Add policy handling for v16

[ Merge of http://go/wvgerrit/93865 ]

This allows for handling of timer and clock values as supported when both
the license service and the OEMCrypto on the device support v16.
A flag based on a value in the SignedResponse license indicates
whether this support should be enabled. A new class PolicyTimerV16
performs the duration value evaluation.

Bug: 139372190
Test: Android WV unit/integration tests
Change-Id: Iacbbd51ad26c9f29cb5418ff832f8822982644b7

libwvdrmengine/cdm/Android.bp

@@ -46,6 +46,7 @@ cc_library_static {
         CORE_SRC_DIR + "/policy_engine.cpp",
         CORE_SRC_DIR + "/policy_timers.cpp",
         CORE_SRC_DIR + "/policy_timers_v15.cpp",
+        CORE_SRC_DIR + "/policy_timers_v16.cpp",
         CORE_SRC_DIR + "/privacy_crypto_boringssl.cpp",
         CORE_SRC_DIR + "/service_certificate.cpp",
         CORE_SRC_DIR + "/usage_table_header.cpp",

libwvdrmengine/cdm/core/include/policy_engine.h

@@ -58,7 +58,8 @@ class PolicyEngine {
   // an exact copy of the policy information stored in the license.
   // The license state transitions to kLicenseStateCanPlay if the license
   // permits playback.
-  virtual void SetLicense(const video_widevine::License& license);
+  virtual void SetLicense(const video_widevine::License& license,
+                          bool supports_core_messages);
 
   // Used to update the currently loaded entitled content keys.
   virtual void SetEntitledLicenseKeys(
@@ -66,7 +67,8 @@ class PolicyEngine {
 
   // SetLicenseForRelease is used when releasing a license. The keys in this
   // license will be ignored, and any old keys will be expired.
-  virtual void SetLicenseForRelease(const video_widevine::License& license);
+  virtual void SetLicenseForRelease(const video_widevine::License& license,
+                                    bool supports_core_messages);
 
   // Call this on first decrypt to set the start of playback.
   virtual bool BeginDecryption(void);

libwvdrmengine/cdm/core/include/policy_timers.h

@@ -28,9 +28,10 @@ class PolicyTimers {
   // SetLicense is used in handling the initial license response.
   virtual void SetLicense(const video_widevine::License& license);
 
-  // UpdateLicense is used in handling a license response for a renewal request.
-  // The response may only contain policy fields that have changed. In this
-  // case an exact copy is not what we want to happen.
+  // UpdateLicense is used in handling a license response, a renewal response,
+  // or when restoring or releasing a persistent license.
+  // In a renewal the response may only contain policy fields that have
+  // changed. In this case an exact copy is not what we want to happen.
   virtual bool UpdateLicense(int64_t current_time,
                              const video_widevine::License& license) = 0;
 

libwvdrmengine/cdm/core/include/policy_timers_v15.h

@@ -31,9 +31,15 @@ class PolicyTimersV15 : public PolicyTimers {
 
   virtual ~PolicyTimersV15() {}
 
-  // UpdateLicense is used in handling a license response for a renewal request.
-  // The response may only contain any policy fields that have changed. In this
-  // case an exact copy is not what we want to happen.
+  // UpdateLicense is used in handling a license response, a renewal response,
+  // or when restoring or releasing a persistent license.
+  // In a renewal the response may only contain policy fields that have
+  // changed. In this case an exact copy is not what we want to happen.
+  // |license_start_time_| is updated to the time mentioned in the renewal
+  // response.
+  // UpdateLicense will return false if |license_start_time| is not
+  // present or playback is not allowed due to policy or timer duration
+  // expiration.
   bool UpdateLicense(int64_t current_time,
                      const video_widevine::License& license) override;
 

