drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Add signature|system permission to MediaDrm signer APIs" into klp-modular-dev

Browse Source
This commit is contained in:
Jeff Tinker
2014-04-03 01:30:42 +00:00
committed by Android (Google) Code Review
parent 31518f745f 65c94e6959
commit 4995d72520
5 changed files with 49 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/res/AndroidManifest.xml
View File

@ -2519,6 +2519,13 @@
android:description="@string/permdesc_accessNetworkConditions" android:description="@string/permdesc_accessNetworkConditions"
android:protectionLevel="signature|system" /> android:protectionLevel="signature|system" />
<!-- Allows an application to provision and access DRM certificates
@hide This is not a third-party API (intended for system apps). -->
<permission android:name="android.permission.ACCESS_DRM_CERTIFICATES"
android:label="@string/permlab_accessDrmCertificates"
android:description="@string/permdesc_accessDrmCertificates"
android:protectionLevel="signature|system" />
<!-- The system process is explicitly the only one allowed to launch the <!-- The system process is explicitly the only one allowed to launch the
confirmation UI for full backup/restore --> confirmation UI for full backup/restore -->
<uses-permission android:name="android.permission.CONFIRM_FULL_BACKUP"/> <uses-permission android:name="android.permission.CONFIRM_FULL_BACKUP"/>

5
core/res/res/values/strings.xml
View File

@ -1985,6 +1985,11 @@
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. --> <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permdesc_accessNetworkConditions">Allows an application to listen for observations on network conditions. Should never be needed for normal apps.</string> <string name="permdesc_accessNetworkConditions">Allows an application to listen for observations on network conditions. Should never be needed for normal apps.</string>
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permlab_accessDrmCertificates">access DRM certificates</string>
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permdesc_accessDrmCertificates">Allows an application to provision and use DRM certficates. Should never be needed for normal apps.</string>
<!-- Policy administration --> <!-- Policy administration -->
<!-- Title of policy access to limiting the user's password choices --> <!-- Title of policy access to limiting the user's password choices -->

