Plugin to provide getPropertyByteArray("deviceSignedCsrPayload")
which returns the signed CSR payload for device registration. It
queries both BCC and device info to be set in plugin before calling this
getPropertyByteArray("deviceSignedCsrPayload") method. The returned csr
payload will be used by assemble the device CSR by the caller for device
registration.
Bug: 286556950
Test: build WV DRM plugin
Merged from https://widevine-internal-review.googlesource.com/178891
Merged from https://widevine-internal-review.googlesource.com/179731
Change-Id: I65d89ed998dd292fc656af2f91f4472c1b5ec33c
[ Merge of go/wvgerrit/186611 ]
Android user can set the property using the developer option.
Bug: 301669353
Change-Id: I730b635f6cc28dfb0471c1d679627c94b9e16af1
[ Merged of go/wvgerrit/186370 ]
CDM by default allows test keybox from device side.
Bug: 299987160
Bug: 301669353
Change-Id: I06f1936ccd068eb71364a5a8931970954233b686
[ Merge of http://go/wvgerrit/172010 ]
The CdmEngine provides an API for generic crypto operations that are
already used for the CE CDM. This API is being exposed in the Android
CDM. The parameter order of the Android CDM is modified to match the
existing generic crypto parameters used in the media DRM plugin.
Bug: 274984456
Bug: 29400687
Test: build x86-64 and Android
Change-Id: I3b286ebb011bd58754b7b8ea814ed46daf1f62f9
[ Merge of http://go/wvgerrit/173410 ]
The DRM plugin opens and closes many CDMs using the default identifier.
These metrics are not needed when checking the metric history and will
no longer be stored. Default CDM metrics will continue to appear in
the live metrics list.
Bug: 239462891
Bug: 270166158
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine -m
Change-Id: I64662a44e9c084cc0f08c5a3f013dbf86374ac2d
[ Merge of http://go/wvgerrit/172910 ]
The lifecycle of the Android CDM is controlled by Android's strong/
weak pointer functionality. Unfortunately, it does not provide an
easily predictable point in the code where the CDM is to be deleted
along with the saved metrics. In order to allow the CDM to keep a
list of metrics that are persistent with the life of the service, a
global thread safe queue is provided which is created when the first
CDM is created, but will out live the CDM.
The metrics will still be deleted when the DRM service is terminated.
Bug: 270166158
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine -m
Change-Id: Id98676d8b5278798b4de332cc272cd5b85024244
[ Merge of http://go/wvgerrit/171271 ]
There is a need to maintain a short history of metrics from CDMs which
have been deleted. This CL adds this ability to the Android version
of the WV CDM. The history cannot yet be maintained for long, as the
WV CDM instance is destroyed if unused.
Further changes are required to the plugin to maintain the history
beyond the life-cycle of the CDM instance, and to properly format
its output.
Bug: 239462891
Bug: 270166158
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine -m
Test: atest GtsMediaTestCases
Change-Id: I81c0996602722a9795fc3951030d20bb39b5816b
[ Semi-revert of http://ag/20183443 ]
[ Merge of http://go/wvgerrit/168898 ]
These tests were removed from Android last quarter; however, they
now need to be restored. These tests will be removed in Android V.
To help with ambiguity around where the CDM is operating on a single
or set of usage info messages, the variables have been renamed to
propery indicate plurality.
Bug: 263319220
Test: cdm_extended_duration_test
Test: request_license_test
Test: libwvdrmdrmplugin_hal_test
Change-Id: I38b16dd5811069fafaeab5ffc19d0f8a8095f0cf
[ Merge of http://go/wvgerrit/168397 ]
When CdmResponseType (enum) was transformed to CdmResponseType
(struct), the test printers where not updated to print the result
of failed comparisons. In addition, several logs statements were
updated haphazardly, leaving inconsistencies and potential
compiler-specific behavior.
This CL replaces CdmResponseType std::string operator with a ToString()
method. This is to make it consistent with Google's C++ style guide
on conversion operators vs methods. The string conversion function is
now defined in wv_cdm_types.cpp instead of inline in the header file.
The PrintTo function has been implemented along with the other CDM
test printers in test_printers.cpp.
