- add "supportRebootless" to apex_manifest.json
- add <allowed-vendor-apex> sysconfig
- add "on property:apex.com.google.android.widevine.ready=true" to .rc
Now, we can test `adb install` new version of the APEX and see the
service is restarted from the new version.
Note that this doesn't mean that DRM Framework works fine with the
update.
Bug: 248192031
Test: adb install --force-non-staged \
-i com.android.vending \
$OUT/vendor/com.google.android.widevine.apex
Change-Id: I7c41b224f0bb55742c0023c23196bba4a09e555f
We added custom properties that are only used on ChromeOS and to avoid
having to bloat the sepolicy for all of Android we are adding a check
here so that we only query the properties on ChromeOS based on the
bertha hardware property.
Bug: b:237492145
Test: Access denied message is gone w/ ExoPlayer
Change-Id: I3a5781ad980dfae2e16501b655386287b5e245b7
(cherry picked from commit 890f71ef367aed683a89892000e40d0e0ca6fbdd)
(cherry picked from commit 4379b0545a2ae866ba9fc315551a5534fa163924)
Added SPDX-license-identifier-Apache-2.0 to:
libwvdrmengine/apex/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Change-Id: Ibd3b1e73709de25ddfdddbdd2ecc56abe87a4c2f
[ Cherry-pick of http://ag/19893913 ]
[ Merge of http://go/wvgerrit/157098 ]
Several of the Android integration tests perform direct URL comparisons
between fixed URLs and the server URL returned by the CDM. With
provisioning 4.0, the CDM will append additional query parameters to
the server URL. This updated URL still contains all of the original
expected information, but with additional parameters. So long as the
URL contains the required fields, any additional parameter should be
considered valid.
The gtest framework used by the integration tests allow for the
creation of custom "matchers", rules that can be used to validate data
and create informative failure logs. The CL creates a new matcher for
checking that a tested URL is a superset of content of the expected
URL.
Bug: 244319313
Test: request_license_test on prov 4 device
Change-Id: Ie721058fa628b3a4a74dc56f4172a3dfcb1f1ef3
(cherry picked from commit fa8c0a9a62)
[ Merge of http://go/wvgerrit/156177 ]
If the json from a provisioning request is not parsed, we
log it as an error.
Bug: 242744857
Test: WV unit/integration tests
Change-Id: Ie8ff9388fb520c848b951d6102b23552ce309903
This makes it easier to upgrade KM AIDL version.
Test: m android.hardware.security.keymint-service.widevine
Change-Id: I251d7f3222617cbb3ba8b084c146aeb629f8eb6f
[ Merged from http://go/wvgerrit/152549 ]
Test: unit tests
Test: Google TV and Netflix
Test: atest GtsMediaTestCases
Bug: 216527109
Change-Id: Id70e43315550508e6fedacfee4f4ec009a24d0e3
[ CDM CL http://go/wvgerrit/156286 ]
Local test scripts can now run the CDM unit tests without using a test
keybox / test RSA key by setting an environment variable:
DISABLE_TEST_KEYBOX=yes
The default behavior will continue to be that the unit tests will load
a test keybox / test RSA key.
This is to enable testing different provisioning features when the
device uses keyboxes for its ROT. Provisioning methods like 3.0 and
4.0 were never forcibly required to load a test ROT.
This is change is required for the ability to test ECC-enabled
keyboxes.
Bug: 135283522
Test: run_x86_64_tests and build_and_run_all_unit_tests.sh
Change-Id: I2a85be541deec3f60ab8fa82452a4d4cafaed339
Using service_fuzzer_defaults in
- android.hardware.drm-service.widevine.aidl_fuzzer
Bug: 240318902
Test: m android.hardware.drm-service.widevine.aidl_fuzzer
Change-Id: Ifde3a3f2e75ccaefeb92ee4e93c46f6fc7a8af4c
[ Merge of http://go/wvgerrit/155070 ]
These functions are internal utilities and should not be exported from
our library. IIRC, this was added to aid in Windows tests, but this is
no longer needed.
Bug: 236317198
Test: build_and_run_all_unit_tests.sh
Change-Id: I19beb35a15f0f87dc8f968e1dd5302aed9463e54
[ Merge of http://go/wvgerrit/153669 ]
The oemcrypto_decrypt_cenc_fuzz fuzz test found a null reference error.
This adds a check to ensure that the input_buffer vector used for the
sample descriptions is not empty before attempting to access it.
