[ Merge of http://go/wvgerrit/103243 ]
Include review comments from wv gerrit CL.
Bug: 161551490
Test: WV unit integration tests, GtsMediaTestCases and
WidevineConcurrentDrmCertificatesTest#testConcurrentDrmCertificates,
MediaDrmTest#testMultipleLoadKeys on a redfin
Change-Id: Ie9b41a2e68b95692f9353578f6955637411d4dfc
[ Merge of http://go/wvgerrit/102945 ]
The OEMCrypto method for usage table capacity can return zero to
indicate that the usage table size is not explicitly limited. The
CDM must handle this case with regard to the CDM's usage table
management and information querying.
The usage table initialization tests are extended to include cases
where the table does not have a defined limit.
AddEntry() was missing call to update the usage table header after
creating a new usage entry. This call is now included and required
additional changes to the usage table unit tests.
Bug: 160560364
Test: Android unit tests
Change-Id: Ica5d181092d2938d24deba5005a211ca883cb0f0
[ Merge of http://go/wvgerrit/103243 ]
In v16, OEMCrypto specifications required that an error be returned if
multiple attempts are made to load an offline license into a session.
This caused the GTS test testConcurrentDrmCertificates to fail. It was
introduced to verify that a license could retrieved and loaded into a
session and then restored. This was based on an app use case.
Ideally we would like to disallow a this behavior but need to make sure
it is not being used by apps.
For now this will be allowed. If detected, the CDM will reintialize the
OEMCrypto session and allow the license to be restored.
Bug: 161551490
Test: WV unit integration tests, GtsMediaTestCases and
WidevineConcurrentDrmCertificatesTest#testConcurrentDrmCertificates,
MediaDrmTest#testMultipleLoadKeys on a redfin
Change-Id: I0834e4419c3a6dccfd77aaea3afa3d65c2c0c742
[ Merge of http://go/wvgerrit/102923 ]
Avoid logging an error, on first boot, when trying to retrieve a
certificate that does not yet exist.
Bug: 161201883
Test: WV unit/integration tests
Change-Id: I293f9766a7f2024107d0db45a874a9478b0c3959
Base class uses license_start_time_ which is not updated on renewals.
Merge of http://go/wvgerrit/103123
Bug: 161023174
Bug: 161621246
Test: WidevineDashPolicyTests#testL1RenewalDelay5S
Test: WidevineDashPolicyTests#testL1RenewalDelay13S
Change-Id: I16056d492bea4dd721984998b5cf38409fe3b055
Merge from Widevine repo of http://go/wvgerrit/103107
When an offline license is reloaded, if it does not have a usage entry
to indicate when the rental clock was started, the start time defaults
to 0 in the ODK library (in OEMCrypto). This CL changes the code to
start the rental clock in this case. It does this by signing a dummy
message, which triggers the ODK library to start the rental clock.
Bug: 161585265
Bug: 161023174
Test: GTS tests. http://go/forrest-run/L55100000642199761
Change-Id: I4cf555b2fb43009ffb62e7b2c1a37265c3f70bfe
Merge from Widevine repo of http://go/wvgerrit/102783
When OEMCrypto is v16, but the license server is v15, we should not
create a new nonce for a license renewal. However, the request does
need a nonce or the license server will not generate a valid key
control block. So we should use the nonce that came from the original
license.
Bug: 160676790
Test: tested playback using netflix
Test: GTS tests. http://go/forrest-run/L55100000642199761
Change-Id: Ie1644b5abe0662387edf01f6110d82f70a64df6c
Add options to dump Widevine Cdm properties,
Widevine Cdm metrics, or both.
The valid arguments are Cdm Metrics (m|M) or Cdm Properties (p|P).
If no arguments are provided, both Cdm properties and
Cdm metrics will be displayed.
Test: adb shell lshal debug [drm service] [m/p]
adb shell lshal debug android.hardware.drm@1.3::IDrmFactory/widevine
Bug: 154027349
Change-Id: I95c10dd7d4274226936295c73be4eb1612c2ef6a
[ Merge of http://go/wvgerrit/102167 ]
After changes made to how the usage table is defragged by the CDM,
it was determined that there is no use in selecting more than a single
entry from the usage table to evict. The only failure that can occur
when evicting an entry is if the last entry is in use, in that case,
evicting other entries will still result in a failure.
This change cleans up the LRU algorithm and test cases to reflect
the new functionality.