Bug: 273989359
Test: run_x86_64_tests
Test: MediaDrmParameterizedTests on redfin
Test: Forrest drm_compliance
Change-Id: Ibfaa17029046b75b1c8c278f7bd7e04a24379848
[ Merge of go/wvgerrit/164757 ]
Modify Widevine apex configuration to add add liboemcrypto.so as
required by WV APEX.
Bug: 243699259
Test: atp v2/widevine-eng/drm_compliance
Change-Id: I136dde5d77aed4fb14737e4692153c8f3b2c701b
[ Merge of http://go/wvgerrit/163900/ ]
ATSC licenses can be saved by calling
MediaDrm#setPropertyString("storeAtscLicense",<value>)
where <value> is
"<atsc-key-set-ID>:<license-file-data in Base64 format>"
Before storing an ATSC license a session must be opened and the
ATSC mode must be enabled.
Use MediaDrm#setPropertyString("atscMode","enable");
Bug: 176871821
Test: WV Unit/integration/Luci tests
Test: libwvdrmdrmplugin_hal_test
Test: GtsMediaTestCases
Change-Id: Iec2a8b7f87b1122395d06856202278b92316fdfe
1. "Change CdmResponseType from enum into a struct"
Merged from http://go/wvgerrit/163199
Bug: 253271674
2. "Log request information when server returns 401"
Bug: 260760387
Bug: 186031735
Merged from http://go/wvgerrit/162798
3. "Specify server version on the command line"
Bug: 251599048
Merged from http://go/wvgerrit/158897
Test: build android.hardware.drm-service.widevine
Test: Netflix and Play Movies & TV
Test: build_and_run_all_unit_tests.sh
Bug: 253271674
Change-Id: I70c950acce070609ee0343920ec68e66b058bc23
As of Android T, these need to start with the ro.vendor prefix. We are
doing it now so we can update ChromeOS to be in sync for either version.
Bug: 237492145, 248584954
Test: No properties errors in logcat during playback
Change-Id: Ic6fac64e621be65385d16808dbef52914a66967a
(cherry picked from commit 28a040d407b28d24dd4d5496dd08cfa2f6579d71)
(cherry picked from commit a932781fcc7d2d89d73c546bf244399daf02f5ac)
We added custom properties that are only used on ChromeOS and to avoid
having to bloat the sepolicy for all of Android we are adding a check
here so that we only query the properties on ChromeOS based on the
bertha hardware property.
Bug: b:237492145
Test: Access denied message is gone w/ ExoPlayer
Change-Id: I3a5781ad980dfae2e16501b655386287b5e245b7
(cherry picked from commit 890f71ef367aed683a89892000e40d0e0ca6fbdd)
(cherry picked from commit 4379b0545a2ae866ba9fc315551a5534fa163924)
[ Cherry-pick of http://ag/19216679 ]
[ Merge of http://go/wvgerrit/155370 ]
There is a rare race condition experienced by some Android devices
where the a new client property set is being added while another is
being removed. The C++ stl library does not provided thread
protection by default.
This CL adds a new mutex for the client property set map which prevents
multiple threads accessing the property sets concurrently.
Bug: 235238226
Test: GtsMediaTestCases on redfin
Change-Id: I32cf11bfb1332295ba1245071102ff0adc35259d
(cherry picked from commit aaa97a5d60)
The CL http://ag/16988980 introduced new Adnroid property queries to
the CDM; however, the file was not of the correct format for the CDM
repo. This CL simply ran clang-format on the file.
Bug: 197771575
Bug: 236317198
Test: none
Change-Id: I5293864f84d1297efb7aef2a96a71794217c5203
[ Merge of http://go/wvgerrit/150350 ]
Certain integration tests were depending on the provisioning server
only sending short duration (~2 minute) certificates when testing
the CDM's ability to enforce expiration periods. This behavior of
the server was not reliable, resulting in device test failures from
server behavior changes.
The DRM certificate provisioning server allows the requester to
optionally provide a desired certificate duration in the request
URL. The tests which test the CDM's ability to enforce certificate
durations will now explicitly specify the certificate duration
required by the test.
Bug: 228547158
Test: request_license_test
Change-Id: Ib9ebfdba1451104be0e59baca0b2f23a94cd51e6
We need to have extra properties we can check for this so they don't
conflict with the main ones for ro.product.{manufacturer|make|device}.
