* changes:
Core CDM: Remove usage info as a run-time type.
Core CDM: Do not store/retrieve USAGE_INFO entries.
Core CDM: Remove usage info API from DeviceFiles.
Core CDM: Removed ability to add secure stop entry.
[ Merge of http://go/wvgerrit/159221 ]
This CL modifies how usage entry info is tracked internally by the
CDM at run time. It removes the different "storage types" that
entries represent (license or usage info), and instead it contains
only the information associated with license types. The presences
of a key-set-id allows the UsageTableHeader to determine if the
entry slot is currently being used, or if it can be treated as
unoccupied.
By removing this different type, it completely prevents the CDM and
its tests from using "usage-info" type entries. This required
significant updates to the UsageTableHeader tests.
Additionally, several of the variable names within the usage table
have been simplified and shortened to reflect their new meanings.
Bug: 242289743
Test: run_x86_64_tests and usage_table_header_unittest
Change-Id: I939e479779425550a17a3c9e6c6d1bc6885e493e
[ Merge of http://go/wvgerrit/159220 ]
Usage entry info elements of type USAGE_INFO are no longer stored by
DeviceFiles. An earlier CL removed the ability to store USAGE_INFO
entries; but now tests have been updated to exclude USAGE_INFO from
their test data.
A new DeviceFiles tests verifies that USAGE_INFO entries are not
retrieved and that the |has_usage_info_entries| flag is set when
they are encountered when loading pre-usage-info-deprecation
usage table info.
Bug: 242289743
Test: run_x86_64_tests and device_files_unittest
Change-Id: Iefbfe2dd2b0304b4075bfc7c1aeffe3b6ba52624
[ Merge of http://go/wvgerrit/159219 ]
Most API functions of DeviceFiles related to usage info files have
been removed. Storing and retrieving usage info files are no longer
required by the CDM. The only function remaining are the ones that
enabled detecting and deleting the remaining usage info files on the
device.
Bug: 242289743
Test: run_x86_64_tests and device_files_unittest
Change-Id: I002202b47141121a0e5adac569e47d8b8bb69b1a
[ Merge of http://go/wvgerrit/158877 ]
The UsageTableHeader's LRU algorithm for determining which entry to
evict when full uses special considerations based on the type of
entry (offline or secure stop).
This CL removes all secure-stop-specific considerations, and instead
treats secure stop's the same as an unused entry. Secure stop entries
will always be selected for removal before offline licenses (expired
or not).
Additionally, LRU table upgrading will ignore secure-stop entries.
This has no effect in practice as DeviceFiles will not load secure
stop usage entries when UsageTableHeader is initialized on a real
file system.
Bug: 242289743
Test: run_x86_64_tests and request_license_test
Change-Id: Ib3f71f191aed94aad62951667426911e4e202068
[ Merge of http://go/wvgerrit/158872 ]
This CL updates the UsageTableHeader API such that it is no longer
possible to add a "usage info" entry. All new entries that are added
are assumed to be offline licenses.
Bug: 242289743
Test: run_x86_64_tests and request_license_test
Change-Id: I09262da0e4301356156d1715b0301c616be2251b
[ Merge of http://go/wvgerrit/158722 ]
The CDM will delete all usage info / secure stop files on the device
when usage table entries labeled as USAGE_INFO are detected when
restoring the usage table. DeviceFiles no longer transfers the
stored USAGE_INFO entry info into the run-time entry info vector for
the table.
This CL makes only minor changes to test data. Significant updates
to both device file and usage table header unittests are required to
remove usage info / secure stop run-time resources.
Bug: 242289743
Test: run_x86_64_tests
Change-Id: I2d1fc0d6a4c994bc10bfce47818f101f95883979
[ Merge of http://go/wvgerrit/158721 ]
This CL removes support for secure stop / usage info sessions from the
CDM engine and CDM session. APIs for related to secure stop
operations will return NOT_IMPLEMENTED_ERROR.
New secure stop licenses will be rejected by the CDM when added.
Bug: 242289743
Test: run_x86_64_tests request_license_test
Change-Id: I30cd47e580d63014e001c903382a28238746f6d4
[ Merge of http://go/wvgerrit/160277 ]
OEMCrypto v15 did not require core messages during DRM certificate
provisioning. The CDM's certificate provisioning flow was allowing
for either case (with or without core messages) when provisioning.
Now, devices can safely assume that all provsisioning responses will
be v16 or newer; all requests/response must contain a core message.
Bug: 252670759
Test: run_x86_64_tests and request_license_test
Change-Id: I9f51e07caf642eaf646ef40bdd640b3ccfe2533c
[ Merge of http://go/wvgerrit/160000 ]
OEMCrypto v15 licenses made use of several now-obsolete API functions
of OEMCrypto (mainly LoadKeys and RefreshKeys). All license handled
by the CDM must be v16 or newer. The CDM can now rely on all license
requests/responses containing a core message, using v16 policy timers,
and requires loading using LoadLicense() / LoadRenewal().
