Loading drm/mediadrm/plugins/clearkey/aidl/Android.bp +0 −1 Original line number Diff line number Diff line Loading @@ -13,7 +13,6 @@ cc_defaults { srcs: [ "CreatePluginFactories.cpp", "CryptoFactory.cpp", "CryptoPlugin.cpp", "DrmFactory.cpp", "DrmPlugin.cpp", Loading drm/mediadrm/plugins/clearkey/aidl/CreatePluginFactories.cpp +0 −4 Original line number Diff line number Diff line Loading @@ -25,10 +25,6 @@ std::shared_ptr<DrmFactory> createDrmFactory() { return ::ndk::SharedRefBase::make<DrmFactory>(); } std::shared_ptr<CryptoFactory> createCryptoFactory() { return ::ndk::SharedRefBase::make<CryptoFactory>(); } } // namespace clearkey } // namespace drm } // namespace hardware Loading drm/mediadrm/plugins/clearkey/aidl/CryptoFactory.cppdeleted 100644 → 0 +0 −67 Original line number Diff line number Diff line /* * Copyright (C) 2021 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #define LOG_TAG "clearkey-CryptoFactory" #include <utils/Log.h> #include "CryptoFactory.h" #include "ClearKeyUUID.h" #include "CryptoPlugin.h" #include "AidlUtils.h" namespace aidl { namespace android { namespace hardware { namespace drm { namespace clearkey { using ::aidl::android::hardware::drm::Status; using ::aidl::android::hardware::drm::Uuid; using std::vector; ::ndk::ScopedAStatus CryptoFactory::createPlugin( const ::aidl::android::hardware::drm::Uuid& in_uuid, const std::vector<uint8_t>& in_initData, std::shared_ptr<::aidl::android::hardware::drm::ICryptoPlugin>* _aidl_return) { if (!isClearKeyUUID(in_uuid.uuid.data())) { ALOGE("Clearkey Drm HAL: failed to create crypto plugin, " "invalid crypto scheme"); *_aidl_return = nullptr; return toNdkScopedAStatus(Status::BAD_VALUE); } std::shared_ptr<CryptoPlugin> plugin = ::ndk::SharedRefBase::make<CryptoPlugin>(in_initData); Status status = plugin->getInitStatus(); if (status != Status::OK) { plugin.reset(); plugin = nullptr; } *_aidl_return = plugin; return toNdkScopedAStatus(status); } ::ndk::ScopedAStatus CryptoFactory::isCryptoSchemeSupported(const Uuid& in_uuid, bool* _aidl_return) { *_aidl_return = isClearKeyUUID(in_uuid.uuid.data()); return ::ndk::ScopedAStatus::ok(); } } // namespace clearkey } // namespace drm } // namespace hardware } // namespace android } // namespace aidl drm/mediadrm/plugins/clearkey/aidl/CryptoPlugin.cpp +67 −82 Original line number Diff line number Diff line Loading @@ -31,110 +31,101 @@ namespace clearkey { using ::aidl::android::hardware::drm::Status; ::ndk::ScopedAStatus CryptoPlugin::decrypt( bool in_secure, const std::vector<uint8_t>& in_keyId, const std::vector<uint8_t>& in_iv, ::aidl::android::hardware::drm::Mode in_mode, const ::aidl::android::hardware::drm::Pattern& in_pattern, const std::vector<::aidl::android::hardware::drm::SubSample>& in_subSamples, const ::aidl::android::hardware::drm::SharedBuffer& in_source, int64_t in_offset, const ::aidl::android::hardware::drm::DestinationBuffer& in_destination, ::aidl::android::hardware::drm::DecryptResult* _aidl_return) { UNUSED(in_pattern); ::ndk::ScopedAStatus CryptoPlugin::decrypt(const DecryptArgs& in_args, int32_t* _aidl_return) { const char* detailedError = ""; std::string detailedError; _aidl_return->bytesWritten = 0; if (in_secure) { _aidl_return->detailedError = "secure decryption is not supported with ClearKey"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); *_aidl_return = 0; if (in_args.secure) { detailedError = "secure decryption is not supported with ClearKey"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } std::lock_guard<std::mutex> shared_buffer_lock(mSharedBufferLock); if (mSharedBufferMap.find(in_source.bufferId) == mSharedBufferMap.end()) { _aidl_return->detailedError = "source decrypt buffer base not set"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); if (mSharedBufferMap.find(in_args.source.bufferId) == mSharedBufferMap.end()) { detailedError = "source decrypt buffer base not set"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } if (in_destination.type == BufferType::SHARED_MEMORY) { const SharedBuffer& dest = in_destination.nonsecureMemory; if (mSharedBufferMap.find(dest.bufferId) == mSharedBufferMap.end()) { _aidl_return->detailedError = "destination decrypt buffer base not set"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); const auto NON_SECURE = DestinationBuffer::Tag::nonsecureMemory; if (in_args.destination.getTag() != NON_SECURE) { detailedError = "destination type not supported"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } } else { _aidl_return->detailedError = "destination type not supported"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); const SharedBuffer& destBuffer = in_args.destination.get<NON_SECURE>(); if (mSharedBufferMap.find(destBuffer.bufferId) == mSharedBufferMap.end()) { detailedError = "destination decrypt buffer base not set"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } auto src = mSharedBufferMap[in_source.bufferId]; auto src = mSharedBufferMap[in_args.source.bufferId]; if (src->mBase == nullptr) { _aidl_return->detailedError = "source is a nullptr"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); detailedError = "source is a nullptr"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } size_t totalSize = 0; if (__builtin_add_overflow(in_source.offset, in_offset, &totalSize) || __builtin_add_overflow(totalSize, in_source.size, &totalSize) || totalSize > src->mSize) { if (__builtin_add_overflow(in_args.source.offset, in_args.offset, &totalSize) || __builtin_add_overflow(totalSize, in_args.source.size, &totalSize) || totalSize > src->mSize) { android_errorWriteLog(0x534e4554, "176496160"); _aidl_return->detailedError = "invalid buffer size"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); detailedError = "invalid buffer size"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } // destination.type == BufferType::SHARED_MEMORY const SharedBuffer& destBuffer = in_destination.nonsecureMemory; // destination type must be non-secure shared memory auto dest = mSharedBufferMap[destBuffer.bufferId]; if (dest->mBase == nullptr) { _aidl_return->detailedError = "destination is a nullptr"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); detailedError = "destination is a nullptr"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } totalSize = 0; if (__builtin_add_overflow(destBuffer.offset, destBuffer.size, &totalSize) || totalSize > dest->mSize) { android_errorWriteLog(0x534e4554, "176444622"); _aidl_return->detailedError = "invalid buffer size"; return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE); detailedError = "invalid buffer size"; return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE, detailedError); } // Calculate the output buffer size and determine if any subsamples are // encrypted. uint8_t* srcPtr = src->mBase + in_source.offset + in_offset; uint8_t* destPtr = dest->mBase + in_destination.nonsecureMemory.offset; uint8_t* srcPtr = src->mBase + in_args.source.offset + in_args.offset; uint8_t* destPtr = dest->mBase + destBuffer.offset; size_t destSize = 0; size_t srcSize = 0; bool haveEncryptedSubsamples = false; for (size_t i = 0; i < in_subSamples.size(); i++) { const SubSample& subSample = in_subSamples[i]; for (size_t i = 0; i < in_args.subSamples.size(); i++) { const SubSample& subSample = in_args.subSamples[i]; if (__builtin_add_overflow(destSize, subSample.numBytesOfClearData, &destSize) || __builtin_add_overflow(srcSize, subSample.numBytesOfClearData, &srcSize)) { _aidl_return->detailedError = "subsample clear size overflow"; return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE); detailedError = "subsample clear size overflow"; return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE, detailedError); } if (__builtin_add_overflow(destSize, subSample.numBytesOfEncryptedData, &destSize) || __builtin_add_overflow(srcSize, subSample.numBytesOfEncryptedData, &srcSize)) { _aidl_return->detailedError = "subsample