widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Detect when unable to meet policy requirements

Browse Source 
[ Merged of http://go/wvgerrit/39766 ]

The security level (software/hardware, decryption/decode)
in the policy that specified how the key was to be used was
not being respected for L3. Playback would either continue or
a vendor specific error would be thrown.

If the device cannot use the key as permitted by the policy
CryptoException#ERROR_INSUFFICIENT_OUTPUT_PROTECTION will be thrown.

Bug: 31913737
Bug: 31913439

Test: WV unit/integration tests
Test: Playback using playmovies and netflix. Cast playback using
      playmovies.

Change-Id: If25735ab0f789108431115623cb236687c5ef818
This commit is contained in:
Rahul Frias
2018-02-05 23:26:19 -08:00
parent 91efb844a1
commit c78ce178d4
10 changed files with 167 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libwvdrmengine/cdm/core/include/policy_engine.h
View File

@@ -39,6 +39,10 @@ class PolicyEngine {
// out why a key is not usable.
virtual CdmKeyStatus GetKeyStatus(const KeyId& key_id);
// Verifies whether the policy allows use of the specified key of
// a given security level for content decryption.
virtual bool CanUseKey(const KeyId& key_id, CdmSecurityLevel security_level);
// OnTimerEvent is called when a timer fires. It notifies the Policy Engine
// that the timer has fired and dispatches the relevant events through
// |event_listener_|.

15
libwvdrmengine/cdm/core/include/wv_cdm_types.h
View File

@@ -428,6 +428,16 @@ struct CdmUsageEntryInfo {
}
};
enum CdmKeySecurityLevel {
kKeySecurityLevelUnset,
kSoftwareSecureCrypto,
kSoftwareSecureDecode,
kHardwareSecureCrypto,
kHardwareSecureDecode,
kHardwareSecureAll,
kKeySecurityLevelUnknown,
};
class CdmKeyAllowedUsage {
public:
CdmKeyAllowedUsage() {
@@ -444,6 +454,7 @@ class CdmKeyAllowedUsage {
generic_decrypt = false;
generic_sign = false;
generic_verify = false;
key_security_level_ = kKeySecurityLevelUnset;
valid_ = false;
}
@@ -454,7 +465,8 @@ class CdmKeyAllowedUsage {
generic_encrypt != other.generic_encrypt ||
generic_decrypt != other.generic_decrypt ||
generic_sign != other.generic_sign ||
generic_verify != other.generic_verify) {
generic_verify != other.generic_verify ||
key_security_level_ != other.key_security_level_) {
return false;
}
return true;
@@ -466,6 +478,7 @@ class CdmKeyAllowedUsage {
bool generic_decrypt;
bool generic_sign;
bool generic_verify;
CdmKeySecurityLevel key_security_level_;
private:
bool valid_;