libwvdrmengine/cdm/core/include/policy_timers_v16.h

@@ -0,0 +1,111 @@
+// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
+
+#ifndef WVCDM_CORE_POLICY_TIMERS_V16_H_
+#define WVCDM_CORE_POLICY_TIMERS_V16_H_
+
+#include "disallow_copy_and_assign.h"
+#include "license_protocol.pb.h"
+#include "policy_timers.h"
+#include "wv_cdm_types.h"
+
+namespace wvcdm {
+
+// OEMCrypto v16 and core messages introduced changes to how duration values
+// and clocks should be evaluated. This class provides backward compatibility
+// for licenses that do not include a core message. Durations are handled
+// in the same way as in earlier releases.
+//
+// Backward compatibility may be needed if
+//  * OEMCrypto has not been upgraded to v16
+//  * Licenses were persisted before the device was upgraded to v16
+//  * License service does not yet support core messages
+
+class PolicyTimersV16 : public PolicyTimers {
+ public:
+  PolicyTimersV16() {}
+
+  virtual ~PolicyTimersV16() {}
+
+  // UpdateLicense is used in handling a license response, a renewal response,
+  // or when restoring or releasing a persistent license.
+  // In a renewal the response may only contain policy fields that have
+  // changed. In this case an exact copy is not what we want to happen.
+  // |renewal_start_time_| is set to the time mentioned in the renewal
+  // response.
+  // UpdateLicense will return false if |license_start_time| is not
+  // present or playback is not allowed due to policy or timer duration
+  // expiration.
+  bool UpdateLicense(int64_t current_time,
+                     const video_widevine::License& license) override;
+
+  // Call this on first decrypt to set the start of playback.
+  void BeginDecryption(int64_t current_time) override;
+
+  // This is a legacy field for offline licenses. Since no grace period is
+  // supported return a default value.
+  int64_t GetGracePeriodEndTime() override { return 0; }
+
+  // For offline save and restore.
+  void RestorePlaybackTimes(int64_t current_time, int64_t playback_start_time,
+                            int64_t last_playback_time,
+                            int64_t grace_period_end_time) override;
+
+  bool HasPlaybackStarted(int64_t /* current_time */) override {
+    return playback_start_time_ != 0;
+  }
+  // For licenses that support core messages, evaluation of only rental and
+  // playback durations are needed.
+  bool HasLicenseOrRentalOrPlaybackDurationExpired(
+      int64_t current_time) override {
+    return HasRentalOrPlaybackDurationExpired(current_time);
+  }
+  bool HasPassedGracePeriod(int64_t /* current_time */) override {
+    return true;
+  }
+
+  // This returns
+  // * before playback begins: the time remaining on |rental_duration_seconds|
+  // * after playback begins:
+  //   - |soft_enforce_playback_duration| is true: the time remaining on
+  //     |playback_duration_seconds|
+  //   - |soft_enforce_playback_duration| is false: the minimum
+  //     of the time remaining on |rental_duration_seconds| or
+  //     |playback_duration_seconds|
+  //
+  // |license_duration_seconds| is ignored with the introduction of core
+  // messages
+  int64_t GetLicenseOrRentalOrPlaybackDurationRemaining(
+      int64_t current_time) override;
+  // This is only used in Query. This should return the time remaining on
+  // |rental_duration_seconds|.
+  int64_t GetLicenseOrRentalDurationRemaining(int64_t current_time) override {
+    return GetRentalDurationRemaining(current_time);
+  };
+
+ protected:
+  // Gets the clock time that the license expires based on whether we have
+  // started playing.  This takes into account GetHardLicenseExpiryTime.
+  int64_t GetExpiryTime(int64_t current_time,
+                        bool ignore_soft_enforce_playback_duration) override;
+
+  int64_t GetRenewalStartTime() override { return renewal_start_time_; }
+
+ private:
+  // Gets the clock time that the rental duration or playback will expire.
+  int64_t GetRentalExpiryTime(int64_t current_time);
+  int64_t GetPlaybackExpiryTime(int64_t current_time,
+                                bool ignore_soft_enforce_playback_duration);
+
+  bool HasRentalOrPlaybackDurationExpired(int64_t current_time);
+  int64_t GetRentalDurationRemaining(int64_t current_time);
+
+  int64_t renewal_start_time_ = 0;
+
+  CORE_DISALLOW_COPY_AND_ASSIGN(PolicyTimersV16);
+};
+
+}  // namespace wvcdm
+
+#endif  // WVCDM_CORE_POLICY_TIMERS_V16_H_

libwvdrmengine/cdm/core/include/wv_cdm_constants.h

@@ -25,6 +25,7 @@ static const size_t CERTIFICATE_DATA_SIZE = 4 * 1024;
 // Use 0 to represent never expired license as specified in EME spec
 // (NaN in JS translates to 0 in unix timestamp).
 static const int64_t NEVER_EXPIRES = 0;
+static const int64_t UNLIMITED_DURATION = 0;
 
