widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,589 Commits 2 Branches 0 Tags
6cd7ed1688855d1cf52bc11c598adefe91e886da
Commit Graph

5 Commits

Author SHA1 Message Date
Adam Stone
58234a69f2 Create unique cdm engines per WVDrmPlugin instance 
This change creates a unique id in the cdm identifier in order to force
a one-to-one mapping between WVDrmPlugin instances and CDM Engines. This
change simplifies some assumptions. This includes ensuring that the
metrics for a given MediaDrm instance map to a given CdmEngine instance.

Bug: 73724453
Test: Updated unit tests. GTS test pass. Shaka Player, Netflix and Google Play test.
Change-Id: I7e041b6cdf3e272d067da49d25a297b4a4663f1f
 2018-04-04 12:28:57 -07:00
Rahul Frias
81d607c008 Merges to android Pi release (part 9) 
These are a set of CLs merged from the wv cdm repo to the android repo.

* Make Android NDK Builds Work With Latest BoringSSL

  Author: John W. Bruce <juce@google.com>

  [ Merge of http://go/wvgerrit/37000 ]

  The latest updates to BoringSSL require C99 or later. Our NDK-based
  builds (OEMCrypto Variants & Fastball) were not specifying a C standard.
  This patch adds compiler flags so that C files are compiled as C11 now.
  Note that this is about the *C* standard in use, not the *C++* standard,
  which this patch leaves untouched.

  BUG: 67907873
  Test: build_android_mock.sh

*  Update BoringSSL to f7412cb072cc6b1847140e0c4f8b3ceeccd0e708

  Author: John W. Bruce <juce@google.com>

  [ Merge of http://go/wvgerrit/36761 ]

  This is the result of running UPDATE_BORINGSSL.sh. Future runs of this
  script should produce much smaller sets of changed files, but because
  the BoringSSL revision already in this directory was so old and
  contained many extraneous files from the Android operating system, the
  set of changed files is extensive this time.

  BUG: 67907873

* Refactoring the build files.

  Author: Vasantha Rao Polipelli <vasanthap@google.com>

  [ Merge of http://go/wvgerrit/37041 ]

  Move all common build dependencies to .gypi so that all fuzz test
  binary targets can be added to .gyp file without repeating code.

* Introduce service certificate request property

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/36941 ]

  Platforms differ on whether they allows service certificates to be
  requested if privacy mode is enabled and a certificate is not present.
  This property allows behavior to be configurable.

  Generating the service certificate request will be introduced
  in a follow on CL.

  BUG: 68328352

* Deprecate using keyboxes as identification

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/36740 ]

  Previously some platforms supported using keyboxes rather than
  certificates as the identification tokens in the license request
  message. All platforms that share core CDM code of the master branch now
  either provision using a keybox and use a DRM certificate or an
  OEM certificate as identification. No future usage of keyboxes
  as identifying tokens is planned.

  Since the platform property use_certificates_as_identification
  is always set to true, the negative code paths are never taken and
  can be removed.

* OEMCrypto_GenerateSignature API Fuzz Test.

  Author: Vasantha Rao Polipelli <vasanthap@google.com>

  [ Merge of http://go/wvgerrit/36863 ]

  - The first automated API fuzz test.
  - Also sumitting the corpus for the API fuzzed.

* Add Script to Update BoringSSL from Source

  Author: John W. Bruce <juce@google.com>

  [ Merge of http://go/wvgerrit/36760 ]

  Adds a script to third_party/boringssl/ that, when run, deletes all the
  auto-generated files in the generated/ directory and regenerates them
  from scratch, starting from the latest public HEAD of BoringSSL.

  Bug: 67907873

* Fix Fastball / OEMCrypto Variant BoringSSL Makefiles

  Author: John W. Bruce <juce@google.com>

  [ Merge of http://go/wvgerrit/36926 ]

  Previously, when moving the BoringSSL source within the tree, I was not
  able to verify that I had not broken the NDK-compatible makefiles used
  by Fastball because that build is broken on master. I had to make a
  best-guess as to how they should be updated and hope.

  Now, however, I have been informed that the OEMCrypto Variants also use
  these makefiles, and I have been able to use that build to find where I
  broke them and get them fully working.

  Bug: 67386164
  Test: build_android_mock.sh

* Add kit/ to BoringSSL Include Path for Fastball & OEMCrypto Variants

  Author: John W. Bruce <juce@google.com>

  [ Merge of http://go/wvgerrit/36925 ]

  When I moved the BoringSSL source in the tree, I updated the Android.mk
  files that pointed to it in order to build it. I did not realize that
  some makefiles outside that directory also contained hardcoded pointers
  into that directory. These references broke after the move. This patch
  fixes those paths to point to the new BoringSSL location.

  Bug: 67386164
  Test: build_android_mock.sh

* OEMCrypto Unit Test Refactor.

  Author: Vasantha Rao Polipelli <vasanthap@google.com>

  [ Merge of http://go/wvgerrit/36562 ]

  Refactoring OEMCrypto Tests so the Session Utility test code can be reused in fuzz tests.

* Reorder license server config table to match ids

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/36743 ]

* Separate Hand-Written BoringSSL Files from Downloaded/Generated Ones

  Author: John W. Bruce <juce@google.com>

  [ Merge of http://go/wvgerrit/36561 ]

  I want to make updating BoringSSL as simple as possible for us going
  forward. A future commit will add a script that automatically downloads
  and sets up the latest version of BoringSSL. To facilitate this script,
  a clear distinction needs to be made between the files that can be
  downloaded with / regenerated from the BoringSSL source and the files
  that are maintained by us by hand.

