[ Merge of http://go/wvgerrit/210651 ]
The Android FileSystem implementation for List() would return an error
if the directory does not exist. This creates an issue for the case
where the CDM attempts to list offline licenses after clearing all
data. This typically won't effect a regular user, it causes
integration tests which re-provision to fail.
Bug: 372105842
Test: file_store_unittest on Oriole
Change-Id: I121b52ab95e36249ae5b196e987bc950a278131f
[ Merge of http://go/wvgerrit/209871 ]
The filestore unit tests have not been updated in a while, and
contained several test statements which could crash the test
when failed (accessing elements in a vector or characters in a
string without proper size checks). Other parts of the tests
had non-obvious purposes without detailed knowledge of how the
file system works on the different platforms.
Significant parts of the tests have been refactored to include
better checking and to add error messages to explain the
expectations. Several of the tests have been documented, and the
FileSystem header has been updated to explain what the API does.
Bug: 376533901
Test: file_store_unittest on Oriole
Change-Id: I5af9fd2a2ed01aa6186026761c9e0814604ec610
(cherry picked from commit bc4382b075)
This patch adds a new interface that partners must provide to
Cdm::initialize(), ILogger. ILogger replaces stderr as the sink to which
logging messages are sent. For partners that still want to log to
stderr, a reference implementation that logs to stderr is provided.
As a side-effect of this, many test-related source files had to be
updated to thread the new parameter to Cdm::initialize() through them.
This also necessitated adding a new variant of FormatString() that can
be called with a va_list directly so it can be called from other
functions that take varargs.
Bug: 201446862
Merged from https://widevine-internal-review.googlesource.com/177270
Change-Id: Ie31a10162773883b337f3a6144cf180a2b100139
There are three changes here that should help reduce the
amount of duration test failures caused by clock skew.
First, we reported some skew when the test expected playback
to start immediately after loading the license. However,
with round-off, this could easily be more than 1 second. So
this does not warrent even a warning.
Second, the fake and real clocks were only synced after
computing how long to sleep. This is fixed by moving
SleepUntil to the TestSleep class and having it sync before
computing the delta and after doing the sleep.
Third, I am guessing that some failures due to unexpected
lenience were caused by the rental or playback clock being
started at the end of signing the license or the end of the
first decrypt instead of the beginning. We work around this
by recording how long these operations take, and then adding
this extra time at the end of the check for FailDecrypt.
Bug: 275003529
Bug: 279249646
Bug: 207500749
Merged from https://widevine-internal-review.googlesource.com/176070
Change-Id: I6a973565edfbebca53ee7f239b4b93f8f73d1e0a
[ Merge of http://go/wvgerrit/171310 ]
Offline license not found errors are identified by CdmResponseEnum
347 (KEYSET_ID_NOT_FOUND_4). No addition file system information
is shared.
Checks for file existance use the stat command. The stat call can
return error codes from errno.h when the command fails.
These are now converted into sub error codes and returned along with
the offline license file not found error.
This also includes a change to log stat errors other than
ENOENT (no such file or directory) as a warning rather than verbose.
Bug: 276225520
Test: file_store_unittest, file_utils_unittest, GtsMediaTestCases
Change-Id: Ic09d036549582cd65783b49fa96ffefc4bf562c7
[ Merge of http://go/wvgerrit/170073 ]
Removed the file "error_string_util.cpp" and its header, moving the
OEMCryptoResult to string converter to "wv_cdm_types.cpp". This extra
file served little purpose, and created a dependency on the CDM utils
to the CDM itself.
This is part of the effort to fix the formatting of WV metrics; making
enum-to-string conversion uniform throughout the CDM.
Bug: 239462891
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine -m
Test: Manual testing with Google TV
Change-Id: I4bf95d26b623f5b8fa86bdb2578cbc4ee65125cb
(Merged from http://go/wvgerrit/160042.)
Since we don't have access to std::format yet, this patch adds a
function to wvutil to format text into a std::string.
