The methods on WvContentDecryptionModule related to UsageInfo (Secure
Stops) do not work if kDefaultCdmIdentifier has not been provisioned.
This can occur if an app provisions and uses an origin without any app
on that device ever provisioning the default origin. More concerningly,
this will happen 100% of the time on SPOID-using devices, as there is no
way to provision the default identifier on these devices.
The fix is to pass the current identifier to these methods so that they
do not have to use kDefaultCdmIdentifier.
Test: build_and_run_all_unit_tests.sh
Test: WV GTS Tests
Bug: 62431478
Change-Id: I92a8b4acb69c964abe8129bccf2ff48a66c4a9e0
Tradefed needs these tests to be in the /DATA directory.
Test: cd vendor/widevine && ./build_and_run_all_unit_tests
All tests should build and pass.
make tests
unzip android-tests.zip and verify all tests located in DATA/bin
Bug: 62055647
Change-Id: I35925e29558561c4726bb2249499bfee4e54cf45
Merge from http://go/wvgerrit/27880
ClosesSessionWithoutReturningError should not check for
Status::OK since it is expecting an error code back.
The test is renamed to ClosesSessionWithError.
Test: libwvdrmdrmplugin_hidl_test
bug: 62205215
Change-Id: Ic57733c6adc7242413cf3cb74f03ac41f764c42c
This change introduced b/38487636 "Distorted video observed when
playing purchased/rented movie in Google play movies & TV app."
Before resubmitting an updated variant of the original CL, please
test playback with Play Movies and the GTS media tests.
This reverts commit 33f9979b2b.
Change-Id: I4ec2e6fe81323e91e4b62288755c967999e81041
This reverts commit 006506278a.
It needs to be reverted to fix b/38343960 on marlin.
This change is not needed since the root cause of the
resource leak was addressed in ag/2226738.
Change-Id: I93b64d39103d574b7dcde6b1477839a50b64aefd
A strong pointer cycle was preventing the drm plugin
from being released. This change converts the listener
to a weak pointer to break the cycle.
bug:36408047
test: manual testing to verify leaks are fixed
Change-Id: I2e2af392c2b263b7b0943d61dcaee5e94089ce27
android.hidl.base@1.0 and android.hidlmanager@1.0 are built into libhidltransport.
Test: links
Bug: 33276472
Change-Id: Id9053e4484275e3404f31a72d2037884ff6bef5b
(cherry picked from commit 80ec937545)
android.hidl.base@1.0 and android.hidlmanager@1.0 are built into libhidltransport.
Test: links
Bug: 33276472
Change-Id: Id9053e4484275e3404f31a72d2037884ff6bef5b
(This is a merge of wvgerrit/25583)
Devices that use Provisioning 3.0 did not have a Provisioning-Unique ID
defined. Attempting to retrieve it would result in an error.
Devices that use SPOIDs with keyboxes would expose the keybox's real
Provisioning-Unique ID when asked. This is a security flaw.
To solve both cases, an alternative Provisioning-Unique ID is used,
consisting of the Device-Unique ID bitwise-inverted.
Bug: 36065223
Test: run_all_unit_tests.sh
Change-Id: I32512a3e11403e679939187e156904a57a9e24ef
(This is a merge of http://go/wvgerrit/25581)
To prevent dead DRM Plugins from being instantiated when there are no
sessions available, the time at which the device ID is queried has been
moved from instantiation-time to SPOID-calculation-time.
SPOIDs can now fail to be generated. Which means anything that depends
on a SPOID may fail because of this. However, this is a more actionable
problem for apps than having them receive a dead or unusable DRM Plugin
object.
Bug: 36660726
Test: libwvdrmdrmplugin_hidl_test
Change-Id: Ice6a8eabfee8d48bf2af02e2e7169aa95af9f2e4
(This is a merge of http://go/wvgerrit/25580)
While writing fixes for b/36660726, b/34716264, and b/36065223, it
became clear that having the logic that checks whether the device
supports SPOIDs embedded inside WVDrmPlugin was complicating its code
and inhibiting testing of the class. By moving this check into the code
that instantiates WVDrmPlugin, the result of the calculation can be
independently tested while the tests for WVDrmPlugin can put it in
whatever state they need for the sake of unit testing.
