Loading core/api/current.txt +8 −0 Original line number Diff line number Diff line Loading @@ -22762,12 +22762,16 @@ package android.media { method @NonNull public String getCanonicalName(); method public android.media.MediaCodecInfo.CodecCapabilities getCapabilitiesForType(String); method @NonNull public String getName(); method @FlaggedApi("android.media.codec.in_process_sw_audio_codec") public int getSecurityModel(); method public String[] getSupportedTypes(); method public boolean isAlias(); method public boolean isEncoder(); method public boolean isHardwareAccelerated(); method public boolean isSoftwareOnly(); method public boolean isVendor(); field @FlaggedApi("android.media.codec.in_process_sw_audio_codec") public static final int SECURITY_MODEL_MEMORY_SAFE = 1; // 0x1 field @FlaggedApi("android.media.codec.in_process_sw_audio_codec") public static final int SECURITY_MODEL_SANDBOXED = 0; // 0x0 field @FlaggedApi("android.media.codec.in_process_sw_audio_codec") public static final int SECURITY_MODEL_TRUSTED_CONTENT_ONLY = 2; // 0x2 } public static final class MediaCodecInfo.AudioCapabilities { Loading Loading @@ -23602,6 +23606,9 @@ package android.media { field public static final int COLOR_TRANSFER_LINEAR = 1; // 0x1 field public static final int COLOR_TRANSFER_SDR_VIDEO = 3; // 0x3 field public static final int COLOR_TRANSFER_ST2084 = 6; // 0x6 field @FlaggedApi("android.media.codec.in_process_sw_audio_codec") public static final int FLAG_SECURITY_MODEL_MEMORY_SAFE = 2; // 0x2 field @FlaggedApi("android.media.codec.in_process_sw_audio_codec") public static final int FLAG_SECURITY_MODEL_SANDBOXED = 1; // 0x1 field @FlaggedApi("android.media.codec.in_process_sw_audio_codec") public static final int FLAG_SECURITY_MODEL_TRUSTED_CONTENT_ONLY = 4; // 0x4 field public static final String KEY_AAC_DRC_ALBUM_MODE = "aac-drc-album-mode"; field public static final String KEY_AAC_DRC_ATTENUATION_FACTOR = "aac-drc-cut-level"; field public static final String KEY_AAC_DRC_BOOST_FACTOR = "aac-drc-boost-level"; Loading Loading @@ -23683,6 +23690,7 @@ package android.media { field public static final String KEY_REPEAT_PREVIOUS_FRAME_AFTER = "repeat-previous-frame-after"; field public static final String KEY_ROTATION = "rotation-degrees"; field public static final String KEY_SAMPLE_RATE = "sample-rate"; field @FlaggedApi("android.media.codec.in_process_sw_audio_codec") public static final String KEY_SECURITY_MODEL = "security-model"; field public static final String KEY_SLICE_HEIGHT = "slice-height"; field public static final String KEY_SLOW_MOTION_MARKERS = "slow-motion-markers"; field public static final String KEY_STRIDE = "stride"; media/java/android/media/MediaCodecInfo.java +53 −0 Original line number Diff line number Diff line Loading @@ -20,10 +20,12 @@ import static android.media.Utils.intersectSortedDistinctRanges; import static android.media.Utils.sortDistinctRanges; import static android.media.codec.Flags.FLAG_DYNAMIC_COLOR_ASPECTS; import static android.media.codec.Flags.FLAG_HLG_EDITING; import static android.media.codec.Flags.FLAG_IN_PROCESS_SW_AUDIO_CODEC; import static android.media.codec.Flags.FLAG_NULL_OUTPUT_SURFACE; import static android.media.codec.Flags.FLAG_REGION_OF_INTEREST; import android.annotation.FlaggedApi; import android.annotation.IntDef; import android.annotation.IntRange; import android.annotation.NonNull; import android.annotation.Nullable; Loading @@ -40,6 +42,8 @@ import android.util.Range; import android.util.Rational; import android.util.Size; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; Loading Loading @@ -1808,6 +1812,55 @@ public final class MediaCodecInfo { } } /** @hide */ @IntDef(prefix = {"SECURITY_MODEL_"}, value = { SECURITY_MODEL_SANDBOXED, SECURITY_MODEL_MEMORY_SAFE, SECURITY_MODEL_TRUSTED_CONTENT_ONLY, }) @Retention(RetentionPolicy.SOURCE) public @interface SecurityModel {} /** * In this model the codec is running in a sandboxed process. Even if a * malicious content was fed to the codecs in this