encrypted size overflow"; return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE); detailedError = "subsample encrypted size overflow"; return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE, detailedError); } if (subSample.numBytesOfEncryptedData > 0) { haveEncryptedSubsamples = true; } } if (destSize > destBuffer.size || srcSize > in_source.size) { _aidl_return->detailedError = "subsample sum too large"; return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE); if (destSize > destBuffer.size || srcSize > in_args.source.size) { detailedError = "subsample sum too large"; return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE, detailedError); } if (in_mode == Mode::UNENCRYPTED) { if (in_args.mode == Mode::UNENCRYPTED) { if (haveEncryptedSubsamples) { _aidl_return->detailedError = "Encrypted subsamples found in allegedly unencrypted data."; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); detailedError = "Encrypted subsamples found in allegedly unencrypted data."; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } size_t offset = 0; for (size_t i = 0; i < in_subSamples.size(); ++i) { const SubSample& subSample = in_subSamples[i]; for (size_t i = 0; i < in_args.subSamples.size(); ++i) { const SubSample& subSample = in_args.subSamples[i]; if (subSample.numBytesOfClearData != 0) { memcpy(reinterpret_cast<uint8_t*>(destPtr) + offset, reinterpret_cast<const uint8_t*>(srcPtr) + offset, Loading @@ -143,37 +134,33 @@ using ::aidl::android::hardware::drm::Status; } } _aidl_return->bytesWritten = static_cast<ssize_t>(offset); _aidl_return->detailedError = ""; *_aidl_return = static_cast<ssize_t>(offset); return toNdkScopedAStatus(Status::OK); } else if (in_mode == Mode::AES_CTR) { } else if (in_args.mode == Mode::AES_CTR) { size_t bytesDecrypted{}; std::vector<int32_t> clearDataLengths; std::vector<int32_t> encryptedDataLengths; for (auto ss : in_subSamples) { for (auto ss : in_args.subSamples) { clearDataLengths.push_back(ss.numBytesOfClearData); encryptedDataLengths.push_back(ss.numBytesOfEncryptedData); } auto res = mSession->decrypt(in_keyId.data(), in_iv.data(), mSession->decrypt(in_args.keyId.data(), in_args.iv.data(), srcPtr, static_cast<uint8_t*>(destPtr), clearDataLengths, encryptedDataLengths, &bytesDecrypted); if (res == clearkeydrm::OK) { _aidl_return->bytesWritten = static_cast<ssize_t>(bytesDecrypted); _aidl_return->detailedError = ""; *_aidl_return = static_cast<ssize_t>(bytesDecrypted); return toNdkScopedAStatus(Status::OK); } else { _aidl_return->bytesWritten = 0; _aidl_return->detailedError = "Decryption Error"; return toNdkScopedAStatus(static_cast<Status>(res)); *_aidl_return = 0; detailedError = "Decryption Error"; return toNdkScopedAStatus(static_cast<Status>(res), detailedError); } } else { _aidl_return->bytesWritten = 0; _aidl_return->detailedError = "selected encryption mode is not supported by the ClearKey DRM \ Plugin"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); *_aidl_return = 0; detailedError = "selected encryption mode is not supported by the ClearKey DRM Plugin"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } } Loading Loading @@ -218,24 +205,22 @@ Plugin"; return toNdkScopedAStatus(status); } ::ndk::ScopedAStatus CryptoPlugin::setSharedBufferBase( const ::aidl::android::hardware::common::Ashmem& in_base, int32_t in_bufferId) { ::ndk::ScopedAStatus CryptoPlugin::setSharedBufferBase(const SharedBuffer& in_base) { std::lock_guard<std::mutex> shared_buffer_lock(mSharedBufferLock); mSharedBufferMap[in_bufferId] = std::make_shared<SharedBufferBase>(in_base); mSharedBufferMap[in_base.bufferId] = std::make_shared<SharedBufferBase>(in_base); return ::ndk::ScopedAStatus::ok(); } SharedBufferBase::SharedBufferBase(const ::aidl::android::hardware::common::Ashmem& mem) SharedBufferBase::SharedBufferBase(const SharedBuffer& mem) : mBase(nullptr), mSize(mem.size) { if (mem.fd.get() < 0) { if (mem.handle.fds.empty()) { return; } auto addr = mmap(nullptr, mem.size, PROT_READ | PROT_WRITE, MAP_SHARED, mem.fd.get(), 0); auto fd = mem.handle.fds[0].get(); auto addr = mmap(nullptr, mem.size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); if (addr == MAP_FAILED) { ALOGE("mmap err: fd %d; errno %s", mem.fd.get(), strerror(errno)); ALOGE("mmap err: fd %d; errno %s", fd, strerror(errno)); } else { mBase = static_cast<uint8_t*>(addr); } Loading drm/mediadrm/plugins/clearkey/aidl/DrmFactory.cpp +29 −31 Original line number Diff line number Diff line Loading @@ -20,6 +20,7 @@ #include "DrmFactory.h" #include "ClearKeyUUID.h" #include "CryptoPlugin.h" #include "DrmPlugin.h" #include "MimeTypeStdStr.h" #include "SessionLibrary.h" Loading @@ -38,7 +39,7 @@ using ::aidl::android::hardware::drm::SecurityLevel; using ::aidl::android::hardware::drm::Status; using ::aidl::android::hardware::drm::Uuid; ::ndk::ScopedAStatus DrmFactory::createPlugin( ::ndk::ScopedAStatus DrmFactory::createDrmPlugin( const Uuid& in_uuid, const string& in_appPackageName, std::shared_ptr<::aidl::android::hardware::drm::IDrmPlugin>* _aidl_return) { UNUSED(in_appPackageName); Loading @@ -56,40 +57,37 @@ using ::aidl::android::hardware::drm::Uuid; return toNdkScopedAStatus(Status::OK); } ::ndk::ScopedAStatus DrmFactory::getSupportedCryptoSchemes(vector<Uuid>* _aidl_return) { vector<Uuid> schemes; Uuid scheme; for (const auto& uuid : ::aidl::android::hardware::drm::clearkey::getSupportedCryptoSchemes()) { scheme.uuid.assign(uuid.begin(), uuid.end()); schemes.push_back(scheme); } *_aidl_return = schemes; return ndk::ScopedAStatus::ok(); ::ndk::ScopedAStatus DrmFactory::createCryptoPlugin( const Uuid& in_uuid, const std::vector<uint8_t>& in_initData, std::shared_ptr<::aidl::android::hardware::drm::ICryptoPlugin>* _aidl_return) { if (!isClearKeyUUID(in_uuid.uuid.data())) { ALOGE("Clearkey Drm HAL: failed to create crypto plugin, " "invalid crypto scheme"); *_aidl_return = nullptr; return toNdkScopedAStatus(Status::BAD_VALUE); } ::ndk::ScopedAStatus DrmFactory::isContentTypeSupported(const string& in_mimeType, bool* _aidl_return) { // This should match the in_mimeTypes handed by InitDataParser. *_aidl_return = in_mimeType == kIsoBmffVideoMimeType || in_mimeType == kIsoBmffAudioMimeType || in_mimeType == kCencInitDataFormat || in_mimeType == kWebmVideoMimeType || in_mimeType == kWebmAudioMimeType || in_mimeType == kWebmInitDataFormat || in_mimeType.empty(); return ::ndk::ScopedAStatus::ok(); std::shared_ptr<CryptoPlugin> plugin = ::ndk::SharedRefBase::make<CryptoPlugin>(in_initData); Status status = plugin->getInitStatus(); if (status != Status::OK) { plugin.reset(); plugin = nullptr; } *_aidl_return = plugin; return toNdkScopedAStatus(status); } ::ndk::ScopedAStatus DrmFactory::isCryptoSchemeSupported(const Uuid& in_uuid, const string& in_mimeType, SecurityLevel in_securityLevel, bool* _aidl_return) { bool isSupportedMimeType = false; if (!isContentTypeSupported(in_mimeType, &isSupportedMimeType).isOk()) { ALOGD("%s mime type is not supported by crypto scheme", in_mimeType.c_str()); ::ndk::ScopedAStatus DrmFactory::getSupportedCryptoSchemes(CryptoSchemes* _aidl_return) { CryptoSchemes schemes{}; for (const auto& uuid : ::aidl::android::hardware::drm::clearkey::getSupportedCryptoSchemes()) { schemes.uuids.push_back({uuid}); } *_aidl_return = isClearKeyUUID(in_uuid.uuid.data()) && isSupportedMimeType && (in_securityLevel == SecurityLevel::SW_SECURE_CRYPTO || in_securityLevel == SecurityLevel::DEFAULT || in_securityLevel == SecurityLevel::UNKNOWN); return ::ndk::ScopedAStatus::ok(); schemes.minLevel = SecurityLevel::SW_SECURE_CRYPTO; schemes.maxLevel = SecurityLevel::SW_SECURE_CRYPTO; schemes.mimeTypes = {kIsoBmffVideoMimeType, kIsoBmffAudioMimeType, kCencInitDataFormat, kWebmVideoMimeType, kWebmAudioMimeType, kWebmInitDataFormat}; *_aidl_return = schemes; return ndk::ScopedAStatus::ok(); } binder_status_t DrmFactory::dump(int fd, const char** args, uint32_t numArgs) { Loading Loading
