[ Merge of http://go/wvgerrit/95943 ]
The CDM version for android is now defined in a platform specific
header file. A check for version number match has been removed
from integration tests as it will always be true. We will still
get a notification to change the CDM version when the Android OS
version gets updated.
Bug: 151663718
Test: WV unit/integration tests
Change-Id: I96bac87186e30a709585514be7f338ad2209cdf6
[ Merge of http://go/wvgerrit/95784 ]
On unprovisioning, all persistent state/files are deleted. If a
provisioning session is opened soon after, |OEMCrypto_Terminate|
and |OEMCrypto_Initialize| will not be called. The (deleted) device
key will remain resident in memory and will not be regenerated until
|OEMCrypto_Initialize| is called. Any L3 licenses created will be
associated with a device key that does not exist, at least after
OEMCrypto is terminated.
By disabling delayed termination of OEMCrypto, OEMCrypto will be
terminated and initialized immediately on unprovisioning.
Bug: 149808504
Test: WV unit/integration tests on L3
Change-Id: Id3fbce621b47a723ff624cf45f1ac203421a8dba
[ Merge of http://go/wvgerrit/94903 ]
Prefixes are no longer needed now that file and line number are
being logged.
Bug: 149829271
Test: wv unit/integration tests
Change-Id: I0ba701fc262cdb59056dca139c38ed76035bcbb8
(This is a merge of http://go/wvgerrit/93829,
http://go/wvgerrit/93830, http://go/wvgerrit/93832,
http://go/wvgerrit/93833, and http://go/wvgerrit/93834 from the
Widevine repo.)
This implements the CDM code changes necessary to take advantage of
Combined Decrypt Calls on OEMCrypto v16. The result of this is that
WVCryptoPlugin is much lighter now because it can pass the full sample
down to the core in one call, but CryptoSession is heavier, as it now
has to handle more complex fallback logic when devices can't handle
multiple subsamples at once.
This patch also removes support for the 'cens' and 'cbc1' schema, which
are being dropped in OEMCrypto v16. This fixes an overflow in the code
for handling those schemas by removing it entirely.
This patch also fixes the "in chunks" legacy decrypt path to use larger
chunk sizes on devices with higher resource rating tiers.
Bug: 135285640
Bug: 123435824
Bug: 138584971
Bug: 139257871
Bug: 78289910
Bug: 149361893
Test: no new CE CDM Unit Test failures
Test: Google Play plays
Test: Netflix plays
Test: no new GTS failures
Change-Id: Ic4952c9fa3bc7fd5ed08698e88254380a7a18514
[ Merge of http://go/wvgerrit/89848 ]
Apps query a number of properties at initialization. The mediaDrm
API getProperty allows the query of a single property at a time.
This causes a series of requests. If no crypto
sessions are concurrently open, a series of expensive OEMCrypto
Initialization and Termination calls will occur.
In this change OEMCrypto termination is delayed. If an OEMCrypto
Terminate is followed in close succession by an Initialize, neither
will occur avoiding the overhead. A timer enables a countdown process.
If no session activity occurs, the timer will eventually terminate
OEMCrypto and exit.
Bug: 136282358
Test: Android unit/integration tests
Change-Id: I442b7919b4e7835c52583516c8bc64d0c150241d
[ Merge of http://go/wvgerrit/89847 ]
This adds a platform specific property that allows OEMCrypto Termination
calls to be delayed. On android this allows a way to avoid
expensive back to back OEMCrypto_Terminate followed by Initialize
calls.
Bug: 136282358
Test: wv unit/integration tests
Change-Id: Ie5b4ff7503dafe77d974caac9c52fc1f169dec89
[ Merge of http://go/wvgerrit/87283 ]
SPOIDs (Stable Per-Origin IDentifiers) were not correctly being
set during CdmEngine construction. This resulted in SPOID values not
being sent in provisioning requests. This caused the serial number in
the drm certificate to not be stable after a reprovision.
This behaviour appears to be true going back to O.
CdmEngine no longer takes a SPOID in the constructor since not all
callers use SPOIDs. A setter has been added in its place. Previously
spoid had a default argument to the constructor.