model, the impact will * be contained in the sandboxed process. */ @FlaggedApi(FLAG_IN_PROCESS_SW_AUDIO_CODEC) public static final int SECURITY_MODEL_SANDBOXED = 0; /** * In this model the codec is not running in a sandboxed process, but * written in a memory-safe way. It typically means that the software * implementation of the codec is written in a memory-safe language such * as Rust. */ @FlaggedApi(FLAG_IN_PROCESS_SW_AUDIO_CODEC) public static final int SECURITY_MODEL_MEMORY_SAFE = 1; /** * In this model the codec is suitable only for trusted content where * the input can be verified to be well-formed and no malicious actor * can alter it. For example, codecs in this model are not suitable * for arbitrary media downloaded from the internet or present in a user * directory. On the other hand, they could be suitable for media encoded * in the backend that the app developer wholly controls. * <p> * Codecs with this security model is not included in * {@link MediaCodecList#REGULAR_CODECS}, but included in * {@link MediaCodecList#ALL_CODECS}. */ @FlaggedApi(FLAG_IN_PROCESS_SW_AUDIO_CODEC) public static final int SECURITY_MODEL_TRUSTED_CONTENT_ONLY = 2; /** * Query the security model of the codec. */ @FlaggedApi(FLAG_IN_PROCESS_SW_AUDIO_CODEC) @SecurityModel public int getSecurityModel() { // TODO b/297922713 --- detect security model of out-of-sandbox codecs return SECURITY_MODEL_SANDBOXED; } /** * A class that supports querying the video capabilities of a codec. */ Loading media/java/android/media/MediaFormat.java +54 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,8 @@ package android.media; import static android.media.codec.Flags.FLAG_IN_PROCESS_SW_AUDIO_CODEC; import static com.android.media.codec.flags.Flags.FLAG_CODEC_IMPORTANCE; import static com.android.media.codec.flags.Flags.FLAG_LARGE_AUDIO_FRAME; Loading Loading @@ -1715,6 +1717,58 @@ public final class MediaFormat { @FlaggedApi(FLAG_CODEC_IMPORTANCE) public static final String KEY_IMPORTANCE = "importance"; /** @hide */ @IntDef(flag = true, prefix = {"FLAG_SECURITY_MODEL_"}, value = { FLAG_SECURITY_MODEL_SANDBOXED, FLAG_SECURITY_MODEL_MEMORY_SAFE, FLAG_SECURITY_MODEL_TRUSTED_CONTENT_ONLY, }) @Retention(RetentionPolicy.SOURCE) public @interface SecurityModelFlag {} /** * Flag for {@link MediaCodecInfo#SECURITY_MODEL_SANDBOXED}. */ @FlaggedApi(FLAG_IN_PROCESS_SW_AUDIO_CODEC) public static final int FLAG_SECURITY_MODEL_SANDBOXED = (1 << MediaCodecInfo.SECURITY_MODEL_SANDBOXED); /** * Flag for {@link MediaCodecInfo#SECURITY_MODEL_MEMORY_SAFE}. */ @FlaggedApi(FLAG_IN_PROCESS_SW_AUDIO_CODEC) public static final int FLAG_SECURITY_MODEL_MEMORY_SAFE = (1 << MediaCodecInfo.SECURITY_MODEL_MEMORY_SAFE); /** * Flag for {@link MediaCodecInfo#SECURITY_MODEL_TRUSTED_CONTENT_ONLY}. */ @FlaggedApi(FLAG_IN_PROCESS_SW_AUDIO_CODEC) public static final int FLAG_SECURITY_MODEL_TRUSTED_CONTENT_ONLY = (1 << MediaCodecInfo.SECURITY_MODEL_TRUSTED_CONTENT_ONLY); /** * A key describing the requested security model as flags. * <p> * The associated value is a flag of the following values: * {@link FLAG_SECURITY_MODEL_SANDBOXED}, * {@link FLAG_SECURITY_MODEL_MEMORY_SAFE}, * {@link FLAG_SECURITY_MODEL_TRUSTED_CONTENT_ONLY}. The default value is * {@link FLAG_SECURITY_MODEL_SANDBOXED}. * <p> * When passed to {@link MediaCodecList#findDecoderForFormat} or * {@link MediaCodecList#findEncoderForFormat}, MediaCodecList filters * the security model of the codecs according to this flag value. * <p> * When passed to {@link MediaCodec#configure}, MediaCodec verifies * the security model matches the flag value passed, and throws * {@link java.lang.IllegalArgumentException} if the model does not match. * <p> * @see MediaCodecInfo#getSecurityModel * @see MediaCodecList#findDecoderForFormat * @see MediaCodecList#findEncoderForFormat */ @FlaggedApi(FLAG_IN_PROCESS_SW_AUDIO_CODEC) public static final String KEY_SECURITY_MODEL = "security-model"; /* package private */ MediaFormat(@NonNull Map<String, Object> map) { mMap = map; } Loading Loading