Bug: 252670759
Test: run_x86_64_tests and policy_engine_unittest
Change-Id: I3f65a6ec0326b4c89d1919b8911e065079cb90d2
Merge from http://go/wvgerrit/158917
Use go/yamllint as reference and obfuscate portion of output to
run on an online yaml validator.
Sample output: http://go/cl/481370906
Test: Netflix, Play TV and Movies, Youtube
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine
Test: ./build_and_run_all_unit_tests.sh
Bug: 239462891
Change-Id: I1abf1aa50aa25b97b1f6c10995c324d6de04d056
[ Cherry-pick of http://ag/19216679 ]
[ Merge of http://go/wvgerrit/155370 ]
There is a rare race condition experienced by some Android devices
where the a new client property set is being added while another is
being removed. The C++ stl library does not provided thread
protection by default.
This CL adds a new mutex for the client property set map which prevents
multiple threads accessing the property sets concurrently.
Bug: 235238226
Test: GtsMediaTestCases on redfin
Change-Id: I32cf11bfb1332295ba1245071102ff0adc35259d
(cherry picked from commit aaa97a5d60)
(This is a merge of http://go/wvgerrit/153551.)
On CE CDM, storage is split between global and per-origin storage, and
one type of storage cannot be used to access the other. (Though, until
an upcoming commit lands, the tests will allow it.) On Android, both
types of storage access the same filesystem. This means that code may
run fine on Android but fail on CE CDM.
The Usage Table Header code normally, explicitly accesses the header
file via global storage. However, a few code paths would try to access
it inconsistently via per-origin storage. This patch updates
StoreTable() to always use the global storage, similar to how
RestoreTable() already functions.
Test: x86-64 w/ storage separated
Test: build_and_run_all_unit_tests.sh
Bug: 236400786
Bug: 192297621
Change-Id: Ie84cef43a7ad169ca8ab701d73c087294ee29705
(This is a merge of http://go/wvgerrit/153550.)
On CE CDM, storage is split between global and per-origin storage, and
one type of storage cannot be used to access the other. (Though, until
an upcoming commit lands, the tests will allow it.) On Android, both
types of storage access the same filesystem. This means that code may
run fine on Android but fail on CE CDM.
The OEM Cert in Provisioning 4.0 is a global file that should only
exist once, but it was being accessed through the per-origin storage,
which would result in a separate OEM Cert being provisioned for each app
& origin on CE CDM. This patch changes the Prov 4.0 code to access it
through the global storage, using techniques similar to how the Usage
Table Header code does this.
Test: x86-64 w/ storage separated
Test: build_and_run_all_unit_tests.sh
Bug: 236400627
Change-Id: I301d250fc9543e62949a4d9fdcbdd109bd941384
(This is a merge of http://go/wvgerrit/151891.)
A previous patch changed how we skip padding when extracting keys from
key containers in license.cpp. Unfortunately, this broke generic
signing when an ODK core message is not in use:
1) "Content" keys for signing are 32 bytes long, but content keys were
assumed to be 16 bytes long.
2) When an ODK core message IS in use, the result of the extraction in
license.cpp is ignored.
The only way to know the correct length of a content key container in
License Protocol 2.1 is to leverage the knowledge that it will always be
padded by exactly 16 bytes. This will have to change if we ever
implement support for License Protocol 2.2, as all key containers are
unpadded in that version.
Bug: 231439638
Bug: 114159862
Test: oemcrypto_dynamic_v15
Change-Id: I1d6c24b3a922247b970fd1517c6f23aded570adf
[ Merge of http://go/wvgerrit/151391 ]
This CL moves the logic for extracting the system ID from keybox or
OEM certificate (from OEMCrypto or device files) to a dedicated
SystemIdExtractor.
Before Provisioning 4.0, the system ID could only be found from data
returned by OEMCrypto. However, with provisioning 4.0, the system ID
can now be found in the OEM certificate that is stored on the device
files.
Bug: 232020319
Test: system_id_extractor_unittest
Test: Forest L37800000954493485
Change-Id: Ie1b7987906e2e4fef015cd659a947b6dbb7594b1
[ Merge of http://go/wvgerrit/151518 ]
Extended the CDM layer to report OEMCrypto's production readiness
via string property query.
If OEMCrypto implementents OEMCrypto_ProductionReady(), then the
reported readiness by the CDM will report "True" or "False".
If OEMCrypto does not implement OEMCrypto_ProductionReady() then no
level of readiness is assumed, and the CDM will report "Unknown".
Bug: 231655151
Test: run_prov30_tests and request_license_test
Change-Id: I6afe481ef00ac129d02b004eca89a65810bfbff8
[ Merge of http://go/wvgerrit/151512 ]
Parameterizing GtsMediaDrm tests exposed a few issues. If secure stops
were stored at L3 security level, retrieval would fail. This CL
checks L3 if the secure stop was not found at the default security
level.