 // This is the lower limit. For OEMCrypto v16+ one can query and find how many
 // are supported

libwvdrmengine/cdm/core/src/license.cpp

@@ -944,7 +944,7 @@ CdmResponseType CdmLicense::RestoreLicenseForRelease(
 
   // If the policy engine already has keys, they will now expire.
   // If the policy engine does not already have keys, this will not add any.
-  policy_engine_->SetLicenseForRelease(license);
+  policy_engine_->SetLicenseForRelease(license, supports_core_messages());
   return NO_ERROR;
 }
 
@@ -1106,7 +1106,7 @@ CdmResponseType CdmLicense::HandleContentKeyResponse(
          it != key_array.end(); ++it) {
       loaded_keys_.insert(it->key_id());
     }
-    policy_engine_->SetLicense(license);
+    policy_engine_->SetLicense(license, supports_core_messages());
   }
   return resp;
 }
@@ -1135,7 +1135,7 @@ CdmResponseType CdmLicense::HandleEntitlementKeyResponse(
 
   // Save the entitlement keys for future use to handle key changes.
   entitlement_keys_.CopyFrom(license.key());
-  policy_engine_->SetLicense(license);
+  policy_engine_->SetLicense(license, supports_core_messages());
 
   return HandleNewEntitledKeys(wrapped_keys_);
 }

libwvdrmengine/cdm/core/src/policy_engine.cpp

@@ -9,6 +9,7 @@
 #include "clock.h"
 #include "log.h"
 #include "policy_timers_v15.h"
+#include "policy_timers_v16.h"
 #include "properties.h"
 #include "string_conversions.h"
 #include "wv_cdm_constants.h"
@@ -157,7 +158,9 @@ void PolicyEngine::OnTimerEvent() {
   }
 }
 
-void PolicyEngine::SetLicense(const License& license) {
+void PolicyEngine::SetLicense(const License& license,
+                              bool supports_core_messages) {
+  if (supports_core_messages) policy_timers_.reset(new PolicyTimersV16());
   license_id_.CopyFrom(license.id());
   license_keys_->SetFromLicense(license);
   policy_timers_->SetLicense(license);
@@ -169,7 +172,9 @@ void PolicyEngine::SetEntitledLicenseKeys(
   license_keys_->SetEntitledKeys(entitled_keys);
 }
 
-void PolicyEngine::SetLicenseForRelease(const License& license) {
+void PolicyEngine::SetLicenseForRelease(const License& license,
+                                        bool supports_core_messages) {
+  if (supports_core_messages) policy_timers_.reset(new PolicyTimersV16());
   license_id_.CopyFrom(license.id());
 
   // Expire any old keys.

libwvdrmengine/cdm/core/src/policy_timers_v15.cpp

@@ -110,14 +110,15 @@ int64_t PolicyTimersV15::GetLicenseOrRentalDurationRemaining(
   if (license_expiry_time == NEVER_EXPIRES) return LLONG_MAX;
   if (license_expiry_time < current_time) return 0;
   const int64_t policy_license_duration = policy_.license_duration_seconds();
-  if (policy_license_duration == NEVER_EXPIRES)
+  if (policy_license_duration == UNLIMITED_DURATION)
     return license_expiry_time - current_time;
   return std::min(license_expiry_time - current_time, policy_license_duration);
 }
 
 // For the policy time fields checked in the following methods, a value of 0
-// indicates that there is no limit to the duration. If the fields are zero
-// (including the hard limit) then these methods will return NEVER_EXPIRES.
+// (UNLIMITED_DURATION) indicates that there is no limit to the duration.
+// If the fields are UNLIMITED_DURATION (including the hard limit) then these
+// methods will return NEVER_EXPIRES.
 int64_t PolicyTimersV15::GetHardLicenseExpiryTime() {
   return policy_.license_duration_seconds() > 0
              ? license_start_time_ + policy_.license_duration_seconds()

libwvdrmengine/cdm/core/src/policy_timers_v16.cpp

@@ -0,0 +1,123 @@
+// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
+
+#include "policy_timers_v16.h"
+
+#include <algorithm>
+
+#include "log.h"
+#include "wv_cdm_constants.h"
+
+using video_widevine::License;
+
+namespace wvcdm {
+
+bool PolicyTimersV16::UpdateLicense(int64_t current_time,
+                                    const License& license) {
+  if (!license.has_policy()) return false;
+
+  policy_.MergeFrom(license.policy());
+
+  // some basic license validation
+  // license start time needs to be specified in the initial response
+  if (!license.has_license_start_time()) return false;
+
+  // Update time information
+  renewal_start_time_ = license.license_start_time();
+  next_renewal_time_ =
+      license.license_start_time() + policy_.renewal_delay_seconds();
+
+  if (!policy_.can_play() ||
+      HasLicenseOrRentalOrPlaybackDurationExpired(current_time))
+    return false;
+
+  return true;
+}
+
+void PolicyTimersV16::BeginDecryption(int64_t current_time) {
+  if (playback_start_time_ == 0) {
+    playback_start_time_ = current_time;
+    last_playback_time_ = current_time;
+  }
+}
+
+void PolicyTimersV16::RestorePlaybackTimes(
+    int64_t current_time, int64_t playback_start_time,
+    int64_t last_playback_time, int64_t /* grace_period_end_time */) {
+  playback_start_time_ = (playback_start_time > 0) ? playback_start_time : 0;
+  last_playback_time_ = (last_playback_time > 0) ? last_playback_time : 0;
+
+  const int64_t expiry_time = GetExpiryTime(
+      current_time, /* ignore_soft_enforce_playback_duration */ true);
+  was_expired_on_load_ =
+      expiry_time != NEVER_EXPIRES && expiry_time < current_time;
+}
+
+bool PolicyTimersV16::HasRentalOrPlaybackDurationExpired(int64_t current_time) {
+  const int64_t expiry_time = GetExpiryTime(
+      current_time, /* ignore_soft_enforce_playback_duration */ false);
+  return expiry_time != NEVER_EXPIRES && expiry_time <= current_time;
+}
+
+int64_t PolicyTimersV16::GetLicenseOrRentalOrPlaybackDurationRemaining(
+    int64_t current_time) {
+  const int64_t expiry_time = GetExpiryTime(
+      current_time, /* ignore_soft_enforce_playback_duration */ false);
+  if (expiry_time == NEVER_EXPIRES) return LLONG_MAX;
+  if (expiry_time < current_time) return 0;
+  return expiry_time - current_time;
+}
+
+int64_t PolicyTimersV16::GetRentalDurationRemaining(int64_t current_time) {
+  if (HasLicenseOrRentalOrPlaybackDurationExpired(current_time)) return 0;
+  const int64_t rental_expiry_time = GetRentalExpiryTime(current_time);
+  if (rental_expiry_time == NEVER_EXPIRES) return LLONG_MAX;
+  if (rental_expiry_time < current_time) return 0;
+  return rental_expiry_time - current_time;
+}
+
+// For the policy time fields checked in the following methods, a value of 0
+// (UNLIMITED_DURATION) indicates that there is no limit to the duration.
+// If the fields are UNLIMITED_DURATION then these methods will return
+// NEVER_EXPIRES.
+int64_t PolicyTimersV16::GetRentalExpiryTime(int64_t current_time) {
+  if (policy_.rental_duration_seconds() == UNLIMITED_DURATION)
+    return NEVER_EXPIRES;
+
+  if (HasPlaybackStarted(current_time) &&
+      policy_.soft_enforce_rental_duration())
+    return NEVER_EXPIRES;
+
+  return license_start_time_ + policy_.rental_duration_seconds();
+}
+
+int64_t PolicyTimersV16::GetPlaybackExpiryTime(
+    int64_t current_time, bool ignore_soft_enforce_playback_duration) {
+  if (policy_.playback_duration_seconds() == UNLIMITED_DURATION)
+    return NEVER_EXPIRES;
+
+  if (!HasPlaybackStarted(current_time)) return NEVER_EXPIRES;
+
+  if (was_expired_on_load_) return current_time;
+
+  if (!ignore_soft_enforce_playback_duration &&
+      policy_.soft_enforce_playback_duration())
+    return NEVER_EXPIRES;
+
+  return playback_start_time_ + policy_.playback_duration_seconds();
+}
+
+int64_t PolicyTimersV16::GetExpiryTime(
+    int64_t current_time, bool ignore_soft_enforce_playback_duration) {
+  const int64_t rental_expiry_time = GetRentalExpiryTime(current_time);
+  const int64_t playback_expiry_time = GetPlaybackExpiryTime(
+      current_time, ignore_soft_enforce_playback_duration);
+
+  if (rental_expiry_time == NEVER_EXPIRES) return playback_expiry_time;
+  if (playback_expiry_time == NEVER_EXPIRES) return rental_expiry_time;
+
+  return std::min(rental_expiry_time, playback_expiry_time);
+}
+
+}  // namespace wvcdm

