AIBinder_setRequestingSid must be called first upon creation of a
binder object before AIBinder_getCallingSid is called. Call
AIBinder_setRequestingSid in the createBinder override function
for WVDrmFactory, WVDrmPlugin and WVCryptoPlugin classes.
Test: Play TV streaming
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine -a
Bug: 237613676
Change-Id: I9dde4715ba2003deb463bd75b23e1ebc2f22a764
(cherry picked from commit 6797b8eb8a)
Merge of https://widevine-internal-review.googlesource.com/c/cdm/+/165220
Original commit message:
Update Android L3 v17 with new system ID after key free fix
Android Arm L3 v17 Provisioning 3.0 2023 28923
Android Aarch64 L3 v17 Provisioning 3.0 2023 28924
Android X86 L3 v17 Provisioning 3.0 2023 28925
Android X86 64 L3 v17 Provisioning 3.0 2023 28926
Test: L3 unit tests
Test: integration tests on Pixel4
Test: GTS media tests on Pixel4
Bug: 252434586
Change-Id: I68d36bf57266c4d3245962e22b8dff92f2667948
Merge of https://widevine-internal-review.googlesource.com/c/cdm/+/164981
Original commit message:
Fix key double free issue in L3
Cherry-pick the fix from:
https://widevine-internal-review.googlesource.com/c/cdm/+/164885/https://widevine-internal-review.googlesource.com/c/cdm/+/164958/
Then generated L3 on top of tm-widevine-release code base.
Original commit message:
During license loading if an error occurs, all the loaded keys will be
freed. Later at session termination, the previously freed keys get freed
again, which screwed up the key table.
This CL prevents the double free by checking if the key index is already
freed, and updates the freed index to be kKeyDataArrayCount.
Also a side fix to correctly zero-out the intialized memory and adding a
few debug outs.
Test: ran L3 unit tests
Test: verified GTS tests on arm32 device
Bug: 252434586
Change-Id: I8058c10daae3d1007733eb6ac54101545d3ce029
[ Merge of http://go/wvgerrit/161877 and http://go/ag/20523252 ]
This change introduces some logging to shed some light on
why some L1 devices fallback to L3.
* Additional logging has been added to indicate whether a lookup of
the symbols for OEMCrypto_Initialize, OEMCrypto_APIVersion
or OEMCrypto_Terminate failed.
* OEMCrypto_Initialize error code is saved and reported later.
Bug: 245887116
Test: GtsMediaTestCases
Change-Id: Ice4d966d2fee458de2fae28a1355f292f879c38b
Merge from Widevine repo of http://go/wvgerrit/160720
For DRM, but not for CAS, we allow the entitlement session
and the entitled session to be the same.
Bug: 253471127
Bug: 246566056
Bug: 245018059
Bug: 242815450
Test: oemcrypto unit tests on oriole (all but CAS tests pass)
Test: GTS
Change-Id: Ib830484be8437b1c4ce34500ae912e6c119dcfc3
Merge from Widevine repo of http://go/wvgerrit/160719
We do not require that a session id be nonzero. This CL
removes test asserts that a session id is not zero.
Bug: 242815450
Test: tested with http://go/ag/20420224
Change-Id: Ia0f25bca737503e1ad3ac4336714312cacea28f8
Merge from Widevine repo of http://go/wvgerrit/154874
We do not require an error to come from SelectKey immediately, it can
come from a following call to DecryptCENC. This adds a function
Session::TestDecryptCENC to be called instead of SelectKey for the tests
that use entitled sessions.
Bug: 232225906
Test: tested with http://go/ag/20420224
Change-Id: If5695a5034cce371b6eb6bcf1b6467d84456c21d
Merge from Widevine repo of http://go/wvgerrit/159057
Increase fuzzing efficiency by generating the header_buffer_length
parameter from the input data and pre-creating a usage table header.
