[ Merge of http://go/wvgerrit/171310 ]
Offline license not found errors are identified by CdmResponseEnum
347 (KEYSET_ID_NOT_FOUND_4). No addition file system information
is shared.
Checks for file existance use the stat command. The stat call can
return error codes from errno.h when the command fails.
These are now converted into sub error codes and returned along with
the offline license file not found error.
This also includes a change to log stat errors other than
ENOENT (no such file or directory) as a warning rather than verbose.
Bug: 276225520
Test: file_store_unittest, file_utils_unittest, GtsMediaTestCases
Change-Id: Ic09d036549582cd65783b49fa96ffefc4bf562c7
[ Merge of http://go/wvgerrit/170073 ]
Removed the file "error_string_util.cpp" and its header, moving the
OEMCryptoResult to string converter to "wv_cdm_types.cpp". This extra
file served little purpose, and created a dependency on the CDM utils
to the CDM itself.
This is part of the effort to fix the formatting of WV metrics; making
enum-to-string conversion uniform throughout the CDM.
Bug: 239462891
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine -m
Test: Manual testing with Google TV
Change-Id: I4bf95d26b623f5b8fa86bdb2578cbc4ee65125cb
(Merged from http://go/wvgerrit/160042.)
Since we don't have access to std::format yet, this patch adds a
function to wvutil to format text into a std::string.
Bug: 255466913
Test: x86-64
Test: raven
Change-Id: I28043da76af5b4772a29fa7e7241343caf9b54a1
Merge from http://go/wvgerrit/158917
Use go/yamllint as reference and obfuscate portion of output to
run on an online yaml validator.
Sample output: http://go/cl/481370906
Test: Netflix, Play TV and Movies, Youtube
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine
Test: ./build_and_run_all_unit_tests.sh
Bug: 239462891
Change-Id: I1abf1aa50aa25b97b1f6c10995c324d6de04d056
[ Merge of http://go/wvgerrit/155070 ]
These functions are internal utilities and should not be exported from
our library. IIRC, this was added to aid in Windows tests, but this is
no longer needed.
Bug: 236317198
Test: build_and_run_all_unit_tests.sh
Change-Id: I19beb35a15f0f87dc8f968e1dd5302aed9463e54
[ Merge of http://go/wvgerrit/154593 ]
This CL updates the initial time used for reboot tests to be
within the valid range used by OPK. Also, the fake clock is
now synced with every use of the TestHost's clock function.
Also, the OPK's system clock is no longer initialized to 0
because this caused some tests to set initial playback time
to 0. That broke code that assumed a time of 0 mean "never".
I also removed some log spam in the WTPI code.
Bug: 222353528
Bug: 236317198
Change-Id: Ibdbdb2440454b9cf561cd9ec65ca3e40cf5a8d93
[ Merge of http://go/wvgerrit/143630 ]
When we run a test with the fake clock, the clock had been initialized
to the current time, or to 0. This causes a problem for reboot tests
because the clock might go backwards over the reboot. With this
change, we monitor the clock at the end of one reboot pass and
initialize the clock for the next pass based on the previous value.
Bug: 26163469
Test: GtsMediaTestCases on sunfish
Change-Id: Ibd0024f963634382af70553fced38da6e1d857d2
[ Merge of http://go/wvgerrit/143629 ]
The standard b2a_hex only saves about 2k, so we need a special version
that can handle larger strings. This is needed because a license file
is about 7k.
Bug: 194342751
Test: GtsMediaTestCases on sunfish
Change-Id: I6a6ac3f8f4fa6d9cd8a0119fc64fc8f3cc5f3ae8
The interface is defined in
hardware/interfaces/drm/aidl(http://go/ag/15329852).
Test: build
m android.hardware.drm-service.widevine -j128
Test: build_and_run_all_unit_tests.sh
for hidl tests
Test: atest VtsAidlHalDrmTargetTest
Bug: 200055138
Bug: 170964303
Change-Id: If2f2a129914436ba5cef1c46f6cb9415e12c3d1c
(This is a merge of http://go/wvgerrit/134313.)
This patch fixes code that would trigger -Wshorten-64-to-32 by
implicitly narrowing a variable from 64 to 32 bits. There were two cases
of this in string_conversions.cpp:
* The implicit conversions in DecodeBase64Char() were made explicit,
which required going through both a reinterpret_cast and a static_cast
to express fully.
