widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow clear lead to play before key policy loaded

Browse Source 
Merge from Widevine repo of http://go/wvgerrit/56760

This CL backs out one restriction added in http://go/wvgerrit/42941.
In that CL, a sample would not be processed if the policy engine says
the key cannot be used for a given security level. The change relaxes
the check and does not run the verification if the sample is clear.

Bug: 112113797
Bug: 115758660
Test: GTS tests.  Unit tests.  Verified Play movies and Netflix.
Test: version number unit tests fail as expected.

Change-Id: I5238745c3d3d7f0eb7fae203f4579e8df4d0681b
This commit is contained in:
Fred Gylys-Colwell
2018-08-01 19:05:48 -07:00
parent 01ce294226
commit 2c940856fd
1 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
libwvdrmengine/cdm/core/src/cdm_session.cpp
View File

@@ -577,18 +577,20 @@ CdmResponseType CdmSession::Decrypt(const CdmDecryptionParameters& params) {
return NOT_INITIALIZED_ERROR;
}
// Playback may not begin until either the start time passes or the license
// is updated, so we treat this Decrypt call as invalid.
if (params.is_encrypted &&
!policy_engine_->CanDecryptContent(*params.key_id)) {
if (policy_engine_->IsLicenseForFuture()) return DECRYPT_NOT_READY;
if (!policy_engine_->IsSufficientOutputProtection(*params.key_id))
return INSUFFICIENT_OUTPUT_PROTECTION;
return NEED_KEY;
}
if (!policy_engine_->CanUseKey(*params.key_id, security_level_)) {
return KEY_PROHIBITED_FOR_SECURITY_LEVEL;
// Encrypted playback may not begin until either the start time passes or the
// license is updated, so we treat this Decrypt call as invalid.
// For the clear lead, we allow playback even if the key_id is not found or if
// the security level is not high enough yet.
if (params.is_encrypted) {
if (!policy_engine_->CanDecryptContent(*params.key_id)) {
if (policy_engine_->IsLicenseForFuture()) return DECRYPT_NOT_READY;
if (!policy_engine_->IsSufficientOutputProtection(*params.key_id))
return INSUFFICIENT_OUTPUT_PROTECTION;
return NEED_KEY;
}
if (!policy_engine_->CanUseKey(*params.key_id, security_level_)) {
return KEY_PROHIBITED_FOR_SECURITY_LEVEL;
}
}
CdmResponseType status = crypto_session_->Decrypt(params);