Separate OEM unprovisioning from DRM unprovisioing.

[ Cherry-pick of v19 http://go/wvgerrit/219330 ] [ Merge of http://go/wvgerrit/219454 ] For two-staged provisioning devices, the behavior of CdmEngine::Unprovision() varied by platform and context. For production Android, unprovisioning would remove both; for production and testing CE CDM it would only remove DRM provisioning; for testing Android may remove both or remove everything (both certs and licenses). This behavior was not documented, making use of the CdmEngine::Unprovision() API rather unpredictable. This change attempts to document the unpredictable behavior and add a way to explicitly remove the OEM certificate in the core code. The new CdmEngine::UnprovisionOemCert() will remove only the OEM certificate. Bug: 391469176 Test: run_x86_64_tests Test: WvTs on oriole Change-Id: Ib2f6ef61f45b5320c71d7e8e8460f7fe8e0e2248
2025-04-21 16:55:19 -07:00
parent b0fa978058
commit daf291955f
4 changed files with 96 additions and 17 deletions
--- a/libwvdrmengine/cdm/src/wv_content_decryption_module.cpp
+++ b/libwvdrmengine/cdm/src/wv_content_decryption_module.cpp
@@ -346,6 +346,8 @@ CdmResponseType WvContentDecryptionModule::Unprovision(
  // Enable immediate OEMCrypto termination and re-initalization on
  // unprovisioning.
  CryptoSession::DisableDelayedTermination();
+  // Android unprovisioning has historically allowed for both
+  // DRM (app/origin-specific) and OEM (global) unprovisioning.
  return cdm_engine->Unprovision(level);
 }