f5d25563523da43fefdccdaa6ddcf
Cherry pick of the widevine change
https://widevine-internal-review.googlesource.com/#/c/12082/
If the level 1 oemcrypto library loads and initializes, but has the
wrong version or does not have a valid keybox, then the level 3
fallback is used. However, in those cases, the level 1 was not
terminated properly. This caused a resource leak on some platforms.
With this CL, in OEMCrypto_Initialize, the level 1 library Terminate
is called if its Initialize was called and the level 1 library will
not be used.
bug: 18755226
Change-Id: I56e7d3349eeebd94f3fa8c4a1f4b21781cc7428b
(cherry picked from commit 62a9cf3cbe)
If a key query occurred before a license was received an UNKNOWN_ERROR was
returned. This now succeeds but returns no information (an empty container).
Also licenses that were already expired when received were not marked as such.
This did not cause violations in playback rules but caused an exception when
they were queried.
[ Merge of https://widevine-internal-review.googlesource.com/#/c/12300
from wv git repo ]
b/18843625
Change-Id: I6990765c15e519ddf203a2fd8f0a130306f090a6
Cherry pick of the widevine change
https://widevine-internal-review.googlesource.com/#/c/12082/
If the level 1 oemcrypto library loads and initializes, but has the
wrong version or does not have a valid keybox, then the level 3
fallback is used. However, in those cases, the level 1 was not
terminated properly. This caused a resource leak on some platforms.
With this CL, in OEMCrypto_Initialize, the level 1 library Terminate
is called if its Initialize was called and the level 1 library will
not be used.
bug: 18755226
Change-Id: I56e7d3349eeebd94f3fa8c4a1f4b21781cc7428b
This CL is a merge of the widevine change
https://widevine-internal-review.googlesource.com/#/c/11881
The function rand() was not available on the mips build used to
generate the level 3 oemcrypto fallback library. This function has
been replaced by the openssl RAND_bytes(), so that compilation may
complete.
New version of library:
libwvdrmengine/level3/mips/libwvlevel3.a NONOB Level3 Library Dec 3 2014 17:11:00
bug: 17288466
Change-Id: Ibe2ae3add4f5830ddc1cce501d76aeb4be5ce926
This is a merge of the Widevine change:
https://widevine-internal-review.googlesource.com/#/c/11871
The level 3 oemcrypto fall back now compiles cleanly on a Fugu, and
passes all unit tests.
New version of library:
libwvdrmengine/level3/x86/libwvlevel3.a Level3 Library Dec 3 2014 13:06:03
bug: 17289103
Change-Id: I677888536dd2ca12e27b5985737e080b69d81477
OEMCrypto may report an HDCP status of "No HDCP device attached/using
local display with secure path". This is not propagated upto
the server as an appropriate HDCP value did not exist in the
license protocol. This has now been added. Netflix has requested that
this be reported.
[ Merge of https://widevine-internal-review.googlesource.com/#/c/11806/
from Widevine cdm repo ]
b/18377309
Change-Id: I3db88c7ab5e79a3c12dbc8a398c4770e14e5ee5c
This is a merge of the widevine change:
https://widevine-internal-review.googlesource.com/#/c/11781
The OEMCrypto did not save the usage table correctly after a key was
loaded and not used.
Also, oemcrypto uses the keybox to verify and sign the usage table.
On library initialization, the usage table was being loaded before the
keybox, so the signature was not verified correctly.
Both these problems have been corrected.
Current Library Version:
arm: Level3 Library Nov 19 2014 16:53:43
bug: 17328418 Can't play pinned content
Change-Id: Ia753e2f47b36433931fbe8dba78939581e647222
Our recommendation to OEMs is that they support a table of at least 50
usage entries in OEMCrypto. If more usage entries are stored, the PSTs get
added to the CDM but are LRU'ed out of the OEMCrypto usage table. When the
CDM queries those usage entries, OEMCrypto will return a
OEMCrypto_ERROR_INVALID_CONTEXT. Rather than return an error and have
MediaDrm throw an exception, CDM should delete this PST and return the
next usage entry, when queried.
[ Merge of https://widevine-internal-review.googlesource.com/#/c/11457/
from Widevine cdm repo ]
b/17994711
Change-Id: I00e3f93000096fb434d94333e22958de795a4bb5