* a2b_hex() now uses size_t for the length, as it probably always should
have.
Bug: 194971260
Test: x86-64 tests
Change-Id: Ib9715b8adecc104f1a056ab0ac5faa5be74e5e54
Because the fake clock is getting out of sync with the real clock
for the nonce flood tests, add a call to TestSleep::SyncFakeClock()
in Clock::GetCurrentTime() to force a sync.
Merged from http://go/wvgerrit/133223
Test: duration_use_case_test and nonce flood tests on bonito
Bug: 198329759
Change-Id: Idfd92c6cc57750a52477189461220c682b302082
Undoes a change to the buffer size from http://ag/13865723
Bug: 184813991
Test: WV unit/integration tests
Change-Id: I40cf786f149626ff65a3362020b3da859bb86159
[ Merge of http://go/wvgerrit/120763 ]
This change introduces additional logging information for files and
file system operations on Android.
File reading and writing will attempt to make sense of |errno| and
log useful information. In the event that the file must be closed,
the file stat will be printed.
Failures in determining the file size will print potential reasons for
the encountered error.
This partly restructures the File interface implementation to use file
descriptors instead of the C standard libraries FILE handle. This is
done to ensure that |errno| is set to an expected value.
This change also introduces the utility functions SafeWrite() and
SafeRead() to handle common, retriable errors.
Bug: 178232354
Test: Android MediaDrm GTS and Android file-based unittests
Change-Id: I15a3c47a271098c9edb4bd9f619ed1a12dca6143
[ Merge of http://go/wvgerrit/119805 ]
This change adds 3 new functions for encoding binary data from a C++
string to a base64 encoded ASCII string.
The CDM and protobuf generated code use C++ strings to store binary
data. These binary strings are commonly converted into a base64
encoded ASCII string for logging and for returning to the app.
This change also cleans up some of the internal components of the
string_conversions library to use several standard library C++11
method.
Bug: 181732604
Test: CE CDM unittests
Change-Id: I547568c6402e011344260f2df2a06e972122ab8a
[ Merge of http://go/wvgerrit/120445 ]
Switch TestHost and FakeClock to use chrono::system_clock (wall time)
rather than chrono::steady_clock (ticks since boot time).
Bug: 183160800
Test: CE CDM tests
Change-Id: I6ef4c02c01ff96453847ee8f42e6037c298866b5
[ Merge of http://go/wvgerrit/120123 ]
DRM certificate creation and expiration times are now validated.
* New DRM (default) certificates will have an expiration time specified
by the provisioning service.
When stored, the client will include the time the certificate was
received. This allows for expiration calculation to occur when client
and provisioning service clocks are out of sync.
When read out, creation, expiration and acquisition times are
validated. The certificate is checked for expiry by making sure
that the time at the client since the license was acquired is not
greater than the expiration period. The time information stored at the
client may be tampered with. The license service will perform an
expiration check and reject the license request if tampered with.
The expiration time may be set to never expires/unlimited. This is not
a valid value for creation or acquisition time.
* Pre-existing (legacy) certificates from upgrading devices will not
have an expiration time set by the provisioning service. Instead
the client will calculate an expiration time 6 months with + or -
a random two month period in the future. This is stored along with the
certificate.
When read out, if no expiration time has been set by the client, one
will be calculated and written out. The certificate will be declared as
valid. If a client calculated expiration time is present, the
certificate will be validated. In case of tampering, the license service
can reject license requests and force reprovisioning when appropriate.
* ATSC certificates will continue to not have an expiration time.
No additional validation is required.
Other changes for non-ATSC licenses involve managing both default and
legacy certificate co-existance. When checking for DRM certificates,
the default certificate is attempted first. This is followed by a check
for the legacy certificate, if the default certificate is not present.
