drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add signature|system permission to MediaDrm signer APIs

Browse Source 
Also addresses style issues noted in post-submit review from
https://googleplex-android-review.git.corp.google.com/#/c/439054/

Change-Id: If177b11dbcc049bc271529c119bc5c36ae0107b5
related-to-bug: 12702350
This commit is contained in:
Jeff Tinker
2014-04-02 12:23:56 -07:00
parent e4095a80b6
commit 65c94e6959
5 changed files with 49 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/res/AndroidManifest.xml
View File

@ -2519,6 +2519,13 @@
android:description="@string/permdesc_accessNetworkConditions"
android:protectionLevel="signature|system" />
<!-- Allows an application to provision and access DRM certificates
@hide This is not a third-party API (intended for system apps). -->
<permission android:name="android.permission.ACCESS_DRM_CERTIFICATES"
android:label="@string/permlab_accessDrmCertificates"
android:description="@string/permdesc_accessDrmCertificates"
android:protectionLevel="signature|system" />
<!-- The system process is explicitly the only one allowed to launch the
confirmation UI for full backup/restore -->
<uses-permission android:name="android.permission.CONFIRM_FULL_BACKUP"/>

5
core/res/res/values/strings.xml
View File

@ -1985,6 +1985,11 @@
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permdesc_accessNetworkConditions">Allows an application to listen for observations on network conditions. Should never be needed for normal apps.</string>
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permlab_accessDrmCertificates">access DRM certificates</string>
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permdesc_accessDrmCertificates">Allows an application to provision and use DRM certficates. Should never be needed for normal apps.</string>
<!-- Policy administration -->
<!-- Title of policy access to limiting the user's password choices -->

55
media/java/android/media/MediaDrm.java
View File

@ -1,4 +1,4 @@
/*
/*
* Copyright (C) 2013 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -29,7 +29,6 @@ import android.os.Message;
import android.os.Bundle;
import android.os.Parcel;
import android.util.Log;
import android.content.Context;
/**
* MediaDrm can be used to obtain keys for decrypting protected media streams, in
@ -100,6 +99,8 @@ public final class MediaDrm {
private final static String TAG = "MediaDrm";
private static final String PERMISSION = android.Manifest.permission.ACCESS_DRM_CERTIFICATES;
private EventHandler mEventHandler;
private OnEventListener mOnEventListener;
@ -154,7 +155,7 @@ public final class MediaDrm {
}
private static final native boolean isCryptoSchemeSupportedNative(byte[] uuid,
String mimeType);
String mimeType);
/**
* Instantiate a MediaDrm object
@ -178,7 +179,7 @@ public final class MediaDrm {
* It's easier to create it here than in C++.
*/
native_setup(new WeakReference<MediaDrm>(this),
getByteArrayFromUUID(uuid));
getByteArrayFromUUID(uuid));
}
/**
@ -287,7 +288,7 @@ public final class MediaDrm {
* the cookie passed to native_setup().)
*/
private static void postEventFromNative(Object mediadrm_ref,
int eventType, int extra, Object obj)
int eventType, int extra, Object obj)
{
MediaDrm md = (MediaDrm)((WeakReference)mediadrm_ref).get();
if (md == null) {
@ -387,9 +388,8 @@ public final class MediaDrm {
* problem with the certifcate
*/
public native KeyRequest getKeyRequest(byte[] scope, byte[] init,
String mimeType, int keyType,
HashMap<String, String> optionalParameters)
throws NotProvisionedException;
String mimeType, int keyType, HashMap<String, String> optionalParameters)
throws NotProvisionedException;
/**
@ -413,7 +413,7 @@ public final class MediaDrm {
* @throws ResourceBusyException if required resources are in use
*/
public native byte[] provideKeyResponse(byte[] scope, byte[] response)
throws NotProvisionedException, DeniedByServerException;
throws NotProvisionedException, DeniedByServerException;
/**
@ -480,7 +480,7 @@ public final class MediaDrm {
}
private native ProvisionRequest getProvisionRequestNative(int certType,
String certAuthority);
String certAuthority);
/**
* After a provision response is received by the app, it is provided to the DRM
@ -493,12 +493,12 @@ public final class MediaDrm {
* server rejected the request
*/
public void provideProvisionResponse(byte[] response)
throws DeniedByServerException {
throws DeniedByServerException {
provideProvisionResponseNative(response);
}
private native Certificate provideProvisionResponseNative(byte[] response)
throws DeniedByServerException;
throws DeniedByServerException;
/**
* A means of enforcing limits on the number of concurrent streams per subscriber
@ -585,23 +585,22 @@ public final class MediaDrm {
private static final native void setCipherAlgorithmNative(MediaDrm drm, byte[] sessionId,
String algorithm);
String algorithm);
private static final native void setMacAlgorithmNative(MediaDrm drm, byte[] sessionId,
String algorithm);
String algorithm);
private static final native byte[] encryptNative(MediaDrm drm, byte[] sessionId,
byte[] keyId, byte[] input, byte[] iv);
byte[] keyId, byte[] input, byte[] iv);
private static final native byte[] decryptNative(MediaDrm drm, byte[] sessionId,
byte[] keyId, byte[] input, byte[] iv);
byte[] keyId, byte[] input, byte[] iv);
private static final native byte[] signNative(MediaDrm drm, byte[] sessionId,
byte[] keyId, byte[] message);
byte[] keyId, byte[] message);
private static final native boolean verifyNative(MediaDrm drm, byte[] sessionId,
byte[] keyId, byte[] message,
byte[] signature);
byte[] keyId, byte[] message, byte[] signature);
/**
* In addition to supporting decryption of DASH Common Encrypted Media, the
@ -631,7 +630,7 @@ public final class MediaDrm {
private byte[] mSessionId;
CryptoSession(MediaDrm drm, byte[] sessionId,
String cipherAlgorithm, String macAlgorithm)
String cipherAlgorithm, String macAlgorithm)
{
mSessionId = sessionId;
mDrm = drm;
@ -706,8 +705,7 @@ public final class MediaDrm {
* "algorithms".
*/
public CryptoSession getCryptoSession(byte[] sessionId,
String cipherAlgorithm,
String macAlgorithm)
String cipherAlgorithm, String macAlgorithm)
{
return new CryptoSession(this, sessionId, cipherAlgorithm, macAlgorithm);
}
@ -753,11 +751,11 @@ public final class MediaDrm {
* @hide - not part of the public API at this time
*/
public CertificateRequest getCertificateRequest(int certType,
String certAuthority)
String certAuthority)
{
ProvisionRequest provisionRequest = getProvisionRequestNative(certType, certAuthority);
return new CertificateRequest(provisionRequest.getData(),
provisionRequest.getDefaultUrl());
provisionRequest.getDefaultUrl());
}
/**
@ -802,18 +800,16 @@ public final class MediaDrm {
* @hide - not part of the public API at this time
*/
public Certificate provideCertificateResponse(byte[] response)
throws DeniedByServerException {
throws DeniedByServerException {
return provideProvisionResponseNative(response);
}
private static final native byte[] signRSANative(MediaDrm drm, byte[] sessionId,
String algorithm, byte[] wrappedKey,
byte[] message);
String algorithm, byte[] wrappedKey, byte[] message);
/**
* Sign data using an RSA key
*
* @param context the app context
* @param sessionId a sessionId obtained from openSession on the MediaDrm object
* @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1"
* @param wrappedKey - the wrapped (encrypted) RSA private key obtained
@ -822,7 +818,8 @@ public final class MediaDrm {
*
* @hide - not part of the public API at this time
*/
public byte[] signRSA(Context context, byte[] sessionId, String algorithm, byte[] wrappedKey, byte[] message) {
public byte[] signRSA(byte[] sessionId, String algorithm,
byte[] wrappedKey, byte[] message) {
return signRSANative(this, sessionId, algorithm, wrappedKey, message);
}

