Merge "Add signature|system permission to MediaDrm signer APIs" into klp-modular-dev
This commit is contained in:
Jeff Tinker
Android (Google) Code Review
@ -2519,6 +2519,13 @@
|
|||||||
android:description="@string/permdesc_accessNetworkConditions"
|
android:description="@string/permdesc_accessNetworkConditions"
|
||||||
android:protectionLevel="signature|system" />
|
android:protectionLevel="signature|system" />
|
||||||
|
|
||||||
|
<!-- Allows an application to provision and access DRM certificates
|
||||||
|
@hide This is not a third-party API (intended for system apps). -->
|
||||||
|
<permission android:name="android.permission.ACCESS_DRM_CERTIFICATES"
|
||||||
|
android:label="@string/permlab_accessDrmCertificates"
|
||||||
|
android:description="@string/permdesc_accessDrmCertificates"
|
||||||
|
android:protectionLevel="signature|system" />
|
||||||
|
|
||||||
<!-- The system process is explicitly the only one allowed to launch the
|
<!-- The system process is explicitly the only one allowed to launch the
|
||||||
confirmation UI for full backup/restore -->
|
confirmation UI for full backup/restore -->
|
||||||
<uses-permission android:name="android.permission.CONFIRM_FULL_BACKUP"/>
|
<uses-permission android:name="android.permission.CONFIRM_FULL_BACKUP"/>
|
||||||
|
|||||||
@ -1985,6 +1985,11 @@
|
|||||||
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||||
<string name="permdesc_accessNetworkConditions">Allows an application to listen for observations on network conditions. Should never be needed for normal apps.</string>
|
<string name="permdesc_accessNetworkConditions">Allows an application to listen for observations on network conditions. Should never be needed for normal apps.</string>
|
||||||
|
|
||||||
|
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||||
|
<string name="permlab_accessDrmCertificates">access DRM certificates</string>
|
||||||
|
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||||
|
<string name="permdesc_accessDrmCertificates">Allows an application to provision and use DRM certficates. Should never be needed for normal apps.</string>
|
||||||
|
|
||||||
<!-- Policy administration -->
|
<!-- Policy administration -->
|
||||||
|
|
||||||
<!-- Title of policy access to limiting the user's password choices -->
|
<!-- Title of policy access to limiting the user's password choices -->
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (C) 2013 The Android Open Source Project
|
* Copyright (C) 2013 The Android Open Source Project
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -29,7 +29,6 @@ import android.os.Message;
|
|||||||
import android.os.Bundle;
|
import android.os.Bundle;
|
||||||
import android.os.Parcel;
|
import android.os.Parcel;
|
||||||
import android.util.Log;
|
import android.util.Log;
|
||||||
import android.content.Context;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* MediaDrm can be used to obtain keys for decrypting protected media streams, in
|
* MediaDrm can be used to obtain keys for decrypting protected media streams, in
|
||||||
@ -100,6 +99,8 @@ public final class MediaDrm {
|
|||||||
|
|
||||||
private final static String TAG = "MediaDrm";
|
private final static String TAG = "MediaDrm";
|
||||||
|
|
||||||
|
private static final String PERMISSION = android.Manifest.permission.ACCESS_DRM_CERTIFICATES;
|
||||||
|
|
||||||
private EventHandler mEventHandler;
|
private EventHandler mEventHandler;
|
||||||
private OnEventListener mOnEventListener;
|
private OnEventListener mOnEventListener;
|
||||||
|
|
||||||
@ -387,8 +388,7 @@ public final class MediaDrm {
|
|||||||
* problem with the certifcate
|
* problem with the certifcate
|
||||||
*/
|
*/
|
||||||
public native KeyRequest getKeyRequest(byte[] scope, byte[] init,
|
public native KeyRequest getKeyRequest(byte[] scope, byte[] init,
|
||||||
String mimeType, int keyType,
|
String mimeType, int keyType, HashMap<String, String> optionalParameters)
|
||||||
HashMap<String, String> optionalParameters)
|
|
||||||
throws NotProvisionedException;
|
throws NotProvisionedException;
|
||||||
|
|
||||||
|
|
||||||
@ -600,8 +600,7 @@ public final class MediaDrm {
|
|||||||
byte[] keyId, byte[] message);
|
byte[] keyId, byte[] message);
|
||||||
|
|
||||||
private static final native boolean verifyNative(MediaDrm drm, byte[] sessionId,
|
private static final native boolean verifyNative(MediaDrm drm, byte[] sessionId,
|
||||||
byte[] keyId, byte[] message,
|
byte[] keyId, byte[] message, byte[] signature);
|
||||||
byte[] signature);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* In addition to supporting decryption of DASH Common Encrypted Media, the
|
* In addition to supporting decryption of DASH Common Encrypted Media, the
|
||||||
@ -706,8 +705,7 @@ public final class MediaDrm {
|
|||||||
* "algorithms".