core/api/current.txt +8 −0 Original line number Diff line number Diff line Loading @@ -22762,12 +22762,16 @@ package android.media { method @NonNull public String getCanonicalName(); method public android.media.MediaCodecInfo.CodecCapabilities getCapabilitiesForType(String); method @NonNull public String getName(); method @FlaggedApi("android.media.codec.in_process_sw_audio_codec") public int getSecurityModel(); method public String[] getSupportedTypes(); method public boolean isAlias(); method public boolean isEncoder(); method public boolean isHardwareAccelerated(); method public boolean isSoftwareOnly(); method public boolean isVendor(); field @FlaggedApi("android.media.codec.in_process_sw_audio_codec") public static final int SECURITY_MODEL_MEMORY_SAFE = 1; // 0x1 field @FlaggedApi("android.media.codec.in_process_sw_audio_codec") public static final int SECURITY_MODEL_SANDBOXED = 0; // 0x0 field @FlaggedApi("android.media.codec.in_process_sw_audio_codec") public static final int SECURITY_MODEL_TRUSTED_CONTENT_ONLY = 2; // 0x2 } public static final class MediaCodecInfo.AudioCapabilities { Loading Loading @@ -23602,6 +23606,9 @@ package android.media { field public static final int COLOR_TRANSFER_LINEAR = 1; // 0x1 field public static final int COLOR_TRANSFER_SDR_VIDEO = 3; // 0x3 field public static final int COLOR_TRANSFER_ST2084 = 6; // 0x6 field @FlaggedApi("android.media.codec.in_process_sw_audio_codec") public static final int FLAG_SECURITY_MODEL_MEMORY_SAFE = 2; // 0x2 field @FlaggedApi("android.media.codec.in_process_sw_audio_codec") public static final int FLAG_SECURITY_MODEL_SANDBOXED = 1; // 0x1 field @FlaggedApi("android.media.codec.in_process_sw_audio_codec") public static final int FLAG_SECURITY_MODEL_TRUSTED_CONTENT_ONLY = 4; // 0x4 field public static final String KEY_AAC_DRC_ALBUM_MODE = "aac-drc-album-mode"; field public static final String KEY_AAC_DRC_ATTENUATION_FACTOR = "aac-drc-cut-level"; field public static final String KEY_AAC_DRC_BOOST_FACTOR = "aac-drc-boost-level"; Loading Loading @@ -23683,6 +23690,7 @@ package android.media { field public static final String KEY_REPEAT_PREVIOUS_FRAME_AFTER = "repeat-previous-frame-after"; field public static final String KEY_ROTATION = "rotation-degrees"; field public static final String KEY_SAMPLE_RATE = "sample-rate"; field @FlaggedApi("android.media.codec.in_process_sw_audio_codec") public static final String KEY_SECURITY_MODEL = "security-model"; field public static final String KEY_SLICE_HEIGHT = "slice-height"; field public static final String KEY_SLOW_MOTION_MARKERS = "slow-motion-markers"; field public static final String KEY_STRIDE = "stride";
media/java/android/media/MediaCodecInfo.java +53 −0 Original line number Diff line number Diff line Loading @@ -20,10 +20,12 @@ import static android.media.Utils.intersectSortedDistinctRanges; import static android.media.Utils.sortDistinctRanges; import static android.media.codec.Flags.FLAG_DYNAMIC_COLOR_ASPECTS; import static android.media.codec.Flags.FLAG_HLG_EDITING; import static android.media.codec.Flags.FLAG_IN_PROCESS_SW_AUDIO_CODEC; import static android.media.codec.Flags.FLAG_NULL_OUTPUT_SURFACE; import static android.media.codec.Flags.FLAG_REGION_OF_INTEREST; import android.annotation.FlaggedApi; import android.annotation.IntDef; import android.annotation.IntRange; import android.annotation.NonNull; import android.annotation.Nullable; Loading @@ -40,6 +42,8 @@ import android.util.Range; import android.util.Rational; import android.util.Size; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; Loading Loading @@ -1808,6 +1812,55 @@ public final class MediaCodecInfo { } } /** @hide */ @IntDef(prefix = {"SECURITY_MODEL_"}, value = { SECURITY_MODEL_SANDBOXED, SECURITY_MODEL_MEMORY_SAFE, SECURITY_MODEL_TRUSTED_CONTENT_ONLY, }) @Retention(RetentionPolicy.SOURCE) public @interface SecurityModel {} /** * In this model the codec is running in a sandboxed process. Even if a * malicious content was fed to the codecs in this