You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

197 lines
8.1 KiB

/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
//#define LOG_NDEBUG 0
#define LOG_TAG "android.hardware.cas@1.1-DescramblerImpl"
#include <hidlmemory/mapping.h>
#include <inttypes.h>
#include <media/cas/DescramblerAPI.h>
#include <media/hardware/CryptoAPI.h>
#include <media/stagefright/foundation/AUtils.h>
#include <utils/Log.h>
#include "DescramblerImpl.h"
#include "SharedLibrary.h"
#include "TypeConvert.h"
namespace android {
using hidl::memory::V1_0::IMemory;
namespace hardware {
namespace cas {
namespace V1_1 {
namespace implementation {
#define CHECK_SUBSAMPLE_DEF(type) \
static_assert(sizeof(SubSample) == sizeof(type::SubSample), "SubSample: size doesn't match"); \
static_assert(offsetof(SubSample, numBytesOfClearData) == \
offsetof(type::SubSample, mNumBytesOfClearData), \
"SubSample: numBytesOfClearData offset doesn't match"); \
static_assert(offsetof(SubSample, numBytesOfEncryptedData) == \
offsetof(type::SubSample, mNumBytesOfEncryptedData), \
"SubSample: numBytesOfEncryptedData offset doesn't match")
CHECK_SUBSAMPLE_DEF(DescramblerPlugin);
CHECK_SUBSAMPLE_DEF(CryptoPlugin);
DescramblerImpl::DescramblerImpl(const sp<SharedLibrary>& library, DescramblerPlugin* plugin)
: mLibrary(library), mPluginHolder(plugin) {
ALOGV("CTOR: plugin=%p", mPluginHolder.get());
}
DescramblerImpl::~DescramblerImpl() {
ALOGV("DTOR: plugin=%p", mPluginHolder.get());
release();
}
Return<Status> DescramblerImpl::setMediaCasSession(const HidlCasSessionId& sessionId) {
ALOGV("%s: sessionId=%s", __FUNCTION__, sessionIdToString(sessionId).string());
std::shared_ptr<DescramblerPlugin> holder = std::atomic_load(&mPluginHolder);
if (holder.get() == nullptr) {
return toStatus(INVALID_OPERATION);
}
return toStatus(holder->setMediaCasSession(sessionId));
}
Return<bool> DescramblerImpl::requiresSecureDecoderComponent(const hidl_string& mime) {
std::shared_ptr<DescramblerPlugin> holder = std::atomic_load(&mPluginHolder);
if (holder.get() == nullptr) {
return false;
}
return holder->requiresSecureDecoderComponent(String8(mime.c_str()));
}
static inline bool validateRangeForSize(uint64_t offset, uint64_t length, uint64_t size) {
return isInRange<uint64_t, uint64_t>(0, size, offset, length);
}
Return<void> DescramblerImpl::descramble(ScramblingControl scramblingControl,
const hidl_vec<SubSample>& subSamples,
const SharedBuffer& srcBuffer, uint64_t srcOffset,
const DestinationBuffer& dstBuffer, uint64_t dstOffset,
descramble_cb _hidl_cb) {
ALOGV("%s", __FUNCTION__);
// hidl_memory's size is stored in uint64_t, but mapMemory's mmap will map
// size in size_t. If size is over SIZE_MAX, mapMemory mapMemory could succeed
// but the mapped memory's actual size will be smaller than the reported size.
if (srcBuffer.heapBase.size() > SIZE_MAX) {
ALOGE("Invalid hidl_memory size: %" PRIu64 "", srcBuffer.heapBase.size());
android_errorWriteLog(0x534e4554, "79376389");
_hidl_cb(toStatus(BAD_VALUE), 0, NULL);
return Void();
}
sp<IMemory> srcMem = mapMemory(srcBuffer.heapBase);
// Validate if the offset and size in the SharedBuffer is consistent with the
// mapped ashmem, since the offset and size is controlled by client.
