[ Merge of http://go/wvgerrit/208470 ]
The MediaDrm plugin API removeOfflineLicense() would check both
L1 and L3 for the offline license. While this is generally acceptable,
apps might force set L3 via the setStringProperty(), which should
cause the DRM plugin to behave as if it is L3 only.
This change will cause the WVDrmPlugin only remove L3 key set IDs while
in L3 mode. L1 key set IDs in this case will be treated as non-existing.
Bug: 357863269
Bug: 372105842
Test: DRM Compliance ATP via ABTD
Test: libwvdrmdrmplugin_hal_test on Oriole
Change-Id: I81dddbacaee28da6c0a94527b0e390e86f55f81f
(cherry picked from commit 0aa6aad1af)
[ Merge of http://go/wvgerrit/208430 ]
The MediaDrm plugin API getOfflineLicenseKeySetIds() was listing
both L1 and L3 offline licenses. While this is generally acceptable,
apps might force set L3 via the setStringProperty(), which should
cause the DRM plugin to behave as if it is L3 only.
This change will cause the WVDrmPlugin list L3 only if the app had
set the security level to L3.
Bug: 357863269
Bug: 372105842
Test: DRM Compliance ATP via ABTD
Test: libwvdrmdrmplugin_hal_test on Oriole
Change-Id: I1a6e10b7eb880eef4ba36ed31b12ebfe8617f002
(cherry picked from commit 26b888b094)
Plugin to provide getPropertyByteArray("deviceSignedCsrPayload")
which returns the signed CSR payload for device registration. It
queries both BCC and device info to be set in plugin before calling this
getPropertyByteArray("deviceSignedCsrPayload") method. The returned csr
payload will be used by assemble the device CSR by the caller for device
registration.
Bug: 286556950
Test: build WV DRM plugin
Merged from https://widevine-internal-review.googlesource.com/178891
Merged from https://widevine-internal-review.googlesource.com/179731
Change-Id: I65d89ed998dd292fc656af2f91f4472c1b5ec33c
[ Merge of http://go/wvgerrit/173170 ]
This CL updates the Widevine's Android DRM plugin to use the generic
crypto operations provided by CDM core rather than its own
implementation.
Bug: 274984456
Test: atest WvtsDeviceTestCases
Change-Id: I94e1c92c7da577aad5ec43bd3bf0bb380b607b80
Merged from http://go/wvgerrit/164799
Fix race that corrupts mCryptoSessions std::map,
and race that occurs when CryptoSessions are used after free.
Test: poc
Test: atest MediaDrmParameterizedTests
Test: atest GtsMediaTestCases
Bug: 258189255
Change-Id: I298d3e0770ace9cd590dfaacaa4c52a0732c2fe3
[ Merge of http://go/wvgerrit/163900/ ]
ATSC licenses can be saved by calling
MediaDrm#setPropertyString("storeAtscLicense",<value>)
where <value> is
"<atsc-key-set-ID>:<license-file-data in Base64 format>"
Before storing an ATSC license a session must be opened and the
ATSC mode must be enabled.
Use MediaDrm#setPropertyString("atscMode","enable");
Bug: 176871821
Test: WV Unit/integration/Luci tests
Test: libwvdrmdrmplugin_hal_test
Test: GtsMediaTestCases
Change-Id: Iec2a8b7f87b1122395d06856202278b92316fdfe
[ Merge of http://go/wvgerrit/138089 ]
Non-hidl code is no longer needed in the widevine android plugin. By
doing work this cleanup will save the team from having to keep
maintaining code that isn't needed anymore.
Clean up steps taken as follows:
1. Remove non-hidl code but keep commonly used code
2. Remove legacy test code
3. Remove legacy test build and test entry
Bug: 69573078
Bug: 172285246
Test: unit tests, GtsMediaTestCases, CtsMediaDrmTestCases
Change-Id: I75938d69413c631ef6be82da3d885ba173efc581
[ Merge of http://go/wvgerrit/108084 ]
The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the android directory.
Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I0f9e6445e0168ebe85425baeb81371e182e5a39c
[ Merge of http://go/wvgerrit/100864 and http://go/ag/10704773 ]
ATSC 3.0 allows for licenses to be downloaded OTA and are tied to
a DRM certificate that may be shared across apps. The provisioning
process for ATSC may happen at the factory or during an OS update.
This contrasts from the regular OTT model, which requires that
provisioning and license download have an uplink as well as a
downlink connection.
This adds support for the ATSC mode property. ATSC mode can only be
set (or unset) before sessions are opened. Once the CDM identifier is
set/sealed, requests to modify the ATSC mode will be rejected.