Bug: 197771575
Test: None
Change-Id: I63d57d59f3473beaa825b9f20e711f15d6280461
(cherry picked from commit 0f000ac305528059fc6ebdf4a3c82dd698ef4161)
(cherry picked from commit f46a1b9adcdaa103c394a2017a58e0ab6a6a4c77)
The interface is defined in
hardware/interfaces/drm/aidl(http://go/ag/15329852).
Test: build
m android.hardware.drm-service.widevine -j128
Test: build_and_run_all_unit_tests.sh
for hidl tests
Test: atest VtsAidlHalDrmTargetTest
Bug: 200055138
Bug: 170964303
Change-Id: If2f2a129914436ba5cef1c46f6cb9415e12c3d1c
Merge from Widevine repo of http://go/wvgerrit/142150 (part 2)
For an EVT device, without a keybox or with a test keybox, we want it
to fall back to L3. However, when running the unit or integration
tests it should continue running tests with test keybox. This will
allow us to test L1 oemcrypto on an EVT device, while still using an
EVT device for dogfooding video content at the L3 level.
Bug: 210807585
Bug: 210823889
Change-Id: I30c35134239db35bb39f11f75220063181987763
Merge from Widevine repo of http://go/wvgerrit/142150 (part 1)
For an EVT device, without a keybox or with a test keybox, we want it
to fall back to L3. However, when running the unit or integration
tests it should continue running tests with test keybox. This will
allow us to test L1 oemcrypto on an EVT device, while still using an
EVT device for dogfooding video content at the L3 level.
This CL modifes the HIDL and non-HIDL plugin, so it was hand merged to
downstream branches.
Bug: 210807585
Merged-In: I85b96f127abe30f8f061b242f7580fa8f6c01776
Change-Id: I85b96f127abe30f8f061b242f7580fa8f6c01776
Merge from Widevine repo of http://go/wvgerrit/142150 (part 1)
For an EVT device, without a keybox or with a test keybox, we want it
to fall back to L3. However, when running the unit or integration
tests it should continue running tests with test keybox. This will
allow us to test L1 oemcrypto on an EVT device, while still using an
EVT device for dogfooding video content at the L3 level.
The original CL modified the HIDL and non-HIDL plugin, so this is the
hand cherry-pick.
Bug: 210807585
Change-Id: I85b96f127abe30f8f061b242f7580fa8f6c01776
(This is a merge of http://go/wvgerrit/138969.)
Provisioning 4.0 on CE CDM requires not only the make & model but the
model year in order to relate a device back to its system ID. This patch
adds model year to the list of properties that partners must provide as
client identification.
As no equivalent field exists for Android, this property is not
provided on Android platforms.
Bug: 206453352
Test: x86-64
Change-Id: I0764d67fec54fa9a0c65074e68f3ee02de1e7820
[ Cherry-pick of http://ag/16064434 ]
[ Merge of http://go/wvgerrit/136330 ]
This changes adds a custom debug property for changing the fallback
policy used for the system. Depending on the value set, the device
will either use a "fast" fallback (30 seconds) or "default" fallback
(~1 day with exponential backoff). Setting this property to either
"fast" or "default" will end the current fallback if it has been
triggered.
Bug: 187646550
Test: Android unit tests
Change-Id: I5271f96139c1e468242f7fa742668cc791ffcf91
Merge from Widevine repo of http://go/wvgerrit/135984
If the MediaDrm property string debugIgnoreKeyboxCount is set to 1,
then the keybox will be ignored on the next initialization. This will
force an OTA keybox reprovisioning.
Equivalently, a 1 may be written to the file
L1/debug_ignore_keybox_count.txt.
In order to test a failed reprovisioning step, a value of 2 may be
used.
Bug: 187646550
Merged-In: Ie7d34a8b355398855f4ec43dd95dd73c5907bdeb
Change-Id: Ie7d34a8b355398855f4ec43dd95dd73c5907bdeb
[ Merge of http://go/wvgerrit/128325 ]
There were a few cases where |cdm_by_session_id_| was being iterated
over and the CDM did not acquire any write-protection locks to prevent
other threads from changing the map simultaneously.
