widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Do Not Unprovision Baked-In DRM Certs

Browse Source 
Merge from Widevine repo of http://go/wvgerrit/49820

Devices with baked-in DRM certs cannot be reprovisioned. As such, we
must protect them against being unprovisioned. Currently, our unit
tests break such devices by attempting to unprovision them. This patch
adds code to block the Unprovision() call on these devices.

Bug: 69264798
Test: CE CDM Unit Tests
Test: tested as part of http://go/ag/4674759
Change-Id: I49322dcb2d3d5c7953e870eb91a9e0b978d4dabe
This commit is contained in:
Fred Gylys-Colwell
2018-06-30 22:30:57 -07:00
parent 13a76d1236
commit 240652afcf
7 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
libwvdrmengine/cdm/core/src/cdm_engine.cpp
View File

@@ -872,6 +872,19 @@ bool CdmEngine::IsProvisioned(CdmSecurityLevel security_level) {
}
CdmResponseType CdmEngine::Unprovision(CdmSecurityLevel security_level) {
// Devices with baked-in DRM certs cannot be reprovisioned and therefore must
// not be unprovisioned.
CryptoSession crypto_session(metrics_.GetCryptoMetrics());
CdmClientTokenType token_type = kClientTokenUninitialized;
CdmResponseType res = crypto_session.GetProvisioningMethod(
security_level == kSecurityLevelL3 ? kLevel3 : kLevelDefault,
&token_type);
if (res != NO_ERROR) {
return res;
} else if (token_type == kClientTokenDrmCert) {
return DEVICE_CANNOT_REPROVISION;
}
DeviceFiles handle(file_system_);
if (!handle.Init(security_level)) {
LOGE("CdmEngine::Unprovision: unable to initialize device files");