summaryrefslogtreecommitdiffstats
path: root/media/libmediaplayerservice/Drm.cpp
diff options
context:
space:
mode:
authorJeff Tinker <jtinker@google.com>2014-04-02 16:41:38 -0700
committerJeff Tinker <jtinker@google.com>2014-04-02 16:41:38 -0700
commit81e0bd44a10e90778ab5b0a3babd4fc52cadedd8 (patch)
treee593e5db634c29de4c9351d9a5f64f2f2e49d503 /media/libmediaplayerservice/Drm.cpp
parent68d9d71a792deed75d32fe13febc07c9c12c8449 (diff)
downloadframeworks_av-81e0bd44a10e90778ab5b0a3babd4fc52cadedd8.zip
frameworks_av-81e0bd44a10e90778ab5b0a3babd4fc52cadedd8.tar.gz
frameworks_av-81e0bd44a10e90778ab5b0a3babd4fc52cadedd8.tar.bz2
Add signature|system permission to MediaDrm signer APIs
Change-Id: If970e5ff8dcab2e67af2f3376dcd14dca82f2394 related-to-bug: 12702350
Diffstat (limited to 'media/libmediaplayerservice/Drm.cpp')
-rw-r--r--media/libmediaplayerservice/Drm.cpp16
1 files changed, 16 insertions, 0 deletions
diff --git a/media/libmediaplayerservice/Drm.cpp b/media/libmediaplayerservice/Drm.cpp
index e68d4cd..d50037f 100644
--- a/media/libmediaplayerservice/Drm.cpp
+++ b/media/libmediaplayerservice/Drm.cpp
@@ -28,9 +28,21 @@
#include <media/stagefright/foundation/AString.h>
#include <media/stagefright/foundation/hexdump.h>
#include <media/stagefright/MediaErrors.h>
+#include <binder/IServiceManager.h>
+#include <binder/IPCThreadState.h>
namespace android {
+static bool checkPermission(const char* permissionString) {
+#ifndef HAVE_ANDROID_OS
+ return true;
+#endif
+ if (getpid() == IPCThreadState::self()->getCallingPid()) return true;
+ bool ok = checkCallingPermission(String16(permissionString));
+ if (!ok) ALOGE("Request requires %s", permissionString);
+ return ok;
+}
+
KeyedVector<Vector<uint8_t>, String8> Drm::mUUIDToLibraryPathMap;
KeyedVector<String8, wp<SharedLibrary> > Drm::mLibraryPathToOpenLibraryMap;
Mutex Drm::mMapLock;
@@ -608,6 +620,10 @@ status_t Drm::signRSA(Vector<uint8_t> const &sessionId,
return -EINVAL;
}
+ if (!checkPermission("android.permission.ACCESS_DRM_CERTIFICATES")) {
+ return -EPERM;
+ }
+
return mPlugin->signRSA(sessionId, algorithm, message, wrappedKey, signature);
}