diff options
| -rw-r--r-- | core/res/AndroidManifest.xml | 7 | ||||
| -rw-r--r-- | core/res/res/values/strings.xml | 5 | ||||
| -rw-r--r-- | media/java/android/media/MediaDrm.java | 55 | ||||
| -rw-r--r-- | media/jni/android_media_MediaDrm.cpp | 8 | ||||
| -rw-r--r-- | media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java | 16 |
5 files changed, 49 insertions, 42 deletions
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 2a4d872..3857cd1 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -2585,6 +2585,13 @@ android:description="@string/permdesc_accessNetworkConditions" android:protectionLevel="signature|system" /> + <!-- Allows an application to provision and access DRM certificates + @hide This is not a third-party API (intended for system apps). --> + <permission android:name="android.permission.ACCESS_DRM_CERTIFICATES" + android:label="@string/permlab_accessDrmCertificates" + android:description="@string/permdesc_accessDrmCertificates" + android:protectionLevel="signature|system" /> + <!-- The system process is explicitly the only one allowed to launch the confirmation UI for full backup/restore --> <uses-permission android:name="android.permission.CONFIRM_FULL_BACKUP"/> diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml index 3a4f059..902aea8 100644 --- a/core/res/res/values/strings.xml +++ b/core/res/res/values/strings.xml @@ -2002,6 +2002,11 @@ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. --> <string name="permdesc_setInputCalibration">Allows the app to modify the calibration parameters of the touch screen. Should never be needed for normal apps.</string> + <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. --> + <string name="permlab_accessDrmCertificates">access DRM certificates</string> + <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. --> + <string name="permdesc_accessDrmCertificates">Allows an application to provision and use DRM certficates. Should never be needed for normal apps.</string> + <!-- Policy administration --> <!-- Title of policy access to limiting the user's password choices --> diff --git a/media/java/android/media/MediaDrm.java b/media/java/android/media/MediaDrm.java index c016d08..440653a 100644 --- a/media/java/android/media/MediaDrm.java +++ b/media/java/android/media/MediaDrm.java @@ -1,4 +1,4 @@ - /* +/* * Copyright (C) 2013 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -27,7 +27,6 @@ import android.os.Looper; import android.os.Message; import android.os.Parcel; import android.util.Log; -import android.content.Context; /** * MediaDrm can be used to obtain keys for decrypting protected media streams, in @@ -98,6 +97,8 @@ public final class MediaDrm { private final static String TAG = "MediaDrm"; + private static final String PERMISSION = android.Manifest.permission.ACCESS_DRM_CERTIFICATES; + private EventHandler mEventHandler; private OnEventListener mOnEventListener; @@ -152,7 +153,7 @@ public final class MediaDrm { } private static final native boolean isCryptoSchemeSupportedNative(byte[] uuid, - String mimeType); + String mimeType); /** * Instantiate a MediaDrm object @@ -176,7 +177,7 @@ public final class MediaDrm { * It's easier to create it here than in C++. */ native_setup(new WeakReference<MediaDrm>(this), - getByteArrayFromUUID(uuid)); + getByteArrayFromUUID(uuid)); } /** @@ -285,7 +286,7 @@ public final class MediaDrm { * the cookie passed to native_setup().) */ private static void postEventFromNative(Object mediadrm_ref, - int eventType, int extra, Object obj) + int eventType, int extra, Object obj) { MediaDrm md = (MediaDrm)((WeakReference)mediadrm_ref).get(); if (md == null) { @@ -385,9 +386,8 @@ public final class MediaDrm { * problem with the certifcate */ public native KeyRequest getKeyRequest(byte[] scope, byte[] init, - String mimeType, int keyType, - HashMap<String, String> optionalParameters) - throws NotProvisionedException; + String mimeType, int keyType, HashMap<String, String> optionalParameters) + throws NotProvisionedException; /** @@ -411,7 +411,7 @@ public final class MediaDrm { * @throws ResourceBusyException if required