Bug: 221249079
Test: GtsMediaTestCases
Change-Id: Ie88197f8e29457981d782199a76d38774f6faa67
Merged from https://widevine-internal-review.googlesource.com/148554
This change was merged to master but missed in tm-dev when we stopped
the auto merging to tm-dev. Manually cherry picked it.
Test: ran OPK unit tests
Bug: 230820162
Bug: 180530495
Change-Id: Ib23f07f84096650beb4dd1950105db01e004d484
(This is a merge of http://go/wvgerrit/151112.)
The Widevine CDMs have never validated the padding on AES keys. However,
the code to ignore the padding was unusual and based on the assumption
the keys would always have either 0 or 16 bytes of padding and did not
handle other cases correctly. This patch updates the padding-ignoring
code to just do the obvious thing: Reject keys that are too small and
ignore all extra bytes regardless of count.
Bug: 114159862
Test: x86-64
Change-Id: Ic48010477e4cb5f7d2afbde25cf2f098e3470089
[ Merge of http://go/wvgerrit/149690 ]
This changes extends the CryptoSession logging to include the OEMCrypto
session ID in its decrypt failure logs, and adds a new CdmSession
decrypt failure log which includes the CDM session ID. The CDM session
directly maps to the MediaDRM session ID, making app debugging easier.
The Decrypt() code pathway is one of the most frequently called
portions of the CDM code, and the pathway attempts to make as few
logging calls as possible in order to keep latency low and log
verbosity to a minimum. It is anticiapted that when a call to
Decrypt() fails, there will be a burst of failures as the app may
make several calls to Decrypt() before handling the first decrypt
error.
To keep logging low, the following rules are followed:
- CryptoSession: decrypt errors are only logged when the decrypt error
changes.
- CdmSession: decrypt errors are only logged when the last call to
decrypt had succeeded.
Bug: 183984396
Test: MediaGTS with decrypt failures
Change-Id: Ic6124646d129efbc8a690b5bfd4dc422e04e677b
(This is a merge of http://go/wvgerrit/150131 to the Android repo.)
This patch changes the code path in the CDM so that the first-stage
provisioning request for Provisioning 4.0 is always encrypted with the
Widevine service certificate instead of the client-set service
certificate, reflecting that the first-stage provisioning is always
handled by Widevine.
This patch also makes several methods on the ServiceCertificate class
const. This has no impact on their behavior.
Bug: 221443151
Test: prov40 tests
Change-Id: Ide4c3927afadcd45ae7fb629b99e2f55cc29d56e
[ Merge of http://go/wvgerrit/150630 ]
DeviceFiles uses a static variable for tracking license IDs which
have been reserved by a CDM session before officially storing the
license on the device. This variable was not protected by a mutex,
and a rare race condition would arise, either crashing the service
or getting it stuck in a loop.
This CL adds a mutex for protecting the set of reserved IDs.
Bug: 226555704
Test: device_files_unittest
Change-Id: Icdea88673c76c267b4b7db79697ec52ae8e2581e
[ Merge of http://go/wvgerrit/148552 ]
Extended the CDM layer to report OEMCrypto's watermarking support.
The reporting of watermarking comes in three (3) mechanisms:
1) ClientCapabilities in license requests
2) CryptoSession metrics when queried to OEMCrypto
3) String property query by apps
If OEMCrypto implementents OEMCrypto_GetWatermarkingSupport(), then
the reported watermarking support by the CDM will match that of
OEMCrypto.
If OEMCrypto does not implement OEMCrypto_GetWatermarkingSupport()
or an error occurs, it is assumed that OEMCrypto does not support
watermarking, and the CDM will report "Not Supported".
Bug: 226443788
Test: run_x86_64_tests request_license_test and license_unittest
Change-Id: Id929a356c395e6bcf45d371ee6887eec40d35329
[ Merge of http://go/wvgerrit/148450 ]
This CL adds threading requirements to the method doc-comments of
UsageTableHeader.
Bug: 189366337
Test: usage_table_header_unittest
Change-Id: I671f702d3e8ec219cc8daaa220133cb8cec183c8
The interface is defined in
hardware/interfaces/drm/aidl(http://go/ag/15329852).
Test: build
m android.hardware.drm-service.widevine -j128
Test: build_and_run_all_unit_tests.sh
for hidl tests
Test: atest VtsAidlHalDrmTargetTest
Bug: 200055138
Bug: 170964303
Change-Id: If2f2a129914436ba5cef1c46f6cb9415e12c3d1c
Merge from Widevine repo of http://go/wvgerrit/142150 (part 2)
For an EVT device, without a keybox or with a test keybox, we want it
to fall back to L3. However, when running the unit or integration
tests it should continue running tests with test keybox. This will
allow us to test L1 oemcrypto on an EVT device, while still using an
EVT device for dogfooding video content at the L3 level.
Bug: 210807585
Bug: 210823889
Change-Id: I30c35134239db35bb39f11f75220063181987763