drm/mediadrm/plugins/clearkey/aidl/Android.bp +0 −1 Original line number Diff line number Diff line Loading @@ -13,7 +13,6 @@ cc_defaults { srcs: [ "CreatePluginFactories.cpp", "CryptoFactory.cpp", "CryptoPlugin.cpp", "DrmFactory.cpp", "DrmPlugin.cpp", Loading
drm/mediadrm/plugins/clearkey/aidl/CreatePluginFactories.cpp +0 −4 Original line number Diff line number Diff line Loading @@ -25,10 +25,6 @@ std::shared_ptr<DrmFactory> createDrmFactory() { return ::ndk::SharedRefBase::make<DrmFactory>(); } std::shared_ptr<CryptoFactory> createCryptoFactory() { return ::ndk::SharedRefBase::make<CryptoFactory>(); } } // namespace clearkey } // namespace drm } // namespace hardware Loading
drm/mediadrm/plugins/clearkey/aidl/CryptoFactory.cppdeleted 100644 → 0 +0 −67 Original line number Diff line number Diff line /* * Copyright (C) 2021 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #define LOG_TAG "clearkey-CryptoFactory" #include <utils/Log.h> #include "CryptoFactory.h" #include "ClearKeyUUID.h" #include "CryptoPlugin.h" #include "AidlUtils.h" namespace aidl { namespace android { namespace hardware { namespace drm { namespace clearkey { using ::aidl::android::hardware::drm::Status; using ::aidl::android::hardware::drm::Uuid; using std::vector; ::ndk::ScopedAStatus CryptoFactory::createPlugin( const ::aidl::android::hardware::drm::Uuid& in_uuid, const std::vector<uint8_t>& in_initData, std::shared_ptr<::aidl::android::hardware::drm::ICryptoPlugin>* _aidl_return) { if (!isClearKeyUUID(in_uuid.uuid.data())) { ALOGE("Clearkey Drm HAL: failed to create crypto plugin, " "invalid crypto scheme"); *_aidl_return = nullptr; return toNdkScopedAStatus(Status::BAD_VALUE); } std::shared_ptr<CryptoPlugin> plugin = ::ndk::SharedRefBase::make<CryptoPlugin>(in_initData); Status status = plugin->getInitStatus(); if (status != Status::OK) { plugin.reset(); plugin = nullptr; } *_aidl_return = plugin; return toNdkScopedAStatus(status); } ::ndk::ScopedAStatus CryptoFactory::isCryptoSchemeSupported(const Uuid& in_uuid, bool* _aidl_return) { *_aidl_return = isClearKeyUUID(in_uuid.uuid.data()); return ::ndk::ScopedAStatus::ok(); } } // namespace clearkey } // namespace drm } // namespace hardware } // namespace android } // namespace aidl
drm/mediadrm/plugins/clearkey/aidl/CryptoPlugin.cpp +67 −82 Original line number Diff line number Diff line Loading @@ -31,110 +31,101 @@ namespace clearkey { using ::aidl::android::hardware::drm::Status; ::ndk::ScopedAStatus CryptoPlugin::decrypt( bool in_secure, const std::vector<uint8_t>& in_keyId, const std::vector<uint8_t>& in_iv, ::aidl::android::hardware::drm::Mode in_mode, const ::aidl::android::hardware::drm::Pattern& in_pattern, const std::vector<::aidl::android::hardware::drm::SubSample>& in_subSamples, const ::aidl::android::hardware::drm::SharedBuffer& in_source, int64_t in_offset, const ::aidl::android::hardware::drm::DestinationBuffer& in_destination, ::aidl::android::hardware::drm::DecryptResult* _aidl_return) { UNUSED(in_pattern); ::ndk::ScopedAStatus CryptoPlugin::decrypt(const DecryptArgs& in_args, int32_t* _aidl_return) { const char* detailedError = ""; std::string detailedError; _aidl_return->bytesWritten = 0; if (in_secure) { _aidl_return->detailedError = "secure decryption is not supported with ClearKey"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); *_aidl_return = 0; if (in_args.secure) { detailedError = "secure decryption is not supported with ClearKey"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } std::lock_guard<std::mutex> shared_buffer_lock(mSharedBufferLock); if (mSharedBufferMap.find(in_source.bufferId) == mSharedBufferMap.end()) { _aidl_return->detailedError = "source decrypt buffer base not set"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); if (mSharedBufferMap.find(in_args.source.bufferId) == mSharedBufferMap.end()) { detailedError = "source decrypt buffer base not set"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } if (in_destination.type == BufferType::SHARED_MEMORY) { const SharedBuffer& dest = in_destination.nonsecureMemory; if (mSharedBufferMap.find(dest.bufferId) == mSharedBufferMap.end()) { _aidl_return->detailedError = "destination decrypt buffer base not set"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); const auto NON_SECURE = DestinationBuffer::Tag::nonsecureMemory; if (in_args.destination.getTag() != NON_SECURE) { detailedError = "destination type not supported"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } } else { _aidl_return->detailedError = "destination type not supported"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); const SharedBuffer& destBuffer = in_args.destination.get<NON_SECURE>(); if (mSharedBufferMap.find(destBuffer.bufferId) == mSharedBufferMap.end()) { detailedError = "destination decrypt buffer base not set"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } auto src = mSharedBufferMap[in_source.bufferId]; auto src = mSharedBufferMap[in_args.source.bufferId]; if (src->mBase == nullptr) { _aidl_return->detailedError = "source is a nullptr"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); detailedError = "source is a nullptr"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } size_t totalSize = 0; if (__builtin_add_overflow(in_source.offset, in_offset, &totalSize) || __builtin_add_overflow(totalSize, in_source.size, &totalSize) || totalSize > src->mSize) { if (__builtin_add_overflow(in_args.source.offset, in_args.offset, &totalSize) || __builtin_add_overflow(totalSize, in_args.source.size, &totalSize) || totalSize > src->mSize) { android_errorWriteLog(0x534e4554, "176496160"); _aidl_return->detailedError = "invalid buffer size"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); detailedError = "invalid buffer size"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } // destination.type == BufferType::SHARED_MEMORY const SharedBuffer& destBuffer = in_destination.nonsecureMemory; // destination type must be non-secure shared memory auto dest = mSharedBufferMap[destBuffer.bufferId]; if (dest->mBase == nullptr) { _aidl_return->detailedError = "destination is a nullptr"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); detailedError = "destination is a nullptr"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } totalSize = 0; if (__builtin_add_overflow(destBuffer.offset, destBuffer.size, &totalSize) || totalSize > dest->mSize) { android_errorWriteLog(0x534e4554, "176444622"); _aidl_return->detailedError = "invalid buffer size"; return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE); detailedError = "invalid buffer size"; return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE, detailedError); } // Calculate the output buffer size and determine if any subsamples are // encrypted. uint8_t* srcPtr = src->mBase + in_source.offset + in_offset; uint8_t* destPtr = dest->mBase + in_destination.nonsecureMemory.offset; uint8_t* srcPtr = src->mBase + in_args.source.offset + in_args.offset; uint8_t* destPtr = dest->mBase + destBuffer.offset; size_t destSize = 0; size_t srcSize = 0; bool haveEncryptedSubsamples = false; for (size_t i = 0; i < in_subSamples.size(); i++) { const SubSample& subSample = in_subSamples[i]; for (size_t i = 0; i < in_args.subSamples.size(); i++) { const SubSample& subSample = in_args.subSamples[i]; if (__builtin_add_overflow(destSize, subSample.numBytesOfClearData, &destSize) || __builtin_add_overflow(srcSize, subSample.numBytesOfClearData, &srcSize)) { _aidl_return->detailedError = "subsample clear size overflow"; return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE); detailedError = "subsample clear size overflow"; return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE, detailedError); } if (__builtin_add_overflow(destSize, subSample.numBytesOfEncryptedData, &destSize) || __builtin_add_overflow(srcSize, subSample.numBytesOfEncryptedData, &srcSize)) { _aidl_return->detailedError = "subsample encrypted