In particular, it was possible that while cleaning up a CDM, and
removing all the associated session in |cdm_by_session_id_| another
CDM could have been opening a session and creating a new association
in |cdm_by_session_id_| at the same time.
Cases where |cdms_| and/or |cdm_by_session_id_| is being written to or
iteratively read from should require a lock. The iterator of
std::map maintains a "view" into the map's tree structure. Modifying
the map (inserting or deleting elements) can potentially change the
structure of the map and the underlying assumptions built into an
iterator's view (ex, the iterator thinking there is an element to the
left or right).
Modifying the value within the map can potentially cause problems, but
is not applicable in our case (we modify the object pointed to by the
map element, but not the pointer itself).
Bug: 190405462
Test: build_and_run_all_unit_tests.sh and MediaDrmTest
Change-Id: I043e238570dac9a0db990f8fe66be271062b965c
This commit is a combination of the following:
* http://go/wvgerrit/117003
* http://go/wvgerrit/118303
Bug: 162255728
Test: MediaDrmTest#testGetLogMessages
Change-Id: I5699b64d5c4bab463e5b587595fa7d324dc1d93f
[ Merge of http://go/wvgerrit/108084 ]
The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the android directory.
Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I0f9e6445e0168ebe85425baeb81371e182e5a39c
Merge from http://go/wvgerrit/105767
To avoid conflict with metrics.proto in
frameworks/av/drm/libmediadrm/proto.
This is in preparation of moving metrics_dump tool
to build under Android.
bug: 161783052
Test: unit test
Test: Play Movies & Tv and Netflix streaming
Change-Id: I2406b66db4d61cca7c6260ea8847a555d96c8d42
Add options to dump Widevine Cdm properties,
Widevine Cdm metrics, or both.
The valid arguments are Cdm Metrics (m|M) or Cdm Properties (p|P).
If no arguments are provided, both Cdm properties and
Cdm metrics will be displayed.
Test: adb shell lshal debug [drm service] [m/p]
adb shell lshal debug android.hardware.drm@1.3::IDrmFactory/widevine
Bug: 154027349
Change-Id: I95c10dd7d4274226936295c73be4eb1612c2ef6a
[ Merge of http://go/wvgerrit/101443 ]
The WVDrmPlugin has a single CdmIdentifier. The CdmIdentifier contains
a SPOID that is calculated from the device ID (keybox or OEM cert),
an application reverse domain name and possibly an origin.
The CdmIdentifier is set and SPOID calculated on certain calls into
WVDrmPlugin. Once it is set, it will not be recalculated. We prevent
certain operations such as modifying the origin once the CdmIdentifier
has been set as this will require recalculating the SPOID.
Recalculating the SPOID may affect open sessions or calls in progress.
In a similar way, modifying the security level, will affect the
Device ID value and in turn the SPOID. The security level cannot be modified
if any sessions are open. This does leave open the possibility that the
SPOID may be calculated at one security level, sessions are then closed,
and the security level is then changed without an error being flagged.
The provisioning certificate file name is based on the SPOID. When
the SPOID does not match the security level, either the provisioning
information may not be found even though that security level has
been provisionined or the provisioning information may be stored
in an incorrect location if provisioning occurs.
The correct solution is to prevent modifications to the security level
once the CdmIdentifier is set. This is a behavior change and might
impact apps. We will reevaluate this for the next release.
For now, we will work around this. When the CdmIdentifier is set for L3,
we will calculate SPOIDs with both L1 and L3 device IDs and check if
provisioning previously occurred with SPOIDs calculated for that level.
If so, use that level, otherwise use L3.
Bug: 147703382
Test: Android unit/integration tests, GtsMediaDrmTests
Change-Id: Ia64adfc5848e431ee3876af03eebdb4b6eb83116
[ Merge of http://go/wvgerrit/97267 ]
In earlier releases, provisioning would occur based on a cached
security level. If an open session call returned a NotProvisionedException
the security level would be cached for use with any future provisioning
call.
An app would have to set the security level, then call openSession,
have it fail and then request provisioning. This fits the normal flow of
most apps. Still on occasion, an app might change requested security level
after an openSession call failed. Using the cached security level
would result in unexpected behavior.
This change allows provisioning to occur at the last security level that
was set.