As a consequence of this, the check on retrieving the "deviceUniqueId"
byte array property, which was removed when SPOIDs were implemented, can
be reinstated.
Bug: 36660726
Bug: 34716264
Bug: 36065223
Test: libwvdrmdrmplugin_hidl_test & libwvdrmengine_hidl_test
Change-Id: I961d2ee42bbdc42f0c324e36d9a74ac92205a437
Add a check for invalid session size in restoreKeys
and correct the return code when attempting to create a
plugin with an invalid uuid. Also correct the return code
when attempting to decrypt after keys have been removed.
bug:37172151
Change-Id: I7e832ffe04081471a0cdb3a9329808f47f12cfc3
Part of VTS test suite validation for
the binderized Widevine service
Test: Drm VTS test
bug:32815560
Change-Id: I0913c0e72487b5fdbf579b9ea3409c13264888fd
Replace AString, KeyedVector, List, String8 and Vector
with stl containers. Remove corresponding frameworks
libraries.
Test: Play Movies & TV (streaming and pinning)
Test: Netflix
Test: unit tests
bug: 34677927
Change-Id: I125f45054987d69bbca59c1ffdcbe8add38c3c13
This commit changes the unit tests and HAL Service to run as 64-bit on
devices that have enabled 64-bit DRM Plugins.
Bug: 36076017
Test: Turned on the flag for a device and used the file command to
verify that all binaries were built as 64-bit.
Test: Turned the flag back off and verified that all binaries were built
as 32-bit. This should affect no current devices.
Change-Id: Ieb7218f15b9359f2038a6f60b8c994b16d2b5b53
(This is a merge of wvgerrit/24922)
This contains several fixes and improvements to the
build_and_run_all_unit_tests.sh and run_all_unit_tests.sh scripts:
* All tests are now identified as vendor binaries and thus are stored in
the /vendor/bin/ directory instead of /system/bin/. Previously, some
tests had moved to /vendor/bin/ but the scripts had not been updated,
causing these tests to fail to run.
* The -j parameter can now be passed to build_and_run_all_unit_tests.sh,
for those who want to speed up their build by using multiple cores.
* The 64-bit library directories are now added to the library search
path, in anticipation of devices with 64-bit DRM Plugins.
* Checking for Verity protection is now done in
build_and_run_all_unit_tests.sh (which is the script that actually
modifies the file system) instead of just in run_all_unit_tests.sh.
* The library search path is no longer set unnecessarily for
libwvdrmengine_hidl_test.
* The Treble-only tests and non-Treble-only tests now only run on
devices that meet their respective criteria.
Bug: 36071236
Test: Ran build_and_run_all_unit_tests.sh
Change-Id: Iea236880c4445858111c801dfa278a528bca0f6c
(This is a merge of http://go/wvgerrit/24738)
The change to enable 64-bit as a possible target for Widevine Android
made all the unit tests build as 64-bit on compatible platforms. Since
none of these devices support 64-bit properly yet, this is a mistake.
This patch restores unit test builds to being 32-bit only for now.
In the future, when the switch for 64-bit-supporting devices is added,
it will also switch the unit tests to 64-bit mode.
Bug: 36071236
Test: Verified unit test format with "file" command.
Change-Id: Ib4d3678181f3221b85fe6409f1d842dd15af3daa
This library is local to vendor/widevine HAL service, rename to
indicate this is used only by widevine HAL.
Test: Play Movies & TV (streaming and pinned)
Test: Netflix
bug: 36430909
Change-Id: Iacaf78f4223bf305569e7f1d04dd4e4ad0a87727
Adds code to the Widevine Glue Layer that drives the generation and use
of SPOIDs on platforms that support SPOIDs. (All devices whose first
release is Android O or later.) Note that this only applies to the new,
Treble-ized API. If the Widevine DRM Plugin is accessed through the old
API, it will not use SPOIDs. This is by design because the old API does
not provide an application package name, so SPOID generation is no
better than the existing, origin-based solution.