Bug: 142368328
Test: android unit/integration tests
Change-Id: I711346df609636ecf1475dc37873454a7ef000c0
[ Merge of http://go/wvgerrit/87123 ]
Certain android files have yet to be formated since we introduced
clang-formatting.
Test: built for android
Bug: 134365840
Change-Id: Ia316b039e7469f7cf803464ee95a919fe7966450
[ Merge of http://go/wvgerrit/85503 ]
Replacing a few instances of C's NULL with C++'s nullptr in some of the
smaller sub-directories in the CDM.
Note that clang-format has performed additional changes to some of the
test files that have not yet been formatted.
Bug: 120602075
Test: Android unittest
Change-Id: I926135ed4b85e9d2d58a014b4a62098b0cb7a373
[ Merge of http://go/wvgerrit/83629 ]
In a previous change, the `VersionNumberChangeCanary` test started
to fail when Android changed their version number from "10" to "R".
I forgot to also change the Widevine CMD version string from "15.0.0"
to "16.0.0".
Test: Run `request_license_test` on Android
Bug: 137784842
Change-Id: I157aa6ac518423911e806b1278d723a86579c8cd
[ Merge of http://go/wvgerrit/81743 and http://go/ag/7747989 ]
This fixes some failures in tests. A platform property has been added
which controls whether an offline license can be restored if a release
request has been previously made. This behaviour was introduced by
CE CDM in b/113167010 but is not permitted for android.
The tests failures addressed are
* ProvisioningTestWithServiceCertificate
* ReleaseRetryOfflineKeyTest
* ReleaseRetryL3OfflineKeyTest
* ReleaseRetryL3OfflineKeySessionUsageDisable
Bug: 119428680
Bug: 133684744
Test: WV unit/integration tests
Change-Id: I5beacecea32f26c8a319a6d73a45cc36f04d8aa1
(This is a merge of http://go/wvgerrit/81628. Although it is primarily
to support a CE CDM feature, this patch touched shared code and so must
be merged.)
The problem that has long stopped the OEMCrypto Testbed from working
with the CE CDM build is that the OEMCrypto Testbed sometimes accesses
the storage via the normal filesystem APIs rather than the FileSystem
abstraction. Furthermore, when doing this, it assumes that FileSystem
abstraction is just a wrapper around direct filesystem access and thus
it should use the same paths in both kinds of filesystem access.
However, this is not true on the CE CDM where FileSystem wraps an opaque
key/value store.
This patch adds a property that allows a platform to indicate if its
FileSystem base path represents a real file system path and sets it
appropriately. ("true" for all platforms except CE CDM) It also adds
code to the OEMCrypto Testbed that makes use of this property to modify
its behavior. When running on a device where the FileSystem base path is
not a real file system path, it will instead use the directory of the
current executable as its base path when accessing the filesystem
directly.
Bug: 129311942
Test: CE CDM Build with Fake L1
Test: Android Build
Change-Id: Iadb3cc57d3bbc8ce0d49224b7df31c46bd5ea56c
[ Merge of http://go/wvgerrit/78763 ]
The android timer instance is held by a regular pointer rather
than reference counted as all classes that derive from RefBase
should be. This could result in a double deallocation, if the
timer is ever passed to a strong pointer.
Bug: 79364026
Test: WV unit/integration tests. GtsMediaTestCases. Play movies
playback tests.
Change-Id: I01f622bc045e1012f2240b3775a6d121f9415463
[ Merge from http://go/wvgerrit/71923 ]
Plumb through the device files error detail and add the detail to
metrics.
Bug: http://b/115382201
Test: Unit tests, manual GPlay.
Change-Id: I18139f6712b6670be5fed863a97f9f03440745c7
[ Merge from http://go/wvgerrit/71726 ]
Adds an error detail metric attribute to RestoreUsageSession and
RestoreOfflineSession. These metrics will now report an additional
attribute providing additional error detail for debugging.
BUG: http://b/115517916
Test: CDM Unit Tests. Manually tried GPlay.
Change-Id: Ib48361ef29d33a16150473d8967e4850bc0c623d
[ Merge from http://go/wvgerrit/69105 ]
This adds a metric collecting decorator class around cdm engine. This
implementation uses a templated decorator. The decorator enables:
1) Wrapping the CDM Engine methods to capture timing and error
information.