resources are in use */ public native byte[] provideKeyResponse(byte[] scope, byte[] response) - throws NotProvisionedException, DeniedByServerException; + throws NotProvisionedException, DeniedByServerException; /** @@ -478,7 +478,7 @@ public final class MediaDrm { } private native ProvisionRequest getProvisionRequestNative(int certType, - String certAuthority); + String certAuthority); /** * After a provision response is received by the app, it is provided to the DRM @@ -491,12 +491,12 @@ public final class MediaDrm { * server rejected the request */ public void provideProvisionResponse(byte[] response) - throws DeniedByServerException { + throws DeniedByServerException { provideProvisionResponseNative(response); } private native Certificate provideProvisionResponseNative(byte[] response) - throws DeniedByServerException; + throws DeniedByServerException; /** * A means of enforcing limits on the number of concurrent streams per subscriber @@ -583,23 +583,22 @@ public final class MediaDrm { private static final native void setCipherAlgorithmNative(MediaDrm drm, byte[] sessionId, - String algorithm); + String algorithm); private static final native void setMacAlgorithmNative(MediaDrm drm, byte[] sessionId, - String algorithm); + String algorithm); private static final native byte[] encryptNative(MediaDrm drm, byte[] sessionId, - byte[] keyId, byte[] input, byte[] iv); + byte[] keyId, byte[] input, byte[] iv); private static final native byte[] decryptNative(MediaDrm drm, byte[] sessionId, - byte[] keyId, byte[] input, byte[] iv); + byte[] keyId, byte[] input, byte[] iv); private static final native byte[] signNative(MediaDrm drm, byte[] sessionId, - byte[] keyId, byte[] message); + byte[] keyId, byte[] message); private static final native boolean verifyNative(MediaDrm drm, byte[] sessionId, - byte[] keyId, byte[] message, - byte[] signature); + byte[] keyId, byte[] message, byte[] signature); /** * In addition to supporting decryption of DASH Common Encrypted Media, the @@ -629,7 +628,7 @@ public final class MediaDrm { private byte[] mSessionId; CryptoSession(MediaDrm drm, byte[] sessionId, - String cipherAlgorithm, String macAlgorithm) + String cipherAlgorithm, String macAlgorithm) { mSessionId = sessionId; mDrm = drm; @@ -704,8 +703,7 @@ public final class MediaDrm { * "algorithms". */ public CryptoSession getCryptoSession(byte[] sessionId, - String cipherAlgorithm, - String macAlgorithm) + String cipherAlgorithm, String macAlgorithm) { return new CryptoSession(this, sessionId, cipherAlgorithm, macAlgorithm); } @@ -751,11 +749,11 @@ public final class MediaDrm { * @hide - not part of the public API at this time */ public CertificateRequest getCertificateRequest(int certType, - String certAuthority) + String certAuthority) { ProvisionRequest provisionRequest = getProvisionRequestNative(certType, certAuthority); return new CertificateRequest(provisionRequest.getData(), - provisionRequest.getDefaultUrl()); + provisionRequest.getDefaultUrl()); } /** @@ -800,18 +798,16 @@ public final class MediaDrm { * @hide - not part of the public API at this time */ public Certificate provideCertificateResponse(byte[] response) - throws DeniedByServerException { + throws DeniedByServerException { return provideProvisionResponseNative(response); } private static final native byte[] signRSANative(MediaDrm drm, byte[] sessionId, - String algorithm, byte[] wrappedKey, - byte[] message); + String algorithm, byte[] wrappedKey, byte[] message); /** * Sign data using an RSA key * - * @param context the app context * @param sessionId a sessionId obtained from openSession on the MediaDrm object * @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1" * @param wrappedKey - the wrapped (encrypted) RSA private key obtained @@ -820,7 +816,8 @@ public final class MediaDrm { * * @hide - not part of the public API at this time */ - public byte[] signRSA(Context context, byte[] sessionId, String algorithm, byte[] wrappedKey, byte[] message) { + public byte[] signRSA(byte[] sessionId, String algorithm, + byte[] wrappedKey, byte[] message) { return