Vendor supplied Widevine CDM

Status: draft

As some vendors want to supply their own Widevine CDM with their system, it is important to have support for this in InputStream Helper as well as other add-ons that want to implement this.

The below design is the result of a thought-process on the Add-ons internal Slack channel with a lot of stakeholders. An earlier discussion is found in issue #229.

Design

• The vendor supplies a libwidevinecdm-vendor.so in the DECRYPTERPATH
• InputStream Helper checks if this file exists, and if not already, links it as libwidevinecdm.so
• InputStream Helper will skip trying to update libwidevinecdm.so and provide no options related to this to the user
• InputStream Helper will indicate in the Information pane and in the settings that "Widevine CDM is supplied by the vendor"

Vendor-implemented changes

• The vendor can move DECRYPTERPATH out of the Kodi home directory (special://home/cdm) as long as it is writable
• The vendor can make libwidevinecdm.so immutable (chattr +i)
• The vendor can already supply its libwidevinecdm-vendor.so as libwidevinecdm.so so this setup works out-of-the-box by default

Notes

• Alternatively, moving the vendor-supplied libwidevinecdm.so to a read-only location would work
  • But this requires a new location in Kodi or inputstream.adaptive to be used for this (needs upstream approval/work)
  • Currently InputStream Helper cannot impose this on other add-ons (add-ons should be free to not require ISH)
• A read-only libwidevinecdm.so inside DECRYPTERPATH is not possible
  • DECRYPTERPATH needs to be writeable by inputstream.adaptive, so Kodi requires write access to this directory
  • As a result the Kodi user can remove this read-only library, so does not help
• Existing add-ons could replace libwidevinecdm.so that is why the vendor-supplied Widevine is named differently
  • This does not protect libwidevinecdm.so fully, a user can still remove that file
  • But it does protect us from incidental removal by other scripts/procedures, intentional or not