Bug: 27101531
Test: Unit tests
Test: GTS tests
Test: Google Play
Change-Id: I80f79fca84065105e218e9070a1d5299c8e33500
(This is a merge of go/wvgerrit/23686)
This patch removes the makefile lines that previously prevented the
Widevine DRM Plugin from being built as 64-bit on Android. 64-bit
builds are now fully supported.
Only one piece of CDM code has had to change. Due to a bug in
libprotobuf before v3.0, int64 values from protobufs are technically a
different type from int64_t values in code on some 64-bit
architectures. Both have the same in-memory representation at runtime
but are seen as distinct types by the compiler. The compiler will
automatically convert in most places, but template instantiation is
not one of them, so a few places that passed a Protobuf int64 directly
into a template had to be modified.
Please note that tweaks to the mediadrmserver (not covered by this
patch) are needed in order for it to run as 64-bit and load 64-bit DRM
Plugins. Please also note that, as we have no 64-bit L1 OEMCrypto on
any devices, using the 64-bit mediadrmserver and Widevine library will
make your device fall back to L3 for the time being.
Bug: 18949752
Test: OEMCrypto unit tests
Test: Widevine unit tests
Test: Google Play (on Marlin)
Test: Widevine GTS Tests (on Marlin)
Change-Id: Ib6cdf2dd1ff75a1c473cacdc5e22397caa0a656c
This change is the complete Widevine metrics system. It will
measure and record runtime information about what is happening
in the CDM - such as errors and throughput.
Bug: 33745339
Bug: 26027857
Change-Id: Ic9a82074f1e2b72c72d751b235f8ae361232787d
(This is a merge of go/wvgerrit/23182)
This patch adds the framework for Stable Per-Origin Identifiers to the
CDM. Calculating SPOIDs will be done on the client-side, and they are
sent as part of the provisioning request. SPOIDs are also available to
the app as the Device Unique ID, replacing the previous method of
returning the actual Device Unique ID from the keybox / OEM certificate.
Different SPOIDs must use separate storage, just as different origins
already do. Support for this has been added to the Android adapter to the
CDM Core. However, the code in the Android glue layer that would drive
this behavior will be checked in in a separate change. As such, all
Android devices will continue using the legacy behavior even after this
patch goes in, until the glue layer code can be updated.
Bug: 27101531
Test: CE CDM Unit Tests
Test: Linux Jenkins Unit Tests
Test: Android Unit Tests (with and without SPOIDs forced on)
Test: Android GTS Tests
Change-Id: Ia0caf890381cbcb97504d08b19aeab8b29bd07ae
This is a merge of go/wvgerrit/22806
This change removed the oemcrypto profiler to allow
the new metrics system free-reign over how to collect
and store measurements.
Bug: 33745339
Bug: 26027857
Change-Id: I6b9051faa6835f13860258c94f8bcfd3a59f1be6
[ Merge of http://go/wvgerrit/20205/ ]
This is separate from the server certificate used for license
requests.
b/34211823
Test: Reran unittests. All tests other than some oemcrypto,
request_license_test passed. Those tests failed with or without this CL.
Change-Id: I23abdf276f8d3db9222f014175d0bb5094010a04
This is a merge of go/wvgerrit/22627
The call table was meant to be a long-term way to track
the performance of all OEMCrypto function calls.
This feature does not get used. Apps that call into the
profiler can generate this from the history.
This change was designed to go into Android O
(go/wvgerrit/22503) but since the Call Table is causing problems
on specific chip sets its being removed in NYC MR2.
Bug: 33550032
Bug: 33459261
Change-Id: I2af417a32452e7d0d0a1ada8794efd849c497dc8
This CL merges several CLs from the widevine repo:
http://go/wvgerrit/18012 Add support for querying allowed usage for key.
http://go/wvgerrit/17971 Add per-origin storage.
http://go/wvgerrit/18152 Add OEMCrypto's generic crypto operations to CDM.
http://go/wvgerrit/17911 QueryKeyControlInfo => QueryOemCryptoSessionId
Note: numbering in wv_cdm_types.h was added in this CL and will be
back ported to wvgerrit in a future CL.