Test: tested with http://go/ag/20420224
Change-Id: Idab4c3d0ae879854202e5ffd24bf031b946aeb6a
Merge from Widevine repo of http://go/wvgerrit/159077
ProvisioningRoundTrip::InjectFuzzedResponseData and
LicenseRoundTrip::InjectFuzzedResponseData were unsafe as they ignored
their size parameter.
Test: tested with http://go/ag/20420224
Change-Id: I9b5647a283d98bc960caa458b1adf433a3f0ae17
Merge from Widevine repo of http://go/wvgerrit/154651
Some substring out of range tests uses non-zero offset but
with zero length. This zero length later will be ignored by
v15 oemcrypto, so the tests actually didn't test
anything. These tests are failing on v15 oemcrypto because
the test expect an out of range error but it actually
succeeded since nothing was tested.
Assign the offset to be out of range and then also assign
length to be not zero.
Test: run_fake_l1_tests; run_level3_static_tests;
Bug: 229299394
Test: tested with http://go/ag/20420224
Change-Id: Ic50b6323312e0ecb253dbeb925d9291db6eec075
Merge from Widevine repo of http://go/wvgerrit/158203
Prevent abort, interpreted as a crash by libFuzzer, when
OEMCrypto_CreateUsageTableHeader fails session state checks due to being
called after OEMCrypto_GenerateNonce.
Bug: 251215411
Test: tested with http://go/ag/20420224
Change-Id: I71ad1186ff2cb9ced81f9950d2fa235878aeb54d
Merge from Widevine repo of http://go/wvgerrit/158204
Prevent abort, interpreted as a crash by libFuzzer, when
OEMCrypto_CreateUsageTableHeader fails session state checks due to being
called after OEMCrypto_GenerateNonce.
Bug: 250682470
Test: tested with http://go/ag/20420224
Change-Id: Ia15b8c26fb391a190c32115e398a78ff9f8a7e16
Merge from Widevine repo of http://go/wvgerrit/158077
I ran the script ./oemcrypto/lock-api-for-release
Bug: 235858362
Test: tested with http://go/ag/20420224
Change-Id: I59b808898cdec60bffe36059f75ac413b0f55356
Merge from Widevine repo of http://go/wvgerrit/157923
This adds a C file to be built by Luci to verify that nobody
has made a change to OEMCryptoCENC.h that changes the
signature of any _oecc function. See the new comment in the
header for an explanation why we don't want to chage the
function signature of an oecc function.
We also update the OEMCrypto release script to verify that
all of the functions have been locked. There is a script to
update the lock file that should be run before each release.
Bug: 235858362
Test: tested with http://go/ag/20420224
Change-Id: Id890054e82cf8cc4c75e83c8347a776bda2d8a3b
Merge from Widevine repo of http://go/wvgerrit/157777
(partially merged in http://go/ag/20031768)
In CreateCoreLicenseResponse(), there seems to be an out of bounds
potential error due to a missing check that the index used for
license_response.parsed_license->key_array is valid. Adding a check
for this here.
Bug: 217677571
Test: tested with http://go/ag/20420224
PiperOrigin-RevId: 452114761
Change-Id: Id35ec48bebb564596b8e67c737bc13be9377891b
[ Merge of http://go/wvgerrit/156997 ]
Several of the Android integration tests perform direct URL comparisons
between fixed URLs and the server URL returned by the CDM. With
provisioning 4.0, the CDM will append additional query parameters to
the server URL. This updated URL still contains all of the original
expected information, but with additional parameters. So long as the
URL contains the required fields, any additional parameter should be
considered valid.
The gtest framework used by the integration tests allow for the
creation of custom "matchers", rules that can be used to validate data
and create informative failure logs. The CL creates a new matcher for
checking that a tested URL is a superset of content of the expected
URL.