8
media/jni/android_media_MediaDrm.cpp
View File

@ -570,7 +570,7 @@ static void android_media_MediaDrm_native_init(JNIEnv *env) {
FIND_CLASS(clazz, "android/media/MediaDrm$Certificate");
GET_FIELD_ID(gFields.certificate.wrappedPrivateKey, clazz, "mWrappedKey", "[B");
GET_FIELD_ID(gFields.certificate.certificateData, clazz, "mCertificateData", "[B");
gFields.certificateClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz));
gFields.certificateClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
FIND_CLASS(clazz, "java/util/ArrayList");
GET_METHOD_ID(gFields.arraylist.init, clazz, "<init>", "()V");
@ -595,13 +595,13 @@ static void android_media_MediaDrm_native_init(JNIEnv *env) {
GET_METHOD_ID(gFields.entry.getValue, clazz, "getValue", "()Ljava/lang/Object;");
FIND_CLASS(clazz, "java/util/HashMap");
gFields.hashmapClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz));
gFields.hashmapClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
FIND_CLASS(clazz, "java/lang/String");
gFields.stringClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz));
gFields.stringClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
FIND_CLASS(clazz, "java/util/ArrayList");
gFields.arraylistClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz));
gFields.arraylistClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
}
static void android_media_MediaDrm_native_setup(

16
media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java
View File

@ -16,7 +16,6 @@
package com.android.mediadrm.signer;
import android.content.Context;
import android.media.MediaDrm;
import android.media.DeniedByServerException;
@ -37,7 +36,7 @@ public final class MediaDrmSigner {
* server
*/
public final static class CertificateRequest {
private MediaDrm.CertificateRequest mCertRequest;
private final MediaDrm.CertificateRequest mCertRequest;
CertificateRequest(MediaDrm.CertificateRequest certRequest) {
mCertRequest = certRequest;
@ -65,7 +64,7 @@ public final class MediaDrmSigner {
* with a certificate.
*/
public final static class Certificate {
private MediaDrm.Certificate mCertificate;
private final MediaDrm.Certificate mCertificate;
Certificate(MediaDrm.Certificate certificate) {
mCertificate = certificate;
@ -97,7 +96,7 @@ public final class MediaDrmSigner {
* the chain of authority.
*/
public static CertificateRequest getCertificateRequest(MediaDrm drm, int certType,
String certAuthority) {
String certAuthority) {
return new CertificateRequest(drm.getCertificateRequest(certType, certAuthority));
}
@ -117,14 +116,13 @@ public final class MediaDrmSigner {
* server rejected the request
*/
public static Certificate provideCertificateResponse(MediaDrm drm, byte[] response)
throws DeniedByServerException {
throws DeniedByServerException {
return new Certificate(drm.provideCertificateResponse(response));
}
/**
* Sign data using an RSA key
*
* @param context the App context
* @param drm the MediaDrm object
* @param sessionId a sessionId obtained from openSession on the MediaDrm object
* @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1"
@ -132,8 +130,8 @@ public final class MediaDrmSigner {
* from provideCertificateResponse
* @param message the data for which a signature is to be computed
*/
public static byte[] signRSA(Context context, MediaDrm drm, byte[] sessionId,
String algorithm, byte[] wrappedKey, byte[] message) {
return drm.signRSA(context, sessionId, algorithm, wrappedKey, message);
public static byte[] signRSA(MediaDrm drm, byte[] sessionId,
String algorithm, byte[] wrappedKey, byte[] message) {
return drm.signRSA(sessionId, algorithm, wrappedKey, message);
}
}