|
* "algorithms".
|
||||||
*/
|
*/
|
||||||
public CryptoSession getCryptoSession(byte[] sessionId,
|
public CryptoSession getCryptoSession(byte[] sessionId,
|
||||||
String cipherAlgorithm,
|
String cipherAlgorithm, String macAlgorithm)
|
||||||
String macAlgorithm)
|
|
||||||
{
|
{
|
||||||
return new CryptoSession(this, sessionId, cipherAlgorithm, macAlgorithm);
|
return new CryptoSession(this, sessionId, cipherAlgorithm, macAlgorithm);
|
||||||
}
|
}
|
||||||
@ -807,13 +805,11 @@ public final class MediaDrm {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private static final native byte[] signRSANative(MediaDrm drm, byte[] sessionId,
|
private static final native byte[] signRSANative(MediaDrm drm, byte[] sessionId,
|
||||||
String algorithm, byte[] wrappedKey,
|
String algorithm, byte[] wrappedKey, byte[] message);
|
||||||
byte[] message);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sign data using an RSA key
|
* Sign data using an RSA key
|
||||||
*
|
*
|
||||||
* @param context the app context
|
|
||||||
* @param sessionId a sessionId obtained from openSession on the MediaDrm object
|
* @param sessionId a sessionId obtained from openSession on the MediaDrm object
|
||||||
* @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1"
|
* @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1"
|
||||||
* @param wrappedKey - the wrapped (encrypted) RSA private key obtained
|
* @param wrappedKey - the wrapped (encrypted) RSA private key obtained
|
||||||
@ -822,7 +818,8 @@ public final class MediaDrm {
|
|||||||
*
|
*
|
||||||
* @hide - not part of the public API at this time
|
* @hide - not part of the public API at this time
|
||||||
*/
|
*/
|
||||||
public byte[] signRSA(Context context, byte[] sessionId, String algorithm, byte[] wrappedKey, byte[] message) {
|
public byte[] signRSA(byte[] sessionId, String algorithm,
|
||||||
|
byte[] wrappedKey, byte[] message) {
|
||||||
return signRSANative(this, sessionId, algorithm, wrappedKey, message);
|
return signRSANative(this, sessionId, algorithm, wrappedKey, message);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -570,7 +570,7 @@ static void android_media_MediaDrm_native_init(JNIEnv *env) {
|
|||||||
FIND_CLASS(clazz, "android/media/MediaDrm$Certificate");
|
FIND_CLASS(clazz, "android/media/MediaDrm$Certificate");
|
||||||
GET_FIELD_ID(gFields.certificate.wrappedPrivateKey, clazz, "mWrappedKey", "[B");
|
GET_FIELD_ID(gFields.certificate.wrappedPrivateKey, clazz, "mWrappedKey", "[B");
|
||||||
GET_FIELD_ID(gFields.certificate.certificateData, clazz, "mCertificateData", "[B");
|
GET_FIELD_ID(gFields.certificate.certificateData, clazz, "mCertificateData", "[B");
|
||||||
gFields.certificateClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz));
|
gFields.certificateClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
|
||||||
|
|
||||||
FIND_CLASS(clazz, "java/util/ArrayList");
|
FIND_CLASS(clazz, "java/util/ArrayList");
|
||||||
GET_METHOD_ID(gFields.arraylist.init, clazz, "<init>", "()V");
|
GET_METHOD_ID(gFields.arraylist.init, clazz, "<init>", "()V");
|
||||||
@ -595,13 +595,13 @@ static void android_media_MediaDrm_native_init(JNIEnv *env) {
|
|||||||
GET_METHOD_ID(gFields.entry.getValue, clazz, "getValue", "()Ljava/lang/Object;");
|
GET_METHOD_ID(gFields.entry.getValue, clazz, "getValue", "()Ljava/lang/Object;");
|
||||||
|
|
||||||
FIND_CLASS(clazz, "java/util/HashMap");
|
FIND_CLASS(clazz, "java/util/HashMap");
|
||||||
gFields.hashmapClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz));