Bug: 155230578
Test: Linux unit tests
Change-Id: I817c039670d9f72c0e4f6c3fdac45c98ed5b6b21
[ Merge of http://go/wvgerrit/102108 ]
Several tests that make parallel license requests were disabled due
to a flaky server failure unrelated to CDM code. Most of these tests
are now re-enabled to ensure the multi-threaded license requests is
functional on V16.
These tests remains disabled for L3 due to continued flakiness.
Added a lock around the initialization of the SSL library to prevent
issues with license requests getting garbled.
Bug: 137619348
Test: Linux and Android unit tests
Change-Id: Idffaa6039b2bde12613bb5033af32d1af6704c76
(This is a merge of http://go/wvgerrit/102084.)
No one was claiming ownership of the metrics object in
CertificateProvisioningTest, resulting in a leak. This patch makes the
test hold onto ownership.
Bug: 159486086
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I84710782b7a60d6bd3a7eda981de4f0af877fc39
(This is a merge of http://go/wvgerrit/102104)
The device file unit tests use some custom matchers that were written
back when we didn't have C++11. Because gMock requires std::tuple to
pass a pointer AND a length to a matcher, these matchers had to estimate
the length of the file. This technically meant they were causing a
benign buffer overrun sometimes.
Since we have C++11 now, we can fix this by using a matcher over a
std::pair of the pointer and length. I also took the opportunity to
refactor the matchers a little. The old matchers had many very specific
overloads and also collided with the names of some standard gMock
matchers. Now there are just two more-general matchers with unique
names.
Test: CE CDM Unit Tests
Test: Android Unit Tests
Bug: 159463905
Change-Id: I758b140226bfe2bae6962ee5c64fd6af186b5819
[ Merge of http://go/wvgerrit/102109 ]
The CDM was using unique CDM error codes for the various cases
where OEMCrypto would return INSUFFICIENT_RESOURCE. However, these
error codes were being incorrectly mapped at the Android level,
resulting in incorrect errors in the MediaDRM layer.
At no point does the CDM handle different INSUFFICIENT_RESOURCE_x
within the same case, as such the use of unique codes are limited.
This CL removes the unique codes, and unifies them under the same
CDM error code.
This CL also extends SelectKey to handle error codes returned by
LoadEntitledContentKeys.
Bug: 154682842
Test: Unit tests
Change-Id: I319fabf6cac60b0dc19ea891609689daeeaeb435
[ Merge of http://go/wvgerrit/102068 ]
CDM sessions should not be able to load multiple usage entries.
OEMCrypto already prevents multiple entries from being loaded by the
same OEMCrypto session; however, restoring a key typically creates a
new OEMCrypto session, which should not be allowed twice within the
same CDM session.
This test verifies that CDM returns an error if restore key is called
multiple times within the same session.
Bug: 136143733
Test: Android integration test
Change-Id: I594c91250217fd958837328162f909bc931d373f
[ Merge of http://go/wvgerrit/101443 ]
The WVDrmPlugin has a single CdmIdentifier. The CdmIdentifier contains
a SPOID that is calculated from the device ID (keybox or OEM cert),
an application reverse domain name and possibly an origin.
The CdmIdentifier is set and SPOID calculated on certain calls into
WVDrmPlugin. Once it is set, it will not be recalculated. We prevent
certain operations such as modifying the origin once the CdmIdentifier
has been set as this will require recalculating the SPOID.
Recalculating the SPOID may affect open sessions or calls in progress.
In a similar way, modifying the security level, will affect the
Device ID value and in turn the SPOID. The security level cannot be modified
if any sessions are open. This does leave open the possibility that the
SPOID may be calculated at one security level, sessions are then closed,
and the security level is then changed without an error being flagged.
The provisioning certificate file name is based on the SPOID. When
the SPOID does not match the security level, either the provisioning
information may not be found even though that security level has
been provisionined or the provisioning information may be stored
in an incorrect location if provisioning occurs.
The correct solution is to prevent modifications to the security level
once the CdmIdentifier is set. This is a behavior change and might
impact apps. We will reevaluate this for the next release.
For now, we will work around this. When the CdmIdentifier is set for L3,
we will calculate SPOIDs with both L1 and L3 device IDs and check if
provisioning previously occurred with SPOIDs calculated for that level.
If so, use that level, otherwise use L3.
Bug: 147703382
Test: Android unit/integration tests, GtsMediaDrmTests
Change-Id: Ia64adfc5848e431ee3876af03eebdb4b6eb83116
[ Merge of http://go/wvgerrit/100905 and http://go/ag/10708438 ]
Add support for ATSC certificate and licenses handling. ATSC
files are distinguished from the apps DRM certificate and licenses
by file naming conventions.
