gmp-clearkey.cpp - mozsearch

Enable keyboard shortcuts

/*

 * Copyright 2015, Mozilla Foundation and contributors

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 * http://www.apache.org/licenses/LICENSE-2.0

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

*/

#include <assert.h>

// This include is required in order for content_decryption_module to work

// on Unix systems.

#include <stddef.h>

#include <stdio.h>

#include <string.h>

#include <string>

#include <vector>

#include "content_decryption_module.h"

#include "content_decryption_module_ext.h"

#include "nss.h"

#include "ClearKeyCDM.h"

#include "ClearKeySessionManager.h"

#include "mozilla/dom/KeySystemNames.h"

#ifndef XP_WIN

#  include <sys/types.h>

#  include <sys/stat.h>

#  include <unistd.h>

#endif

#ifdef ENABLE_WMF

#  include "WMFUtils.h"

#endif  // ENABLE_WMF

extern "C" {

CDM_API

void INITIALIZE_CDM_MODULE() {}

static bool sCanReadHostVerificationFiles = false;

CDM_API

void* CreateCdmInstance(int cdm_interface_version, const char* key_system,

                        uint32_t key_system_size,

                        GetCdmHostFunc get_cdm_host_func, void* user_data) {

  CK_LOGE("ClearKey CreateCDMInstance");

  if (cdm_interface_version != cdm::ContentDecryptionModule_10::kVersion) {

    CK_LOGE(

        "ClearKey CreateCDMInstance failed due to requesting unsupported "

        "version %d.",

        cdm_interface_version);

    return nullptr;

#ifdef ENABLE_WMF

  if (!wmf::EnsureLibs()) {

    CK_LOGE("Required libraries were not found");

    return nullptr;

#endif

  if (NSS_NoDB_Init(nullptr) == SECFailure) {

    CK_LOGE("Unable to initialize NSS");

    return nullptr;

#ifdef MOZILLA_OFFICIAL

  // Test that we're able to read the host files.

  if (!sCanReadHostVerificationFiles) {

    return nullptr;

#endif

  cdm::Host_10* host = static_cast<cdm::Host_10*>(

      get_cdm_host_func(cdm_interface_version, user_data));

  ClearKeyCDM* clearKey = new ClearKeyCDM(host);

  CK_LOGE("Created ClearKeyCDM instance!");

  if (strncmp(key_system, mozilla::kClearKeyWithProtectionQueryKeySystemName,

              key_system_size) == 0) {

    CK_LOGE("Enabling protection query on ClearKeyCDM instance!");

    clearKey->EnableProtectionQuery();

  return clearKey;

const size_t TEST_READ_SIZE = 16 * 1024;

bool CanReadSome(cdm::PlatformFile aFile) {

  std::vector<uint8_t> data;

  data.resize(TEST_READ_SIZE);

#ifdef XP_WIN

  DWORD bytesRead = 0;

  return ReadFile(aFile, &data.front(), TEST_READ_SIZE, &bytesRead, nullptr) &&

         bytesRead > 0;

#else

  return read(aFile, &data.front(), TEST_READ_SIZE) > 0;

#endif

void ClosePlatformFile(cdm::PlatformFile aFile) {

#ifdef XP_WIN

  CloseHandle(aFile);

#else

  close(aFile);

#endif

static uint32_t NumExpectedHostFiles(const cdm::HostFile* aHostFiles,

                                     uint32_t aNumFiles) {

#if !defined(XP_WIN)

  // We expect 4 binaries: clearkey, libxul, plugin-container, and Firefox.

  return 4;

#else

  // Windows running x64 or x86 natively should also have 4 as above.

  // For Windows on ARM64, we run an x86 plugin-contianer process under

  // emulation, and so we expect one additional binary; the x86

  // xul.dll used by plugin-container.exe.

  bool i686underAArch64 = false;

  // Assume that we're running under x86 emulation on an aarch64 host if

  // one of the paths ends with the x86 plugin-container path we'd expect.

  const std::wstring plugincontainer = L"i686\\plugin-container.exe";

  for (uint32_t i = 0; i < aNumFiles; i++) {

    const cdm::HostFile& hostFile = aHostFiles[i];

    if (hostFile.file != cdm::kInvalidPlatformFile) {

      std::wstring path = hostFile.file_path;

      auto offset = path.find(plugincontainer);

      if (offset != std::string::npos &&

          offset == path.size() - plugincontainer.size()) {

        i686underAArch64 = true;

        break;

  return i686underAArch64 ? 5 : 4;

#endif

CDM_API

bool VerifyCdmHost_0(const cdm::HostFile* aHostFiles, uint32_t aNumFiles) {

  // Check that we've received the expected number of host files.

  bool rv = (aNumFiles == NumExpectedHostFiles(aHostFiles, aNumFiles));

  // Verify that each binary is readable inside the sandbox,

  // and close the handle.

  for (uint32_t i = 0; i < aNumFiles; i++) {

    const cdm::HostFile& hostFile = aHostFiles[i];

    if (hostFile.file != cdm::kInvalidPlatformFile) {

      if (!CanReadSome(hostFile.file)) {

        rv = false;

      ClosePlatformFile(hostFile.file);

    if (hostFile.sig_file != cdm::kInvalidPlatformFile) {

      ClosePlatformFile(hostFile.sig_file);

  sCanReadHostVerificationFiles = rv;

  return rv;

}  // extern "C".