If one needs to open sessions with both ATSC mode and regular (non-ATSC)
mode, separate MediaDrm objects will need to be created. The default
mode is to not use ATSC.
Enable ATSC mode by calling
mediaDrm.setPropertyString("atscMode", "enable")
Disable ATSC mode by calling
mediaDrm.setPropertyString("atscMode", "disable")
Provisioning and unprovisioning requests for ATSC will be rejected as
certificates will be retrieved by the ATSC service.
Bug: 139730600
Test: WV unit/integration test, GtsMediaTestCases
Change-Id: I142f286c711fe007ff42125c3c8cdc6450b6ea36
[ Merge of http://go/wvgerrit/68083 ]
Add ability to query decrypt hash support, set a hash computed over a frame
and retrieve the last error at a later point.
Bug: 34080802
Test: WV unit/integration tests. New tests added to cdm_engine_test,
libwvdrmdrmplugin_hidl_test and request_license_test.
Change-Id: I7548c8798c873a6af3e1cfc0df57c117e1e474a6
[ Merge of http://go/wvgerrit/48400 ]
Client identification information has recently been enabled in
provisioning messages. For privacy concerns this information
is being encrypted with a default service certificate.
Apps need to be able to override the default one to allow
for provisioning with third party provisioning services.
Bug: 78420508
Test: WV unit, integration tests
New WvCdmRequestLicenseTest.ProvisioningTestWithServiceCertificate test
GTS MediaDrmTestCases
Change-Id: Iee61ad47d33ce011efbea4eb90f7e4b1f032d15f
Merge from Widevine repo of http://go/wvgerrit/47860
This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.
bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
[ Merge of http://go/wvgerrit/23360 ]
Service Certificates are used in two places, provisioning and
licensing. The service certificate code depended on a session_id
to get and set the service certificate properties, but the session_id
was not available in the provisioning path.
This patch pulls out the property lookup by session_id dependency,
and passes the CdmImpl's property_set into the provisioning code, so
the service certificate can be read and written there.
Bug: 62972441
Test: WV unit/integration tests. This introduces three test failures
* WvCdmRequestLicenseTest.PrivacyModeWithServiceCertificateTest
* Cdm/WvCdmStreamingLicenseRenewalTest.WithClientId/4
* Cdm/WvCdmOfflineLicenseReleaseTest.WithClientId/3
Change-Id: I6e9d4e23a9e7e81a63a994db8ec0b443893449a6
(This is a merge of go/wvgerrit/23182)
This patch adds the framework for Stable Per-Origin Identifiers to the
CDM. Calculating SPOIDs will be done on the client-side, and they are
sent as part of the provisioning request. SPOIDs are also available to
the app as the Device Unique ID, replacing the previous method of
returning the actual Device Unique ID from the keybox / OEM certificate.
Different SPOIDs must use separate storage, just as different origins
already do. Support for this has been added to the Android adapter to the
CDM Core. However, the code in the Android glue layer that would drive
this behavior will be checked in in a separate change. As such, all
Android devices will continue using the legacy behavior even after this
patch goes in, until the glue layer code can be updated.
Bug: 27101531
Test: CE CDM Unit Tests
Test: Linux Jenkins Unit Tests
Test: Android Unit Tests (with and without SPOIDs forced on)
Test: Android GTS Tests
Change-Id: Ia0caf890381cbcb97504d08b19aeab8b29bd07ae
This is a merge of go/wvgerrit/22806
This change removed the oemcrypto profiler to allow
the new metrics system free-reign over how to collect
and store measurements.
Bug: 33745339
Bug: 26027857
Change-Id: I6b9051faa6835f13860258c94f8bcfd3a59f1be6
[ Merge of http://go/wvgerrit/20205/ ]
This is separate from the server certificate used for license
requests.
b/34211823
Test: Reran unittests. All tests other than some oemcrypto,
request_license_test passed. Those tests failed with or without this CL.
Change-Id: I23abdf276f8d3db9222f014175d0bb5094010a04
This CL merges several CLs from the widevine repo:
http://go/wvgerrit/18012 Add support for querying allowed usage for key.
http://go/wvgerrit/17971 Add per-origin storage.
http://go/wvgerrit/18152 Add OEMCrypto's generic crypto operations to CDM.
http://go/wvgerrit/17911 QueryKeyControlInfo => QueryOemCryptoSessionId
Note: numbering in wv_cdm_types.h was added in this CL and will be
back ported to wvgerrit in a future CL.
