DO NOT MERGE Part of fix for libmedia OOB write anywhere

Prevent usage of client provided address on
non-secure devices spoofed as being secure.

b/23223325

merge of go/wvgerrit/15420 from widevine repo

Change-Id: I1d4f3a652b3d5e78fca508f92005cfa8df5ec6db

libwvdrmengine/cdm/core/include/wv_cdm_types.h

@@ -39,6 +39,7 @@ enum CdmResponseType {
   NEED_PROVISIONING,
   DEVICE_REVOKED,
   INSUFFICIENT_CRYPTO_RESOURCES,
+  SECURE_BUFFER_REQUIRED,
 };
 
 #define CORE_DISALLOW_COPY_AND_ASSIGN(TypeName) \

libwvdrmengine/cdm/core/src/crypto_session.cpp

@@ -647,6 +647,10 @@ CdmResponseType CryptoSession::Decrypt(const CdmDecryptionParameters& params) {
   buffer_descriptor.type =
       params.is_secure ? destination_buffer_type_ : OEMCrypto_BufferType_Clear;
 
+  if (params.is_secure && buffer_descriptor.type == OEMCrypto_BufferType_Clear) {
+    return SECURE_BUFFER_REQUIRED;
+  }
+
   switch (buffer_descriptor.type) {
     case OEMCrypto_BufferType_Clear:
       buffer_descriptor.buffer.clear.address =

libwvdrmengine/include/mapErrors-inl.h

@@ -35,6 +35,8 @@ static android::status_t mapCdmResponseType(wvcdm::CdmResponseType res) {
       return kErrorCDMGeneric;
     case wvcdm::UNKNOWN_ERROR:
       return android::ERROR_DRM_UNKNOWN;
+    case wvcdm::SECURE_BUFFER_REQUIRED:
+      return android::ERROR_DRM_CANNOT_HANDLE;
   }
 
   // Return here instead of as a default case so that the compiler will warn