Part of fix for libmedia OOB write anywhere

Prevent usage of client provided address on
non-secure devices spoofed as being secure.

b/23223325

merge of go/wvgerrit/15420 from widevine repo

Change-Id: I1d4f3a652b3d5e78fca508f92005cfa8df5ec6db

libwvdrmengine/cdm/core/include/wv_cdm_types.h

@@ -202,6 +202,7 @@ enum CdmResponseType {
   LICENSE_REQUEST_NONCE_GENERATION_ERROR,
   LICENSE_REQUEST_SIGNING_ERROR,
   EMPTY_LICENSE_REQUEST,
+  SECURE_BUFFER_REQUIRED,
 };
 
 enum CdmKeyStatus {

libwvdrmengine/cdm/core/src/crypto_session.cpp

@@ -641,6 +641,10 @@ CdmResponseType CryptoSession::Decrypt(const CdmDecryptionParameters& params) {
   buffer_descriptor.type =
       params.is_secure ? destination_buffer_type_ : OEMCrypto_BufferType_Clear;
 
+  if (params.is_secure && buffer_descriptor.type == OEMCrypto_BufferType_Clear) {
+    return SECURE_BUFFER_REQUIRED;
+  }
+
   switch (buffer_descriptor.type) {
     case OEMCrypto_BufferType_Clear:
       buffer_descriptor.buffer.clear.address =

libwvdrmengine/include/mapErrors-inl.h

@@ -345,6 +345,8 @@ static android::status_t mapCdmResponseType(wvcdm::CdmResponseType res) {
       return android::ERROR_DRM_UNKNOWN;
     case wvcdm::UNUSED_1:
       return android::UNKNOWN_ERROR;
+    case wvcdm::SECURE_BUFFER_REQUIRED:
+      return android::ERROR_DRM_CANNOT_HANDLE;
   }
 
   // Return here instead of as a default case so that the compiler will warn