  The version of BoringSSL in this change is exactly the same as the one
  already in this directory. It has just been moved one folder deeper.

  Bug: 67907873

* Remove BoringSSL Symlinks, They Are Confusing Gerrit

  Author: John W. Bruce <juce@google.com>

  [ Merge of http://go/wvgerrit/36560 ]

  There are some symlinks in the current copy of BoringSSL that are
  causing headaches when I try to upload future changes to Gerrit. These
  were inherited from the Android OS and are not used by our build
  anywhere. They would be wiped out when I update BoringSSL anyway, but
  wiping them out in a separate change before I upload any other changes
  avoids confusing Gerrit.

  Bug: 67907873

* Add group master key id to support sublicense master
  key rotation, and content identification.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/36180 ]

* OEMCrypto Fuzzer test framework

  Author: Vasantha Rao Polipelli <vasanthap@google.com>

  [ Merge of http://go/wvgerrit/36280 ]

  - Adding a sample fuzz test.
  - Adding build scripts for building the new Fuzz Tests to come.

  Design doc: go/oemcrypt_ref_impl_fuzz

* Build Mod Mock with C++ 11

  Author: Fred Gylys-Colwell <fredgc@google.com>

  [ Merge of http://go/wvgerrit/36328 ]

  This should fix the android oemcrypto mock build:
  http://go/wvbuild/job/Android_OEMCrypto_Variants

BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
    commit in the chain.

Change-Id: Ic4d5be3118ef97e3f7d386149a2b5d9be8f0a87e
 2018-01-16 19:31:28 -08:00
Rahul Frias
0419b55222 Merges to android Pi release (part: 1) 
Below are a set of CLs being merged from the wv cdm repo to the android repo.

* Fix handling of OEM Cert public key.

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/27921 ]

  This is a potential fix for b/36656190. Set aside public
  key on first call to get the public key, and use it afterwards.
  This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(),
  which has side-effect of staging the OEM private key.

  This also fixes a problem where the public cert string was
  not being trimmed to match the size returned by
  OEMCrypto_GetOEMPublicCertificate().

* Complete provisioning request/response for Provisioning 3.0

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/27780 ]

  Fix bug on provisioning request path where GenerateDerivedKeys()
  was being called when preparing to generate the signature.

  Add message signature verification, and call correct OEMCrypto
  routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30).

* Implement Cdm::deleteAllUsageRecords()

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/27780 ]

  Delete all usage records for current origin.  Removes usage
  records from file system and retains the PSTs.  The deletes
  any usage entries matching those PSTs held by OEMCrypto.

  BUG: 35319024

* Remove stringencoders library from third_party.

  Author: Jacob Trimble <modmaker@google.com>

  [ Merge of http://go/wvgerrit/27585 ]

  We have a fork of the stringencoders library that we use for base64
  encoding.  This reimplements base64 encoding to remove the extra
  dependency and to reduce the amount of code.

* Add Cdm::deleteUsageRecord() based on key_set_id.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/27605 ]

  Delete specified usage record from file system usage info and
  from OEMCrypto.

  BUG: 35319024

* Modifiable OEMCrypto

  Author: Fred Gylys-Colwell <fredgc@google.com>

  [ Merge of http://go/wvgerrit/24729 ]

  This CL adds a new variant of the OEMCrypto mock code that adjusts its
  behavior based on a configuration file.  This is intended for
  testing.

  For example, a tester can set current_hdcp to 2 in the options.txt
  file, push it to the device, and verify that a license is granted for
  HDCP 2.0.  Then the tester can edit the value of current_hdcp to 1 and
  push the file to the device.  Playback should stop because the license
  is no longer valid.

  This variant uses a real level 1 liboemcrypto.so to push data to a
  secure buffer.  That means we can test playback for a license that
  requires secure buffers on an Android device with real secure buffers.

  BUG: 35141278
  BUG: 37353534

BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
      commit in the chain.

Change-Id: I58443c510919e992bb455192e70373490a00e2b6
 2018-01-16 19:21:54 -08:00
Adam Stone
1b9c6ea789 Fix support for app package name. 
The app package name was not being reported to the media stats. This
change adds the package name as part of the report to media stats.

This is one of two parts to this change. The other part is in
frameworks/av.

Bug: 64584568

Test: Unit tests, GTS tests, tried with Google Play Movies.
Change-Id: I1ca09db3a59d9a0950f424d977f8774dffd09c2b
 2017-09-06 22:25:13 -07:00
John W. Bruce
c85351682f SPOID 
(This is a merge of go/wvgerrit/23182)

This patch adds the framework for Stable Per-Origin Identifiers to the
CDM. Calculating SPOIDs will be done on the client-side, and they are
sent as part of the provisioning request. SPOIDs are also available to
the app as the Device Unique ID, replacing the previous method of
returning the actual Device Unique ID from the keybox / OEM certificate.

Different SPOIDs must use separate storage, just as different origins
already do. Support for this has been added to the Android adapter to the
CDM Core. However, the code in the Android glue layer that would drive
this behavior will be checked in in a separate change. As such, all
Android devices will continue using the legacy behavior even after this
patch goes in, until the glue layer code can be updated.

Bug: 27101531
Test: CE CDM Unit Tests
Test: Linux Jenkins Unit Tests
Test: Android Unit Tests (with and without SPOIDs forced on)
Test: Android GTS Tests
Change-Id: Ia0caf890381cbcb97504d08b19aeab8b29bd07ae
 2017-01-25 15:45:01 -08:00