signRSANative(this, sessionId, algorithm, wrappedKey, message); } diff --git a/media/jni/android_media_MediaDrm.cpp b/media/jni/android_media_MediaDrm.cpp index 1dbaa3a..7c45682 100644 --- a/media/jni/android_media_MediaDrm.cpp +++ b/media/jni/android_media_MediaDrm.cpp @@ -570,7 +570,7 @@ static void android_media_MediaDrm_native_init(JNIEnv *env) { FIND_CLASS(clazz, "android/media/MediaDrm$Certificate"); GET_FIELD_ID(gFields.certificate.wrappedPrivateKey, clazz, "mWrappedKey", "[B"); GET_FIELD_ID(gFields.certificate.certificateData, clazz, "mCertificateData", "[B"); - gFields.certificateClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz)); + gFields.certificateClassId = static_cast<jclass>(env->NewGlobalRef(clazz)); FIND_CLASS(clazz, "java/util/ArrayList"); GET_METHOD_ID(gFields.arraylist.init, clazz, "<init>", "()V"); @@ -595,13 +595,13 @@ static void android_media_MediaDrm_native_init(JNIEnv *env) { GET_METHOD_ID(gFields.entry.getValue, clazz, "getValue", "()Ljava/lang/Object;"); FIND_CLASS(clazz, "java/util/HashMap"); - gFields.hashmapClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz)); + gFields.hashmapClassId = static_cast<jclass>(env->NewGlobalRef(clazz)); FIND_CLASS(clazz, "java/lang/String"); - gFields.stringClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz)); + gFields.stringClassId = static_cast<jclass>(env->NewGlobalRef(clazz)); FIND_CLASS(clazz, "java/util/ArrayList"); - gFields.arraylistClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz)); + gFields.arraylistClassId = static_cast<jclass>(env->NewGlobalRef(clazz)); } static void android_media_MediaDrm_native_setup( diff --git a/media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java b/media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java index d971afb..0a2897f 100644 --- a/media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java +++ b/media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java @@ -16,7 +16,6 @@ package com.android.mediadrm.signer; -import android.content.Context; import android.media.MediaDrm; import android.media.DeniedByServerException; @@ -37,7 +36,7 @@ public final class MediaDrmSigner { * server */ public final static class CertificateRequest { - private MediaDrm.CertificateRequest mCertRequest; + private final MediaDrm.CertificateRequest mCertRequest; CertificateRequest(MediaDrm.CertificateRequest certRequest) { mCertRequest = certRequest; @@ -65,7 +64,7 @@ public final class MediaDrmSigner { * with a certificate. */ public final static class Certificate { - private MediaDrm.Certificate mCertificate; + private final MediaDrm.Certificate mCertificate; Certificate(MediaDrm.Certificate certificate) { mCertificate = certificate; @@ -97,7 +96,7 @@ public final class MediaDrmSigner { * the chain of authority. */ public static CertificateRequest getCertificateRequest(MediaDrm drm, int certType, - String certAuthority) { + String certAuthority) { return new CertificateRequest(drm.getCertificateRequest(certType, certAuthority)); } @@ -117,14 +116,13 @@ public final class MediaDrmSigner { * server rejected the request */ public static Certificate provideCertificateResponse(MediaDrm drm, byte[] response) - throws DeniedByServerException { + throws DeniedByServerException { return new Certificate(drm.provideCertificateResponse(response)); } /** * Sign data using an RSA key * - * @param context the App context * @param drm the MediaDrm object * @param sessionId a sessionId obtained from openSession on the MediaDrm object * @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1" @@ -132,8 +130,8 @@ public final class MediaDrmSigner { * from provideCertificateResponse * @param message the data for which a signature is to be computed */ - public static byte[] signRSA(Context context, MediaDrm drm, byte[] sessionId, - String algorithm, byte[] wrappedKey, byte[] message) { - return drm.signRSA(context, sessionId, algorithm, wrappedKey, message); + public static byte[] signRSA(MediaDrm drm, byte[] sessionId, + String algorithm, byte[] wrappedKey, byte[] message) { + return drm.signRSA(sessionId, algorithm, wrappedKey, message); } } |