Change-Id: Idb9e9a67e94f62f25dc16c5307f75a08b3430b64
This change is a merge of the following changes:
1. Remove MultipleSessions (go/wvgerrit/16763)
2. Increase Memory Budget (go/wvgerrit/16764)
3. Fixing Possible Integer Overflow (go/wvgerrit/16765)
4. Creating Call Table (go/wvgerrit/16766)
5. Creating Call History (go/wvgerrit/16767)
6. Connecting Profiled Scope (go/wvgerrit/16768)
7. Adding Call Table Version Number (go/wvgerrit/16780)
8. Add Version Number to Call History (go/wvgerrit/16781)
bug: 27157796
Change-Id: Ia3f088a1714f3f5b426fee6141daa4ea8d832cf4
* Extend CdmLicense's stored_init_data_
[ Merge of http://go/wvgerrit/14661 ]
CdmLicense will store init data when a server cert must be
provisioned. After provisioning, the original init data can be used
to generate the originally-intended license request.
To do this before, the caller had to call CdmSession's
GenerateKeyRequest with an empty InitializationData object. However,
the init data's type still had to be set, as did the license type.
This CL allows the caller to use a truly empty InitializationData
without a type. To permit this, CdmLicense now stores a full
InitializationData object, rather than just a copy of it's data field.
With this CL, the caller also avoid storing the original license type.
To accomplish this, CdmSession uses the already-set is_offline_ and
is_release_ flags from the original call to reconstruct the intended
license type. The caller uses the new type kLicenseTypeDeferred.
To facilitate storing whole InitializationData objects, they are now
copyable.
This ultimately simplifies server cert code for the new CE CDM.
* Store service certs in Properties
[ Merge of http://go/wvgerrit/14664 ]
This allows CE devices to mimic the Chrome CDM's behavior of sharing
server certs between sessions.
This also affects Android behavior. Previously, provisioned service
certificates were per-session, while explicitly-set service certs
were per-DRM-plugin. Now, both are per-DRM-plugin.
A DRM plugin is associated with a mediaDrm object. Content
providers will still be able to retrieve and use different
certificates. The change here requires an app, that wishes to use
different provisioned service certificates will have to use
multiple mediaDrm objects. This is an unlikely scenario.
Change-Id: If2586932784ed046ecab72b5720ff30547e84b97
(This is a merge of http://go/wvgerrit/14531)
As an optimization, the Media Server now unloads our library when not
in use. This has exposed a bug by which we were never deleting the CDM
singleton. Fix is to make WvContentDecryptionModule an Android smart
pointer ref base and then make sure all the plugins store a strong
pointer to it. The singleton is a weak pointer, so when the last
plugin is cleaned up, the CDM will be as well. And on the off chance
that the library isn't immediately unloaded, the singleton code will
generate a new CDM next time one is needed.
Bug: 21153732
Change-Id: Ifaf02fa9afe0a70a8b53e8b92ee0a3d1359ca001
[ Merge from go/wvgerrit/14286 ]
CDM now reports status information associated with the specified security level.
Earlier information would be reported from the default security level.
b/18709693
Change-Id: I7a01e8ea9773b56951c207437ce85e567fd32b09
(This is a merge of http://go/wvgerrit/14242)
To try to fix b/17761616, I added a lock to the DRM Plugin. However,
the API guarantees that any single DrmPlugin will never be called into
from multiple threads at the same time, rendering this unnecessary.
Previously, b/18194977 meant that this was not always true, but now
that that bug is fixed, this lock is not needed and can be removed.
Bug: 18194977
Change-Id: I25ee5fa44f35706f863b036997453441eac29c95
(This is a merge of http://go/wvgerrit/14156)
This was Google-cased, not Android-cased like the rest of the file
it's in.
Change-Id: I79ecf490212428de9a668d49d6feca678379f3ae
(This is a merge of http://go/wvgerrit/14051)
Adds support for passing a special provisioning response ("delete")
to the provisioning API in order to unprovision the current origin.
Note that the origin MUST be set or else this will fail.
The existing, system-only unprovisionDevice() method is unaffected.
Bug: 12247651
Change-Id: I16d296397d8e9e73c8f43e36c86838873318a398
This is a merge of several Widevine-side commits that, cumulatively,
allow callers to specify an origin to be used to isolate data storage
as specified in the W3C Encrypted Media Extension specification.
Separate origins have separate certificates, and consequently cannot
share device identifiers with each other.
