Devices may be revoked by the provisioning server resulting in an
error message contained within the provisioning response. The CDM
core currently returns an error, but the CE CDM would map this to
an kUnexpectedError, which does not provide the information to the
CE client to react. This situation is not immediately recoverable,
but may provide certain apps to use a different DRM plugin if they
support such a thing.
Documentation and tests are needed.
Bug: 179650038
Test: None
Change-Id: I892a23839758264ddd7b29fb739cb00d41d953f8
GetDeviceInformation() and GetDeviceSignedCsrPayload() are added to
cdm_engine and crypto_session, so that they can be queried by DRM
plugin. This is to allow the wv drm HAL to be able to extract BCC and
CSR payload to build CSR for prov 4 device registration, such that we
don't need a separate RKP HAL to do this job.
Changes to the DRM plugin to use the exposed methods will be in the
coming CL.
Bug: 286556950
Test: request_license_test
Merged from https://widevine-internal-review.googlesource.com/178890
Merged from https://widevine-internal-review.googlesource.com/179730
Change-Id: Ibafa3a58c99fbb8f1f25f8951d3749110bd32176
Generate core message request and responses for
golden data tests.
This CL does not have any golden data. The golden data
will be added to a google3 CL.
To turn on dumping of golden data, set the environment
variable DUMP_GOLDEN_DATA to "yes".
Merged from https://widevine-internal-review.googlesource.com/171750
Change-Id: I7ae2d76ec7330d9131aae98dfd07b7909d10f726
There are three changes here that should help reduce the
amount of duration test failures caused by clock skew.
First, we reported some skew when the test expected playback
to start immediately after loading the license. However,
with round-off, this could easily be more than 1 second. So
this does not warrent even a warning.
Second, the fake and real clocks were only synced after
computing how long to sleep. This is fixed by moving
SleepUntil to the TestSleep class and having it sync before
computing the delta and after doing the sleep.
Third, I am guessing that some failures due to unexpected
lenience were caused by the rental or playback clock being
started at the end of signing the license or the end of the
first decrypt instead of the beginning. We work around this
by recording how long these operations take, and then adding
this extra time at the end of the check for FailDecrypt.
Bug: 275003529
Bug: 279249646
Bug: 207500749
Merged from https://widevine-internal-review.googlesource.com/176070
Change-Id: I6a973565edfbebca53ee7f239b4b93f8f73d1e0a
[ Merge of go/wvgerrit/186611 ]
Android user can set the property using the developer option.
Bug: 301669353
Change-Id: I730b635f6cc28dfb0471c1d679627c94b9e16af1
[ Merged of go/wvgerrit/186370 ]
CDM by default allows test keybox from device side.
Bug: 299987160
Bug: 301669353
Change-Id: I06f1936ccd068eb71364a5a8931970954233b686
[ Merge of http://go/wvgerrit/183472 ]
For provisioning 4.0 devices, the DRM certificate serial number
was changing on a reprovisioning attempt or factory reset. The
app parameters sent up in the client identification name-value
pair field were being filtered out in provisioning requests.
This has been corrected for provisioning 4.0 stage 2
(DRM certificate request). There is no need to include them for
stage 1 (OEM certificate request).
The test case WvCdmRequestLicenseTest.ProvisioningSpoidTest
was created earlier to ensure that SPOIDs and DRM certificates are
stable. Unfortunately due to another bug b/250099615, the RKP service
was holding a connection to the Widevine TA for provisioning 4.0
devices. When native tests ran as their own process, L1 would fail
to load due to a connection failure and the test would run as L3.
The tests passed for provisioning 4.0 devices Pixel 7 and 8 when
they should have failed. This gave us a false sense of confidence
that the SPOIDs were stable.
For now a workaround is to run a shell command to kill the widevine
TA before running native tests.
$ adb shell pkill -f -9 widevine
New tests have been introduced to provide integration coverage
WVPluginTest at the WV plugin level and CoreIntegrationTest
for core. GTS tests are also being written in b/295538002.
Bug: 294451432
Bug: 293950895
Test: WVPluginTest.ProvisioningStableSpoidTestL1, WVTS tests
Change-Id: Ib9ace4387866ea38bb1840feb69cea78d2d2c09c
[ Merge of http://go/wvgerrit/181151 ]
[ Cherry-pick of http://ag/24103737 ]
For devices with a large number of usage entries, when restoring the
usage table a capacity check is performed. This checks that a new
entry can be created. This test was originally added as some devices
might enter a "stuck" state the table cannot be initialized.