model, the impact will * be contained in the sandboxed process. */ @FlaggedApi(FLAG_IN_PROCESS_SW_AUDIO_CODEC) public static final int SECURITY_MODEL_SANDBOXED = 0; /** * In this model the codec is not running in a sandboxed process, but * written in a memory-safe way. It typically means that the software * implementation of the codec is written in a memory-safe language such * as Rust. */ @FlaggedApi(FLAG_IN_PROCESS_SW_AUDIO_CODEC) public static final int SECURITY_MODEL_MEMORY_SAFE = 1; /** * In this model the codec is suitable only for trusted content where * the input can be verified to be well-formed and no malicious actor * can alter it. For example, codecs in this model are not suitable * for arbitrary media downloaded from the internet or present in a user * directory. On the other hand, they could be suitable for media encoded * in the backend that the app developer wholly controls. * <p> * Codecs with this security model is not included in * {@link MediaCodecList#REGULAR_CODECS}, but included in * {@link MediaCodecList#ALL_CODECS}. */ @FlaggedApi(FLAG_IN_PROCESS_SW_AUDIO_CODEC) public static final int SECURITY_MODEL_TRUSTED_CONTENT_ONLY = 2; /** * Query the security model of the codec. */ @FlaggedApi(FLAG_IN_PROCESS_SW_AUDIO_CODEC) @SecurityModel public int getSecurityModel() { // TODO b/297922713 --- detect security model of out-of-sandbox codecs return SECURITY_MODEL_SANDBOXED; } /** * A class that supports querying the video capabilities of a codec. */ Loading
media/java/android/media/MediaFormat.java +54 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,8 @@ package android.media; import static android.media.codec.Flags.FLAG_IN_PROCESS_SW_AUDIO_CODEC; import static com.android.media.codec.flags.Flags.FLAG_CODEC_IMPORTANCE; import static com.android.media.codec.flags.Flags.FLAG_LARGE_AUDIO_FRAME; Loading Loading @@ -1715,6 +1717,58 @@ public final class MediaFormat { @FlaggedApi(FLAG_CODEC_IMPORTANCE) public static final String KEY_IMPORTANCE = "importance"; /** @hide */ @IntDef(flag = true, prefix = {"FLAG_SECURITY_MODEL_"}, value = { FLAG_SECURITY_MODEL_SANDBOXED, FLAG_SECURITY_MODEL_MEMORY_SAFE, FLAG_SECURITY_MODEL_TRUSTED_CONTENT_ONLY, }) @Retention(RetentionPolicy.SOURCE) public @interface SecurityModelFlag {} /** * Flag for {@link MediaCodecInfo#SECURITY_MODEL_SANDBOXED}. */ @FlaggedApi(FLAG_IN_PROCESS_SW_AUDIO_CODEC) public static final int FLAG_SECURITY_MODEL_SANDBOXED = (1 << MediaCodecInfo.SECURITY_MODEL_SANDBOXED); /** * Flag for {@link MediaCodecInfo#SECURITY_MODEL_MEMORY_SAFE}. */ @FlaggedApi(FLAG_IN_PROCESS_SW_AUDIO_CODEC) public static final int FLAG_SECURITY_MODEL_MEMORY_SAFE = (1 << MediaCodecInfo.SECURITY_MODEL_MEMORY_SAFE); /** * Flag for {@link MediaCodecInfo#SECURITY_MODEL_TRUSTED_CONTENT_ONLY}. */ @FlaggedApi(FLAG_IN_PROCESS_SW_AUDIO_CODEC) public static final int FLAG_SECURITY_MODEL_TRUSTED_CONTENT_ONLY = (1 << MediaCodecInfo.SECURITY_MODEL_TRUSTED_CONTENT_ONLY); /** * A key describing the requested security model as flags. * <p> * The associated value is a flag of the following values: * {@link FLAG_SECURITY_MODEL_SANDBOXED}, * {@link FLAG_SECURITY_MODEL_MEMORY_SAFE}, * {@link FLAG_SECURITY_MODEL_TRUSTED_CONTENT_ONLY}. The default value is * {@link FLAG_SECURITY_MODEL_SANDBOXED}. * <p> * When passed to {@link MediaCodecList#findDecoderForFormat} or * {@link MediaCodecList#findEncoderForFormat}, MediaCodecList filters * the security model of the codecs according to this flag value. * <p> * When passed to {@link MediaCodec#configure}, MediaCodec verifies * the security model matches the flag value passed, and throws * {@link java.lang.IllegalArgumentException} if the model does not match. * <p> * @see MediaCodecInfo#getSecurityModel * @see MediaCodecList#findDecoderForFormat * @see MediaCodecList#findEncoderForFormat */ @FlaggedApi(FLAG_IN_PROCESS_SW_AUDIO_CODEC) public static final String KEY_SECURITY_MODEL = "security-model"; /* package private */ MediaFormat(@NonNull Map<String, Object> map) { mMap = map; } Loading