Bug: 192310854
Bug: 236317198
Change-Id: If3909b01d3bc19434bbd5b6b77e7cd76182b2bdf
AIBinder_setRequestingSid must be called first upon creation of a
binder object before AIBinder_getCallingSid is called. Call
AIBinder_setRequestingSid in the createBinder override function
for WVDrmFactory, WVDrmPlugin and WVCryptoPlugin classes.
Test: Play TV streaming
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine -a
Bug: 237613676
Change-Id: I9dde4715ba2003deb463bd75b23e1ebc2f22a764
[ Merge of http://go/wvgerrit/154575 ]
[ Cherry-pick of http://ag/19498242 ]
There is a rare race condition experienced by some Android devices
where the a new client property set is being added while another is
being removed. The C++ stl library does not provided thread
protection by default.
This CL adds a new mutex for the client property set map which prevents
multiple threads accessing the property sets concurrently.
Bug: 235238226
Test: GtsMediaTestCases on redfin
Change-Id: I32cf11bfb1332295ba1245071102ff0adc35259d
(cherry picked from commit aaa97a5d60)
(cherry picked from commit 6109ec6d66)
[ Merge of http://go/wvgerrit/153121 ]
`run_oemcrypto_fuzz_tests` script was disabled while OPK was
transitioning between v16 and v17. Now that OPK is v17, the
fuzz tests can be re-enabled.
Some targets could not be built due to a missing header file.
`oemcrypto/ref/src/cppbor.cpp` was updated to include the missing
header.
Bug: 235414753
Bug: 229160033
Bug: 236317198
Test: run_oemcrypto_fuzz_tests
Change-Id: Ieeebae1f6d84c5735a669d44ea45875675fdb5a3
[ Cherry-pick of http://ag/19216679 ]
[ Merge of http://go/wvgerrit/155370 ]
There is a rare race condition experienced by some Android devices
where the a new client property set is being added while another is
being removed. The C++ stl library does not provided thread
protection by default.
This CL adds a new mutex for the client property set map which prevents
multiple threads accessing the property sets concurrently.
Bug: 235238226
Test: GtsMediaTestCases on redfin
Change-Id: I32cf11bfb1332295ba1245071102ff0adc35259d
(cherry picked from commit aaa97a5d60)
After a successful extraction, the vector of BCC should be resized to
the correct value.
This CL picks the change from http://ag/19196496, which fixes the bcc
size for our internal extraction tool.
Test: build and run extraction tool
Bug: 237029566
Change-Id: I0c73861e363215486a93abebac84da2ce49d43a8
[ Merge of http://go/wvgerrit/151597 ]
* missing #include <string> for 'std::string' For more info see go/clang_tidy/checks/google3-build-missing-std-includes (25 times)
* missing #include <utility> for 'std::move' For more info see go/clang_tidy/checks/google3-build-missing-std-includes (3 times)
* missing #include <algorithm> for 'std::find_if' For more info see go/clang_tidy/checks/google3-build-missing-std-includes (2 times)
* missing #include <algorithm> for 'std::sort' For more info see go/clang_tidy/checks/google3-build-missing-std-includes
This CL looks good? Just LGTM and Approve it!
This CL doesn’t look good? This is what you can do:
* Revert this CL, by replying "REVERT: <provide reason>"
* File a bug under go/clang-tidy-bug for category ClangTidyBuild if there's an issue with the CL content.
* File a bug under go/rosie-bug if there's an issue with how the CL was managed.
* Revert this CL and not get a CL that cleans up these paths in the future by
replying "BLOCKLIST: <provide reason>". This is not reversible! We recommend to
opt out the respective paths in your CL Robot configuration instead:
go/clrobot-opt-out.
This CL was generated by CL Robot - a tool that cleans up code findings
(go/clrobot). The affected code paths have been enabled for CL Robot in //depot/google3/METADATA.
Anything wrong with the signup? File a bug at go/clrobot-bug.
Bug: 236317198
Change-Id: I28f7899b5cf0637be15833659f8ba0dd6ff3ab90
[ Merge of http://go/wvgerrit/150489 ]
* missing #include <string> for 'std::string' For more info see go/clang_tidy/checks/google3-build-missing-std-includes (2 times)
This CL looks good? Just LGTM and Approve it!
This CL doesn’t look good? This is what you can do:
* Revert this CL, by replying "REVERT: <provide reason>"
* File a bug under go/clang-tidy-bug for category ClangTidyBuild if there's an issue with the CL content.
* File a bug under go/rosie-bug if there's an issue with how the CL was managed.