Bug: 139730600
Test: WV unit/integration test, GtsMediaTestCases
Change-Id: I295f66f92fe01d7716978deac9dc360d74addedd
[ Merge of http://go/wvgerrit/100864 and http://go/ag/10704773 ]
ATSC 3.0 allows for licenses to be downloaded OTA and are tied to
a DRM certificate that may be shared across apps. The provisioning
process for ATSC may happen at the factory or during an OS update.
This contrasts from the regular OTT model, which requires that
provisioning and license download have an uplink as well as a
downlink connection.
This adds support for the ATSC mode property. ATSC mode can only be
set (or unset) before sessions are opened. Once the CDM identifier is
set/sealed, requests to modify the ATSC mode will be rejected.
If one needs to open sessions with both ATSC mode and regular (non-ATSC)
mode, separate MediaDrm objects will need to be created. The default
mode is to not use ATSC.
Enable ATSC mode by calling
mediaDrm.setPropertyString("atscMode", "enable")
Disable ATSC mode by calling
mediaDrm.setPropertyString("atscMode", "disable")
Provisioning and unprovisioning requests for ATSC will be rejected as
certificates will be retrieved by the ATSC service.
Bug: 139730600
Test: WV unit/integration test, GtsMediaTestCases
Change-Id: I142f286c711fe007ff42125c3c8cdc6450b6ea36
(This is a merge of http://go/wvgerrit/101423 to Android.)
This header was missing. On the STL used inside Google, it gets included
transitively, but this is not guaranteed and broke in a partner's STL.
Bug: 154185251
Test: Android Build
Test: CE CDM Build and Unit Tests
Change-Id: If8df7e288073e69250f98d67f732804a955bbaa3
[ Merge of http://go/wvgerrit/100403 ]
VersionNumberTest.VersionNumberChangeCanary was expecting a version
string of "R". However, Android rvc branch is now far enough into
development to use a numbered version: version "11".
Bug: 156853733
Test: Android license request test
Change-Id: I63d33f742c849b672b2d2402ab8423fdf2450f6f
Merge from Widevine repo of http://go/wvgerrit/100110
The unit test TimeRollbackPrevention was broken for several
reasons. This CL reduces the test to its most basic functionality and
updates it to be compatible with a v16 oemcrypto.
This CL also adjusts the fake clock used by the buildbot to fake
sleeping backwards, so that the TimeRollbackPrevention test can also
be run on the buildbot.
Bug: 155773482
Bug: 79422351
Test: unit tests on buildbot, and on flame w/v16 modmock
Change-Id: I3027018b17b738281989e63ae6b0729757217d05
Merge from Widevine repo of http://go/wvgerrit/100328
Several integration tests in WvCdmRequestLicenseRollbackTest had been
testing the duration of a license. However, the license they request
sets the playback duration and not the rental duration. That means the
timer we are checking does not start until the first playback. To fix
the tests, we simply add a decrypt operation right after the license
is received.
Test: integration tests w/v16 mod mock.
Bug: 156854660
Change-Id: Ie4f017c82db8aaf084ad050de3fcb7f51987c97e
(This is a merge of http://go/wvgerrit/100051. However, only one part of
that change affects the Android code, so I have filtered this
description.)
By default, the CDM builds with Clang on Android and on developers' dev
boxes. The buildbot builds most of the code with an old version of GCC.
However, recent versions of GCC were refusing to build our code for a
variety of reasons. This patch fixes the codebase up so that the
version of GCC 9 included on gLinux workstations can compile the CDM.
The only change that affects Android is that a variable was being set
but never read in one place.
Test: Android Unit Tests
Bug: 145245240
Bug: 152449437
Change-Id: Iaeb0531652bb8e7bd69f850fc6b4bba1efa3271b
Merge from Widevine repo of http://go/wvgerrit/99843
When processing a license release, the license is not loaded, so
OEMCrypto does not know nonce version information for the core
message. It assumes that all license releases are v15, so it is not an
error for a license release to not have a core message.
This CL also adds some extra logging to tests so that we can track
content id and the pssh. This CL also updates some of the test content
policies when running the local license server. The local license
server is only used for debugging problems.
Bug: 152648172 Integration test WvCdmEngineTest.LicenseRenewal failing
Bug: 156259697 License release does not need core message
Test: Unit tests with v16 mod mock
Change-Id: I04c896adadfb17877ce1115345d2419e0d2489f0