size overflow"; return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE); detailedError = "subsample encrypted size overflow"; return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE, detailedError); } if (subSample.numBytesOfEncryptedData > 0) { haveEncryptedSubsamples = true; } } if (destSize > destBuffer.size || srcSize > in_source.size) { _aidl_return->detailedError = "subsample sum too large"; return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE); if (destSize > destBuffer.size || srcSize > in_args.source.size) { detailedError = "subsample sum too large"; return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE, detailedError); } if (in_mode == Mode::UNENCRYPTED) { if (in_args.mode == Mode::UNENCRYPTED) { if (haveEncryptedSubsamples) { _aidl_return->detailedError = "Encrypted subsamples found in allegedly unencrypted data."; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); detailedError = "Encrypted subsamples found in allegedly unencrypted data."; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } size_t offset = 0; for (size_t i = 0; i < in_subSamples.size(); ++i) { const SubSample& subSample = in_subSamples[i]; for (size_t i = 0; i < in_args.subSamples.size(); ++i) { const SubSample& subSample = in_args.subSamples[i]; if (subSample.numBytesOfClearData != 0) { memcpy(reinterpret_cast<uint8_t*>(destPtr) + offset, reinterpret_cast<const uint8_t*>(srcPtr) + offset, Loading @@ -143,37 +134,33 @@ using ::aidl::android::hardware::drm::Status; } } _aidl_return->bytesWritten = static_cast<ssize_t>(offset); _aidl_return->detailedError = ""; *_aidl_return = static_cast<ssize_t>(offset); return toNdkScopedAStatus(Status::OK); } else if (in_mode == Mode::AES_CTR) { } else if (in_args.mode == Mode::AES_CTR) { size_t bytesDecrypted{}; std::vector<int32_t> clearDataLengths; std::vector<int32_t> encryptedDataLengths; for (auto ss : in_subSamples) { for (auto ss : in_args.subSamples) { clearDataLengths.push_back(ss.numBytesOfClearData); encryptedDataLengths.push_back(ss.numBytesOfEncryptedData); } auto res = mSession->decrypt(in_keyId.data(), in_iv.data(), mSession->decrypt(in_args.keyId.data(), in_args.iv.data(), srcPtr, static_cast<uint8_t*>(destPtr), clearDataLengths, encryptedDataLengths, &bytesDecrypted); if (res == clearkeydrm::OK) { _aidl_return->bytesWritten = static_cast<ssize_t>(bytesDecrypted); _aidl_return->detailedError = ""; *_aidl_return = static_cast<ssize_t>(bytesDecrypted); return toNdkScopedAStatus(Status::OK); } else { _aidl_return->bytesWritten = 0; _aidl_return->detailedError = "Decryption Error"; return toNdkScopedAStatus(static_cast<Status>(res)); *_aidl_return = 0; detailedError = "Decryption Error"; return toNdkScopedAStatus(static_cast<Status>(res), detailedError); } } else { _aidl_return->bytesWritten = 0; _aidl_return->detailedError = "selected encryption mode is not supported by the ClearKey DRM \ Plugin"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE); *_aidl_return = 0; detailedError = "selected encryption mode is not supported by the ClearKey DRM Plugin"; return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); } } Loading Loading @@ -218,24 +205,22 @@ Plugin"; return toNdkScopedAStatus(status); } ::ndk::ScopedAStatus CryptoPlugin::setSharedBufferBase( const ::aidl::android::hardware::common::Ashmem& in_base, int32_t in_bufferId) { ::ndk::ScopedAStatus CryptoPlugin::setSharedBufferBase(const SharedBuffer& in_base) { std::lock_guard<std::mutex> shared_buffer_lock(mSharedBufferLock); mSharedBufferMap[in_bufferId] = std::make_shared<SharedBufferBase>(in_base); mSharedBufferMap[in_base.bufferId] = std::make_shared<SharedBufferBase>(in_base); return ::ndk::ScopedAStatus::ok(); } SharedBufferBase::SharedBufferBase(const ::aidl::android::hardware::common::Ashmem& mem) SharedBufferBase::SharedBufferBase(const SharedBuffer& mem) : mBase(nullptr), mSize(mem.size) { if (mem.fd.get() < 0) { if (mem.handle.fds.empty()) { return; } auto addr = mmap(nullptr, mem.size, PROT_READ | PROT_WRITE, MAP_SHARED, mem.fd.get(), 0); auto fd = mem.handle.fds[0].get(); auto addr = mmap(nullptr, mem.size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); if (addr == MAP_FAILED) { ALOGE("mmap err: fd %d; errno %s", mem.fd.get(), strerror(errno)); ALOGE("mmap err: fd %d; errno %s", fd, strerror(errno)); } else { mBase = static_cast<uint8_t*>(addr); } Loading