Bug: 169740403
Test: WV unit/integration tests
DeviceFilesTest.StoreCertificateInvalidParams
DeviceFilesTest.RetrieveAtscCertificate
DeviceFilesTest.RetrieveAtscCertificateNotFound
DeviceFilesTest.RetrieveCertificateInvalidParams
DeviceFilesTest.RetrieveLegacyCertificateWithoutExpirationTime
DeviceFilesTest.RetrieveLegacyCertificateWithClientExpirationTime
DeviceFilesTest.RetrieveLegacyExpiredCertificateByClientExpirationTime
DeviceFilesTest.RetrieveLegacyCertificateInvalidClientExpirationTime
DeviceFilesTest.RetrieveCertificateWithoutKeyType
DeviceFilesTest.RetrieveDefaultCertificate
DeviceFilesTest.RetrieveDefaultCertificateNeverExpires
DeviceFilesTest.HasCertificateAtsc
DeviceFilesTest.HasCertificateDefault
DeviceFilesTest.HasCertificateLegacy
DeviceFilesTest.HasCertificateNone
CertificateTest.StoreCertificateTest.DefaultAndLegacy/*
CertificateTest.RetrieveLegacyCertificateTest.ErrorScenarios/*
CertificateTest.RetrieveDefaultCertificateTest.ErrorScenarios/*
Change-Id: I7dbec7555fbd493c1ec61c6bb5d9428a2405b1fd
[ Merge of http://go/wvgerrit/119684 ]
This allows for a default DRM certificate that includes an expiration
time and a legacy one without for each app+origin specific identifier.
Existing offline licenses/secure stops are not associated with a
certificate, and so we cannot delete legacy certificates even after
fetching a new one. New offline licenses/secure stops will be associated
with certificate information, so we will not have this problem going
forward.
Bug: 169740403
Test: WV unit/integration tests
Change-Id: I0f08f6bf98775fd43927243dc4a9f75f21bfbbcc
[ Merge of http://go/wvgerrit/119230 ]
This patch adds an annotation to the one place in the codebase where we
intentionally fall through between switch statement cases, in order to
appease stricter compilers.
Bug: 182058081
Test: compile, WV unit/integration tests
Change-Id: I004a6a6e61681fcf22c6bf25d9b0284b8b64e776
[ Merge of http://go/wvgerrit/119563 ]
This also increases the max log size from 1024 to 5120
Bug: 181642154
Test: WV unit/integration tests
Change-Id: Ifae90354dad1165f4d9fa3c9fe33a4dc14df1270
[ Merge of http://go/wvgerrit/117203 ]
clock_settime isn't available on iOS (even though settimeofday is). But
we can't change the system time on iOS anyway, so this just disallows
iOS.
Bug: 182058081
Test: WV unit/integration tests
Change-Id: I96e5b6634803bd4e6aaf5cc6d64f4441296247d4
[ Merge of http://go/wvgerrit/109144 ]
Because it doesn't help anybody when a buffer overflow test chokes the
logger.
Bug: 182058081
Test: Ran unit tests with verbose logging
Change-Id: Ibcb3379b9eb9bdd94a8959b977e8de32ea116859
This commit is a combination of the following:
* http://go/wvgerrit/117003
* http://go/wvgerrit/118303
Bug: 162255728
Test: MediaDrmTest#testGetLogMessages
Change-Id: I5699b64d5c4bab463e5b587595fa7d324dc1d93f
[ Merge of http://go/wvgerrit/110165 ]
The conditional compilation for flagging the CDM and ODKiTEE logging
functions as printf-like was guarded by a check on "__gnuc__" or
"__clang__". However, GCC doesn't actually define "__gnuc__", it
defines "__GNUC__", all caps. Fixing this causes GCC to find a slew
of format-string errors that Clang was accepting. This patch fixes the
capitalization and the uncovered errors, most of which fall into one of
a few categories:
1) The format string and variable had different signedness. For these,
the format strings are updated to match the variables.
2) The variable was an array index that was not of size_t. For these,
the variables have been updated to be size_t and the format strings
have been updated to use %zu. A few index variables that weren't
actually used in format strings are also fixed to be size_t.
3) The code assumed the signedness of the internal representation of an
integer literal, enum constant, or enum variable. For these, I either
cast the input to a known type so that the format string is valid
regardless of internal representation or I switched to a hexadecimal
format string. The latter case is more useful on ODKiTEE enums where
the literal value is in the code as a 32-bit hexadecimal value
anyway.
This patch also adds missing integer casts to the enum literals in the
ODKiTEE logging header. (These are required for pedantic C99
compatibility when using literal values that do not fit into a 16-bit
integer.)