55
media/java/android/media/MediaDrm.java
View File

@ -1,4 +1,4 @@
/* /*
* Copyright (C) 2013 The Android Open Source Project * Copyright (C) 2013 The Android Open Source Project
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
@ -29,7 +29,6 @@ import android.os.Message;
import android.os.Bundle; import android.os.Bundle;
import android.os.Parcel; import android.os.Parcel;
import android.util.Log; import android.util.Log;
import android.content.Context;
/** /**
* MediaDrm can be used to obtain keys for decrypting protected media streams, in * MediaDrm can be used to obtain keys for decrypting protected media streams, in
@ -100,6 +99,8 @@ public final class MediaDrm {
private final static String TAG = "MediaDrm"; private final static String TAG = "MediaDrm";
private static final String PERMISSION = android.Manifest.permission.ACCESS_DRM_CERTIFICATES;
private EventHandler mEventHandler; private EventHandler mEventHandler;
private OnEventListener mOnEventListener; private OnEventListener mOnEventListener;
@ -154,7 +155,7 @@ public final class MediaDrm {
} }
private static final native boolean isCryptoSchemeSupportedNative(byte[] uuid, private static final native boolean isCryptoSchemeSupportedNative(byte[] uuid,
String mimeType); String mimeType);
/** /**
* Instantiate a MediaDrm object * Instantiate a MediaDrm object
@ -178,7 +179,7 @@ public final class MediaDrm {
* It's easier to create it here than in C++. * It's easier to create it here than in C++.
*/ */
native_setup(new WeakReference<MediaDrm>(this), native_setup(new WeakReference<MediaDrm>(this),
getByteArrayFromUUID(uuid)); getByteArrayFromUUID(uuid));
} }
/** /**
@ -287,7 +288,7 @@ public final class MediaDrm {
* the cookie passed to native_setup().) * the cookie passed to native_setup().)
*/ */
private static void postEventFromNative(Object mediadrm_ref, private static void postEventFromNative(Object mediadrm_ref,
int eventType, int extra, Object obj) int eventType, int extra, Object obj)
{ {
MediaDrm md = (MediaDrm)((WeakReference)mediadrm_ref).get(); MediaDrm md = (MediaDrm)((WeakReference)mediadrm_ref).get();
if (md == null) { if (md == null) {
@ -387,9 +388,8 @@ public final class MediaDrm {
* problem with the certifcate * problem with the certifcate
*/ */
public native KeyRequest getKeyRequest(byte[] scope, byte[] init, public native KeyRequest getKeyRequest(byte[] scope, byte[] init,
String mimeType, int keyType, String mimeType, int keyType, HashMap<String, String> optionalParameters)
HashMap<String, String> optionalParameters) throws NotProvisionedException;
throws NotProvisionedException;
/** /**
@ -413,7 +413,7 @@ public final class MediaDrm {
* @throws ResourceBusyException if required resources are in use * @throws ResourceBusyException if required resources are in use
*/ */
public native byte[] provideKeyResponse(byte[] scope, byte[] response) public native byte[] provideKeyResponse(byte[] scope, byte[] response)
throws NotProvisionedException, DeniedByServerException; throws NotProvisionedException, DeniedByServerException;
/** /**
@ -480,7 +480,7 @@ public final class MediaDrm {
} }
private native ProvisionRequest getProvisionRequestNative(int certType, private native ProvisionRequest getProvisionRequestNative(int certType,
String certAuthority); String certAuthority);
/** /**
* After a provision response is received by the app, it is provided to the DRM * After a provision response is received by the app, it is provided to the DRM
@ -493,12 +493,12 @@ public final class MediaDrm {
* server rejected the request * server rejected the request
*/ */
public void provideProvisionResponse(byte[] response) public void provideProvisionResponse(byte[] response)
throws DeniedByServerException { throws DeniedByServerException {
provideProvisionResponseNative(response); provideProvisionResponseNative(response);
} }
private native Certificate provideProvisionResponseNative(byte[] response) private native Certificate provideProvisionResponseNative(byte[] response)
throws DeniedByServerException; throws DeniedByServerException;
/** /**
* A means of enforcing limits on the number of concurrent streams per subscriber * A means of enforcing limits on the number of concurrent streams per subscriber
@ -585,23 +585,22 @@ public final class MediaDrm {
private static final native void setCipherAlgorithmNative(MediaDrm drm, byte[] sessionId, private static final native void setCipherAlgorithmNative(MediaDrm drm, byte[] sessionId,
String algorithm); String algorithm);
private static final native void setMacAlgorithmNative(MediaDrm drm, byte[] sessionId, private static final native void setMacAlgorithmNative(MediaDrm drm, byte[] sessionId,
String algorithm); String algorithm);
private static final native byte[] encryptNative(MediaDrm drm, byte[] sessionId, private static final native byte[] encryptNative(MediaDrm drm, byte[] sessionId,
byte[] keyId, byte[] input, byte[] iv); byte[] keyId, byte[] input, byte[] iv);
private static final native byte[] decryptNative(MediaDrm drm, byte[] sessionId, private static final native byte[] decryptNative(MediaDrm drm, byte[] sessionId,
byte[] keyId, byte[] input, byte[] iv); byte[] keyId, byte[] input, byte[] iv);
private static final native byte[] signNative(MediaDrm drm, byte[] sessionId, private static final native byte[] signNative(MediaDrm drm, byte[] sessionId,
byte[] keyId, byte[] message); byte[] keyId, byte[] message);
private static final native boolean verifyNative(MediaDrm drm, byte[] sessionId, private static final native boolean verifyNative(MediaDrm drm, byte[] sessionId,
byte[] keyId, byte[] message, byte[] keyId, byte[] message, byte[] signature);
byte[] signature);
/** /**
* In addition to supporting decryption of DASH Common Encrypted Media, the * In addition to supporting decryption of DASH Common Encrypted Media, the
@ -631,7 +630,7 @@ public final class MediaDrm {
private byte[] mSessionId; private byte[] mSessionId;
CryptoSession(MediaDrm drm, byte[] sessionId, CryptoSession(MediaDrm drm, byte[] sessionId,
String cipherAlgorithm, String macAlgorithm) String cipherAlgorithm, String macAlgorithm)
{ {
mSessionId = sessionId; mSessionId = sessionId;
mDrm = drm; mDrm = drm;
@ -706,8 +705,7 @@ public final class MediaDrm {
* "algorithms". * "algorithms".
*/ */
public CryptoSession getCryptoSession(byte[] sessionId, public CryptoSession getCryptoSession(byte[] sessionId,
String cipherAlgorithm, String cipherAlgorithm, String macAlgorithm)
String macAlgorithm)
{ {
return new CryptoSession(this, sessionId, cipherAlgorithm, macAlgorithm); return new CryptoSession(this, sessionId, cipherAlgorithm, macAlgorithm);
} }
@ -753,11 +751,11 @@ public final class MediaDrm {
* @hide - not part of the public API at this time * @hide - not part of the public API at this time
*/ */
public CertificateRequest getCertificateRequest(int certType, public CertificateRequest getCertificateRequest(int certType,
String certAuthority) String certAuthority)
{ {
ProvisionRequest provisionRequest = getProvisionRequestNative(certType, certAuthority); ProvisionRequest provisionRequest = getProvisionRequestNative(certType, certAuthority);
return new CertificateRequest(provisionRequest.getData(), return new CertificateRequest(provisionRequest.getData(),
provisionRequest.getDefaultUrl()); provisionRequest.getDefaultUrl());
} }
/** /**
@ -802,18 +800,16 @@ public final class MediaDrm {
* @hide - not part of the public API at this time * @hide - not part of the public API at this time
*/ */
public Certificate provideCertificateResponse(byte[] response) public Certificate provideCertificateResponse(byte[] response)
throws DeniedByServerException { throws DeniedByServerException {
return provideProvisionResponseNative(response); return provideProvisionResponseNative(response);
} }
private static final native byte[] signRSANative(MediaDrm drm, byte[] sessionId, private static final native byte[] signRSANative(MediaDrm drm, byte[] sessionId,
String algorithm, byte[] wrappedKey, String algorithm, byte[] wrappedKey, byte[] message);
byte[] message);
/** /**
* Sign data using an RSA key * Sign data using an RSA key
* *
* @param context the app context
* @param sessionId a sessionId obtained from openSession on the MediaDrm object * @param sessionId a sessionId obtained from openSession on the MediaDrm object
* @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1" * @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1"
* @param wrappedKey - the wrapped (encrypted) RSA private key obtained * @param wrappedKey - the wrapped (encrypted) RSA private key obtained
@ -822,7 +818,8 @@ public final class MediaDrm {
* *
* @hide - not part of the public API at this time * @hide - not part of the public API at this time
*/ */
public byte[] signRSA(Context context, byte[] sessionId, String algorithm, byte[] wrappedKey, byte[] message) { public byte[] signRSA(byte[] sessionId, String algorithm,
byte[] wrappedKey, byte[] message) {
return signRSANative(this, sessionId, algorithm, wrappedKey, message); return signRSANative(this, sessionId, algorithm, wrappedKey, message);
} }