2) Allows use of a mock CDM Engine for testing.
Test: Unit tests. GPlay manual testing and GTS tests.
BUG: http://b/64724336
Change-Id: I5e4a0f552974fab1939bc7ab02719a1f5849cf3f
Support overloaded isCryptoSchemeSupported method that
accepts a security level parameter
bug:110701831
test: cts media test cases, widevine integration tests, gts media tests
Change-Id: Ia84e40ff8d4f13fc06478e338e3238061e283dac
Merged from http://go/wvgerrit/69723.
The new APIs are getOfflineLicenseIds, getOfflineLicenseState and
removeOfflineLicense. These methods are currently stubbed out in
Widevine hidl service. This CL completes the implementation.
Test: unit tests - libwvdrmdrmplugin_hidl_test
Test: GTS
--test com.google.android.media.gts.MediaDrmTest#testWidevineApi29
bug: 117570686
Change-Id: I96ffb75f453e36e931effefd3664b5faa8d69d30
[ Merge of http://go/wvgerrit/70665 ]
This allows one to be able to query for security level, from
Crypto factory methods before the plugins and CdmEngine objects
have been created.
Bug: 117104043
Test: WV Unit/integration tests
Change-Id: Id07f420c3cfb92166cd3bb3cf82148d52e10eb03
(This is a merge of http://go/wvgerrit/70383)
Up until now, implementations of Properties::Init() have had to handle
potentially being called multiple times, at any point during runtime. In
practice, this has meant little for the actual implementations, and all
of them have committed the error of blowing away mutated property state
if the method is re-run at the wrong time.
This patch makes the platform implementations a private function,
Properties::InitOnce(), which Properties::Init() ensures will never be
called more than once per run.
Bug: 112046733
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: If33f5e37abfad5d26da8380b4bc25fc018450970
[ Merge of http://go/wvgerrit/70203 ]
The earlier property_get() method had a limitation on property length.
Properties of some new devices exceed that length. An error message
is returned rather than a truncated string. Replace its use with
android::base::GetProperty() which does not have a length limitation.
Bug: 115358798
Test: WV unit/integration tests
Change-Id: I46ce9a7e77bcd031225d0082f83c57d484fe5405
[ Merge of http://go/wvgerrit/68083 ]
Add ability to query decrypt hash support, set a hash computed over a frame
and retrieve the last error at a later point.
Bug: 34080802
Test: WV unit/integration tests. New tests added to cdm_engine_test,
libwvdrmdrmplugin_hidl_test and request_license_test.
Change-Id: I7548c8798c873a6af3e1cfc0df57c117e1e474a6
Import of http://go/wvgerrit/68188
This adds an attribute to metrics indicating if the license was online
or offline.
Also, added a unit test for CdmEngineMetricsImpl.
Test: Unit tests. GPlay manual. GTS tests.
Bug: 115523917
Change-Id: Id315c643048914a2c51904451f9665987bc87eb7
[ Merge of http://go/wvgerrit/67884 ]
Now that we can use C++11, we should use the cross-platform std::mutex
type, not the custom pthread version.
Bug: 111850982
Test: WV unit/integration tests
Change-Id: If2fde2836826c5184609e6b1f3a6511206bd4594
Bug: b/119276649
Merge from: http://go/wvgerrit/66367
Test: Android, CE CDM, Linux unit tests
The FileSystem interface as it exists expects an Open for a file and
then a Close when finished. However, the Close doesn't delete the file
itself and depending on the platform, the underlying impl_ as well,
leading to a memory leak. To fix this leak as well as harden against
future memory issues, this change refactors the interface to shift away
from raw pointers and towards smart pointers.
Change-Id: I7a7132ea95cd3775796a540f510b698f4f27dd24
Merge from master branch of Widevine repo of http://go/wvgerrit/66078
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64022
This CL updates OEMCrypto ref code, unit tests, and core code for
setting the sandbox id before initializing OEMCrypto.