Bug: 173460694
Test: jenkins/odkitee_ta
Test: build.py x86-64
Change-Id: I244972639a5a6ea0de157eb67e1e0dfa9787ec32
[ Merge of http://go/wvgerrit/108103 ]
The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the cdm, linux, platform, util directory
in addition to some other files.
Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I9a4977fd4c2ad951769b6be84263f81bd0f22678
[ Merge of http://go/wvgerrit/108084 ]
The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the android directory.
Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I0f9e6445e0168ebe85425baeb81371e182e5a39c
(This is a merge of http://go/wvgerrit/107243.)
This code is based on a bug report and patch from Sony.
The TimeRollbackPrevention test was failing when run with CE CDM and the
OEC Ref, although it passed in some other configurations. The cause was
twofold:
1) The test sleep code was not accounting for rollback when calculating
the clock drift, causing incorrect time values to elapse.
2) Fixing the previous exposed a bug in the CE CDM test host where it
did not handle negative time passing correctly.
This patch expands Sony's fix with additional comments and some code
cleanup to try to make the code clearer and more robust against future
errors, particularly in the error-prone TestHost code.
Bug: 169942369
Test: jenkins/ce_cdm_tests
Test: build_and_run_all_unit_tests.sh
Test: x86-64, all CE CDM unit tests
Change-Id: Id52b8c38255f70b04bc2735c4e309fb90992f53e
[ Merge of http://go/wvgerrit/105025 ]
Clang and GCC allow for warnings against the arguments for printf-like
functions (e.i. LOGx). These validate that the format type specified
in the format string match the corresponding argument type.
Most of the time, format specifer errors are benign; hence why they
haven't been seen as an error so far. However, with the enabling of
specifier warnings and the enabling of warnings as errors on certain
platforms, these existing errors need to be addressed.
This CL enables format specifier warnings for most of the Widevine
code, with the OEMCrypto L3 implementation which has a single error
which requires a fix in the haystack code before being fixed in the
Widevine branch.
Strict format string warnings are not enabled for non-LP64 systems.
Bug: 137583127
Test: Compiled for Linux and Android
Change-Id: I051398332d31a20457b86563a90ad8f6d428445f
Merge from Widevine repo of http://go/wvgerrit/100110
The unit test TimeRollbackPrevention was broken for several
reasons. This CL reduces the test to its most basic functionality and
updates it to be compatible with a v16 oemcrypto.
This CL also adjusts the fake clock used by the buildbot to fake
sleeping backwards, so that the TimeRollbackPrevention test can also
be run on the buildbot.
Bug: 155773482
Bug: 79422351
Test: unit tests on buildbot, and on flame w/v16 modmock
Change-Id: I3027018b17b738281989e63ae6b0729757217d05
(This is a merge of http://go/wvgerrit/93829,
http://go/wvgerrit/93830, http://go/wvgerrit/93832,
http://go/wvgerrit/93833, and http://go/wvgerrit/93834 from the
Widevine repo.)
This implements the CDM code changes necessary to take advantage of
Combined Decrypt Calls on OEMCrypto v16. The result of this is that
WVCryptoPlugin is much lighter now because it can pass the full sample
down to the core in one call, but CryptoSession is heavier, as it now
has to handle more complex fallback logic when devices can't handle
multiple subsamples at once.
This patch also removes support for the 'cens' and 'cbc1' schema, which
are being dropped in OEMCrypto v16. This fixes an overflow in the code
for handling those schemas by removing it entirely.
This patch also fixes the "in chunks" legacy decrypt path to use larger
chunk sizes on devices with higher resource rating tiers.
Bug: 135285640
Bug: 123435824
Bug: 138584971
Bug: 139257871
Bug: 78289910
Bug: 149361893
Test: no new CE CDM Unit Test failures
Test: Google Play plays
Test: Netflix plays
Test: no new GTS failures
Change-Id: Ic4952c9fa3bc7fd5ed08698e88254380a7a18514
[ Merge of http://go/wvgerrit/93505 ]
During the merge process there were a few CL comments (ag/10122083)
that were not able to be addressed. Most changes in the CL are
spelling / grammar corrections.
Bug: 148907684
Bug: 141247171
Test: CDM unit tests
Change-Id: I9a8648525bbe5ed319521ebf01741a958ab69ae2
