Merge "Add signature|system permission to MediaDrm signer APIs" into klp-modular-dev (4995d725) · Commits · e / os / android_frameworks_base

core/res/AndroidManifest.xml

+7 −0

Original line number	Diff line number	Diff line
		@@ -2519,6 +2519,13 @@
		android:description="@string/permdesc_accessNetworkConditions"
		android:protectionLevel="signature\|system" />

		<!-- Allows an application to provision and access DRM certificates
		@hide This is not a third-party API (intended for system apps). -->
		<permission android:name="android.permission.ACCESS_DRM_CERTIFICATES"
		android:label="@string/permlab_accessDrmCertificates"
		android:description="@string/permdesc_accessDrmCertificates"
		android:protectionLevel="signature\|system" />

		<!-- The system process is explicitly the only one allowed to launch the
		confirmation UI for full backup/restore -->
		<uses-permission android:name="android.permission.CONFIRM_FULL_BACKUP"/>

core/res/res/values/strings.xml

+5 −0

Original line number	Diff line number	Diff line
		@@ -1985,6 +1985,11 @@
		<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
		<string name="permdesc_accessNetworkConditions">Allows an application to listen for observations on network conditions. Should never be needed for normal apps.</string>

		<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
		<string name="permlab_accessDrmCertificates">access DRM certificates</string>
		<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
		<string name="permdesc_accessDrmCertificates">Allows an application to provision and use DRM certficates. Should never be needed for normal apps.</string>

		<!-- Policy administration -->

		<!-- Title of policy access to limiting the user's password choices -->

media/java/android/media/MediaDrm.java

+26 −29

Original line number	Diff line number	Diff line
		@@ -29,7 +29,6 @@ import android.os.Message;
		import android.os.Bundle;
		import android.os.Parcel;
		import android.util.Log;
		import android.content.Context;

		/**
		* MediaDrm can be used to obtain keys for decrypting protected media streams, in
		@@ -100,6 +99,8 @@ public final class MediaDrm {

		private final static String TAG = "MediaDrm";

		private static final String PERMISSION = android.Manifest.permission.ACCESS_DRM_CERTIFICATES;

		private EventHandler mEventHandler;
		private OnEventListener mOnEventListener;

		@@ -387,8 +388,7 @@ public final class MediaDrm {
		* problem with the certifcate
		*/
		public native KeyRequest getKeyRequest(byte[] scope, byte[] init,
		String mimeType, int keyType,
		HashMap<String, String> optionalParameters)
		String mimeType, int keyType, HashMap<String, String> optionalParameters)
		throws NotProvisionedException;


		@@ -600,8 +600,7 @@ public final class MediaDrm {
		byte[] keyId, byte[] message);

		private static final native boolean verifyNative(MediaDrm drm, byte[] sessionId,
		byte[] keyId, byte[] message,
		byte[] signature);
		byte[] keyId, byte[] message, byte[] signature);

		/**
		* In addition to supporting decryption of DASH Common Encrypted Media, the
		@@ -706,8 +705,7 @@ public final class MediaDrm {
		* "algorithms".
		*/
		public CryptoSession getCryptoSession(byte[] sessionId,
		String cipherAlgorithm,
		String macAlgorithm)
		String cipherAlgorithm, String macAlgorithm)
		{
		return new CryptoSession(this, sessionId, cipherAlgorithm, macAlgorithm);
		}
		@@ -807,13 +805,11 @@ public final class MediaDrm {
		}

		private static final native byte[] signRSANative(MediaDrm drm, byte[] sessionId,
		String algorithm, byte[] wrappedKey,
		byte[] message);
		String algorithm, byte[] wrappedKey, byte[] message);