if (srcMem == NULL) {
ALOGE("Failed to map src buffer.");
_hidl_cb(toStatus(BAD_VALUE), 0, NULL);
return Void();
}
if (!validateRangeForSize(srcBuffer.offset, srcBuffer.size, (uint64_t)srcMem->getSize())) {
ALOGE("Invalid src buffer range: offset %" PRIu64 ", size %" PRIu64 ", srcMem"
"size %" PRIu64 "", srcBuffer.offset, srcBuffer.size, (uint64_t)srcMem->getSize());
android_errorWriteLog(0x534e4554, "67962232");
_hidl_cb(toStatus(BAD_VALUE), 0, NULL);
return Void();
}
// use 64-bit here to catch bad subsample size that might be overflowing.
uint64_t totalBytesInSubSamples = 0;
for (size_t i = 0; i < subSamples.size(); i++) {
totalBytesInSubSamples +=
(uint64_t)subSamples[i].numBytesOfClearData + subSamples[i].numBytesOfEncryptedData;
}
// Further validate if the specified srcOffset and requested total subsample size
// is consistent with the source shared buffer size.
if (!validateRangeForSize(srcOffset, totalBytesInSubSamples, srcBuffer.size)) {
ALOGE("Invalid srcOffset and subsample size: "
"srcOffset %" PRIu64 ", totalBytesInSubSamples %" PRIu64 ", srcBuffer"
"size %" PRIu64 "", srcOffset, totalBytesInSubSamples, srcBuffer.size);
android_errorWriteLog(0x534e4554, "67962232");
_hidl_cb(toStatus(BAD_VALUE), 0, NULL);
return Void();
}
void* srcPtr = (uint8_t*)(void*)srcMem->getPointer() + srcBuffer.offset;
void* dstPtr = NULL;
if (dstBuffer.type == BufferType::SHARED_MEMORY) {
// When using shared memory, src buffer is also used as dst,
// we don't map it again here.
dstPtr = srcPtr;
// In this case the dst and src would be the same buffer, need to validate
// dstOffset against the buffer size too.
if (!validateRangeForSize(dstOffset, totalBytesInSubSamples, srcBuffer.size)) {
ALOGE("Invalid dstOffset and subsample size: "
"dstOffset %" PRIu64 ", totalBytesInSubSamples %" PRIu64 ", srcBuffer"
"size %" PRIu64 "", dstOffset, totalBytesInSubSamples, srcBuffer.size);
android_errorWriteLog(0x534e4554, "67962232");
_hidl_cb(toStatus(BAD_VALUE), 0, NULL);
return Void();
}
} else {
native_handle_t* handle =
const_cast<native_handle_t*>(dstBuffer.secureMemory.getNativeHandle());
dstPtr = static_cast<void*>(handle);
}
// Get a local copy of the shared_ptr for the plugin. Note that before
// calling the HIDL callback, this shared_ptr must be manually reset,
// since the client side could proceed as soon as the callback is called
// without waiting for this method to go out of scope.
std::shared_ptr<DescramblerPlugin> holder = std::atomic_load(&mPluginHolder);
if (holder.get() == nullptr) {
_hidl_cb(toStatus(INVALID_OPERATION), 0, NULL);
return Void();
}
// Casting hidl SubSample to DescramblerPlugin::SubSample, but need
// to ensure structs are actually idential
int32_t result =
holder->descramble(dstBuffer.type != BufferType::SHARED_MEMORY,
(DescramblerPlugin::ScramblingControl)scramblingControl,
subSamples.size(), (DescramblerPlugin::SubSample*)subSamples.data(),
srcPtr, srcOffset, dstPtr, dstOffset, NULL);
holder.reset();
_hidl_cb(toStatus(result >= 0 ? OK : result), result, NULL);
return Void();
}
Return<Status> DescramblerImpl::release() {
ALOGV("%s: plugin=%p", __FUNCTION__, mPluginHolder.get());
std::shared_ptr<DescramblerPlugin> holder(nullptr);
std::atomic_store(&mPluginHolder, holder);
return Status::OK;
}
} // namespace implementation
} // namespace V1_1
} // namespace cas
} // namespace hardware
} // namespace android