Security Vulnerability fix:- Heap use after free in getSecureStops
in android.hardware.drm@1.1-service.clearkey
Test: CTS tests
android.media.cts.MediaDrmClearkeyTest#testSecureStop
android.media.cts.MediaDrmClearkeyTest
Test: run drmpoc
no signal 6 on clearkey service after the fix
Test: adb shell ps | grep clearkey
pid ID does not change after running drmpoc
bug: 137878930
Change-Id: I78b2dc2bccde238a06398b3733cea8e574ea8ee7
Perform more checking for invalid input.
Test: CTS tests
android.media.cts.MediaDrmClearkeyTest#testSecureStop
android.media.cts.MediaDrmClearkeyTest
Test: run drmpoc
no signal 6 on clearkey service after the fix
Test: adb shell ps | grep clearkey
pid ID does not change after running drmpoc
bug: 137284652
Change-Id: I971bb33eec6d37ef86fa1a53501c1e6bda50fa3b
Security Vulnerability fix: Heap buffer overflow in clearkey
releaseSecureStops - android.hardware.drm@1.1-service.clearkey
Fix provided by researcher.
Test: CTS tests
android.media.cts.MediaDrmClearkeyTest#testSecureStop
android.media.cts.MediaDrmClearkeyTest
Test: run drmpoc
no signal 6 on clearkey service after the fix
Test: adb shell ps | grep clearkey
pid ID does not change after running drmpoc
bug: 137284652
Change-Id: Id085945943aa6b85c597dc8b7c32a3b990c54a2b
This change renames the IMemory raw pointer accessors to
unsecure*() to make it apparent to coders and code reviewers
that the returned buffer may potentially be shared with
untrusted processes, who may, after the fact, attempt to
read and/or modify the contents. This may lead to hard to
find security bugs and hopefully the rename makes it harder
to forget.
The change also attempts to fix all the callsites to make
everything build correctly, but in the processes, wherever the
callsite code was not obviously secure, I added a TODO requesting
the owners to either document why it's secure or to change the
code. Apologies in advance to the owners if there are some false
positives here - I don't have enough context to reason about all
the different callsites.
Test: Completely syntactic change. Made sure code still builds.
Change-Id: I5fb99aa797c488406083178a6b05355d98710d3b
Since these were combined into libhidlbase.
Bug: 135686713
Test: build only (libhwbinder/libhidltransport are empty)
Change-Id: I6cc85a91afb603e31b85090917f9f3b59d82a4d1
Protobuf 3.9.1 redefines google::protobuf::uint64 from unsigned long
long to uint64_t, which is sometimes unsigned long and sometimes
unsigned long long. Use PRIu64 to print it.
Bug: 117607748
Test: m checkbuild
Exempt-From-Owner-Approval: approved at https://android-review.googlesource.com/q/Idb741c8be97df1c752083350fb8fed257903944c
Change-Id: Idb741c8be97df1c752083350fb8fed257903944c
See build/soong/README.md for more information about soong
Bug: 122331945
Test: treehugger
Test: cd frameworks/av/drm/mediacas/plugins; mma
Change-Id: I7a3ab863c4e589bd0c1954d3735602fed7cf79b4
This does two things:
- makes sure that HALs configured as lazy HALs will be retrieved
- will detect bad manifest entries earlier
Bug: 131703193
Test: boot
Change-Id: I69fb80b023cc17f94e4f6a10203ee077a5e61e19
We must only create one DrmListener instance.
We then process different listeners in DrmListener::notify.
To facilitate testing, we call the listeners from clearkey plugin's
provideKeyResponse function. We have previously tested
EventType::VENDOR_DEFINED in the same manner.
bug: 77712870
Test: native CTS test testClearKeyPlaybackCenc
Test: CTS MediaDrmMockTest
Change-Id: Ie15e3012a4068824f72371a66e9fca2ee27180f8
Merged-In: Ie15e3012a4068824f72371a66e9fca2ee27180f8
cas@1.1 hal interface and implementation are available.
Fix a bug in default plugin for CTS test.
Test: Manual
bug: 123903559
Change-Id: Icd41736c45bb70e4f9e275bd989eca4f64ba3dac
This reverts commit a4f9d509c0.
Reason for revert: <original CL isn't related to public API which triggered this revert, so revert this revert>
Change-Id: I31fda92c2915dc04bc100cb97d36cf4bead234b7
Fix inconsistent naming of offline license states
bug:120489407
bug:120488811
test:cts and gts media tests
Change-Id: I8473211d96383977ad33e4bd770fc4c71d9bd15f
When the system partition is a later version than vendor,
new MediaDrm APIs will not have HAL implementations. In
this case throw java.lang.UnsupportedOperationException.
bug:110701831
bug:123375769
test: cts media test cases, gts media tests
Change-Id: Ib631bf4d4d245d857e61bd3fe0e5808e430a034d
Implement sendSessionEvent and onSessionEvent in ClearKeyCasPlugin and MockCasPlugin
Test: manual
Bug: 122472761
Change-Id: Iceb3e14f35cf3178b70e43b59fd492255ab205bc
To support lazy drm HALs, libmediadrm needs to list all available HALs
that are defined in the manifest. Otherwise, it will only list HALs that
are currently running. This change is necessary because lazy HALs do not
run until they are requested. Without this change, libmediadrm would not
be aware that the lazy HALs are present, and it would not know to call
getService() to start them.
Test: Run gts
Bug: 112386116
Change-Id: I9b41c60d574b9c8c857b8838a5bbdc64388c9ddb
Marco Nelissen
Edwin Wong
Ytai Ben-Tsvi
Robert Shih
Steven Moreland
Colin Cross
Peter Kalauskas
Dan Willemsen
Jeff Tinker
Pawin Vongmasa
Henry Fang
TreeHugger Robot
Ray Essick
Xusong Wang