|
gFields.hashmapClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
|
||||||
|
|
||||||
FIND_CLASS(clazz, "java/lang/String");
|
FIND_CLASS(clazz, "java/lang/String");
|
||||||
gFields.stringClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz));
|
gFields.stringClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
|
||||||
|
|
||||||
FIND_CLASS(clazz, "java/util/ArrayList");
|
FIND_CLASS(clazz, "java/util/ArrayList");
|
||||||
gFields.arraylistClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz));
|
gFields.arraylistClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
|
||||||
}
|
}
|
||||||
|
|
||||||
static void android_media_MediaDrm_native_setup(
|
static void android_media_MediaDrm_native_setup(
|
||||||
|
|||||||
@ -16,7 +16,6 @@
|
|||||||
|
|
||||||
package com.android.mediadrm.signer;
|
package com.android.mediadrm.signer;
|
||||||
|
|
||||||
import android.content.Context;
|
|
||||||
import android.media.MediaDrm;
|
import android.media.MediaDrm;
|
||||||
import android.media.DeniedByServerException;
|
import android.media.DeniedByServerException;
|
||||||
|
|
||||||
@ -37,7 +36,7 @@ public final class MediaDrmSigner {
|
|||||||
* server
|
* server
|
||||||
*/
|
*/
|
||||||
public final static class CertificateRequest {
|
public final static class CertificateRequest {
|
||||||
private MediaDrm.CertificateRequest mCertRequest;
|
private final MediaDrm.CertificateRequest mCertRequest;
|
||||||
|
|
||||||
CertificateRequest(MediaDrm.CertificateRequest certRequest) {
|
CertificateRequest(MediaDrm.CertificateRequest certRequest) {
|
||||||
mCertRequest = certRequest;
|
mCertRequest = certRequest;
|
||||||
@ -65,7 +64,7 @@ public final class MediaDrmSigner {
|
|||||||
* with a certificate.
|
* with a certificate.
|
||||||
*/
|
*/
|
||||||
public final static class Certificate {
|
public final static class Certificate {
|
||||||
private MediaDrm.Certificate mCertificate;
|
private final MediaDrm.Certificate mCertificate;
|
||||||
|
|
||||||
Certificate(MediaDrm.Certificate certificate) {
|
Certificate(MediaDrm.Certificate certificate) {
|
||||||
mCertificate = certificate;
|
mCertificate = certificate;
|
||||||
@ -124,7 +123,6 @@ public final class MediaDrmSigner {
|
|||||||
/**
|
/**
|
||||||
* Sign data using an RSA key
|
* Sign data using an RSA key
|
||||||
*
|
*
|
||||||
* @param context the App context
|
|
||||||
* @param drm the MediaDrm object
|
* @param drm the MediaDrm object
|
||||||
* @param sessionId a sessionId obtained from openSession on the MediaDrm object
|
* @param sessionId a sessionId obtained from openSession on the MediaDrm object
|
||||||
* @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1"
|
* @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1"
|
||||||
@ -132,8 +130,8 @@ public final class MediaDrmSigner {
|
|||||||
* from provideCertificateResponse
|
* from provideCertificateResponse
|
||||||
* @param message the data for which a signature is to be computed
|
* @param message the data for which a signature is to be computed
|
||||||
*/
|
*/
|
||||||
public static byte[] signRSA(Context context, MediaDrm drm, byte[] sessionId,
|
public static byte[] signRSA(MediaDrm drm, byte[] sessionId,
|
||||||
String algorithm, byte[] wrappedKey, byte[] message) {
|
String algorithm, byte[] wrappedKey, byte[] message) {
|
||||||
return drm.signRSA(context, sessionId, algorithm, wrappedKey, message);
|
return drm.signRSA(sessionId, algorithm, wrappedKey, message);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user