Change-Id: Idb9e9a67e94f62f25dc16c5307f75a08b3430b64
(In addition to being a merge of http://go/wvgerrit/17394, this commit
updates tests/Android.mk to no longer try to build the private gMock.)
Previously, we maintained our own version of gMock (named libwvgmock
to avoid naming conflicts) and depended on it for our unit tests. Now
that Android has gMock in the externals/ directory and vaage@ has
eliminated the need for us to customize gMock's arity, we can stop
depending on or maintaining our own copy.
Bug: 26907374
Change-Id: Ia01d6c02e2f28a642480d7ef178b9bc3dde6d306
This change is a merge of the following changes:
1. Remove MultipleSessions (go/wvgerrit/16763)
2. Increase Memory Budget (go/wvgerrit/16764)
3. Fixing Possible Integer Overflow (go/wvgerrit/16765)
4. Creating Call Table (go/wvgerrit/16766)
5. Creating Call History (go/wvgerrit/16767)
6. Connecting Profiled Scope (go/wvgerrit/16768)
7. Adding Call Table Version Number (go/wvgerrit/16780)
8. Add Version Number to Call History (go/wvgerrit/16781)
bug: 27157796
Change-Id: Ia3f088a1714f3f5b426fee6141daa4ea8d832cf4
[ Merge of http://go/wvgerrit/16625 and http://go/wvgerrit/16633 ]
Reduce the number of parameters needed by GenerateKeyRequest.
Combining all output values into a single struct.
BUG: 26162546
Change-Id: Ibeb3f4df4a8e877511f8ab2e6c543001a921f285
[ Merge of http://go/wvgerrit/16628 ]
Jsmn will replace a local method that parsed json init data.
Added a fix to include all key Ids in the WidevineCencHeader rather than
just the first. Also modified the content_id to reflect that it is a
base64 encoded value.
b/20630275
Change-Id: I7080c8cea21be4dea09a4905a96b4cc03e584c1d
[ Merge of http://go/wvgerrit/15780 ]
Android mediaDrm allows callers to serially query status information through a
property API. CDM however retrieves all status information in a map and
filters out all but the relevent one. This leads to delays in Netflix app
startup. Rewriting the CDM interface to return only the queried value.
b/24181894
Change-Id: Ie9ed6288524e3a7e03b83aa55ef3531dd52a0dfb
* Extend CdmLicense's stored_init_data_
[ Merge of http://go/wvgerrit/14661 ]
CdmLicense will store init data when a server cert must be
provisioned. After provisioning, the original init data can be used
to generate the originally-intended license request.
To do this before, the caller had to call CdmSession's
GenerateKeyRequest with an empty InitializationData object. However,
the init data's type still had to be set, as did the license type.
This CL allows the caller to use a truly empty InitializationData
without a type. To permit this, CdmLicense now stores a full
InitializationData object, rather than just a copy of it's data field.
With this CL, the caller also avoid storing the original license type.
To accomplish this, CdmSession uses the already-set is_offline_ and
is_release_ flags from the original call to reconstruct the intended
license type. The caller uses the new type kLicenseTypeDeferred.
To facilitate storing whole InitializationData objects, they are now
copyable.
This ultimately simplifies server cert code for the new CE CDM.
* Store service certs in Properties
[ Merge of http://go/wvgerrit/14664 ]
This allows CE devices to mimic the Chrome CDM's behavior of sharing
server certs between sessions.
This also affects Android behavior. Previously, provisioned service
certificates were per-session, while explicitly-set service certs
were per-DRM-plugin. Now, both are per-DRM-plugin.
A DRM plugin is associated with a mediaDrm object. Content
providers will still be able to retrieve and use different
certificates. The change here requires an app, that wishes to use
different provisioned service certificates will have to use
multiple mediaDrm objects. This is an unlikely scenario.
Change-Id: If2586932784ed046ecab72b5720ff30547e84b97