The changes included in this are:
Add Ability to Check for Existing Certificates
http://go/wvgerrit/13974
Add Ability to Remove the Certificate
http://go/wvgerrit/13975
Make CDM Origin-Aware
http://go/wvgerrit/13977
Add Per-Origin Storage to Widevine CDM on Android
http://go/wvgerrit/14026
Remove Automatic Origin Generation
http://go/wvgerrit/14031
Bug: 19771858
Change-Id: I6a01c705d9b6b4887a9c7e6ff4399a125f781569
Also removes OnSessionExpiration which is no longer needed with
OnSessionKeysChange.
Bug: 19771612
Bug: 19771431
Merged from Widevine CDM repo:
https://widevine-internal-review.googlesource.com/#/c/13951/
Change-Id: I0603e808e8d50ff7bb1fb1d5e44fabd8d268ee8a
Also pass session_id and event_listener to PolicyEngine to make it easier
to dispatch events from PolicyEngine.
Bug: 19771437
Merged from Widevine CDM repo:
https://widevine-internal-review.googlesource.com/#/c/13816/
Change-Id: I5723cb371cb3c43c945051af3402b09069ba5859
This CL allows the framework CLs to compile. The stubs need to
be implemented properly in the DRM plugin and CDM.
bug: 19771299
Change-Id: I9e4b107370a4d73851ee28bcb9ab6087fdffeb13
(This is a merge of
https://widevine-internal-review.googlesource.com/#/c/11405
from the Widevine CDM Repo.)
AUPT is revealing a crash when destructing WVDrmPlugin due to
multi-threaded contention over the session map. As a fix, we are now
protecting access to the map via a mutex.
Bug: 17761616
Change-Id: Iddeca657effd3c7f3ff35ce334d7979291667cef
(This is a merge of
https://widevine-internal-review.googlesource.com/9711 from the
Widevine CDM repo.)
This change updates the CDM's handling of init data types, previously
known as MIME types, to comply with the latest version of the EME
spec.
Following this change, in addition to accepting the deprecated MIME
types "video/mp4", "audio/mp4", "video/webm", and "audio/webm", the
CDM will accept the new standard: Init data types "cenc" and "webm".
Furthermore, this removes the non-PSSH-parsing path from the CDM. All
platforms have unified on the CDM being responsible for parsing the
concatenated PSSH box list, as outlined in the latest EME spec.
As Android has shipped code that expects pre-unwrapped PSSH boxes and
must maintain backwards-compatibility, code has been inserted on that
platform to detect pre-unwrapped data and re-wrap it with a PSSH
header before sending it to the CDM.
There are some small changes to unit tests because of this change:
1) The CDM Engine unit test now no longer needs to unwrap the PSSH on
any platforms when testing ISO-BMFF. It now pre-caches the
unwrapped key ID for use when testing WebM.
2) Several substantially-similar unit tests in the Android code have
been rolled into one test.
Bug: 13564917
Bug: 13570595
Bug: 9465346
Bug: 13570288
Change-Id: I7f27b16b8503f24a26746b5dce71fb61b6fd1bb2
The EME spec technically requires CDMs to treat audio/mp4 and
video/mp4 equivalently, as well as audio/webm and video/webm. We had
only been accepting video/mp4 and video/webm up until now.
This change also centralizes handling of init data types in the shared
CDM code instead of having it spread across multiple places in the
codebase.
(This is a merge of https://widevine-internal-review.googlesource.com/9532/
from the Widevine CDM repo.)
Bug: 13564917
Change-Id: Ib8bdfb2b003ffb00e8f0559561335abb3c5778b0
This merges the following changes from the Widevine CDM repository:
564f4cc Add CdmClientPropertySet to CDM
Adds an interface to the CDM that allows it to query its client for
certain properties. In this case, this includes the ability to
specify what security level is desired, as well as support for
service ceritifcate privacy mode.
9cfbd3e Force Level 3 fallback
Adds support for voluntarily invoking L3 crypto to the OEMCrypto
wrapper.
95d12c1 Add pointer to CdmClientPropertySet class to OpenSession.
Adds support for storing the property set on a session-by-session
basis and choosing the appropriate crypto level.
17de442 Add Settable Properties for Clank to Android
Adds support for setting the aforementioned properties to the
DrmEngine
bbe704d Fixes to force fallback to level three security
Corrections to invoke provisioning, OEMCrypto API with configured
security level rather than the default. Unit tests were also revised.
Note that some parts of this are also support for the ability to use
a service certificate-based privacy mode. The remaining code for
supporting this mode is still forthcoming.
Bug: 10109249
Change-Id: I2755e4dea1de3e8a56cff237360298f7b7f1bddc