Bug: 255466913
Test: x86-64
Test: raven
Change-Id: I28043da76af5b4772a29fa7e7241343caf9b54a1
Merge from http://go/wvgerrit/158917
Use go/yamllint as reference and obfuscate portion of output to
run on an online yaml validator.
Sample output: http://go/cl/481370906
Test: Netflix, Play TV and Movies, Youtube
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine
Test: ./build_and_run_all_unit_tests.sh
Bug: 239462891
Change-Id: I1abf1aa50aa25b97b1f6c10995c324d6de04d056
[ Merge of http://go/wvgerrit/155070 ]
These functions are internal utilities and should not be exported from
our library. IIRC, this was added to aid in Windows tests, but this is
no longer needed.
Bug: 236317198
Test: build_and_run_all_unit_tests.sh
Change-Id: I19beb35a15f0f87dc8f968e1dd5302aed9463e54
[ Merge of http://go/wvgerrit/154593 ]
This CL updates the initial time used for reboot tests to be
within the valid range used by OPK. Also, the fake clock is
now synced with every use of the TestHost's clock function.
Also, the OPK's system clock is no longer initialized to 0
because this caused some tests to set initial playback time
to 0. That broke code that assumed a time of 0 mean "never".
I also removed some log spam in the WTPI code.
Bug: 222353528
Bug: 236317198
Change-Id: Ibdbdb2440454b9cf561cd9ec65ca3e40cf5a8d93
[ Merge of http://go/wvgerrit/143630 ]
When we run a test with the fake clock, the clock had been initialized
to the current time, or to 0. This causes a problem for reboot tests
because the clock might go backwards over the reboot. With this
change, we monitor the clock at the end of one reboot pass and
initialize the clock for the next pass based on the previous value.
Bug: 26163469
Test: GtsMediaTestCases on sunfish
Change-Id: Ibd0024f963634382af70553fced38da6e1d857d2
[ Merge of http://go/wvgerrit/143629 ]
The standard b2a_hex only saves about 2k, so we need a special version
that can handle larger strings. This is needed because a license file
is about 7k.
Bug: 194342751
Test: GtsMediaTestCases on sunfish
Change-Id: I6a6ac3f8f4fa6d9cd8a0119fc64fc8f3cc5f3ae8
The interface is defined in
hardware/interfaces/drm/aidl(http://go/ag/15329852).
Test: build
m android.hardware.drm-service.widevine -j128
Test: build_and_run_all_unit_tests.sh
for hidl tests
Test: atest VtsAidlHalDrmTargetTest
Bug: 200055138
Bug: 170964303
Change-Id: If2f2a129914436ba5cef1c46f6cb9415e12c3d1c
(This is a merge of http://go/wvgerrit/134313.)
This patch fixes code that would trigger -Wshorten-64-to-32 by
implicitly narrowing a variable from 64 to 32 bits. There were two cases
of this in string_conversions.cpp:
* The implicit conversions in DecodeBase64Char() were made explicit,
which required going through both a reinterpret_cast and a static_cast
to express fully.
* a2b_hex() now uses size_t for the length, as it probably always should
have.
Bug: 194971260
Test: x86-64 tests
Change-Id: Ib9715b8adecc104f1a056ab0ac5faa5be74e5e54
Because the fake clock is getting out of sync with the real clock
for the nonce flood tests, add a call to TestSleep::SyncFakeClock()
in Clock::GetCurrentTime() to force a sync.
Merged from http://go/wvgerrit/133223
Test: duration_use_case_test and nonce flood tests on bonito
Bug: 198329759
Change-Id: Idfd92c6cc57750a52477189461220c682b302082
Undoes a change to the buffer size from http://ag/13865723
Bug: 184813991
Test: WV unit/integration tests
Change-Id: I40cf786f149626ff65a3362020b3da859bb86159
[ Merge of http://go/wvgerrit/120763 ]
This change introduces additional logging information for files and
file system operations on Android.
File reading and writing will attempt to make sense of |errno| and
log useful information. In the event that the file must be closed,
the file stat will be printed.