8
media/jni/android_media_MediaDrm.cpp
View File

@ -570,7 +570,7 @@ static void android_media_MediaDrm_native_init(JNIEnv *env) {
FIND_CLASS(clazz, "android/media/MediaDrm$Certificate"); FIND_CLASS(clazz, "android/media/MediaDrm$Certificate");
GET_FIELD_ID(gFields.certificate.wrappedPrivateKey, clazz, "mWrappedKey", "[B"); GET_FIELD_ID(gFields.certificate.wrappedPrivateKey, clazz, "mWrappedKey", "[B");
GET_FIELD_ID(gFields.certificate.certificateData, clazz, "mCertificateData", "[B"); GET_FIELD_ID(gFields.certificate.certificateData, clazz, "mCertificateData", "[B");
gFields.certificateClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz)); gFields.certificateClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
FIND_CLASS(clazz, "java/util/ArrayList"); FIND_CLASS(clazz, "java/util/ArrayList");
GET_METHOD_ID(gFields.arraylist.init, clazz, "<init>", "()V"); GET_METHOD_ID(gFields.arraylist.init, clazz, "<init>", "()V");
@ -595,13 +595,13 @@ static void android_media_MediaDrm_native_init(JNIEnv *env) {
GET_METHOD_ID(gFields.entry.getValue, clazz, "getValue", "()Ljava/lang/Object;"); GET_METHOD_ID(gFields.entry.getValue, clazz, "getValue", "()Ljava/lang/Object;");
FIND_CLASS(clazz, "java/util/HashMap"); FIND_CLASS(clazz, "java/util/HashMap");
gFields.hashmapClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz)); gFields.hashmapClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
FIND_CLASS(clazz, "java/lang/String"); FIND_CLASS(clazz, "java/lang/String");
gFields.stringClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz)); gFields.stringClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
FIND_CLASS(clazz, "java/util/ArrayList"); FIND_CLASS(clazz, "java/util/ArrayList");
gFields.arraylistClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz)); gFields.arraylistClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
} }
static void android_media_MediaDrm_native_setup( static void android_media_MediaDrm_native_setup(

