Correct offline license handling

[ Merge of http://go/wvgerrit/28261 ] Licenses (offline, secure stops) that contain provider session tokens are handled securely using usage tables. A recent fix did not correctly handle offline licenses that do not contain a provider session token and are not handled by the TEE. b/62340248 Test: WV Unit/integration tests, GtsMediaTestCases Change-Id: Ia1331fea9deff44dd1d93219b37f5bea4b8ee168
2017-06-07 15:36:53 -07:00
parent ba346a1bea
commit 1857da2c8c
4 changed files with 26 additions and 11 deletions
--- a/libwvdrmengine/cdm/core/src/cdm_session.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_session.cpp
@@ -212,7 +212,14 @@ CdmResponseType CdmSession::RestoreOfflineSession(
    return GET_RELEASED_LICENSE_ERROR;
  }

-  if (usage_support_type_ == kUsageEntrySupport) {
+  std::string provider_session_token;
+  if (!license_parser_->ExtractProviderSessionToken(
+      key_response_, &provider_session_token)) {
+    provider_session_token.clear();
+  }
+
+  if (usage_support_type_ == kUsageEntrySupport &&
+      provider_session_token.size() > 0) {
    CdmResponseType sts = usage_table_header_->LoadEntry(crypto_session_.get(),
                                                         usage_entry_,
                                                         usage_entry_number_);
@@ -236,7 +243,8 @@ CdmResponseType CdmSession::RestoreOfflineSession(
    }
  }

-  if (usage_support_type_ == kUsageEntrySupport) {
+  if (usage_support_type_ == kUsageEntrySupport &&
+      provider_session_token.size() > 0) {
    CdmResponseType sts =
        usage_table_header_->UpdateEntry(crypto_session_.get(), &usage_entry_);
    if (sts != NO_ERROR) {
@@ -459,8 +467,10 @@ CdmResponseType CdmSession::AddKey(const CdmKeyResponse& key_response) {
    key_response_ = key_response;

    if (is_offline_ || has_provider_session_token()) {
-      if (usage_support_type_ == kUsageEntrySupport)
+      if (has_provider_session_token() &&
+          usage_support_type_ == kUsageEntrySupport) {
        usage_table_header_->UpdateEntry(crypto_session_.get(), &usage_entry_);
+      }

      if (!is_offline_)
        usage_provider_session_token_ =
--- a/libwvdrmengine/cdm/core/src/crypto_session.cpp
+++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp
@@ -434,8 +434,10 @@ uint8_t CryptoSession::GetSecurityPatchLevel() {
 }

 CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) {
-  LOGV("CryptoSession::Open: Lock: requested_security_level: %d",
-       requested_security_level);
+  LOGD("CryptoSession::Open: Lock: requested_security_level: %s",
+       requested_security_level == kLevel3
+       ? QUERY_VALUE_SECURITY_LEVEL_L3.c_str()
+       : QUERY_VALUE_SECURITY_LEVEL_DEFAULT.c_str());
  AutoLock auto_lock(crypto_lock_);
  if (!initialized_) return UNKNOWN_ERROR;
  if (open_) return NO_ERROR;
@@ -1645,11 +1647,15 @@ bool CryptoSession::GetSrmVersion(uint16_t* srm_version) {
  }

  OEMCryptoResult status = OEMCrypto_GetCurrentSRMVersion(srm_version);
-  if (OEMCrypto_SUCCESS != status) {
-    LOGW("OEMCrypto_GetCurrentSRMVersion fails with %d", status);
-    return false;
+  switch (status) {
+    case OEMCrypto_SUCCESS:
+      return true;
+    case OEMCrypto_ERROR_NOT_IMPLEMENTED:
+      return false;
+    default:
+      LOGW("OEMCrypto_GetCurrentSRMVersion fails with %d", status);
+      return false;
  }
-  return true;
 }

 bool CryptoSession::IsSrmUpdateSupported() {