Test: unit tests only
Test: tested as part of http://go/ag/5501993
Bug: 115834255
Change-Id: Id9831680fe4db1c69413815931cae4bc80df0c01
[ Merge of http://go/ag/5334065 and http://go/wvgerrit/65122 ]
Sessions were not being correctly released when CloseCdm() was called.
Broadcom noticed this issue and proposed the fix.
Bug: 117876077
Test: WV unit/integration tests, GtsMediaTestCases and playback tests
Change-Id: I8800744f2396f0955c76d5f3e187a69fe04330f6
[ Merge of http://go/wvgerrit/54880 ]
Sending clear subsamples but filtering out encrypted ones,
before the keys have been loaded, causes problems during decode.
This is because subsamples that contain the first and last
subsample flags may be filtered out.
Clear subsamples that have first and last subsample flags set
will still be allowed to be passed to the decoder.
Bug: 110251447
Bug: 73447733
Test: WV Unit/integration tests.
Change-Id: I8c91c88f6313ad7b7b21c1c95e4c5787381949c1
Merge from Widevine repo of http://go/wvgerrit/48842
In order to work around a limitation of some versions of OEMCrypto,
the packager is going to start generating files with multiple Widevine
PSSH boxes. For backwards-compatibility, the first PSSH will be a
SINGLE-type PSSH while the ENTITLED_KEYS-type PSSH (if any) will come
later. In order to use entitlement licenses, then, the CDM needs to
change how it selects PSSHs from the init data blob.
Previously, the CDM always took the first Widevine PSSH it found. Now,
it must find all the Widevine PSSHs and select the appropriate PSSH
for the OEMCrypto implementation. ENTITLTED_KEYS will be used on OEC
v14 and later, if available, while SINGLE will be preferred on earlier
OEMCrypto versions.
As a side-effect of this, the CDM is now stricter about what PSSH
payloads it will accept. Previously, it would blindly accept the
payload of any PSSH where the wrapper was not malformed. Now, it
sometimes has to actually parse the payload, and therefore PSSHs that
have corrupted payloads will be rejected. This affected a few unit
tests which used PSSHs that were malformed. These tests have been
updated to use PSSHs that do not fail to parse.
Bug: 78142219
Test: CE CDM Unit Tests
Test: Android Unit Tests
Test: Android Google Play & Netflix
Test: tested as part of http://go/ag/4674759
Change-Id: Ia70d627a914299bfbae84b4cb46f100dc5c7a501
Merge from Widevine repo of http://go/wvgerrit/46204
Refactor utility code - split the mock, step 1
Merge from Widevine repo of http://go/wvgerrit/46205
Move some OEMCrypto types to common header - split the mock, step 2
Merge from Widevine repo of http://go/wvgerrit/46206
Split mock into two -- step 3
Merge from Widevine repo of http://go/wvgerrit/47460
Split the mock into two -- step 3.5
The CL moves several files used by oemcrypto and cdm into a common
subdirectory, so that it may more easily be shared with partners.
The CORE_DISALLOW_COPY_AND_ASSIGN macro was moved to its own header in
the util/include directory.
This CL removes some references to the mock from other code, and puts
some constants and types, such as the definition of the keybox, into a
header in oemcrypto.
Test: tested as part of http://go/ag/4674759
bug: 76393338
Change-Id: I75b4bde7062ed8ee572c97ebc2f4da018f4be0c9
[ Merge of http://go/wvgerrit/49980 ]
This CL
* corrects some of the test expectations
* switches test content used to test streaming with provider session tokens.
The policy of the earlier test content had changed.
* adds some more information to log messages
Bug: 63819720
Test: WV unit, integration tests, WvCdmExtendedDuraionTest,
GtsMediaDrmTest
Change-Id: I8fdbc9c38d6018cc6e884e1b95b2e9d26e7aa536
[ Merge of http://go/wvgerrit/48400 ]
Client identification information has recently been enabled in
provisioning messages. For privacy concerns this information
is being encrypted with a default service certificate.
Apps need to be able to override the default one to allow
for provisioning with third party provisioning services.
