summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Jeff Tinker <jtinker@google.com> 2014-04-02 12:23:56 -0700
committer Jeff Tinker <jtinker@google.com> 2014-04-02 16:43:10 -0700
commit65c94e695929ffa1aaa49d7b5938b34aaf078b6c (patch)
treee8349b6e558379ef090df4b3701d624436ec477f
parente4095a80b674642e0e0e8f0883dee3b22f32f19a (diff)
Add signature|system permission to MediaDrm signer APIs
Also addresses style issues noted in post-submit review from https://googleplex-android-review.git.corp.google.com/#/c/439054/ Change-Id: If177b11dbcc049bc271529c119bc5c36ae0107b5 related-to-bug: 12702350
-rw-r--r--core/res/AndroidManifest.xml7
-rw-r--r--core/res/res/values/strings.xml5
-rw-r--r--media/java/android/media/MediaDrm.java55
-rw-r--r--media/jni/android_media_MediaDrm.cpp8
-rw-r--r--media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java16
5 files changed, 49 insertions, 42 deletions
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 086a2b1fd102..b67a5a3b3258 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2519,6 +2519,13 @@
android:description="@string/permdesc_accessNetworkConditions"
android:protectionLevel="signature|system" />
+ <!-- Allows an application to provision and access DRM certificates
+ @hide This is not a third-party API (intended for system apps). -->
+ <permission android:name="android.permission.ACCESS_DRM_CERTIFICATES"
+ android:label="@string/permlab_accessDrmCertificates"
+ android:description="@string/permdesc_accessDrmCertificates"
+ android:protectionLevel="signature|system" />
+
<!-- The system process is explicitly the only one allowed to launch the
confirmation UI for full backup/restore -->
<uses-permission android:name="android.permission.CONFIRM_FULL_BACKUP"/>
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index 30243a43dd70..5748e721b72e 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -1985,6 +1985,11 @@
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permdesc_accessNetworkConditions">Allows an application to listen for observations on network conditions. Should never be needed for normal apps.</string>
+ <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permlab_accessDrmCertificates">access DRM certificates</string>
+ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permdesc_accessDrmCertificates">Allows an application to provision and use DRM certficates. Should never be needed for normal apps.</string>
+
<!-- Policy administration -->
<!-- Title of policy access to limiting the user's password choices -->
diff --git a/media/java/android/media/MediaDrm.java b/media/java/android/media/MediaDrm.java
index 9bf48ce48f07..532e39a157e3 100644
--- a/media/java/android/media/MediaDrm.java
+++ b/media/java/android/media/MediaDrm.java
@@ -1,4 +1,4 @@
- /*
+/*
* Copyright (C) 2013 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -29,7 +29,6 @@ import android.os.Message;
import android.os.Bundle;
import android.os.Parcel;
import android.util.Log;
-import android.content.Context;
/**
* MediaDrm can be used to obtain keys for decrypting protected media streams, in
@@ -100,6 +99,8 @@ public final class MediaDrm {
private final static String TAG = "MediaDrm";
+ private static final String PERMISSION = android.Manifest.permission.ACCESS_DRM_CERTIFICATES;
+
private EventHandler mEventHandler;
private OnEventListener mOnEventListener;
@@ -154,7 +155,7 @@ public final class MediaDrm {
}
private static final native boolean isCryptoSchemeSupportedNative(byte[] uuid,
- String mimeType);
+ String mimeType);
/**
* Instantiate a MediaDrm object
@@ -178,7 +179,7 @@ public final class MediaDrm {
* It's easier to create it here than in C++.
*/
native_setup(new WeakReference<MediaDrm>(this),
- getByteArrayFromUUID(uuid));
+ getByteArrayFromUUID(uuid));
}
/**
@@ -287,7 +288,7 @@ public final class MediaDrm {
* the cookie passed to native_setup().)