Failures in determining the file size will print potential reasons for
the encountered error.
This partly restructures the File interface implementation to use file
descriptors instead of the C standard libraries FILE handle. This is
done to ensure that |errno| is set to an expected value.
This change also introduces the utility functions SafeWrite() and
SafeRead() to handle common, retriable errors.
Bug: 178232354
Test: Android MediaDrm GTS and Android file-based unittests
Change-Id: I15a3c47a271098c9edb4bd9f619ed1a12dca6143
[ Merge of http://go/wvgerrit/119805 ]
This change adds 3 new functions for encoding binary data from a C++
string to a base64 encoded ASCII string.
The CDM and protobuf generated code use C++ strings to store binary
data. These binary strings are commonly converted into a base64
encoded ASCII string for logging and for returning to the app.
This change also cleans up some of the internal components of the
string_conversions library to use several standard library C++11
method.
Bug: 181732604
Test: CE CDM unittests
Change-Id: I547568c6402e011344260f2df2a06e972122ab8a
[ Merge of http://go/wvgerrit/120445 ]
Switch TestHost and FakeClock to use chrono::system_clock (wall time)
rather than chrono::steady_clock (ticks since boot time).
Bug: 183160800
Test: CE CDM tests
Change-Id: I6ef4c02c01ff96453847ee8f42e6037c298866b5
[ Merge of http://go/wvgerrit/120123 ]
DRM certificate creation and expiration times are now validated.
* New DRM (default) certificates will have an expiration time specified
by the provisioning service.
When stored, the client will include the time the certificate was
received. This allows for expiration calculation to occur when client
and provisioning service clocks are out of sync.
When read out, creation, expiration and acquisition times are
validated. The certificate is checked for expiry by making sure
that the time at the client since the license was acquired is not
greater than the expiration period. The time information stored at the
client may be tampered with. The license service will perform an
expiration check and reject the license request if tampered with.
The expiration time may be set to never expires/unlimited. This is not
a valid value for creation or acquisition time.
* Pre-existing (legacy) certificates from upgrading devices will not
have an expiration time set by the provisioning service. Instead
the client will calculate an expiration time 6 months with + or -
a random two month period in the future. This is stored along with the
certificate.
When read out, if no expiration time has been set by the client, one
will be calculated and written out. The certificate will be declared as
valid. If a client calculated expiration time is present, the
certificate will be validated. In case of tampering, the license service
can reject license requests and force reprovisioning when appropriate.
* ATSC certificates will continue to not have an expiration time.
No additional validation is required.
Other changes for non-ATSC licenses involve managing both default and
legacy certificate co-existance. When checking for DRM certificates,
the default certificate is attempted first. This is followed by a check
for the legacy certificate, if the default certificate is not present.
Bug: 169740403
Test: WV unit/integration tests
DeviceFilesTest.StoreCertificateInvalidParams
DeviceFilesTest.RetrieveAtscCertificate
DeviceFilesTest.RetrieveAtscCertificateNotFound
DeviceFilesTest.RetrieveCertificateInvalidParams
DeviceFilesTest.RetrieveLegacyCertificateWithoutExpirationTime
DeviceFilesTest.RetrieveLegacyCertificateWithClientExpirationTime
DeviceFilesTest.RetrieveLegacyExpiredCertificateByClientExpirationTime
DeviceFilesTest.RetrieveLegacyCertificateInvalidClientExpirationTime
DeviceFilesTest.RetrieveCertificateWithoutKeyType
DeviceFilesTest.RetrieveDefaultCertificate
DeviceFilesTest.RetrieveDefaultCertificateNeverExpires
DeviceFilesTest.HasCertificateAtsc
DeviceFilesTest.HasCertificateDefault
DeviceFilesTest.HasCertificateLegacy
DeviceFilesTest.HasCertificateNone
CertificateTest.StoreCertificateTest.DefaultAndLegacy/*
CertificateTest.RetrieveLegacyCertificateTest.ErrorScenarios/*
CertificateTest.RetrieveDefaultCertificateTest.ErrorScenarios/*
Change-Id: I7dbec7555fbd493c1ec61c6bb5d9428a2405b1fd
[ Merge of http://go/wvgerrit/119684 ]
This allows for a default DRM certificate that includes an expiration
time and a legacy one without for each app+origin specific identifier.
