Add signature|system permission to MediaDrm signer APIs

author Jeff Tinker <jtinker@google.com>

Wed, 2 Apr 2014 23:41:38 +0000 (16:41 -0700)

committer Jeff Tinker <jtinker@google.com>

Wed, 2 Apr 2014 23:41:38 +0000 (16:41 -0700)
author Jeff Tinker <jtinker@google.com>
Wed, 2 Apr 2014 23:41:38 +0000 (16:41 -0700)
committer Jeff Tinker <jtinker@google.com>
Wed, 2 Apr 2014 23:41:38 +0000 (16:41 -0700)
diff --git a/media/libmediaplayerservice/Drm.cpp b/media/libmediaplayerservice/Drm.cpp

index e68d4cd..d50037f 100644 (file)
--- a/media/libmediaplayerservice/Drm.cpp
+++ b/media/libmediaplayerservice/Drm.cpp
@@ -28,9 +28,21 @@
  #include <media/stagefright/foundation/AString.h>
  #include <media/stagefright/foundation/hexdump.h>
  #include <media/stagefright/MediaErrors.h>
+#include <binder/IServiceManager.h>
+#include <binder/IPCThreadState.h>
  
  namespace android {
  
+static bool checkPermission(const char* permissionString) {
+#ifndef HAVE_ANDROID_OS
+    return true;
+#endif
+    if (getpid() == IPCThreadState::self()->getCallingPid()) return true;
+    bool ok = checkCallingPermission(String16(permissionString));
+    if (!ok) ALOGE("Request requires %s", permissionString);
+    return ok;
+}
+
  KeyedVector<Vector<uint8_t>, String8> Drm::mUUIDToLibraryPathMap;
  KeyedVector<String8, wp<SharedLibrary> > Drm::mLibraryPathToOpenLibraryMap;
  Mutex Drm::mMapLock;
@@ -608,6 +620,10 @@ status_t Drm::signRSA(Vector<uint8_t> const &sessionId,
          return -EINVAL;
      }
  
+    if (!checkPermission("android.permission.ACCESS_DRM_CERTIFICATES")) {
+        return -EPERM;
+    }
+
      return mPlugin->signRSA(sessionId, algorithm, message, wrappedKey, signature);
  }
author	Jeff Tinker <jtinker@google.com>
	Wed, 2 Apr 2014 23:41:38 +0000 (16:41 -0700)
committer	Jeff Tinker <jtinker@google.com>
	Wed, 2 Apr 2014 23:41:38 +0000 (16:41 -0700)