Bug: 244319313
Test: request_license_test on prov 4 device
Change-Id: Ie721058fa628b3a4a74dc56f4172a3dfcb1f1ef3
[ Merge of http://go/wvgerrit/154575 ]
[ Cherry-pick of http://go/wvgerrit/19216679 ]
There is a rare race condition experienced by some Android devices
where the a new client property set is being added while another is
being removed. The C++ stl library does not provided thread
protection by default.
This CL adds a new mutex for the client property set map which prevents
multiple threads accessing the property sets concurrently.
Bug: 235238226
Test: GtsMediaTestCases on redfin
Change-Id: I32cf11bfb1332295ba1245071102ff0adc35259d
(cherry picked from commit aaa97a5d60)
This is to bring cdm tm-widevine-release in sync with Android
tm-widevine-release.
Originating CL: https://widevine-internal-review.googlesource.com/c/cdm/+/154509
The only difference is in the test name.
Test: run diff against CDM tm-widevine-release
Bug: 239059097
Change-Id: I1279bf780c8faef393b32d73a163756a016d80fc
This is a merge from:
https://widevine-internal-review.googlesource.com/c/cdm/+/152897
and http://go/wvgerrit/153709
Adding a new OEMCrypto unit test will allow partners to correct a
problem earlier in their integration.
Verifies current oemcrypto implementation handles clear KCB in a
mocked 16.4 license response.
Unit test release date updated to 2022-06-17.
Test: run_x86_64_tests; opk_ta
Bug: 235870170
Bug: 234645065
Change-Id: I59fef2c25f5c007624447d4f46147d96adeddad9
[ Merge of http://go/wvgerrit/152674 ]
This allows an app to query the provisioning model. Possible
values are { "DrmCertificate", "Keybox", "OEMCertificate",
"BootCertificateChain" }
An app can use these to disntinguish between provisioning models.
Provisioning 4.0 (boot certificate chain) requires a double provisioning
step.
Bug: 234057551
Test: WV unit/integration tests, libwvdrmdrmplugin_hal_test
Change-Id: I1611488ec632a0e5a9e1d106b7475e8f5a2a5a13
This is a merge from:
https://widevine-internal-review.googlesource.com/c/cdm/+/152372
The L3 source change which produced these libraries is:
https://widevine-internal-review.googlesource.com/c/cdm/+/152371/
Original commit message:
To address the bug with certain 16.4.x SDK versions returning a
clear key control block (KCB) for clients newer than 16.5, the
exact version check to determine whether key control blocks are
clear or not has been loosened.
Original behavior:
- ODK version >= 16.5.x --> Assume clear
- ODK version <= 16.4.x --> Assume encrypted
New behavior:
- No KCB IV --> Assume clear
- Otherwise --> Assume encrypted
This CL also includes a change to oemcrypto/include/OEMCryptoCENC.h
The changes to OEMCryptoCENC.h in the CL are comments or variable name
change. So it should be safe.
This change was merged to wv tm-dev here:
https://widevine-internal-review.googlesource.com/c/cdm/+/148411
So, adding it to Android tm-dev.
Test: run_level3_static_tests, CdmDecryptTest/CdmTestWithDecryptParam.* against LS SDK 16.4.2 & 17.0
Bug: 232557453
Change-Id: I2bbb5ab3ea33a16bd6c198077e5aefe960737ea0
[ Merge of http://go/wvgerrit/151391 ]
This CL moves the logic for extracting the system ID from keybox or
OEM certificate (from OEMCrypto or device files) to a dedicated
SystemIdExtractor.
Before Provisioning 4.0, the system ID could only be found from data
returned by OEMCrypto. However, with provisioning 4.0, the system ID
can now be found in the OEM certificate that is stored on the device
files.
Bug: 232020319
Test: system_id_extractor_unittest
Test: Forest L37800000954493485
Change-Id: Ie1b7987906e2e4fef015cd659a947b6dbb7594b1
[ Merge of http://go/wvgerrit/151749 ]
Extended CryptoSession for recording the result of
OEMCrypto_ProductionReady().