Bug: 78420508
Test: WV unit, integration tests
New WvCdmRequestLicenseTest.ProvisioningTestWithServiceCertificate test
GTS MediaDrmTestCases
Change-Id: Iee61ad47d33ce011efbea4eb90f7e4b1f032d15f
This change creates a unique id in the cdm identifier in order to force
a one-to-one mapping between WVDrmPlugin instances and CDM Engines. This
change simplifies some assumptions. This includes ensuring that the
metrics for a given MediaDrm instance map to a given CdmEngine instance.
This change contains the original change go/ag/3819203 and a fix to the
deadlock that was seen on Marlin and Taimen.
Bug: 73724453
Test: Updated unit tests. GTS test pass. Shaka Player, Netflix and Google Play test.
Change-Id: Ib208204a1b794df9f306fa11d13a8bb6cd6889f7
Merge from Widevine repo of http://go/wvgerrit/47860
This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.
bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
[ Merge of http://go/wvgerrit/47065 ]
RemoveKeys now resets associated crypto and policy resources,
rather than just closing the crypto session. This results in a
MediaCodec.CryptoException with error code ERROR_NO_KEY
rather than ERROR_SESSION_NOT_OPENED, if decrypt is called
afterwards.
Error SESSION_NOT_FOUND_FOR_DECRYPT is made unique. Error codes
were also synchonized between various branches in the widevine repo.
Bug: 77304819
Test: WV unit/integration tests, VtsHalDrmV1_0Target tests
Change-Id: I6cba2a3e1ce466d58c7727cde2d8f81d9503d655
This change creates a unique id in the cdm identifier in order to force
a one-to-one mapping between WVDrmPlugin instances and CDM Engines. This
change simplifies some assumptions. This includes ensuring that the
metrics for a given MediaDrm instance map to a given CdmEngine instance.
Bug: 73724453
Test: Updated unit tests. GTS test pass. Shaka Player, Netflix and Google Play test.
Change-Id: I7e041b6cdf3e272d067da49d25a297b4a4663f1f
Changes to a much more efficient and more reusable protobuf format for
metrics.
Test: Widevine tests, Google Play and MediaDrm CTS test.
Bug: 73724218
Change-Id: I3299051d7a16bcd7758c8f272415ca40e10c1313
(This is a cherry-pick of http://go/ag/3684977 that got left behind when
pi-dev was branched.)
The various Shared Source CDM groups have agreed on a more unified
version numbering scheme. Henceforth, the pattern for the version number
will be:
<max-oemcrypto-version-supported>.<minor-version>.<patch-version>
Where "minor-version" and "patch-version" are incremented independently
at the discretion of each CDM product.
This patch updates the version number for the Android CDM to match the
new scheme and updates the relevant tests.
Bug: 73090259
Test: request_license_test --gtest_filter=VersionNumberTest.*
Merged-In: Idcead5d92565dd549aa35565da632f01abb9e513
Change-Id: Idcead5d92565dd549aa35565da632f01abb9e513
[ Merge of http://go/wvgerrit/44921 ]
* Added the ability to remove a single usage information record.
* Added a method to retrieve all secure stop Ids.
Bug: 69674645
Test: WV unit, integration tests
Change-Id: I04ac8224b4bdda69541e61ff1103af3836138228
Merge from Widevine repo of http://go/wvgerrit/43420
Remove or mark unused variables. Fix unsigned/signed comparisons.
bug: 73390805
test: unit tests
Change-Id: Ic523400a5decf82fae733042b260e0c39a087cd3
[ Merged of http://go/wvgerrit/39766 ]
The security level (software/hardware, decryption/decode)
in the policy that specified how the key was to be used was
not being respected for L3. Playback would either continue or
a vendor specific error would be thrown.
If the device cannot use the key as permitted by the policy
CryptoException#ERROR_INSUFFICIENT_OUTPUT_PROTECTION will be thrown.
Bug: 31913737
Bug: 31913439
Test: WV unit/integration tests
Test: Playback using playmovies and netflix. Cast playback using
playmovies.
Change-Id: If25735ab0f789108431115623cb236687c5ef818
the 'finalized' concept didn't pan out -- remove references to it. Purged some
uses of generateSessionID(). Simplifies the code flow.
Bug: 71874686
Test: logcat/dumpsys