*/
private static void postEventFromNative(Object mediadrm_ref,
- int eventType, int extra, Object obj)
+ int eventType, int extra, Object obj)
{
MediaDrm md = (MediaDrm)((WeakReference)mediadrm_ref).get();
if (md == null) {
@@ -387,9 +388,8 @@ public final class MediaDrm {
* problem with the certifcate
*/
public native KeyRequest getKeyRequest(byte[] scope, byte[] init,
- String mimeType, int keyType,
- HashMap<String, String> optionalParameters)
- throws NotProvisionedException;
+ String mimeType, int keyType, HashMap<String, String> optionalParameters)
+ throws NotProvisionedException;
/**
@@ -413,7 +413,7 @@ public final class MediaDrm {
* @throws ResourceBusyException if required resources are in use
*/
public native byte[] provideKeyResponse(byte[] scope, byte[] response)
- throws NotProvisionedException, DeniedByServerException;
+ throws NotProvisionedException, DeniedByServerException;
/**
@@ -480,7 +480,7 @@ public final class MediaDrm {
}
private native ProvisionRequest getProvisionRequestNative(int certType,
- String certAuthority);
+ String certAuthority);
/**
* After a provision response is received by the app, it is provided to the DRM
@@ -493,12 +493,12 @@ public final class MediaDrm {
* server rejected the request
*/
public void provideProvisionResponse(byte[] response)
- throws DeniedByServerException {
+ throws DeniedByServerException {
provideProvisionResponseNative(response);
}
private native Certificate provideProvisionResponseNative(byte[] response)
- throws DeniedByServerException;
+ throws DeniedByServerException;
/**
* A means of enforcing limits on the number of concurrent streams per subscriber
@@ -585,23 +585,22 @@ public final class MediaDrm {
private static final native void setCipherAlgorithmNative(MediaDrm drm, byte[] sessionId,
- String algorithm);
+ String algorithm);
private static final native void setMacAlgorithmNative(MediaDrm drm, byte[] sessionId,
- String algorithm);
+ String algorithm);
private static final native byte[] encryptNative(MediaDrm drm, byte[] sessionId,
- byte[] keyId, byte[] input, byte[] iv);
+ byte[] keyId, byte[] input, byte[] iv);
private static final native byte[] decryptNative(MediaDrm drm, byte[] sessionId,
- byte[] keyId, byte[] input, byte[] iv);
+ byte[] keyId, byte[] input, byte[] iv);
private static final native byte[] signNative(MediaDrm drm, byte[] sessionId,
- byte[] keyId, byte[] message);
+ byte[] keyId, byte[] message);
private static final native boolean verifyNative(MediaDrm drm, byte[] sessionId,
- byte[] keyId, byte[] message,
- byte[] signature);
+ byte[] keyId, byte[] message, byte[] signature);
/**
* In addition to supporting decryption of DASH Common Encrypted Media, the
@@ -631,7 +630,7 @@ public final class MediaDrm {
private byte[] mSessionId;
CryptoSession(MediaDrm drm, byte[] sessionId,
- String cipherAlgorithm, String macAlgorithm)
+ String cipherAlgorithm, String macAlgorithm)
{
mSessionId = sessionId;
mDrm = drm;
@@ -706,8 +705,7 @@ public final class MediaDrm {
* "algorithms".
*/
public CryptoSession getCryptoSession(byte[] sessionId,
- String cipherAlgorithm,
- String macAlgorithm)
+ String cipherAlgorithm, String macAlgorithm)
{
return new CryptoSession(this, sessionId, cipherAlgorithm, macAlgorithm);
}
@@ -753,11 +751,11 @@ public final class MediaDrm {
* @hide - not part of the public API at this time
*/
public CertificateRequest getCertificateRequest(int certType,
- String certAuthority)
+ String certAuthority)
{
ProvisionRequest provisionRequest = getProvisionRequestNative(certType, certAuthority);
return new CertificateRequest(provisionRequest.getData(),
- provisionRequest.getDefaultUrl());
+ provisionRequest.getDefaultUrl());
}
/**
@@ -802,18 +800,16 @@ public final class MediaDrm {
* @hide - not part of the public API at this time
*/
public Certificate provideCertificateResponse(byte[] response)
- throws DeniedByServerException {
+ throws DeniedByServerException {
return provideProvisionResponseNative(response);
}
private static final native byte[] signRSANative(MediaDrm drm, byte[] sessionId,
- String algorithm, byte[] wrappedKey,
- byte[] message);
+ String algorithm, byte[] wrappedKey, byte[] message);
/**
* Sign data using an RSA key
*
- * @param context the app context
* @param sessionId a sessionId obtained from openSession on the MediaDrm object
* @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1"
* @param wrappedKey - the wrapped (encrypted) RSA private key obtained
