Check security-level during OpenSession.

[ Merge of http://go/wvgerrit/140934 ]

It was assumed that L1 would be tried before first reverting to L3 when
performing OTA keybox provisioning.  If an app automatically defaults
to L3, it may get into a provisioning loop if the device wants to
perform keybox provisioning.

Now, OpenSession() will check the security level before suggesting OTA
keybox provisioning back to the app.

Bug: 187646550
Test: Manual tests on Android
Change-Id: Icd8f0915b0cc0d06c545b43bf8c1ccac793ce0b2

libwvdrmengine/cdm/core/src/cdm_engine.cpp

@@ -121,7 +121,15 @@ CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,
     }
     LOGD("forced_session_id = %s", IdPtrToString(forced_session_id));
   }
+
+  SecurityLevel requested_security_level = kLevelDefault;
+  if (property_set &&
+      property_set->security_level() == QUERY_VALUE_SECURITY_LEVEL_L3) {
+    requested_security_level = kLevel3;
+  }
+
   bool forced_level3 = false;
+  if (requested_security_level == kLevelDefault) {
     if (OkpCheck()) {
       bool okp_provisioned = false;
       bool fallback = false;
@@ -157,6 +165,7 @@ CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,
       // |okp_fallback_| would have been set previously if required.
       if (okp_fallback_) forced_level3 = true;
     }
+  }
 
   CloseExpiredReleaseSessions();