From 67d7e895e2db40ac22dbf79c9d4ae4cc4597cc34 Mon Sep 17 00:00:00 2001
From: Alex Dale <sigquit@google.com>
Date: Thu, 9 Dec 2021 18:52:24 -0800
Subject: [PATCH] Check security-level during OpenSession.

[ Merge of http://go/wvgerrit/140934 ]

It was assumed that L1 would be tried before first reverting to L3 when
performing OTA keybox provisioning.  If an app automatically defaults
to L3, it may get into a provisioning loop if the device wants to
perform keybox provisioning.

Now, OpenSession() will check the security level before suggesting OTA
keybox provisioning back to the app.

Bug: 187646550
Test: Manual tests on Android
Change-Id: Icd8f0915b0cc0d06c545b43bf8c1ccac793ce0b2
---
 libwvdrmengine/cdm/core/src/cdm_engine.cpp | 67 ++++++++++++----------
 1 file changed, 38 insertions(+), 29 deletions(-)

diff --git a/libwvdrmengine/cdm/core/src/cdm_engine.cpp b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
index fd5234f3..35fefd92 100644
--- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
@@ -121,41 +121,50 @@ CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,
     }
     LOGD("forced_session_id = %s", IdPtrToString(forced_session_id));
   }
+
+  SecurityLevel requested_security_level = kLevelDefault;
+  if (property_set &&
+      property_set->security_level() == QUERY_VALUE_SECURITY_LEVEL_L3) {
+    requested_security_level = kLevel3;
+  }
+
   bool forced_level3 = false;
-  if (OkpCheck()) {
-    bool okp_provisioned = false;
-    bool fallback = false;
-    {
-      std::unique_lock<std::mutex> lock(okp_mutex_);
-      if (!okp_provisioner_) {
-        // Very rare race condition.  Possible if two calls to OpenSession
-        // occur the same time.  Cleanup would have been performed.
-        if (okp_fallback_) {
-          fallback = true;
-        } else {
+  if (requested_security_level == kLevelDefault) {
+    if (OkpCheck()) {
+      bool okp_provisioned = false;
+      bool fallback = false;
+      {
+        std::unique_lock<std::mutex> lock(okp_mutex_);
+        if (!okp_provisioner_) {
+          // Very rare race condition.  Possible if two calls to OpenSession
+          // occur the same time.  Cleanup would have been performed.
+          if (okp_fallback_) {
+            fallback = true;
+          } else {
+            okp_provisioned = true;
+          }
+        } else if (okp_provisioner_->IsProvisioned()) {
           okp_provisioned = true;
+        } else if (okp_provisioner_->IsInFallbackMode()) {
+          fallback = true;
         }
-      } else if (okp_provisioner_->IsProvisioned()) {
-        okp_provisioned = true;
-      } else if (okp_provisioner_->IsInFallbackMode()) {
-        fallback = true;
       }
-    }
-    if (okp_provisioned) {
-      // OKP not required, engine may assume normal operations.
-      OkpCleanUp();
-    } else if (fallback) {
-      LOGD("Engine is falling back to L3");
-      OkpTriggerFallback();
-      forced_level3 = true;
+      if (okp_provisioned) {
+        // OKP not required, engine may assume normal operations.
+        OkpCleanUp();
+      } else if (fallback) {
+        LOGD("Engine is falling back to L3");
+        OkpTriggerFallback();
+        forced_level3 = true;
+      } else {
+        // OKP is required.
+        return NEED_PROVISIONING;
+      }
     } else {
-      // OKP is required.
-      return NEED_PROVISIONING;
+      std::unique_lock<std::mutex> lock(okp_mutex_);
+      // |okp_fallback_| would have been set previously if required.
+      if (okp_fallback_) forced_level3 = true;
     }
-  } else {
-    std::unique_lock<std::mutex> lock(okp_mutex_);
-    // |okp_fallback_| would have been set previously if required.
-    if (okp_fallback_) forced_level3 = true;
   }
 
   CloseExpiredReleaseSessions();