summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJames Dong <jdong@google.com>2012-02-28 13:55:55 -0800
committerJames Dong <jdong@google.com>2012-02-28 18:50:44 -0800
commit328745b130c1c59e53d68a9a3c71675d3932d34b (patch)
treec35e7d4e33ecbde14e93d658d3d91cc52fbd35ac
parent0f7affe1716dfd6687262008120ed128df1af214 (diff)
downloadframeworks_av-328745b130c1c59e53d68a9a3c71675d3932d34b.zip
frameworks_av-328745b130c1c59e53d68a9a3c71675d3932d34b.tar.gz
frameworks_av-328745b130c1c59e53d68a9a3c71675d3932d34b.tar.bz2
Added permission check for all sensitive drm API calls
o all drm calls using a DecryptHandle now check the permission before proceeding Change-Id: Ic992a991357876c6e4bfbfab4f5eec1fa0634a13
-rw-r--r--drm/drmserver/DrmManagerService.cpp21
-rw-r--r--include/drm/drm_framework_common.h1
2 files changed, 22 insertions, 0 deletions
diff --git a/drm/drmserver/DrmManagerService.cpp b/drm/drmserver/DrmManagerService.cpp
index caeb026..8ba0203 100644
--- a/drm/drmserver/DrmManagerService.cpp
+++ b/drm/drmserver/DrmManagerService.cpp
@@ -159,12 +159,18 @@ int DrmManagerService::checkRightsStatus(
status_t DrmManagerService::consumeRights(
int uniqueId, DecryptHandle* decryptHandle, int action, bool reserve) {
ALOGV("Entering consumeRights");
+ if (!isProtectedCallAllowed()) {
+ return DRM_ERROR_NO_PERMISSION;
+ }
return mDrmManager->consumeRights(uniqueId, decryptHandle, action, reserve);
}
status_t DrmManagerService::setPlaybackStatus(
int uniqueId, DecryptHandle* decryptHandle, int playbackStatus, int64_t position) {
ALOGV("Entering setPlaybackStatus");
+ if (!isProtectedCallAllowed()) {
+ return DRM_ERROR_NO_PERMISSION;
+ }
return mDrmManager->setPlaybackStatus(uniqueId, decryptHandle, playbackStatus, position);
}
@@ -229,12 +235,18 @@ DecryptHandle* DrmManagerService::openDecryptSession(
status_t DrmManagerService::closeDecryptSession(int uniqueId, DecryptHandle* decryptHandle) {
ALOGV("Entering closeDecryptSession");
+ if (!isProtectedCallAllowed()) {
+ return DRM_ERROR_NO_PERMISSION;
+ }
return mDrmManager->closeDecryptSession(uniqueId, decryptHandle);
}
status_t DrmManagerService::initializeDecryptUnit(int uniqueId, DecryptHandle* decryptHandle,
int decryptUnitId, const DrmBuffer* headerInfo) {
ALOGV("Entering initializeDecryptUnit");
+ if (!isProtectedCallAllowed()) {
+ return DRM_ERROR_NO_PERMISSION;
+ }
return mDrmManager->initializeDecryptUnit(uniqueId,decryptHandle, decryptUnitId, headerInfo);
}
@@ -242,18 +254,27 @@ status_t DrmManagerService::decrypt(
int uniqueId, DecryptHandle* decryptHandle, int decryptUnitId,
const DrmBuffer* encBuffer, DrmBuffer** decBuffer, DrmBuffer* IV) {
ALOGV("Entering decrypt");
+ if (!isProtectedCallAllowed()) {
+ return DRM_ERROR_NO_PERMISSION;
+ }
return mDrmManager->decrypt(uniqueId, decryptHandle, decryptUnitId, encBuffer, decBuffer, IV);
}
status_t DrmManagerService::finalizeDecryptUnit(
int uniqueId, DecryptHandle* decryptHandle, int decryptUnitId) {
ALOGV("Entering finalizeDecryptUnit");
+ if (!isProtectedCallAllowed()) {
+ return DRM_ERROR_NO_PERMISSION;
+ }
return mDrmManager->finalizeDecryptUnit(uniqueId, decryptHandle, decryptUnitId);
}
ssize_t DrmManagerService::pread(int uniqueId, DecryptHandle* decryptHandle,
void* buffer, ssize_t numBytes, off64_t offset) {
ALOGV("Entering pread");
+ if (!isProtectedCallAllowed()) {
+ return DRM_ERROR_NO_PERMISSION;
+ }
return mDrmManager->pread(uniqueId, decryptHandle, buffer, numBytes, offset);
}
diff --git a/include/drm/drm_framework_common.h b/include/drm/drm_framework_common.h
index 2632cbd..637409c 100644
--- a/include/drm/drm_framework_common.h
+++ b/include/drm/drm_framework_common.h
@@ -43,6 +43,7 @@ enum {
DRM_ERROR_DECRYPT = ERROR_BASE - 5,
DRM_ERROR_CANNOT_HANDLE = ERROR_BASE - 6,
DRM_ERROR_TAMPER_DETECTED = ERROR_BASE - 7,
+ DRM_ERROR_NO_PERMISSION = ERROR_BASE - 8,
DRM_NO_ERROR = NO_ERROR
};