Merge cherrypicks of [4586293, 4586294, 4586295, 4584365, 4584366, 4584367, 4584368, 4584369, 4584370, 4587544, 4584705, 4586296, 4587545, 4587546, 4586297, 4586298, 4586299, 4586300, 4584371, 4586301, 4584706, 4586302, 4586303, 4587584, 4587585, 4587586, 4587587, 4587588, 4587589, 4587590, 4587591, 4587644, 4587645, 4587646, 4587647, 4587648, 4587649, 4587650, 4587651, 4587652, 4587653, 4587654, 4587655, 4587656, 4587657, 4587658, 4587659, 4587660, 4587661, 4587662, 4584536, 4587547, 4587548, 4587549, 4584707, 4584708, 4587550, 4587551, 4587593, 4586516, 4584372, 4584373, 4584374, 4587595, 4584375, 4584376, 4587552, 4587596, 4587597, 4587598, 4587599, 4584414, 4584415, 4584416, 4584417, 4584418, 4584419, 4584420, 4584421, 4584422, 4584423, 4587804, 4587805, 4587806, 4587807, 4587808, 4587809, 4587810, 4587811, 4587812, 4587813, 4587814, 4587815, 4587816, 4587817, 4587818, 4587884, 4587885, 4587600, 4587601, 4587819, 4584709] into sparse-4749909-L91900000192339903
Change-Id: Iacf57b61761c96ea9a0d5bfd8f5852d461f32bfa
diff --git a/cas/1.0/default/CasImpl.cpp b/cas/1.0/default/CasImpl.cpp
index 9d1f4a3..178020e 100644
--- a/cas/1.0/default/CasImpl.cpp
+++ b/cas/1.0/default/CasImpl.cpp
@@ -31,19 +31,8 @@
namespace V1_0 {
namespace implementation {
-struct CasImpl::PluginHolder : public RefBase {
-public:
- explicit PluginHolder(CasPlugin *plugin) : mPlugin(plugin) {}
- ~PluginHolder() { if (mPlugin != NULL) delete mPlugin; }
- CasPlugin* get() { return mPlugin; }
-
-private:
- CasPlugin *mPlugin;
- DISALLOW_EVIL_CONSTRUCTORS(PluginHolder);
-};
-
CasImpl::CasImpl(const sp<ICasListener> &listener)
- : mPluginHolder(NULL), mListener(listener) {
+ : mListener(listener) {
ALOGV("CTOR");
}
@@ -69,7 +58,8 @@
void CasImpl::init(const sp<SharedLibrary>& library, CasPlugin *plugin) {
mLibrary = library;
- mPluginHolder = new PluginHolder(plugin);
+ std::shared_ptr<CasPlugin> holder(plugin);
+ std::atomic_store(&mPluginHolder, holder);
}
void CasImpl::onEvent(
@@ -88,21 +78,22 @@
Return<Status> CasImpl::setPrivateData(const HidlCasData& pvtData) {
ALOGV("%s", __FUNCTION__);
- sp<PluginHolder> holder = mPluginHolder;
- if (holder == NULL) {
+ std::shared_ptr<CasPlugin> holder = std::atomic_load(&mPluginHolder);
+ if (holder.get() == nullptr) {
return toStatus(INVALID_OPERATION);
}
- return toStatus(holder->get()->setPrivateData(pvtData));
+ return toStatus(holder->setPrivateData(pvtData));
}
Return<void> CasImpl::openSession(openSession_cb _hidl_cb) {
ALOGV("%s", __FUNCTION__);
CasSessionId sessionId;
- sp<PluginHolder> holder = mPluginHolder;
+ std::shared_ptr<CasPlugin> holder = std::atomic_load(&mPluginHolder);
status_t err = INVALID_OPERATION;
- if (holder != NULL) {
- err = holder->get()->openSession(&sessionId);
+ if (holder.get() != nullptr) {
+ err = holder->openSession(&sessionId);
+ holder.reset();
}
_hidl_cb(toStatus(err), sessionId);
@@ -114,87 +105,87 @@
const HidlCasSessionId &sessionId, const HidlCasData& pvtData) {
ALOGV("%s: sessionId=%s", __FUNCTION__,
sessionIdToString(sessionId).string());
- sp<PluginHolder> holder = mPluginHolder;
- if (holder == NULL) {
+ std::shared_ptr<CasPlugin> holder = std::atomic_load(&mPluginHolder);
+ if (holder.get() == nullptr) {
return toStatus(INVALID_OPERATION);
}
- return toStatus(
- holder->get()->setSessionPrivateData(
- sessionId, pvtData));
+ return toStatus(holder->setSessionPrivateData(sessionId, pvtData));
}
Return<Status> CasImpl::closeSession(const HidlCasSessionId &sessionId) {
ALOGV("%s: sessionId=%s", __FUNCTION__,
sessionIdToString(sessionId).string());
- sp<PluginHolder> holder = mPluginHolder;