drm/mediadrm/plugins/clearkey/aidl/DrmFactory.cpp +29 −31 Original line number Diff line number Diff line Loading @@ -20,6 +20,7 @@ #include "DrmFactory.h" #include "ClearKeyUUID.h" #include "CryptoPlugin.h" #include "DrmPlugin.h" #include "MimeTypeStdStr.h" #include "SessionLibrary.h" Loading @@ -38,7 +39,7 @@ using ::aidl::android::hardware::drm::SecurityLevel; using ::aidl::android::hardware::drm::Status; using ::aidl::android::hardware::drm::Uuid; ::ndk::ScopedAStatus DrmFactory::createPlugin( ::ndk::ScopedAStatus DrmFactory::createDrmPlugin( const Uuid& in_uuid, const string& in_appPackageName, std::shared_ptr<::aidl::android::hardware::drm::IDrmPlugin>* _aidl_return) { UNUSED(in_appPackageName); Loading @@ -56,40 +57,37 @@ using ::aidl::android::hardware::drm::Uuid; return toNdkScopedAStatus(Status::OK); } ::ndk::ScopedAStatus DrmFactory::getSupportedCryptoSchemes(vector<Uuid>* _aidl_return) { vector<Uuid> schemes; Uuid scheme; for (const auto& uuid : ::aidl::android::hardware::drm::clearkey::getSupportedCryptoSchemes()) { scheme.uuid.assign(uuid.begin(), uuid.end()); schemes.push_back(scheme); } *_aidl_return = schemes; return ndk::ScopedAStatus::ok(); ::ndk::ScopedAStatus DrmFactory::createCryptoPlugin( const Uuid& in_uuid, const std::vector<uint8_t>& in_initData, std::shared_ptr<::aidl::android::hardware::drm::ICryptoPlugin>* _aidl_return) { if (!isClearKeyUUID(in_uuid.uuid.data())) { ALOGE("Clearkey Drm HAL: failed to create crypto plugin, " "invalid crypto scheme"); *_aidl_return = nullptr; return toNdkScopedAStatus(Status::BAD_VALUE); } ::ndk::ScopedAStatus DrmFactory::isContentTypeSupported(const string& in_mimeType, bool* _aidl_return) { // This should match the in_mimeTypes handed by InitDataParser. *_aidl_return = in_mimeType == kIsoBmffVideoMimeType || in_mimeType == kIsoBmffAudioMimeType || in_mimeType == kCencInitDataFormat || in_mimeType == kWebmVideoMimeType || in_mimeType == kWebmAudioMimeType || in_mimeType == kWebmInitDataFormat || in_mimeType.empty(); return ::ndk::ScopedAStatus::ok(); std::shared_ptr<CryptoPlugin> plugin = ::ndk::SharedRefBase::make<CryptoPlugin>(in_initData); Status status = plugin->getInitStatus(); if (status != Status::OK) { plugin.reset(); plugin = nullptr; } *_aidl_return = plugin; return toNdkScopedAStatus(status); } ::ndk::ScopedAStatus DrmFactory::isCryptoSchemeSupported(const Uuid& in_uuid, const string& in_mimeType, SecurityLevel in_securityLevel, bool* _aidl_return) { bool isSupportedMimeType = false; if (!isContentTypeSupported(in_mimeType, &isSupportedMimeType).isOk()) { ALOGD("%s mime type is not supported by crypto scheme", in_mimeType.c_str()); ::ndk::ScopedAStatus DrmFactory::getSupportedCryptoSchemes(CryptoSchemes* _aidl_return) { CryptoSchemes schemes{}; for (const auto& uuid : ::aidl::android::hardware::drm::clearkey::getSupportedCryptoSchemes()) { schemes.uuids.push_back({uuid}); } *_aidl_return = isClearKeyUUID(in_uuid.uuid.data()) && isSupportedMimeType && (in_securityLevel == SecurityLevel::SW_SECURE_CRYPTO || in_securityLevel == SecurityLevel::DEFAULT || in_securityLevel == SecurityLevel::UNKNOWN); return ::ndk::ScopedAStatus::ok(); schemes.minLevel = SecurityLevel::SW_SECURE_CRYPTO; schemes.maxLevel = SecurityLevel::SW_SECURE_CRYPTO; schemes.mimeTypes = {kIsoBmffVideoMimeType, kIsoBmffAudioMimeType, kCencInitDataFormat, kWebmVideoMimeType, kWebmAudioMimeType, kWebmInitDataFormat}; *_aidl_return = schemes; return ndk::ScopedAStatus::ok(); } binder_status_t DrmFactory::dump(int fd, const char** args, uint32_t numArgs) { Loading