* Revert this CL and not get a CL that cleans up these paths in the future by
replying "BLOCKLIST: <provide reason>". This is not reversible! We recommend to
opt out the respective paths in your CL Robot configuration instead:
go/clrobot-opt-out.
This CL was generated by CL Robot - a tool that cleans up code findings
(go/clrobot). The affected code paths have been enabled for CL Robot in //depot/google3/METADATA.
Anything wrong with the signup? File a bug at go/clrobot-bug.
Bug: 236317198
Change-Id: I9ccf0ce00ee3f6f7b3a2b6ec9dedeff578535217
[ Merge of http://go/wvgerrit/148691 ]
This is a followup to OEM_CONTENT,
a custom key container that was added to Widevine server.
Bug: 193006094
Bug: 236317198
Change-Id: I82285e4e50f981e0cedf2adac5910643f34f8e46
[ Merge of http://go/wvgerrit/154593 ]
This CL updates the initial time used for reboot tests to be
within the valid range used by OPK. Also, the fake clock is
now synced with every use of the TestHost's clock function.
Also, the OPK's system clock is no longer initialized to 0
because this caused some tests to set initial playback time
to 0. That broke code that assumed a time of 0 mean "never".
I also removed some log spam in the WTPI code.
Bug: 222353528
Bug: 236317198
Change-Id: Ibdbdb2440454b9cf561cd9ec65ca3e40cf5a8d93
After a successful extraction, the vector of BCC should be resized to
the correct value.
Test: build and run extraction tool
Bug: 237029566
Change-Id: I41f39cb72bb1dc27d6d40f3c5ace5265271aab0e
(This is a merge of http://go/wvgerrit/153552.)
The correct way to create a FileSystem object for testing CdmEngine
depends on the platform. However, our code has historically just
instantiated a new FileSystem object using the default constructor. This
works fine for Android and has historically worked fine for the CE CDM
tests because they did not implement storage correctly. However, an
upcoming commit will fix the implementation of storage in the CE CDM
TestHost, causing tests that use a default FileSystem constructor to
fail. This patch adds a new platform-defined function that instantiates
per-origin test storage in a platform-correct way. For Android, it
continues to use the default constructor, while for CE CDM, it uses the
TestHost.
Bug: 193060708
Test: x86-64 w/ storage separated
Test: build_and_run_all_unit_tests.sh
Change-Id: I0a9b6a4d3943e053d51d6018e392b7f215f50642
(This is a merge of http://go/wvgerrit/153551.)
On CE CDM, storage is split between global and per-origin storage, and
one type of storage cannot be used to access the other. (Though, until
an upcoming commit lands, the tests will allow it.) On Android, both
types of storage access the same filesystem. This means that code may
run fine on Android but fail on CE CDM.
The Usage Table Header code normally, explicitly accesses the header
file via global storage. However, a few code paths would try to access
it inconsistently via per-origin storage. This patch updates
StoreTable() to always use the global storage, similar to how
RestoreTable() already functions.
Test: x86-64 w/ storage separated
Test: build_and_run_all_unit_tests.sh
Bug: 236400786
Bug: 192297621
Change-Id: Ie84cef43a7ad169ca8ab701d73c087294ee29705
(This is a merge of http://go/wvgerrit/153550.)
On CE CDM, storage is split between global and per-origin storage, and
one type of storage cannot be used to access the other. (Though, until
an upcoming commit lands, the tests will allow it.) On Android, both
types of storage access the same filesystem. This means that code may
run fine on Android but fail on CE CDM.
The OEM Cert in Provisioning 4.0 is a global file that should only
exist once, but it was being accessed through the per-origin storage,
which would result in a separate OEM Cert being provisioned for each app
& origin on CE CDM. This patch changes the Prov 4.0 code to access it
through the global storage, using techniques similar to how the Usage
Table Header code does this.
Test: x86-64 w/ storage separated
Test: build_and_run_all_unit_tests.sh
Bug: 236400627
Change-Id: I301d250fc9543e62949a4d9fdcbdd109bd941384
[ Merge of http://go/wvgerrit/153589 ]
Some unit tests call InstallTestRSAKey() a few times. In current
provision 2 with Keybox, the test RSA DRM key is hard coded. But for
provision 4, it will be generated by OEMCrypto.
When a test calls multiple times of InstallTestRSAKey(), we don't want
the key to be generated during each call, and we want to use the same
key in order for the decrytion to work.
The fix to cache the drm key once it is created for prov 4 tests.
Bug: 180530495
Bug: 236317198
Test: oemcrypto_test
Change-Id: I1b2d96a89e0619861492e6d9bc56862e2c440c86