		/**
		* Sign data using an RSA key
		*
		* @param context the app context
		* @param sessionId a sessionId obtained from openSession on the MediaDrm object
		* @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1"
		* @param wrappedKey - the wrapped (encrypted) RSA private key obtained
		@@ -822,7 +818,8 @@ public final class MediaDrm {
		*
		* @hide - not part of the public API at this time
		*/
		public byte[] signRSA(Context context, byte[] sessionId, String algorithm, byte[] wrappedKey, byte[] message) {
		public byte[] signRSA(byte[] sessionId, String algorithm,
		byte[] wrappedKey, byte[] message) {
		return signRSANative(this, sessionId, algorithm, wrappedKey, message);
		}

media/jni/android_media_MediaDrm.cpp

+4 −4

Original line number	Diff line number	Diff line
		@@ -570,7 +570,7 @@ static void android_media_MediaDrm_native_init(JNIEnv *env) {
		FIND_CLASS(clazz, "android/media/MediaDrm$Certificate");
		GET_FIELD_ID(gFields.certificate.wrappedPrivateKey, clazz, "mWrappedKey", "[B");
		GET_FIELD_ID(gFields.certificate.certificateData, clazz, "mCertificateData", "[B");
		gFields.certificateClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz));
		gFields.certificateClassId = static_cast<jclass>(env->NewGlobalRef(clazz));

		FIND_CLASS(clazz, "java/util/ArrayList");
		GET_METHOD_ID(gFields.arraylist.init, clazz, "<init>", "()V");
		@@ -595,13 +595,13 @@ static void android_media_MediaDrm_native_init(JNIEnv *env) {
		GET_METHOD_ID(gFields.entry.getValue, clazz, "getValue", "()Ljava/lang/Object;");

		FIND_CLASS(clazz, "java/util/HashMap");
		gFields.hashmapClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz));
		gFields.hashmapClassId = static_cast<jclass>(env->NewGlobalRef(clazz));

		FIND_CLASS(clazz, "java/lang/String");
		gFields.stringClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz));
		gFields.stringClassId = static_cast<jclass>(env->NewGlobalRef(clazz));

		FIND_CLASS(clazz, "java/util/ArrayList");
		gFields.arraylistClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz));
		gFields.arraylistClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
		}

		static void android_media_MediaDrm_native_setup(

media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java

+7 −9

Original line number	Diff line number	Diff line
		@@ -16,7 +16,6 @@

		package com.android.mediadrm.signer;

		import android.content.Context;
		import android.media.MediaDrm;
		import android.media.DeniedByServerException;

		@@ -37,7 +36,7 @@ public final class MediaDrmSigner {
		* server
		*/
		public final static class CertificateRequest {
		private MediaDrm.CertificateRequest mCertRequest;
		private final MediaDrm.CertificateRequest mCertRequest;

		CertificateRequest(MediaDrm.CertificateRequest certRequest) {
		mCertRequest = certRequest;
		@@ -65,7 +64,7 @@ public final class MediaDrmSigner {
		* with a certificate.
		*/
		public final static class Certificate {
		private MediaDrm.Certificate mCertificate;
		private final MediaDrm.Certificate mCertificate;

		Certificate(MediaDrm.Certificate certificate) {
		mCertificate = certificate;
		@@ -124,7 +123,6 @@ public final class MediaDrmSigner {
		/**
		* Sign data using an RSA key
		*
		* @param context the App context
		* @param drm the MediaDrm object
		* @param sessionId a sessionId obtained from openSession on the MediaDrm object
		* @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1"
		@@ -132,8 +130,8 @@ public final class MediaDrmSigner {
		* from provideCertificateResponse
		* @param message the data for which a signature is to be computed
		*/
		public static byte[] signRSA(Context context, MediaDrm drm, byte[] sessionId,
		public static byte[] signRSA(MediaDrm drm, byte[] sessionId,
		String algorithm, byte[] wrappedKey, byte[] message) {
		return drm.signRSA(context, sessionId, algorithm, wrappedKey, message);
		return drm.signRSA(sessionId, algorithm, wrappedKey, message);
		}
		}