Only OEMCrypto_SUCCESS is considered "production ready". With the
exception of OEMCrypto_ERROR_NOT_IMPLEMENTED, any other result is
vendor-specific and indicates not being production ready.
Bug: 231655151
Test: metrics_collections_unittest
Change-Id: Ia0e5603d7ee1290238cce63d0194ae1aced424c1
Includes minor format change for easier ingestion by other tools.
Bug: 231677822
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine
Change-Id: Ibd13c84bd8f93ea0fc6cbd38b56ef39541ecc867
[ Merge of http://go/wvgerrit/151518 ]
Extended the CDM layer to report OEMCrypto's production readiness
via string property query.
If OEMCrypto implementents OEMCrypto_ProductionReady(), then the
reported readiness by the CDM will report "True" or "False".
If OEMCrypto does not implement OEMCrypto_ProductionReady() then no
level of readiness is assumed, and the CDM will report "Unknown".
Bug: 231655151
Test: run_prov30_tests and request_license_test
Change-Id: I6afe481ef00ac129d02b004eca89a65810bfbff8
[ Merge from http://go/wvgerrit/151349 ]
- move plugin and mCdm creation in SetUp() test fixture
- replace StrictMock<MockCD<> with NiceMock; otherwise,
"uninteresting mock for isOpenSession" will return fail by default
- replace .WillOnce() for isOpenSession() with .WillRepeatedly
Test: m libwvdrmmediacrypto_hal_test -j128
Test: m libwvdrmmediacrypto_hal_test WV_UNITTESTS_BUILD_TARGET=hidl -j128
Test: adb push $(OUT)/data/nativetest/libwvdrmmediacrypto_hal_test /data/nativetest/.
Test: adb shell LD_LIBRARY_PATH=/vendor/lib64
/data/nativetest/libwvdrmmediacrypto_hal_test
Bug: 217247987
Change-Id: I8d7189473d52738645c73c6665f4f3f6a13042f0
[ Merge of http://go/wvgerrit/151512 ]
Parameterizing GtsMediaDrm tests exposed a few issues. If secure stops
were stored at L3 security level, retrieval would fail. This CL
checks L3 if the secure stop was not found at the default security
level.
Bug: 221249079
Test: GtsMediaTestCases
Change-Id: Ie88197f8e29457981d782199a76d38774f6faa67
[ Merge of http://go/wvgerrit/151571 ]
The android OS version has been updated to 13. Updating WV tests as well.
CDM version has been updated previously, so no additional changes are needed.
Bug: 231646284
Test: WV unit/integration tests
Change-Id: Ifaf2fe1f04627654725b1b221d8c3dc30029ac6c
[ Merge of http://go/wvgerrit/151191 ]
Within the CDM and OEMCrypto tests, there were a few OEMCrypto function
calls where the final size of the output buffers were not being
resized. For several of these functions, an initial call is made with
zero-length output buffers, expecting OEMCrypto to return
ERROR_SHORT_BUFFER; followed by a call with buffers at least as large
as specified by OEMCrypto. However, for some operations, OEMCrypto
makes an estimate on the final size on the first call, specifying the
exact size only after performing the operations.
This is the case for the wrapped key returned by
OEMCrypto_LoadProvisioning(). The provisioning response contains a
padded + encrypted DRM key. OEMCrypto does not know the actual size
of the key until decrypted, and the actual DRM key might be smaller.
There was a OEMCrypto test for OEMCrypto_BuildInformation() which
was enforcing the wrong behaviour. This has been updated.
Bug: 230661565
Test: oemcrypto_test
Change-Id: Iad297d56ffbb085894641fdf8698ce5fd18edbf2
In TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(),
LoadResponse() should be called after EncryptAndSignResponse() so this
is moved in this CL.
Bug: 231368221
Test: OEMCryptoMemoryLoadLicense tests
Change-Id: I7a0224afb21c3ab1d896ce3cfb64e1ad544a581a
