From 2c940856fd80925c2b777583812f20df4770baaa Mon Sep 17 00:00:00 2001 From: Fred Gylys-Colwell Date: Wed, 1 Aug 2018 19:05:48 -0700 Subject: [PATCH] Allow clear lead to play before key policy loaded Merge from Widevine repo of http://go/wvgerrit/56760 This CL backs out one restriction added in http://go/wvgerrit/42941. In that CL, a sample would not be processed if the policy engine says the key cannot be used for a given security level. The change relaxes the check and does not run the verification if the sample is clear. Bug: 112113797 Bug: 115758660 Test: GTS tests. Unit tests. Verified Play movies and Netflix. Test: version number unit tests fail as expected. Change-Id: I5238745c3d3d7f0eb7fae203f4579e8df4d0681b --- libwvdrmengine/cdm/core/src/cdm_session.cpp | 26 +++++++++++---------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/libwvdrmengine/cdm/core/src/cdm_session.cpp b/libwvdrmengine/cdm/core/src/cdm_session.cpp index ee47a39b..f4105a0c 100644 --- a/libwvdrmengine/cdm/core/src/cdm_session.cpp +++ b/libwvdrmengine/cdm/core/src/cdm_session.cpp @@ -577,18 +577,20 @@ CdmResponseType CdmSession::Decrypt(const CdmDecryptionParameters& params) { return NOT_INITIALIZED_ERROR; } - // Playback may not begin until either the start time passes or the license - // is updated, so we treat this Decrypt call as invalid. - if (params.is_encrypted && - !policy_engine_->CanDecryptContent(*params.key_id)) { - if (policy_engine_->IsLicenseForFuture()) return DECRYPT_NOT_READY; - if (!policy_engine_->IsSufficientOutputProtection(*params.key_id)) - return INSUFFICIENT_OUTPUT_PROTECTION; - return NEED_KEY; - } - - if (!policy_engine_->CanUseKey(*params.key_id, security_level_)) { - return KEY_PROHIBITED_FOR_SECURITY_LEVEL; + // Encrypted playback may not begin until either the start time passes or the + // license is updated, so we treat this Decrypt call as invalid. + // For the clear lead, we allow playback even if the key_id is not found or if + // the security level is not high enough yet. + if (params.is_encrypted) { + if (!policy_engine_->CanDecryptContent(*params.key_id)) { + if (policy_engine_->IsLicenseForFuture()) return DECRYPT_NOT_READY; + if (!policy_engine_->IsSufficientOutputProtection(*params.key_id)) + return INSUFFICIENT_OUTPUT_PROTECTION; + return NEED_KEY; + } + if (!policy_engine_->CanUseKey(*params.key_id, security_level_)) { + return KEY_PROHIBITED_FOR_SECURITY_LEVEL; + } } CdmResponseType status = crypto_session_->Decrypt(params);