diff options
author | James Dong <jdong@google.com> | 2012-02-28 13:55:55 -0800 |
---|---|---|
committer | James Dong <jdong@google.com> | 2012-02-28 18:50:44 -0800 |
commit | 328745b130c1c59e53d68a9a3c71675d3932d34b (patch) | |
tree | c35e7d4e33ecbde14e93d658d3d91cc52fbd35ac | |
parent | 0f7affe1716dfd6687262008120ed128df1af214 (diff) | |
download | frameworks_av-328745b130c1c59e53d68a9a3c71675d3932d34b.zip frameworks_av-328745b130c1c59e53d68a9a3c71675d3932d34b.tar.gz frameworks_av-328745b130c1c59e53d68a9a3c71675d3932d34b.tar.bz2 |
Added permission check for all sensitive drm API calls
o all drm calls using a DecryptHandle now check the permission before proceeding
Change-Id: Ic992a991357876c6e4bfbfab4f5eec1fa0634a13
-rw-r--r-- | drm/drmserver/DrmManagerService.cpp | 21 | ||||
-rw-r--r-- | include/drm/drm_framework_common.h | 1 |
2 files changed, 22 insertions, 0 deletions
diff --git a/drm/drmserver/DrmManagerService.cpp b/drm/drmserver/DrmManagerService.cpp index caeb026..8ba0203 100644 --- a/drm/drmserver/DrmManagerService.cpp +++ b/drm/drmserver/DrmManagerService.cpp @@ -159,12 +159,18 @@ int DrmManagerService::checkRightsStatus( status_t DrmManagerService::consumeRights( int uniqueId, DecryptHandle* decryptHandle, int action, bool reserve) { ALOGV("Entering consumeRights"); + if (!isProtectedCallAllowed()) { + return DRM_ERROR_NO_PERMISSION; + } return mDrmManager->consumeRights(uniqueId, decryptHandle, action, reserve); } status_t DrmManagerService::setPlaybackStatus( int uniqueId, DecryptHandle* decryptHandle, int playbackStatus, int64_t position) { ALOGV("Entering setPlaybackStatus"); + if (!isProtectedCallAllowed()) { + return DRM_ERROR_NO_PERMISSION; + } return mDrmManager->setPlaybackStatus(uniqueId, decryptHandle, playbackStatus, position); } @@ -229,12 +235,18 @@ DecryptHandle* DrmManagerService::openDecryptSession( status_t DrmManagerService::closeDecryptSession(int uniqueId, DecryptHandle* decryptHandle) { ALOGV("Entering closeDecryptSession"); + if (!isProtectedCallAllowed()) { + return DRM_ERROR_NO_PERMISSION; + } return mDrmManager->closeDecryptSession(uniqueId, decryptHandle); } status_t DrmManagerService::initializeDecryptUnit(int uniqueId, DecryptHandle* decryptHandle, int decryptUnitId, const DrmBuffer* headerInfo) { ALOGV("Entering initializeDecryptUnit"); + if (!isProtectedCallAllowed()) { + return DRM_ERROR_NO_PERMISSION; + } return mDrmManager->initializeDecryptUnit(uniqueId,decryptHandle, decryptUnitId, headerInfo); } @@ -242,18 +254,27 @@ status_t DrmManagerService::decrypt( int uniqueId, DecryptHandle* decryptHandle, int decryptUnitId, const DrmBuffer* encBuffer, DrmBuffer** decBuffer, DrmBuffer* IV) { ALOGV("Entering decrypt"); + if (!isProtectedCallAllowed()) { + return DRM_ERROR_NO_PERMISSION; + } return mDrmManager->decrypt(uniqueId, decryptHandle, decryptUnitId, encBuffer, decBuffer, IV); } status_t DrmManagerService::finalizeDecryptUnit( int uniqueId, DecryptHandle* decryptHandle, int decryptUnitId) { ALOGV("Entering finalizeDecryptUnit"); + if (!isProtectedCallAllowed()) { + return DRM_ERROR_NO_PERMISSION; + } return mDrmManager->finalizeDecryptUnit(uniqueId, decryptHandle, decryptUnitId); } ssize_t DrmManagerService::pread(int uniqueId, DecryptHandle* decryptHandle, void* buffer, ssize_t numBytes, off64_t offset) { ALOGV("Entering pread"); + if (!isProtectedCallAllowed()) { + return DRM_ERROR_NO_PERMISSION; + } return mDrmManager->pread(uniqueId, decryptHandle, buffer, numBytes, offset); } diff --git a/include/drm/drm_framework_common.h b/include/drm/drm_framework_common.h index 2632cbd..637409c 100644 --- a/include/drm/drm_framework_common.h +++ b/include/drm/drm_framework_common.h @@ -43,6 +43,7 @@ enum { DRM_ERROR_DECRYPT = ERROR_BASE - 5, DRM_ERROR_CANNOT_HANDLE = ERROR_BASE - 6, DRM_ERROR_TAMPER_DETECTED = ERROR_BASE - 7, + DRM_ERROR_NO_PERMISSION = ERROR_BASE - 8, DRM_NO_ERROR = NO_ERROR }; |