Merge "Ignore certain errors on RemoveOfflineLicense()." into vic-widevine-dev

libwvdrmengine/cdm/core/src/cdm_engine.cpp

@@ -1504,20 +1504,38 @@ CdmResponseType CdmEngine::RemoveOfflineLicense(
 
   CdmResponseType sts = OpenKeySetSession(key_set_id, &property_set,
                                           nullptr /* event listener */);
+  if (sts == NEED_PROVISIONING) {
+    // It is possible that an app unprovisioned after requesting some
+    // licenses.  RemoveOfflineLicense() should be allowed to work
+    // with or without provisioning.
+    LOGW("Not provisioned, deleting license: %s", IdToString(key_set_id));
+    // TODO(b/372105842): Mark usage entry as unused.
+    handle.DeleteLicense(key_set_id);
+    return CdmResponseType(NO_ERROR);
+  }
   if (sts != NO_ERROR) {
     LOGE("OpenKeySetSession failed: status = %d", static_cast<int>(sts));
     handle.DeleteLicense(key_set_id);
     return sts;
   }
 
+  // Attempt to lock out the license's usage entry to prevent file
+  // restoration by generating a release request.
+  // This step should not directly effect the app, as the app is not
+  // requesting the release.  See enumerated errors below.
   CdmSessionId session_id;
   CdmAppParameterMap dummy_app_params;
   const InitializationData dummy_init_data("", "", "");
-  CdmKeyRequest key_request;
-  // Calling with no session_id is okay
+  CdmKeyRequest release_request_unused;
+  // Calling with no session_id is okay.
+  // License will be restored by GenerateKeyRequest().
   sts = GenerateKeyRequest(session_id, key_set_id, dummy_init_data,
-                           kLicenseTypeRelease, dummy_app_params, &key_request);
+                           kLicenseTypeRelease, dummy_app_params,
+                           &release_request_unused);
+
   if (sts == KEY_MESSAGE) {
+    // Release was successfully generated, use CDM session
+    // to properly delete all license data.
     std::unique_lock<std::mutex> lock(release_key_sets_lock_);
     CdmReleaseKeySetMap::iterator iter = release_key_sets_.find(key_set_id);
     if (iter == release_key_sets_.end()) {
@@ -1535,10 +1553,32 @@ CdmResponseType CdmEngine::RemoveOfflineLicense(
     LOGW("License usage entry is missing, deleting license file");
     handle.DeleteLicense(key_set_id);
     sts = CdmResponseType(NO_ERROR);
+  } else if (sts == LOAD_LICENSE_ERROR || sts == LOAD_DRM_PRIVATE_KEY_ERROR ||
+             sts == RELEASE_LICENSE_ERROR_1 || sts == NEED_PROVISIONING) {
+    // It is possible that the DRM certificate associated with this
+    // license has been replaced/updated or that the root of trust has
+    // been updated (invalidating the DRM certificate).
+    // it will no longer be possible to load the license for release;
+    // and the file should simply be deleted.
+    LOGW("License could not be restored, deleting license file: status = %s",
+         sts.ToString().c_str());
+    handle.DeleteLicense(key_set_id);
+    sts = CdmResponseType(NO_ERROR);
+  } else if (sts == GENERATE_SIGNATURE_ERROR) {
+    // It is possible that OEMCrypto does not have a key to generate
+    // a signature for release request.  The app is trying to remove
+    // not release, so failure related to generating the release
+    // request should not cause this to fail.
+    LOGW("License could not be released, deleting license file: status = %s",
+         sts.ToString().c_str());
+    handle.DeleteLicense(key_set_id);
+    sts = CdmResponseType(NO_ERROR);
   }
 
   if (sts != NO_ERROR) {
-    LOGE("GenerateKeyRequest failed: status = %d", static_cast<int>(sts));
+    // Errors not caught above should be treated as an error,
+    // and the license file should be deleted.
+    LOGE("GenerateKeyRequest failed: status = %s", sts.ToString().c_str());
     handle.DeleteLicense(key_set_id);
   }
   CloseKeySetSession(key_set_id);

libwvdrmengine/cdm/core/src/crypto_session.cpp

@@ -1391,7 +1391,7 @@ CdmResponseType CryptoSession::LoadCertificatePrivateKey(
                metrics_, oemcrypto_load_device_drm_key_, sts);
       });
 
-  return MapOEMCryptoResult(sts, LOAD_DEVICE_RSA_KEY_ERROR,
+  return MapOEMCryptoResult(sts, LOAD_DRM_PRIVATE_KEY_ERROR,
                             "LoadCertificatePrivateKey");
 }
 

libwvdrmengine/cdm/core/src/wv_cdm_types.cpp

@@ -719,8 +719,8 @@ const char* CdmResponseEnumToString(CdmResponseEnum cdm_response_enum) {
       return "SESSION_LOST_STATE_ERROR";
     case GENERATE_DERIVED_KEYS_ERROR_2:
       return "GENERATE_DERIVED_KEYS_ERROR_2";
-    case LOAD_DEVICE_RSA_KEY_ERROR:
-      return "LOAD_DEVICE_RSA_KEY_ERROR";
+    case LOAD_DRM_PRIVATE_KEY_ERROR:
+      return "LOAD_DRM_PRIVATE_KEY_ERROR";
     case NONCE_GENERATION_ERROR:
       return "NONCE_GENERATION_ERROR";
     case GENERATE_SIGNATURE_ERROR: