Add policy handling for v16

[ Merge of http://go/wvgerrit/93865 ] This allows for handling of timer and clock values as supported when both the license service and the OEMCrypto on the device support v16. A flag based on a value in the SignedResponse license indicates whether this support should be enabled. A new class PolicyTimerV16 performs the duration value evaluation. Bug: 139372190 Test: Android WV unit/integration tests Change-Id: Iacbbd51ad26c9f29cb5418ff832f8822982644b7
2020-02-13 02:43:56 -08:00
parent 68587be8a0
commit c033892f2a
12 changed files with 1961 additions and 178 deletions
--- a/libwvdrmengine/cdm/Android.bp
+++ b/libwvdrmengine/cdm/Android.bp
@@ -46,6 +46,7 @@ cc_library_static {
        CORE_SRC_DIR + "/policy_engine.cpp",
        CORE_SRC_DIR + "/policy_timers.cpp",
        CORE_SRC_DIR + "/policy_timers_v15.cpp",
        CORE_SRC_DIR + "/policy_timers_v16.cpp",
        CORE_SRC_DIR + "/privacy_crypto_boringssl.cpp",
        CORE_SRC_DIR + "/service_certificate.cpp",
        CORE_SRC_DIR + "/usage_table_header.cpp",
--- a/libwvdrmengine/cdm/core/include/policy_engine.h
+++ b/libwvdrmengine/cdm/core/include/policy_engine.h
@@ -58,7 +58,8 @@ class PolicyEngine {
  // an exact copy of the policy information stored in the license.
  // The license state transitions to kLicenseStateCanPlay if the license
  // permits playback.
-  virtual void SetLicense(const video_widevine::License& license);
+  virtual void SetLicense(const video_widevine::License& license,
                          bool supports_core_messages);
  // Used to update the currently loaded entitled content keys.
  virtual void SetEntitledLicenseKeys(
@@ -66,7 +67,8 @@ class PolicyEngine {
  // SetLicenseForRelease is used when releasing a license. The keys in this
  // license will be ignored, and any old keys will be expired.
-  virtual void SetLicenseForRelease(const video_widevine::License& license);
+  virtual void SetLicenseForRelease(const video_widevine::License& license,
                                    bool supports_core_messages);
  // Call this on first decrypt to set the start of playback.
  virtual bool BeginDecryption(void);
--- a/libwvdrmengine/cdm/core/include/policy_timers.h
+++ b/libwvdrmengine/cdm/core/include/policy_timers.h
@@ -28,9 +28,10 @@ class PolicyTimers {
  // SetLicense is used in handling the initial license response.
  virtual void SetLicense(const video_widevine::License& license);
-  // UpdateLicense is used in handling a license response for a renewal request.
+  // UpdateLicense is used in handling a license response, a renewal response,
-  // The response may only contain policy fields that have changed. In this
+  // or when restoring or releasing a persistent license.
-  // case an exact copy is not what we want to happen.
+  // In a renewal the response may only contain policy fields that have
  // changed. In this case an exact copy is not what we want to happen.
  virtual bool UpdateLicense(int64_t current_time,
                             const video_widevine::License& license) = 0;
--- a/libwvdrmengine/cdm/core/include/policy_timers_v15.h
+++ b/libwvdrmengine/cdm/core/include/policy_timers_v15.h
@@ -31,9 +31,15 @@ class PolicyTimersV15 : public PolicyTimers {
  virtual ~PolicyTimersV15() {}
-  // UpdateLicense is used in handling a license response for a renewal request.
+  // UpdateLicense is used in handling a license response, a renewal response,
-  // The response may only contain any policy fields that have changed. In this
+  // or when restoring or releasing a persistent license.
-  // case an exact copy is not what we want to happen.
+  // In a renewal the response may only contain policy fields that have
  // changed. In this case an exact copy is not what we want to happen.
  // |license_start_time_| is updated to the time mentioned in the renewal
  // response.
  // UpdateLicense will return false if |license_start_time| is not
  // present or playback is not allowed due to policy or timer duration
  // expiration.
  bool UpdateLicense(int64_t current_time,
                     const video_widevine::License& license) override;
--- a/libwvdrmengine/cdm/core/include/policy_timers_v16.h
+++ b/libwvdrmengine/cdm/core/include/policy_timers_v16.h
@@ -0,0 +1,111 @@
 // Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary
 // source code may only be used and distributed under the Widevine Master
 // License Agreement.
 #ifndef WVCDM_CORE_POLICY_TIMERS_V16_H_
 #define WVCDM_CORE_POLICY_TIMERS_V16_H_
 #include "disallow_copy_and_assign.h"
 #include "license_protocol.pb.h"
 #include "policy_timers.h"
 #include "wv_cdm_types.h"
 namespace wvcdm {
 // OEMCrypto v16 and core messages introduced changes to how duration values
 // and clocks should be evaluated. This class provides backward compatibility
 // for licenses that do not include a core message. Durations are handled
 // in the same way as in earlier releases.
 //
 // Backward compatibility may be needed if
 //  * OEMCrypto has not been upgraded to v16
 //  * Licenses were persisted before the device was upgraded to v16
 //  * License service does not yet support core messages
 class PolicyTimersV16 : public PolicyTimers {
 public:
  PolicyTimersV16() {}
  virtual ~PolicyTimersV16() {}
  // UpdateLicense is used in handling a license response, a renewal response,
  // or when restoring or releasing a persistent license.
  // In a renewal the response may only contain policy fields that have
  // changed. In this case an exact copy is not what we want to happen.
  // |renewal_start_time_| is set to the time mentioned in the renewal
  // response.
  // UpdateLicense will return false if |license_start_time| is not
  // present or playback is not allowed due to policy or timer duration
  // expiration.
  bool UpdateLicense(int64_t current_time,
                     const video_widevine::License& license) override;
  // Call this on first decrypt to set the start of playback.
  void BeginDecryption(int64_t current_time) override;
  // This is a legacy field for offline licenses. Since no grace period is
  // supported return a default value.
  int64_t GetGracePeriodEndTime() override { return 0; }
  // For offline save and restore.
  void RestorePlaybackTimes(int64_t current_time, int64_t playback_start_time,
                            int64_t last_playback_time,
                            int64_t grace_period_end_time) override;
  bool HasPlaybackStarted(int64_t /* current_time */) override {
    return playback_start_time_ != 0;
  }
  // For licenses that support core messages, evaluation of only rental and
  // playback durations are needed.
  bool HasLicenseOrRentalOrPlaybackDurationExpired(
      int64_t current_time) override {
    return HasRentalOrPlaybackDurationExpired(current_time);
  }
  bool HasPassedGracePeriod(int64_t /* current_time */) override {
    return true;
  }
  // This returns
  // * before playback begins: the time remaining on |rental_duration_seconds|
  // * after playback begins:
  //   - |soft_enforce_playback_duration| is true: the time remaining on
  //     |playback_duration_seconds|
  //   - |soft_enforce_playback_duration| is false: the minimum
  //     of the time remaining on |rental_duration_seconds| or
  //     |playback_duration_seconds|
  //
  // |license_duration_seconds| is ignored with the introduction of core
  // messages
  int64_t GetLicenseOrRentalOrPlaybackDurationRemaining(
      int64_t current_time) override;
  // This is only used in Query. This should return the time remaining on
  // |rental_duration_seconds|.
  int64_t GetLicenseOrRentalDurationRemaining(int64_t current_time) override {
    return GetRentalDurationRemaining(current_time);
  };
 protected:
  // Gets the clock time that the license expires based on whether we have
  // started playing.  This takes into account GetHardLicenseExpiryTime.
  int64_t GetExpiryTime(int64_t current_time,
                        bool ignore_soft_enforce_playback_duration) override;
  int64_t GetRenewalStartTime() override { return renewal_start_time_; }
 private:
  // Gets the clock time that the rental duration or playback will expire.
  int64_t GetRentalExpiryTime(int64_t current_time);
  int64_t GetPlaybackExpiryTime(int64_t current_time,
                                bool ignore_soft_enforce_playback_duration);
  bool HasRentalOrPlaybackDurationExpired(int64_t current_time);
  int64_t GetRentalDurationRemaining(int64_t current_time);
  int64_t renewal_start_time_ = 0;
  CORE_DISALLOW_COPY_AND_ASSIGN(PolicyTimersV16);
 };
 }  // namespace wvcdm
 #endif  // WVCDM_CORE_POLICY_TIMERS_V16_H_
--- a/libwvdrmengine/cdm/core/include/wv_cdm_constants.h
+++ b/libwvdrmengine/cdm/core/include/wv_cdm_constants.h
@@ -25,6 +25,7 @@ static const size_t CERTIFICATE_DATA_SIZE = 4 * 1024;
 // Use 0 to represent never expired license as specified in EME spec
 // (NaN in JS translates to 0 in unix timestamp).
 static const int64_t NEVER_EXPIRES = 0;
 static const int64_t UNLIMITED_DURATION = 0;
 // This is the lower limit. For OEMCrypto v16+ one can query and find how many
 // are supported
--- a/libwvdrmengine/cdm/core/src/license.cpp
+++ b/libwvdrmengine/cdm/core/src/license.cpp
@@ -944,7 +944,7 @@ CdmResponseType CdmLicense::RestoreLicenseForRelease(
  // If the policy engine already has keys, they will now expire.
  // If the policy engine does not already have keys, this will not add any.
-  policy_engine_->SetLicenseForRelease(license);
+  policy_engine_->SetLicenseForRelease(license, supports_core_messages());
  return NO_ERROR;
 }
@@ -1106,7 +1106,7 @@ CdmResponseType CdmLicense::HandleContentKeyResponse(
         it != key_array.end(); ++it) {
      loaded_keys_.insert(it->key_id());
    }
-    policy_engine_->SetLicense(license);
+    policy_engine_->SetLicense(license, supports_core_messages());
  }
  return resp;
 }
@@ -1135,7 +1135,7 @@ CdmResponseType CdmLicense::HandleEntitlementKeyResponse(
  // Save the entitlement keys for future use to handle key changes.
  entitlement_keys_.CopyFrom(license.key());
-  policy_engine_->SetLicense(license);
+  policy_engine_->SetLicense(license, supports_core_messages());
  return HandleNewEntitledKeys(wrapped_keys_);
 }
--- a/libwvdrmengine/cdm/core/src/policy_engine.cpp
+++ b/libwvdrmengine/cdm/core/src/policy_engine.cpp
@@ -9,6 +9,7 @@
 #include "clock.h"
 #include "log.h"
 #include "policy_timers_v15.h"
 #include "policy_timers_v16.h"
 #include "properties.h"
 #include "string_conversions.h"
 #include "wv_cdm_constants.h"
@@ -157,7 +158,9 @@ void PolicyEngine::OnTimerEvent() {
  }
 }
-void PolicyEngine::SetLicense(const License& license) {
+void PolicyEngine::SetLicense(const License& license,
                              bool supports_core_messages) {
  if (supports_core_messages) policy_timers_.reset(new PolicyTimersV16());
  license_id_.CopyFrom(license.id());
  license_keys_->SetFromLicense(license);
  policy_timers_->SetLicense(license);
@@ -169,7 +172,9 @@ void PolicyEngine::SetEntitledLicenseKeys(
  license_keys_->SetEntitledKeys(entitled_keys);
 }
-void PolicyEngine::SetLicenseForRelease(const License& license) {
+void PolicyEngine::SetLicenseForRelease(const License& license,
                                        bool supports_core_messages) {
  if (supports_core_messages) policy_timers_.reset(new PolicyTimersV16());
  license_id_.CopyFrom(license.id());
  // Expire any old keys.
--- a/libwvdrmengine/cdm/core/src/policy_timers_v15.cpp
+++ b/libwvdrmengine/cdm/core/src/policy_timers_v15.cpp
@@ -110,14 +110,15 @@ int64_t PolicyTimersV15::GetLicenseOrRentalDurationRemaining(
  if (license_expiry_time == NEVER_EXPIRES) return LLONG_MAX;
  if (license_expiry_time < current_time) return 0;
  const int64_t policy_license_duration = policy_.license_duration_seconds();
-  if (policy_license_duration == NEVER_EXPIRES)
+  if (policy_license_duration == UNLIMITED_DURATION)
    return license_expiry_time - current_time;
  return std::min(license_expiry_time - current_time, policy_license_duration);
 }
 // For the policy time fields checked in the following methods, a value of 0
-// indicates that there is no limit to the duration. If the fields are zero
+// (UNLIMITED_DURATION) indicates that there is no limit to the duration.
-// (including the hard limit) then these methods will return NEVER_EXPIRES.
+// If the fields are UNLIMITED_DURATION (including the hard limit) then these
 // methods will return NEVER_EXPIRES.
 int64_t PolicyTimersV15::GetHardLicenseExpiryTime() {
  return policy_.license_duration_seconds() > 0
             ? license_start_time_ + policy_.license_duration_seconds()
--- a/libwvdrmengine/cdm/core/src/policy_timers_v16.cpp
+++ b/libwvdrmengine/cdm/core/src/policy_timers_v16.cpp
@@ -0,0 +1,123 @@
 // Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary
 // source code may only be used and distributed under the Widevine Master
 // License Agreement.
 #include "policy_timers_v16.h"
 #include <algorithm>
 #include "log.h"
 #include "wv_cdm_constants.h"
 using video_widevine::License;
 namespace wvcdm {
 bool PolicyTimersV16::UpdateLicense(int64_t current_time,
                                    const License& license) {
  if (!license.has_policy()) return false;
  policy_.MergeFrom(license.policy());
  // some basic license validation
  // license start time needs to be specified in the initial response
  if (!license.has_license_start_time()) return false;
  // Update time information
  renewal_start_time_ = license.license_start_time();
  next_renewal_time_ =
      license.license_start_time() + policy_.renewal_delay_seconds();
  if (!policy_.can_play() ||
      HasLicenseOrRentalOrPlaybackDurationExpired(current_time))
    return false;
  return true;
 }
 void PolicyTimersV16::BeginDecryption(int64_t current_time) {
  if (playback_start_time_ == 0) {
    playback_start_time_ = current_time;
    last_playback_time_ = current_time;
  }
 }
 void PolicyTimersV16::RestorePlaybackTimes(
    int64_t current_time, int64_t playback_start_time,
    int64_t last_playback_time, int64_t /* grace_period_end_time */) {
  playback_start_time_ = (playback_start_time > 0) ? playback_start_time : 0;
  last_playback_time_ = (last_playback_time > 0) ? last_playback_time : 0;
  const int64_t expiry_time = GetExpiryTime(
      current_time, /* ignore_soft_enforce_playback_duration */ true);
  was_expired_on_load_ =
      expiry_time != NEVER_EXPIRES && expiry_time < current_time;
 }
 bool PolicyTimersV16::HasRentalOrPlaybackDurationExpired(int64_t current_time) {
  const int64_t expiry_time = GetExpiryTime(
      current_time, /* ignore_soft_enforce_playback_duration */ false);
  return expiry_time != NEVER_EXPIRES && expiry_time <= current_time;
 }
 int64_t PolicyTimersV16::GetLicenseOrRentalOrPlaybackDurationRemaining(
    int64_t current_time) {
  const int64_t expiry_time = GetExpiryTime(
      current_time, /* ignore_soft_enforce_playback_duration */ false);
  if (expiry_time == NEVER_EXPIRES) return LLONG_MAX;
  if (expiry_time < current_time) return 0;
  return expiry_time - current_time;
 }
 int64_t PolicyTimersV16::GetRentalDurationRemaining(int64_t current_time) {
  if (HasLicenseOrRentalOrPlaybackDurationExpired(current_time)) return 0;
  const int64_t rental_expiry_time = GetRentalExpiryTime(current_time);
  if (rental_expiry_time == NEVER_EXPIRES) return LLONG_MAX;
  if (rental_expiry_time < current_time) return 0;
  return rental_expiry_time - current_time;
 }
 // For the policy time fields checked in the following methods, a value of 0
 // (UNLIMITED_DURATION) indicates that there is no limit to the duration.
 // If the fields are UNLIMITED_DURATION then these methods will return
 // NEVER_EXPIRES.
 int64_t PolicyTimersV16::GetRentalExpiryTime(int64_t current_time) {
  if (policy_.rental_duration_seconds() == UNLIMITED_DURATION)
    return NEVER_EXPIRES;
  if (HasPlaybackStarted(current_time) &&
      policy_.soft_enforce_rental_duration())
    return NEVER_EXPIRES;
  return license_start_time_ + policy_.rental_duration_seconds();
 }
 int64_t PolicyTimersV16::GetPlaybackExpiryTime(
    int64_t current_time, bool ignore_soft_enforce_playback_duration) {
  if (policy_.playback_duration_seconds() == UNLIMITED_DURATION)
    return NEVER_EXPIRES;
  if (!HasPlaybackStarted(current_time)) return NEVER_EXPIRES;
  if (was_expired_on_load_) return current_time;
  if (!ignore_soft_enforce_playback_duration &&
      policy_.soft_enforce_playback_duration())
    return NEVER_EXPIRES;
  return playback_start_time_ + policy_.playback_duration_seconds();
 }
 int64_t PolicyTimersV16::GetExpiryTime(
    int64_t current_time, bool ignore_soft_enforce_playback_duration) {
  const int64_t rental_expiry_time = GetRentalExpiryTime(current_time);
  const int64_t playback_expiry_time = GetPlaybackExpiryTime(
      current_time, ignore_soft_enforce_playback_duration);
  if (rental_expiry_time == NEVER_EXPIRES) return playback_expiry_time;
  if (playback_expiry_time == NEVER_EXPIRES) return rental_expiry_time;
  return std::min(rental_expiry_time, playback_expiry_time);
 }
 }  // namespace wvcdm
--- a/libwvdrmengine/cdm/core/test/policy_engine_constraints_unittest.cpp
+++ b/libwvdrmengine/cdm/core/test/policy_engine_constraints_unittest.cpp
@@ -238,7 +238,7 @@ TEST_F(PolicyEngineConstraintsTest, IsPermissiveWithoutAResolution) {
      .WillRepeatedly(DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT),
                            Return(GET_HDCP_CAPABILITY_FAILED)));
-  policy_engine_->SetLicense(license_);
+  policy_engine_->SetLicense(license_, false);
  policy_engine_->OnTimerEvent();
  EXPECT_TRUE(policy_engine_->CanDecryptContent(kKeyId1));
@@ -270,7 +270,7 @@ TEST_F(PolicyEngineConstraintsTest, HandlesResolutionsBasedOnConstraints) {
      .WillRepeatedly(
          DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), Return(NO_ERROR)));
-  policy_engine_->SetLicense(license_);
+  policy_engine_->SetLicense(license_, false);
  policy_engine_->NotifyResolution(1, kTargetRes1);
  policy_engine_->OnTimerEvent();
  EXPECT_TRUE(policy_engine_->CanDecryptContent(kKeyId1));
@@ -334,7 +334,7 @@ TEST_F(PolicyEngineConstraintsTest,
  }
  policy_engine_->NotifyResolution(1, kTargetRes1);
-  policy_engine_->SetLicense(license_);
+  policy_engine_->SetLicense(license_, false);
  policy_engine_->OnTimerEvent();
  policy_engine_->OnTimerEvent();
  policy_engine_->OnTimerEvent();
@@ -367,7 +367,7 @@ TEST_F(PolicyEngineConstraintsTest, HandlesConstraintOverridingHdcp) {
  EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _))
      .WillRepeatedly(DoAll(SetArgPointee<0>(HDCP_V2), Return(NO_ERROR)));
-  policy_engine_->SetLicense(license_);
+  policy_engine_->SetLicense(license_, false);
  policy_engine_->NotifyResolution(1, kTargetRes1);
  policy_engine_->OnTimerEvent();
  EXPECT_TRUE(policy_engine_->CanDecryptContent(kKeyId1));
@@ -409,7 +409,7 @@ TEST_F(PolicyEngineConstraintsTest, HandlesNoHdcp) {
  EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _))
      .WillRepeatedly(DoAll(SetArgPointee<0>(HDCP_NONE), Return(NO_ERROR)));
-  policy_engine_->SetLicense(license_);
+  policy_engine_->SetLicense(license_, false);
  policy_engine_->NotifyResolution(1, kTargetRes1);
  policy_engine_->OnTimerEvent();
@@ -453,7 +453,7 @@ TEST_F(PolicyEngineConstraintsTest, UsesDefaultHdcpWhenResolutionNotSet) {
      .WillRepeatedly(DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT),
                            Return(GET_HDCP_CAPABILITY_FAILED)));
-  policy_engine_->SetLicense(license_);
+  policy_engine_->SetLicense(license_, false);
  policy_engine_->OnTimerEvent();
  EXPECT_TRUE(policy_engine_->CanDecryptContent(kKeyId1));
  EXPECT_FALSE(policy_engine_->CanDecryptContent(kKeyId2));
--- a/libwvdrmengine/cdm/core/test/policy_engine_unittest.cpp
+++ b/libwvdrmengine/cdm/core/test/policy_engine_unittest.cpp