To perform this test, a temporary crypto session is created and an
entry is created for that session. After successfully creating that
entry, the entry is deleted. However, because the session was left
open, the entry could not be deleted.
This change closes the capacity-check-session before deleting the
entry, as well as includes additional logs for helping future debugs.
Bug: 286176947
Bug: 291351287
Test: usage_table_header_unittest
Test: Android GTS R11 on oriole
Change-Id: I6923de00175f70b2392bfe581ca5f9ae60c4af25
(cherry picked from commit 8b4bbeeb6f440c48a3250b961f7a7dab2472d7e9)
(cherry picked from commit bb925c46e5)
[ Merge of http://go/wvgerrit/181152 ]
[ Cherry-pick of http://ag/24137228 ]
Partners have requested that we log HDCP information during certain
operation:
1) Current and max HDCP capability when calls to decrypt or select
key failure due to insufficient or mixed HDCP levels.
2) Current, desired and default HDCP level when video contraints
are not met.
To avoid spamming the logs, decrypt failures are only logged on their
first occurrence, and unmet video constrains when one of the
requirements change.
Bug: 276686656
Bug: 292005982
Test: license_keys_unittest
Test: Android WVTS on oriole
Change-Id: I98b18e66d7ce1c474a018ae83af4f1c0b03308df
(cherry picked from commit c84b9afd38)
[ Merge of http://go/wvgerrit/175310 ]
Pass the real oemcrypto session id from `pair.session` instead of
`session` for LoadEntitledContentKeys, since `session` can be
changed when L1 and L3 are running in parallel and `session` in
that case may not be the correct oemcrypto session id any more.
Bug: 279967915, 282180589
Test: wvts
Change-Id: I127ff37abf8b618dfbcb623f59bc999e58e7a028
[ Merge of http://go/wvgerrit/174555 ]
This is only announced if OEMCrypto is v18+
Bug: 278751387
Test: Duration use case tests, wvts tests
Change-Id: I5cbfcc733ed2af2c940fde381b40a5be850e7e88
[ Merge of http://go/wvgerrit/173290 ]
* Renew timer offset from when license is loaded verifies that the
rental duration has not expired and begins decryption.
* Renew timer offset from first decrypt bugfix
* Feature is enabled based on oemcrypto v18 presence
* Renewal logic verifies that |can_renew| is enabled
* Unit tests were added to reflect use cases from duration
and renewal documentation
Bug: 278751387
Test: policy unittests, CdmUseCase tests, wvts tests
Change-Id: I3070b3f31b316e150c28ebe38d0440ab1eeb89b9
[ Merge of http://go/wvgerrit/175058 ]
Pass the real oemcrypto session id from `pair.session` instead of
`session` for LoadEntitledContentKeys, since `session` can be
changed when L1 and L3 are running in parallel and `session` in
that case may not be the correct oemcrypto session id any more.
Bug: 279967915, 282180589
Test: wvts
Change-Id: Iad0ac5e505d3b38d220f1484d4cf5f8bc3b5337f
[ Merge of http://go/wvgerrit/174470 ]
There are two sets of changes
* Mocking CryptoSession so that OEMCrypto API version can be queried
* Creating a PolicyEngineTestV16 so that API version expectations
can be set and V18 can be accommodated.
Bug: 278751387
Test: policy_engine_unittest
Change-Id: Ied664ce87e22f697b6a45d3c573e22273e65e37f
Merge from Widevine repo of http://go/wvgerrit/169471
Remove the test in android tests and add it to the
core tests.
Bug: 276464340
Test: GTEST_FILTER="CorePIGTest.CastReceiverProvisioning*" jenkins/run_fake_l1_tests
Change-Id: Icd280b532ddae274f66b2fab3e65520e96adb7cb
Merge from Widevine repo of http://go/wvgerrit/169018
This CL adds a provisioning holder that attempts to
provision and logs the request and response for
failures. The server team can replay the request to debug
problems on their end.
Bug: 276464340
Test: ran cast and ota tests
Change-Id: I6eed117e504ae3287f2ba16c3c507cfdc7456f8d
[ Merge of http://go/wvgerrit/174572 ]
Pass the real oemcrypto session id from `pair.session` instead of
`session` for CopyBuffer, since `session` can be changed when L1
and L3 are running in parallel and `session` in that case may not
be the correct oemcrypto session id any more.