- if (holder == NULL) {
+ std::shared_ptr<CasPlugin> holder = std::atomic_load(&mPluginHolder);
+ if (holder.get() == nullptr) {
return toStatus(INVALID_OPERATION);
}
- return toStatus(holder->get()->closeSession(sessionId));
+ return toStatus(holder->closeSession(sessionId));
}
Return<Status> CasImpl::processEcm(
const HidlCasSessionId &sessionId, const HidlCasData& ecm) {
ALOGV("%s: sessionId=%s", __FUNCTION__,
sessionIdToString(sessionId).string());
- sp<PluginHolder> holder = mPluginHolder;
- if (holder == NULL) {
+ std::shared_ptr<CasPlugin> holder = std::atomic_load(&mPluginHolder);
+ if (holder.get() == nullptr) {
return toStatus(INVALID_OPERATION);
}
- return toStatus(holder->get()->processEcm(sessionId, ecm));
+ return toStatus(holder->processEcm(sessionId, ecm));
}
Return<Status> CasImpl::processEmm(const HidlCasData& emm) {
ALOGV("%s", __FUNCTION__);
- sp<PluginHolder> holder = mPluginHolder;
- if (holder == NULL) {
+ std::shared_ptr<CasPlugin> holder = std::atomic_load(&mPluginHolder);
+ if (holder.get() == nullptr) {
return toStatus(INVALID_OPERATION);
}
- return toStatus(holder->get()->processEmm(emm));
+ return toStatus(holder->processEmm(emm));
}
Return<Status> CasImpl::sendEvent(
int32_t event, int32_t arg,
const HidlCasData& eventData) {
ALOGV("%s", __FUNCTION__);
- sp<PluginHolder> holder = mPluginHolder;
- if (holder == NULL) {
+ std::shared_ptr<CasPlugin> holder = std::atomic_load(&mPluginHolder);
+ if (holder.get() == nullptr) {
return toStatus(INVALID_OPERATION);
}
- status_t err = holder->get()->sendEvent(event, arg, eventData);
+ status_t err = holder->sendEvent(event, arg, eventData);
return toStatus(err);
}
Return<Status> CasImpl::provision(const hidl_string& provisionString) {
ALOGV("%s: provisionString=%s", __FUNCTION__, provisionString.c_str());
- sp<PluginHolder> holder = mPluginHolder;
- if (holder == NULL) {
+ std::shared_ptr<CasPlugin> holder = std::atomic_load(&mPluginHolder);
+ if (holder.get() == nullptr) {
return toStatus(INVALID_OPERATION);
}
- return toStatus(holder->get()->provision(String8(provisionString.c_str())));
+ return toStatus(holder->provision(String8(provisionString.c_str())));
}
Return<Status> CasImpl::refreshEntitlements(
int32_t refreshType,
const HidlCasData& refreshData) {
ALOGV("%s", __FUNCTION__);
- sp<PluginHolder> holder = mPluginHolder;
- if (holder == NULL) {
+ std::shared_ptr<CasPlugin> holder = std::atomic_load(&mPluginHolder);
+ if (holder.get() == nullptr) {
return toStatus(INVALID_OPERATION);
}
- status_t err = holder->get()->refreshEntitlements(refreshType, refreshData);
+ status_t err = holder->refreshEntitlements(refreshType, refreshData);
return toStatus(err);
}
Return<Status> CasImpl::release() {
- ALOGV("%s: plugin=%p", __FUNCTION__,
- mPluginHolder != NULL ? mPluginHolder->get() : NULL);
- mPluginHolder.clear();
+ ALOGV("%s: plugin=%p", __FUNCTION__, mPluginHolder.get());
+
+ std::shared_ptr<CasPlugin> holder(nullptr);
+ std::atomic_store(&mPluginHolder, holder);
+
return Status::OK;
}
diff --git a/cas/1.0/default/CasImpl.h b/cas/1.0/default/CasImpl.h
index 841d64e..d792838 100644
--- a/cas/1.0/default/CasImpl.h
+++ b/cas/1.0/default/CasImpl.h
@@ -88,7 +88,7 @@
private:
struct PluginHolder;
sp<SharedLibrary> mLibrary;
- sp<PluginHolder> mPluginHolder;
+ std::shared_ptr<CasPlugin> mPluginHolder;
sp<ICasListener> mListener;
DISALLOW_EVIL_CONSTRUCTORS(CasImpl);
diff --git a/cas/1.0/default/DescramblerImpl.cpp b/cas/1.0/default/DescramblerImpl.cpp
index 36699ba..6d5e2d5 100644
--- a/cas/1.0/default/DescramblerImpl.cpp
+++ b/cas/1.0/default/DescramblerImpl.cpp
@@ -50,12 +50,12 @@