Bug: 129356527
Test: wv unit/integration tests, GTS tests (GtsMediaTestCases)
Merged-In: I8d9234eec2b23a9c913e77a709943b431e25e43e
Change-Id: I8d9234eec2b23a9c913e77a709943b431e25e43e
[ Merge of http://go/wvgerrit/96514 ]
The combined decryption call feature was introduced in android R.
In earlier releases, subsamples were passed one at a time for
decryption within the plugin. A decryption request that consists
entirely of clear data should be passed on to OEMCrypto even if
no keys are loaded.
A sample might consist of subsamples of clear and protected data.
In legacy mode, this proved to be an issue for OEMCrypto if the clear
subsamples were passed on but the protected ones were rejected (b/110251447).
For legacy mode and in the absence of keys being loaded, the subsample will
be passed to OEMCrypto only if the clear lead/frame is in a single subsample
and not broken up across multiple subsamples.
Bug: 150316417
Test: WV android unit/integration tests
Change-Id: Iff8ae8f58530cb9c5d31ce388742443ae807c16f
[ Merge of http://go/wvgerrit/95943 ]
The CDM version for android is now defined in a platform specific
header file. A check for version number match has been removed
from integration tests as it will always be true. We will still
get a notification to change the CDM version when the Android OS
version gets updated.
Bug: 151663718
Test: WV unit/integration tests
Change-Id: I96bac87186e30a709585514be7f338ad2209cdf6
[ Merge of http://go/wvgerrit/95784 ]
On unprovisioning, all persistent state/files are deleted. If a
provisioning session is opened soon after, |OEMCrypto_Terminate|
and |OEMCrypto_Initialize| will not be called. The (deleted) device
key will remain resident in memory and will not be regenerated until
|OEMCrypto_Initialize| is called. Any L3 licenses created will be
associated with a device key that does not exist, at least after
OEMCrypto is terminated.
By disabling delayed termination of OEMCrypto, OEMCrypto will be
terminated and initialized immediately on unprovisioning.
Bug: 149808504
Test: WV unit/integration tests on L3
Change-Id: Id3fbce621b47a723ff624cf45f1ac203421a8dba
[ Merge of http://go/wvgerrit/94903 ]
Prefixes are no longer needed now that file and line number are
being logged.
Bug: 149829271
Test: wv unit/integration tests
Change-Id: I0ba701fc262cdb59056dca139c38ed76035bcbb8
(This is a merge of http://go/wvgerrit/93829,
http://go/wvgerrit/93830, http://go/wvgerrit/93832,
http://go/wvgerrit/93833, and http://go/wvgerrit/93834 from the
Widevine repo.)
This implements the CDM code changes necessary to take advantage of
Combined Decrypt Calls on OEMCrypto v16. The result of this is that
WVCryptoPlugin is much lighter now because it can pass the full sample
down to the core in one call, but CryptoSession is heavier, as it now
has to handle more complex fallback logic when devices can't handle
multiple subsamples at once.
This patch also removes support for the 'cens' and 'cbc1' schema, which
are being dropped in OEMCrypto v16. This fixes an overflow in the code
for handling those schemas by removing it entirely.
This patch also fixes the "in chunks" legacy decrypt path to use larger
chunk sizes on devices with higher resource rating tiers.
Bug: 135285640
Bug: 123435824
Bug: 138584971
Bug: 139257871
Bug: 78289910
Bug: 149361893
Test: no new CE CDM Unit Test failures
Test: Google Play plays
Test: Netflix plays
Test: no new GTS failures
Change-Id: Ic4952c9fa3bc7fd5ed08698e88254380a7a18514
[ Merge of http://go/wvgerrit/89848 ]
Apps query a number of properties at initialization. The mediaDrm
API getProperty allows the query of a single property at a time.
This causes a series of requests. If no crypto
sessions are concurrently open, a series of expensive OEMCrypto
Initialization and Termination calls will occur.
In this change OEMCrypto termination is delayed. If an OEMCrypto
Terminate is followed in close succession by an Initialize, neither
will occur avoiding the overhead. A timer enables a countdown process.
If no session activity occurs, the timer will eventually terminate
OEMCrypto and exit.
Bug: 136282358
Test: Android unit/integration tests
Change-Id: I442b7919b4e7835c52583516c8bc64d0c150241d
