From 5053a887ddf103f849ed8575373ccc507d9f1f72 Mon Sep 17 00:00:00 2001 From: Rahul Frias Date: Tue, 13 Feb 2018 17:16:11 -0800 Subject: [PATCH] Enforce security level checks only on encrypted content [ Merged of http://go/wvgerrit/43260 ] Bug: 73250635 Bug: 73251811 Bug: 70278160 Bug: 73159523 Test: WV unit/integration tests, GtsMediaTestCases, playback using Play Movies and Netflix. Change-Id: I677aeab80fc90e5c8b9c71a185ca626c75013938 --- libwvdrmengine/cdm/core/src/cdm_session.cpp | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/libwvdrmengine/cdm/core/src/cdm_session.cpp b/libwvdrmengine/cdm/core/src/cdm_session.cpp index 1c8833f8..bc7876b0 100644 --- a/libwvdrmengine/cdm/core/src/cdm_session.cpp +++ b/libwvdrmengine/cdm/core/src/cdm_session.cpp @@ -548,17 +548,18 @@ CdmResponseType CdmSession::Decrypt(const CdmDecryptionParameters& params) { // Playback may not begin until either the start time passes or the license // is updated, so we treat this Decrypt call as invalid. - if (params.is_encrypted && - !policy_engine_->CanDecryptContent(*params.key_id)) { - if (policy_engine_->IsLicenseForFuture()) - return DECRYPT_NOT_READY; - if (!policy_engine_->IsSufficientOutputProtection(*params.key_id)) - return INSUFFICIENT_OUTPUT_PROTECTION; - return NEED_KEY; - } + if (params.is_encrypted) { + if (!policy_engine_->CanDecryptContent(*params.key_id)) { + if (policy_engine_->IsLicenseForFuture()) + return DECRYPT_NOT_READY; + if (!policy_engine_->IsSufficientOutputProtection(*params.key_id)) + return INSUFFICIENT_OUTPUT_PROTECTION; + return NEED_KEY; + } - if (!policy_engine_->CanUseKey(*params.key_id, security_level_)) - return KEY_PROHIBITED_FOR_SECURITY_LEVEL; + if (!policy_engine_->CanUseKey(*params.key_id, security_level_)) + return KEY_PROHIBITED_FOR_SECURITY_LEVEL; + } CdmResponseType status = crypto_session_->Decrypt(params);