Existing offline licenses/secure stops are not associated with a
certificate, and so we cannot delete legacy certificates even after
fetching a new one. New offline licenses/secure stops will be associated
with certificate information, so we will not have this problem going
forward.
Bug: 169740403
Test: WV unit/integration tests
Change-Id: I0f08f6bf98775fd43927243dc4a9f75f21bfbbcc
[ Merge of http://go/wvgerrit/119230 ]
This patch adds an annotation to the one place in the codebase where we
intentionally fall through between switch statement cases, in order to
appease stricter compilers.
Bug: 182058081
Test: compile, WV unit/integration tests
Change-Id: I004a6a6e61681fcf22c6bf25d9b0284b8b64e776
[ Merge of http://go/wvgerrit/119563 ]
This also increases the max log size from 1024 to 5120
Bug: 181642154
Test: WV unit/integration tests
Change-Id: Ifae90354dad1165f4d9fa3c9fe33a4dc14df1270
[ Merge of http://go/wvgerrit/117203 ]
clock_settime isn't available on iOS (even though settimeofday is). But
we can't change the system time on iOS anyway, so this just disallows
iOS.
Bug: 182058081
Test: WV unit/integration tests
Change-Id: I96e5b6634803bd4e6aaf5cc6d64f4441296247d4
[ Merge of http://go/wvgerrit/109144 ]
Because it doesn't help anybody when a buffer overflow test chokes the
logger.
Bug: 182058081
Test: Ran unit tests with verbose logging
Change-Id: Ibcb3379b9eb9bdd94a8959b977e8de32ea116859
This commit is a combination of the following:
* http://go/wvgerrit/117003
* http://go/wvgerrit/118303
Bug: 162255728
Test: MediaDrmTest#testGetLogMessages
Change-Id: I5699b64d5c4bab463e5b587595fa7d324dc1d93f
[ Merge of http://go/wvgerrit/110165 ]
The conditional compilation for flagging the CDM and ODKiTEE logging
functions as printf-like was guarded by a check on "__gnuc__" or
"__clang__". However, GCC doesn't actually define "__gnuc__", it
defines "__GNUC__", all caps. Fixing this causes GCC to find a slew
of format-string errors that Clang was accepting. This patch fixes the
capitalization and the uncovered errors, most of which fall into one of
a few categories:
1) The format string and variable had different signedness. For these,
the format strings are updated to match the variables.
2) The variable was an array index that was not of size_t. For these,
the variables have been updated to be size_t and the format strings
have been updated to use %zu. A few index variables that weren't
actually used in format strings are also fixed to be size_t.
3) The code assumed the signedness of the internal representation of an
integer literal, enum constant, or enum variable. For these, I either
cast the input to a known type so that the format string is valid
regardless of internal representation or I switched to a hexadecimal
format string. The latter case is more useful on ODKiTEE enums where
the literal value is in the code as a 32-bit hexadecimal value
anyway.
This patch also adds missing integer casts to the enum literals in the
ODKiTEE logging header. (These are required for pedantic C99
compatibility when using literal values that do not fit into a 16-bit
integer.)
Bug: 173460694
Test: jenkins/odkitee_ta
Test: build.py x86-64
Change-Id: I244972639a5a6ea0de157eb67e1e0dfa9787ec32
[ Merge of http://go/wvgerrit/108103 ]
The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the cdm, linux, platform, util directory
in addition to some other files.
Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I9a4977fd4c2ad951769b6be84263f81bd0f22678
[ Merge of http://go/wvgerrit/108084 ]
The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the android directory.
Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I0f9e6445e0168ebe85425baeb81371e182e5a39c
