Part of Qualcomm L1 OEMCrypto integration on mako

bug: 8621521

This fixes a problem where insecure audio buffers were being
passed incorrectly as secure buffers to the trusted
environment's OEMCrypto_DecryptCTR.

This is a merge of the following changes from the widevine
git repository to android git repository:

https://widevine-internal-review.googlesource.com/#/c/5163/2
Allow selection of secure/non-secure buffers

https://widevine-internal-review.googlesource.com/#/c/5164/
Pass Secure Buffer Request to CDM

Change-Id: Iec1192a216305c6cf92c359b15b148eccc6ce6ce

libwvdrmengine/cdm/core/src/cdm_engine.cpp

@@ -670,6 +670,7 @@ CdmResponseType CdmEngine::ReleaseSecureStops(
 CdmResponseType CdmEngine::Decrypt(
     const CdmSessionId& session_id,
     bool is_encrypted,
+    bool is_secure,
     const KeyId& key_id,
     const uint8_t* encrypt_buffer,
     size_t encrypt_length,
@@ -684,7 +685,7 @@ CdmResponseType CdmEngine::Decrypt(
     return KEY_ERROR;
   }
 
-  return iter->second->Decrypt(is_encrypted, key_id, encrypt_buffer,
+  return iter->second->Decrypt(is_encrypted, is_secure, key_id, encrypt_buffer,
                                encrypt_length, iv, block_offset,
                                decrypt_buffer, decrypt_buffer_offset,
                                is_video);

libwvdrmengine/cdm/core/src/cdm_session.cpp

@@ -145,6 +145,7 @@ CdmResponseType CdmSession::CancelKeyRequest() {
 
 // Decrypt() - Accept encrypted buffer and return decrypted data.
 CdmResponseType CdmSession::Decrypt(bool is_encrypted,
+                                    bool is_secure,
                                     const KeyId& key_id,
                                     const uint8_t* encrypt_buffer,
                                     size_t encrypt_length,
@@ -168,9 +169,10 @@ CdmResponseType CdmSession::Decrypt(bool is_encrypted,
     }
   }
 
-  return crypto_session_->Decrypt(is_encrypted, encrypt_buffer, encrypt_length,
-                                  iv, block_offset, decrypt_buffer,
-                                  decrypt_buffer_offset, is_video);
+  return crypto_session_->Decrypt(is_encrypted, is_secure, encrypt_buffer,
+                                  encrypt_length, iv, block_offset,
+                                  decrypt_buffer, decrypt_buffer_offset,
+                                  is_video);
 }
 
 // License renewal

libwvdrmengine/cdm/core/src/crypto_session.cpp

@@ -387,6 +387,7 @@ bool CryptoSession::GenerateSignature(const std::string& message,
 }
 
 CdmResponseType CryptoSession::Decrypt(bool is_encrypted,
+                                       bool is_secure,
                                        const uint8_t* encrypt_buffer,
                                        size_t encrypt_length,
                                        const std::vector<uint8_t>& iv,
@@ -400,7 +401,8 @@ CdmResponseType CryptoSession::Decrypt(bool is_encrypted,
   }
 
   OEMCrypto_DestBufferDesc buffer_descriptor;
-  buffer_descriptor.type = destination_buffer_type_;
+  buffer_descriptor.type =
+      is_secure ? destination_buffer_type_: OEMCrypto_BufferType_Clear;
 
   switch (buffer_descriptor.type) {
     case OEMCrypto_BufferType_Clear: