1.0/default/DescramblerImpl.cpp

/*
 * Copyright (C) 2017 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

//#define LOG_NDEBUG 0
#define LOG_TAG "android.hardware.cas@1.0-DescramblerImpl"

#include <hidlmemory/mapping.h>
#include <media/cas/DescramblerAPI.h>
#include <media/hardware/CryptoAPI.h>
#include <media/stagefright/foundation/AString.h>
#include <media/stagefright/foundation/AUtils.h>
#include <utils/Log.h>

#include "DescramblerImpl.h"
#include "SharedLibrary.h"
#include "TypeConvert.h"

namespace android {
using hidl::memory::V1_0::IMemory;

namespace hardware {
namespace cas {
namespace V1_0 {
namespace implementation {

#define CHECK_SUBSAMPLE_DEF(type) \
static_assert(sizeof(SubSample) == sizeof(type::SubSample), \
        "SubSample: size doesn't match"); \
static_assert(offsetof(SubSample, numBytesOfClearData) \
        == offsetof(type::SubSample, mNumBytesOfClearData), \
        "SubSample: numBytesOfClearData offset doesn't match"); \
static_assert(offsetof(SubSample, numBytesOfEncryptedData) \
        == offsetof(type::SubSample, mNumBytesOfEncryptedData), \
        "SubSample: numBytesOfEncryptedData offset doesn't match")

CHECK_SUBSAMPLE_DEF(DescramblerPlugin);
CHECK_SUBSAMPLE_DEF(CryptoPlugin);

DescramblerImpl::DescramblerImpl(
        const sp<SharedLibrary>& library, DescramblerPlugin *plugin) :
        mLibrary(library), mPluginHolder(plugin) {
    ALOGV("CTOR: plugin=%p", mPluginHolder.get());
}

DescramblerImpl::~DescramblerImpl() {
    ALOGV("DTOR: plugin=%p", mPluginHolder.get());
    release();
}

Return<Status> DescramblerImpl::setMediaCasSession(const HidlCasSessionId& sessionId) {
    ALOGV("%s: sessionId=%s", __FUNCTION__,
            sessionIdToString(sessionId).string());

    std::shared_ptr<DescramblerPlugin> holder = std::atomic_load(&mPluginHolder);
    if (holder.get() == nullptr) {
        return toStatus(INVALID_OPERATION);
    }

    return toStatus(holder->setMediaCasSession(sessionId));
}

Return<bool> DescramblerImpl::requiresSecureDecoderComponent(
        const hidl_string& mime) {
    std::shared_ptr<DescramblerPlugin> holder = std::atomic_load(&mPluginHolder);
    if (holder.get() == nullptr) {
        return false;
    }

    return holder->requiresSecureDecoderComponent(String8(mime.c_str()));
}

static inline bool validateRangeForSize(
        uint64_t offset, uint64_t length, uint64_t size) {
    return isInRange<uint64_t, uint64_t>(0, size, offset, length);
}

Return<void> DescramblerImpl::descramble(
        ScramblingControl scramblingControl,
        const hidl_vec<SubSample>& subSamples,
        const SharedBuffer& srcBuffer,
        uint64_t srcOffset,
        const DestinationBuffer& dstBuffer,
        uint64_t dstOffset,
        descramble_cb _hidl_cb) {
    ALOGV("%s", __FUNCTION__);

    // hidl_memory's size is stored in uint64_t, but mapMemory's mmap will map
    // size in size_t. If size is over SIZE_MAX, mapMemory mapMemory could succeed
    // but the mapped memory's actual size will be smaller than the reported size.
    if (srcBuffer.heapBase.size() > SIZE_MAX) {
        ALOGE("Invalid hidl_memory size: %llu", srcBuffer.heapBase.size());
        android_errorWriteLog(0x534e4554, "79376389");
        _hidl_cb(toStatus(BAD_VALUE), 0, NULL);
        return Void();
    }

    sp<IMemory> srcMem = mapMemory(srcBuffer.heapBase);