16
media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java
View File

@ -16,7 +16,6 @@
package com.android.mediadrm.signer; package com.android.mediadrm.signer;
import android.content.Context;
import android.media.MediaDrm; import android.media.MediaDrm;
import android.media.DeniedByServerException; import android.media.DeniedByServerException;
@ -37,7 +36,7 @@ public final class MediaDrmSigner {
* server * server
*/ */
public final static class CertificateRequest { public final static class CertificateRequest {
private MediaDrm.CertificateRequest mCertRequest; private final MediaDrm.CertificateRequest mCertRequest;
CertificateRequest(MediaDrm.CertificateRequest certRequest) { CertificateRequest(MediaDrm.CertificateRequest certRequest) {
mCertRequest = certRequest; mCertRequest = certRequest;
@ -65,7 +64,7 @@ public final class MediaDrmSigner {
* with a certificate. * with a certificate.
*/ */
public final static class Certificate { public final static class Certificate {
private MediaDrm.Certificate mCertificate; private final MediaDrm.Certificate mCertificate;
Certificate(MediaDrm.Certificate certificate) { Certificate(MediaDrm.Certificate certificate) {
mCertificate = certificate; mCertificate = certificate;
@ -97,7 +96,7 @@ public final class MediaDrmSigner {
* the chain of authority. * the chain of authority.
*/ */
public static CertificateRequest getCertificateRequest(MediaDrm drm, int certType, public static CertificateRequest getCertificateRequest(MediaDrm drm, int certType,
String certAuthority) { String certAuthority) {
return new CertificateRequest(drm.getCertificateRequest(certType, certAuthority)); return new CertificateRequest(drm.getCertificateRequest(certType, certAuthority));
} }
@ -117,14 +116,13 @@ public final class MediaDrmSigner {
* server rejected the request * server rejected the request
*/ */
public static Certificate provideCertificateResponse(MediaDrm drm, byte[] response) public static Certificate provideCertificateResponse(MediaDrm drm, byte[] response)
throws DeniedByServerException { throws DeniedByServerException {
return new Certificate(drm.provideCertificateResponse(response)); return new Certificate(drm.provideCertificateResponse(response));
} }
/** /**
* Sign data using an RSA key * Sign data using an RSA key
* *
* @param context the App context
* @param drm the MediaDrm object * @param drm the MediaDrm object
* @param sessionId a sessionId obtained from openSession on the MediaDrm object * @param sessionId a sessionId obtained from openSession on the MediaDrm object
* @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1" * @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1"
@ -132,8 +130,8 @@ public final class MediaDrmSigner {
* from provideCertificateResponse * from provideCertificateResponse
* @param message the data for which a signature is to be computed * @param message the data for which a signature is to be computed
*/ */
public static byte[] signRSA(Context context, MediaDrm drm, byte[] sessionId, public static byte[] signRSA(MediaDrm drm, byte[] sessionId,
String algorithm, byte[] wrappedKey, byte[] message) { String algorithm, byte[] wrappedKey, byte[] message) {
return drm.signRSA(context, sessionId, algorithm, wrappedKey, message); return drm.signRSA(sessionId, algorithm, wrappedKey, message);
} }
} }