libwvdrmengine/cdm/core/test/policy_engine_constraints_unittest.cpp

@@ -238,7 +238,7 @@ TEST_F(PolicyEngineConstraintsTest, IsPermissiveWithoutAResolution) {
       .WillRepeatedly(DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT),
                             Return(GET_HDCP_CAPABILITY_FAILED)));
 
-  policy_engine_->SetLicense(license_);
+  policy_engine_->SetLicense(license_, false);
   policy_engine_->OnTimerEvent();
 
   EXPECT_TRUE(policy_engine_->CanDecryptContent(kKeyId1));
@@ -270,7 +270,7 @@ TEST_F(PolicyEngineConstraintsTest, HandlesResolutionsBasedOnConstraints) {
       .WillRepeatedly(
           DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), Return(NO_ERROR)));
 
-  policy_engine_->SetLicense(license_);
+  policy_engine_->SetLicense(license_, false);
   policy_engine_->NotifyResolution(1, kTargetRes1);
   policy_engine_->OnTimerEvent();
   EXPECT_TRUE(policy_engine_->CanDecryptContent(kKeyId1));
@@ -334,7 +334,7 @@ TEST_F(PolicyEngineConstraintsTest,
   }
 
   policy_engine_->NotifyResolution(1, kTargetRes1);
-  policy_engine_->SetLicense(license_);
+  policy_engine_->SetLicense(license_, false);
   policy_engine_->OnTimerEvent();
   policy_engine_->OnTimerEvent();
   policy_engine_->OnTimerEvent();
@@ -367,7 +367,7 @@ TEST_F(PolicyEngineConstraintsTest, HandlesConstraintOverridingHdcp) {
   EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _))
       .WillRepeatedly(DoAll(SetArgPointee<0>(HDCP_V2), Return(NO_ERROR)));
 
-  policy_engine_->SetLicense(license_);
+  policy_engine_->SetLicense(license_, false);
   policy_engine_->NotifyResolution(1, kTargetRes1);
   policy_engine_->OnTimerEvent();
   EXPECT_TRUE(policy_engine_->CanDecryptContent(kKeyId1));
@@ -409,7 +409,7 @@ TEST_F(PolicyEngineConstraintsTest, HandlesNoHdcp) {
   EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _))
       .WillRepeatedly(DoAll(SetArgPointee<0>(HDCP_NONE), Return(NO_ERROR)));
 
-  policy_engine_->SetLicense(license_);
+  policy_engine_->SetLicense(license_, false);
 
   policy_engine_->NotifyResolution(1, kTargetRes1);
   policy_engine_->OnTimerEvent();
@@ -453,7 +453,7 @@ TEST_F(PolicyEngineConstraintsTest, UsesDefaultHdcpWhenResolutionNotSet) {
       .WillRepeatedly(DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT),
                             Return(GET_HDCP_CAPABILITY_FAILED)));
 
-  policy_engine_->SetLicense(license_);
+  policy_engine_->SetLicense(license_, false);
   policy_engine_->OnTimerEvent();
   EXPECT_TRUE(policy_engine_->CanDecryptContent(kKeyId1));
   EXPECT_FALSE(policy_engine_->CanDecryptContent(kKeyId2));