    // Validate if the offset and size in the SharedBuffer is consistent with the
    // mapped ashmem, since the offset and size is controlled by client.
    if (srcMem == NULL) {
        ALOGE("Failed to map src buffer.");
        _hidl_cb(toStatus(BAD_VALUE), 0, NULL);
        return Void();
    }
    if (!validateRangeForSize(
            srcBuffer.offset, srcBuffer.size, (uint64_t)srcMem->getSize())) {
        ALOGE("Invalid src buffer range: offset %llu, size %llu, srcMem size %llu",
                srcBuffer.offset, srcBuffer.size, (uint64_t)srcMem->getSize());
        android_errorWriteLog(0x534e4554, "67962232");
        _hidl_cb(toStatus(BAD_VALUE), 0, NULL);
        return Void();
    }

    // use 64-bit here to catch bad subsample size that might be overflowing.
    uint64_t totalBytesInSubSamples = 0;
    for (size_t i = 0; i < subSamples.size(); i++) {
        totalBytesInSubSamples += (uint64_t)subSamples[i].numBytesOfClearData +
                subSamples[i].numBytesOfEncryptedData;
    }
    // Further validate if the specified srcOffset and requested total subsample size
    // is consistent with the source shared buffer size.
    if (!validateRangeForSize(srcOffset, totalBytesInSubSamples, srcBuffer.size)) {
        ALOGE("Invalid srcOffset and subsample size: "
                "srcOffset %llu, totalBytesInSubSamples %llu, srcBuffer size %llu",
                srcOffset, totalBytesInSubSamples, srcBuffer.size);
        android_errorWriteLog(0x534e4554, "67962232");
        _hidl_cb(toStatus(BAD_VALUE), 0, NULL);
        return Void();
    }

    void *srcPtr = (uint8_t *)(void *)srcMem->getPointer() + srcBuffer.offset;
    void *dstPtr = NULL;
    if (dstBuffer.type == BufferType::SHARED_MEMORY) {
        // When using shared memory, src buffer is also used as dst,
        // we don't map it again here.
        dstPtr = srcPtr;

        // In this case the dst and src would be the same buffer, need to validate
        // dstOffset against the buffer size too.
        if (!validateRangeForSize(dstOffset, totalBytesInSubSamples, srcBuffer.size)) {
            ALOGE("Invalid dstOffset and subsample size: "
                    "dstOffset %llu, totalBytesInSubSamples %llu, srcBuffer size %llu",
                    dstOffset, totalBytesInSubSamples, srcBuffer.size);
            android_errorWriteLog(0x534e4554, "67962232");
            _hidl_cb(toStatus(BAD_VALUE), 0, NULL);
            return Void();
        }
    } else {
        native_handle_t *handle = const_cast<native_handle_t *>(
                dstBuffer.secureMemory.getNativeHandle());
        dstPtr = static_cast<void *>(handle);
    }

    // Get a local copy of the shared_ptr for the plugin. Note that before
    // calling the HIDL callback, this shared_ptr must be manually reset,
    // since the client side could proceed as soon as the callback is called
    // without waiting for this method to go out of scope.
    std::shared_ptr<DescramblerPlugin> holder = std::atomic_load(&mPluginHolder);
    if (holder.get() == nullptr) {
        _hidl_cb(toStatus(INVALID_OPERATION), 0, NULL);
        return Void();
    }

    // Casting hidl SubSample to DescramblerPlugin::SubSample, but need
    // to ensure structs are actually idential

    AString detailedError;
    int32_t result = holder->descramble(
            dstBuffer.type != BufferType::SHARED_MEMORY,
            (DescramblerPlugin::ScramblingControl)scramblingControl,
            subSamples.size(),
            (DescramblerPlugin::SubSample*)subSamples.data(),
            srcPtr,
            srcOffset,
            dstPtr,
            dstOffset,
            &detailedError);

    holder.reset();
    _hidl_cb(toStatus(result >= 0 ? OK : result), result, detailedError.c_str());
    return Void();
}

Return<Status> DescramblerImpl::release() {
    ALOGV("%s: plugin=%p", __FUNCTION__, mPluginHolder.get());

    std::shared_ptr<DescramblerPlugin> holder(nullptr);
    std::atomic_store(&mPluginHolder, holder);

    return Status::OK;
}

} // namespace implementation
} // namespace V1_0
} // namespace cas
} // namespace hardware
} // namespace android