Bug: 279967915
Test: wvts
Change-Id: Ic5e21ccb227d4c4992ef500435fa3b68812c4d9b
[ Merge of http://go/wvgerrit/174431 ]
It is possible that the initial license duration was limited due to
the finit rental duration; however, if the license has a soft rental
duration, it will be considered unlimited after playback has begun.
The *.UsageTest* have been updated to ignore cases where initial
license durations are finit, but later report as unlimited.
Bug: 275651559
Test: cdm_extended_duration_test
Change-Id: I689163b1066b2bc9f9345e2279e9373010f844cc
Merge from Widevine repo of http://go/wvgerrit/170970
RenewOnLicenseLoad.Case2 tests are failing because they
are expecting to load an expired license. However, the spec
says that the license should return KEY_EXPIRED. The test is
being updated.
Some other RenewOnLicenseLoad tests were failing because
they forgot to request the renewal.
Bug: 278750980
Test: Run tests on Luci
Change-Id: I7196db11fcf43859ba9310b87fd8ccb609e47039
[ Merge of http://go/wvgerrit/172010 ]
The CdmEngine provides an API for generic crypto operations that are
already used for the CE CDM. This API is being exposed in the Android
CDM. The parameter order of the Android CDM is modified to match the
existing generic crypto parameters used in the media DRM plugin.
Bug: 274984456
Bug: 29400687
Test: build x86-64 and Android
Change-Id: I3b286ebb011bd58754b7b8ea814ed46daf1f62f9
[ Merge of http://go/wvgerrit/173410 ]
The DRM plugin opens and closes many CDMs using the default identifier.
These metrics are not needed when checking the metric history and will
no longer be stored. Default CDM metrics will continue to appear in
the live metrics list.
Bug: 239462891
Bug: 270166158
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine -m
Change-Id: I64662a44e9c084cc0f08c5a3f013dbf86374ac2d
Merge of https://widevine-internal-review.googlesource.com/c/cdm/+/173330
Skipping files that are not in android from the CL above.
Original commit message:
Pass the real oemcrypto session id from `pair.session` instead of
`session`, since `session` can be changed when L1 and L3 are running in parallel and `session` in that case may not be the correct oemcrypto session id any more.
Also adding a few missing v18 L3 functions pointers to the dynamic
adapter.
Need to re-generate L3 since the L3 sources changed.
Test: L3 unit tests
Test: GTS dash policy tests and Dexter tests
Bug: 271290471
Bug: 279967915
Change-Id: Idc44d57ca38eb1de24c0038917800e37c25b9afc
[ Merge of http://go/wvgerrit/171310 ]
Offline license not found errors are identified by CdmResponseEnum
347 (KEYSET_ID_NOT_FOUND_4). No addition file system information
is shared.
Checks for file existance use the stat command. The stat call can
return error codes from errno.h when the command fails.
These are now converted into sub error codes and returned along with
the offline license file not found error.
This also includes a change to log stat errors other than
ENOENT (no such file or directory) as a warning rather than verbose.
Bug: 276225520
Test: file_store_unittest, file_utils_unittest, GtsMediaTestCases
Change-Id: Ic09d036549582cd65783b49fa96ffefc4bf562c7
[ Merge of http://go/wvgerrit/172910 ]
The lifecycle of the Android CDM is controlled by Android's strong/
weak pointer functionality. Unfortunately, it does not provide an
easily predictable point in the code where the CDM is to be deleted
along with the saved metrics. In order to allow the CDM to keep a
list of metrics that are persistent with the life of the service, a
global thread safe queue is provided which is created when the first
CDM is created, but will out live the CDM.
The metrics will still be deleted when the DRM service is terminated.
Bug: 270166158
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine -m
Change-Id: Id98676d8b5278798b4de332cc272cd5b85024244
[ Merge of http://go/wvgerrit/171271 ]
There is a need to maintain a short history of metrics from CDMs which
have been deleted. This CL adds this ability to the Android version
of the WV CDM. The history cannot yet be maintained for long, as the
WV CDM instance is destroyed if unused.
Further changes are required to the plugin to maintain the history
beyond the life-cycle of the CDM instance, and to properly format
its output.
Bug: 239462891
Bug: 270166158
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine -m
Test: atest GtsMediaTestCases
Change-Id: I81c0996602722a9795fc3951030d20bb39b5816b
The predicate version of wait_for() to avoid spurious wake up by
checking running_ status.
This is a fix to ag/21439870
Test: build widevine
Bug: 272424659
Bug: 271811708
Change-Id: I446fef8f4c8c58bcd47b885dba50643b3e5e1185