DescramblerImpl::DescramblerImpl(
const sp<SharedLibrary>& library, DescramblerPlugin *plugin) :
- mLibrary(library), mPlugin(plugin) {
- ALOGV("CTOR: mPlugin=%p", mPlugin);
+ mLibrary(library), mPluginHolder(plugin) {
+ ALOGV("CTOR: plugin=%p", mPluginHolder.get());
}
DescramblerImpl::~DescramblerImpl() {
- ALOGV("DTOR: mPlugin=%p", mPlugin);
+ ALOGV("DTOR: plugin=%p", mPluginHolder.get());
release();
}
@@ -63,12 +63,22 @@
ALOGV("%s: sessionId=%s", __FUNCTION__,
sessionIdToString(sessionId).string());
- return toStatus(mPlugin->setMediaCasSession(sessionId));
+ std::shared_ptr<DescramblerPlugin> holder = std::atomic_load(&mPluginHolder);
+ if (holder.get() == nullptr) {
+ return toStatus(INVALID_OPERATION);
+ }
+
+ return toStatus(holder->setMediaCasSession(sessionId));
}
Return<bool> DescramblerImpl::requiresSecureDecoderComponent(
const hidl_string& mime) {
- return mPlugin->requiresSecureDecoderComponent(String8(mime.c_str()));
+ std::shared_ptr<DescramblerPlugin> holder = std::atomic_load(&mPluginHolder);
+ if (holder.get() == nullptr) {
+ return false;
+ }
+
+ return holder->requiresSecureDecoderComponent(String8(mime.c_str()));
}
static inline bool validateRangeForSize(
@@ -86,6 +96,16 @@
descramble_cb _hidl_cb) {
ALOGV("%s", __FUNCTION__);
+ // hidl_memory's size is stored in uint64_t, but mapMemory's mmap will map
+ // size in size_t. If size is over SIZE_MAX, mapMemory mapMemory could succeed
+ // but the mapped memory's actual size will be smaller than the reported size.
+ if (srcBuffer.heapBase.size() > SIZE_MAX) {
+ ALOGE("Invalid hidl_memory size: %llu", srcBuffer.heapBase.size());
+ android_errorWriteLog(0x534e4554, "79376389");
+ _hidl_cb(toStatus(BAD_VALUE), 0, NULL);
+ return Void();
+ }
+
sp<IMemory> srcMem = mapMemory(srcBuffer.heapBase);
// Validate if the offset and size in the SharedBuffer is consistent with the
@@ -143,10 +163,21 @@
dstBuffer.secureMemory.getNativeHandle());
dstPtr = static_cast<void *>(handle);
}
+
+ // Get a local copy of the shared_ptr for the plugin. Note that before
+ // calling the HIDL callback, this shared_ptr must be manually reset,
+ // since the client side could proceed as soon as the callback is called
+ // without waiting for this method to go out of scope.
+ std::shared_ptr<DescramblerPlugin> holder = std::atomic_load(&mPluginHolder);
+ if (holder.get() == nullptr) {
+ _hidl_cb(toStatus(INVALID_OPERATION), 0, NULL);
+ return Void();
+ }
+
// Casting hidl SubSample to DescramblerPlugin::SubSample, but need
// to ensure structs are actually idential
- int32_t result = mPlugin->descramble(
+ int32_t result = holder->descramble(
dstBuffer.type != BufferType::SHARED_MEMORY,
(DescramblerPlugin::ScramblingControl)scramblingControl,
subSamples.size(),
@@ -157,17 +188,17 @@
dstOffset,
NULL);
+ holder.reset();
_hidl_cb(toStatus(result >= 0 ? OK : result), result, NULL);
return Void();
}
Return<Status> DescramblerImpl::release() {
- ALOGV("%s: mPlugin=%p", __FUNCTION__, mPlugin);
+ ALOGV("%s: plugin=%p", __FUNCTION__, mPluginHolder.get());
- if (mPlugin != NULL) {
- delete mPlugin;
- mPlugin = NULL;
- }
+ std::shared_ptr<DescramblerPlugin> holder(nullptr);
+ std::atomic_store(&mPluginHolder, holder);
+
return Status::OK;
}
diff --git a/cas/1.0/default/DescramblerImpl.h b/cas/1.0/default/DescramblerImpl.h
index d3b146e..305f115 100644
--- a/cas/1.0/default/DescramblerImpl.h
+++ b/cas/1.0/default/DescramblerImpl.h
@@ -55,7 +55,7 @@
private:
sp<SharedLibrary> mLibrary;
- DescramblerPlugin *mPlugin;
+ std::shared_ptr<DescramblerPlugin> mPluginHolder;
DISALLOW_EVIL_CONSTRUCTORS(DescramblerImpl);
};
