Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 537144f7 authored by Edwin Wong's avatar Edwin Wong
Browse files

Fix double free of play policy in a race condition. 

The mPlayPolicy can be freed twice if there is a race condition.
mPlayPolicy should be protected with a mutex lock.

SafetyNet logging is not added to avoid log spamming. The
mutex lock is called whenever a license request is made.
That can happen quite often.

Bug: 176168330

Test: sts-tradefed
  sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases -t android.security.sts.Poc21_01#testPocBug_176168330

Test: run sts test on master build
  run sts test from http://go/ag/13308312

Change-Id: Ibc338e0a98293807dbf12500f7e82e62b6c4a04a
parent a7dd68bd

drm/mediadrm/plugins/clearkey/default/DrmPlugin.cpp

+1 −0
Original line number Diff line number Diff line
@@ -109,6 +109,7 @@ status_t DrmPlugin::getKeyRequest( 
}



void DrmPlugin::setPlayPolicy() {

    android::Mutex::Autolock lock(mPlayPolicyLock);

    mPlayPolicy.clear();

    mPlayPolicy.add(kQueryKeyLicenseType, kStreaming);

    mPlayPolicy.add(kQueryKeyPlayAllowed, kTrue);

drm/mediadrm/plugins/clearkey/default/include/DrmPlugin.h

+1 −0
Original line number Diff line number Diff line
@@ -262,6 +262,7 @@ private: 
    void initProperties();

    void setPlayPolicy();



    android::Mutex mPlayPolicyLock;

    android::KeyedVector<String8, String8> mPlayPolicy;

    android::KeyedVector<String8, String8> mStringProperties;

    android::KeyedVector<String8, Vector<uint8_t>> mByteArrayProperties;

drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp

+1 −0
Original line number Diff line number Diff line
@@ -212,6 +212,7 @@ Return<void> DrmPlugin::getKeyRequest_1_1( 
}



void DrmPlugin::setPlayPolicy() {

    android::Mutex::Autolock lock(mPlayPolicyLock);

    mPlayPolicy.clear();



    KeyValue policy;

drm/mediadrm/plugins/clearkey/hidl/include/DrmPlugin.h

+1 −0
Original line number Diff line number Diff line
@@ -330,6 +330,7 @@ private: 
    int64_t mCloseSessionOkCount;

    int64_t mCloseSessionNotOpenedCount;

    uint32_t mNextSecureStopId;

    android::Mutex mPlayPolicyLock;



    CLEARKEY_DISALLOW_COPY_AND_ASSIGN_AND_NEW(DrmPlugin);

};