Merge "Detect when unable to meet policy requirements" into oc-dev

libwvdrmengine/cdm/core/src/cdm_session.cpp

@@ -556,6 +556,9 @@ CdmResponseType CdmSession::Decrypt(const CdmDecryptionParameters& params) {
     return policy_engine_->IsLicenseForFuture() ? DECRYPT_NOT_READY : NEED_KEY;
   }
 
+  if (!policy_engine_->CanUseKey(*params.key_id, security_level_))
+    return KEY_PROHIBITED_FOR_SECURITY_LEVEL;
+
   CdmResponseType status = crypto_session_->Decrypt(params);
 
   if (status == NO_ERROR) {