@@ -822,7 +818,8 @@ public final class MediaDrm {
*
* @hide - not part of the public API at this time
*/
- public byte[] signRSA(Context context, byte[] sessionId, String algorithm, byte[] wrappedKey, byte[] message) {
+ public byte[] signRSA(byte[] sessionId, String algorithm,
+ byte[] wrappedKey, byte[] message) {
return signRSANative(this, sessionId, algorithm, wrappedKey, message);
}
diff --git a/media/jni/android_media_MediaDrm.cpp b/media/jni/android_media_MediaDrm.cpp
index 1dbaa3a1ce7f..7c4568241c40 100644
--- a/media/jni/android_media_MediaDrm.cpp
+++ b/media/jni/android_media_MediaDrm.cpp
@@ -570,7 +570,7 @@ static void android_media_MediaDrm_native_init(JNIEnv *env) {
FIND_CLASS(clazz, "android/media/MediaDrm$Certificate");
GET_FIELD_ID(gFields.certificate.wrappedPrivateKey, clazz, "mWrappedKey", "[B");
GET_FIELD_ID(gFields.certificate.certificateData, clazz, "mCertificateData", "[B");
- gFields.certificateClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz));
+ gFields.certificateClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
FIND_CLASS(clazz, "java/util/ArrayList");
GET_METHOD_ID(gFields.arraylist.init, clazz, "<init>", "()V");
@@ -595,13 +595,13 @@ static void android_media_MediaDrm_native_init(JNIEnv *env) {
GET_METHOD_ID(gFields.entry.getValue, clazz, "getValue", "()Ljava/lang/Object;");
FIND_CLASS(clazz, "java/util/HashMap");
- gFields.hashmapClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz));
+ gFields.hashmapClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
FIND_CLASS(clazz, "java/lang/String");
- gFields.stringClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz));
+ gFields.stringClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
FIND_CLASS(clazz, "java/util/ArrayList");
- gFields.arraylistClassId = reinterpret_cast<jclass>(env->NewGlobalRef(clazz));
+ gFields.arraylistClassId = static_cast<jclass>(env->NewGlobalRef(clazz));
}
static void android_media_MediaDrm_native_setup(
diff --git a/media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java b/media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java
index d971afb9789c..0a2897f9cf44 100644
--- a/media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java
+++ b/media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java
@@ -16,7 +16,6 @@
package com.android.mediadrm.signer;
-import android.content.Context;
import android.media.MediaDrm;
import android.media.DeniedByServerException;
@@ -37,7 +36,7 @@ public final class MediaDrmSigner {
* server
*/
public final static class CertificateRequest {
- private MediaDrm.CertificateRequest mCertRequest;
+ private final MediaDrm.CertificateRequest mCertRequest;
CertificateRequest(MediaDrm.CertificateRequest certRequest) {
mCertRequest = certRequest;
@@ -65,7 +64,7 @@ public final class MediaDrmSigner {
* with a certificate.
*/
public final static class Certificate {
- private MediaDrm.Certificate mCertificate;
+ private final MediaDrm.Certificate mCertificate;
Certificate(MediaDrm.Certificate certificate) {
mCertificate = certificate;
@@ -97,7 +96,7 @@ public final class MediaDrmSigner {
* the chain of authority.
*/
public static CertificateRequest getCertificateRequest(MediaDrm drm, int certType,
- String certAuthority) {
+ String certAuthority) {
return new CertificateRequest(drm.getCertificateRequest(certType, certAuthority));
}
@@ -117,14 +116,13 @@ public final class MediaDrmSigner {
* server rejected the request
*/
public static Certificate provideCertificateResponse(MediaDrm drm, byte[] response)
- throws DeniedByServerException {
+ throws DeniedByServerException {
return new Certificate(drm.provideCertificateResponse(response));
}
/**
* Sign data using an RSA key
*
- * @param context the App context
* @param drm the MediaDrm object
* @param sessionId a sessionId obtained from openSession on the MediaDrm object
* @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1"
@@ -132,8 +130,8 @@ public final class MediaDrmSigner {
* from provideCertificateResponse
* @param message the data for which a signature is to be computed
*/
- public static byte[] signRSA(Context context, MediaDrm drm, byte[] sessionId,
- String algorithm, byte[] wrappedKey, byte[] message) {
- return drm.signRSA(context, sessionId, algorithm, wrappedKey, message);
+ public static byte[] signRSA(MediaDrm drm, byte[] sessionId,
+ String algorithm, byte[] wrappedKey, byte[] message) {
+ return drm.signRSA(sessionId, algorithm, wrappedKey, message);
}
}