widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "Detect when unable to meet policy requirements"

Browse Source 
This reverts commit 1223330ccc.

b/37460568

Change-Id: I936c06f679126ac50fb2d4753b4270b4ba42def5
This commit is contained in:
Rahul Frias
2017-04-18 18:55:49 +00:00
parent 1223330ccc
commit e733943729
11 changed files with 18 additions and 172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libwvdrmengine/cdm/core/include/policy_engine.h
View File

@@ -34,10 +34,6 @@ class PolicyEngine {
// status is not calculated to avoid overhead in the decryption path.
virtual bool CanDecryptContent(const KeyId& key_id);
// Verifies whether the policy allows use of the specified key of
// a given security level for content decryption.
virtual bool CanUseKey(const KeyId& key_id, CdmSecurityLevel security_level);
// OnTimerEvent is called when a timer fires. It notifies the Policy Engine
// that the timer has fired and dispatches the relevant events through
// |event_listener_|.

16
libwvdrmengine/cdm/core/include/wv_cdm_types.h
View File

@@ -295,7 +295,6 @@ enum CdmResponseType {
RELEASE_USAGE_INFO_FAILED,
INCORRECT_USAGE_SUPPORT_TYPE_1,
INCORRECT_USAGE_SUPPORT_TYPE_2, /* 255 */
KEY_PROHIBITED_FOR_SECURITY_LEVEL,
};
enum CdmKeyStatus {
@@ -393,16 +392,6 @@ struct CdmUsageEntryInfo {
std::string usage_info_file_name;
};
enum CdmKeySecurityLevel {
kKeySecurityLevelUnset,
kSoftwareSecureCrypto,
kSoftwareSecureDecode,
kHardwareSecureCrypto,
kHardwareSecureDecode,
kHardwareSecureAll,
kKeySecurityLevelUnknown,
};
class CdmKeyAllowedUsage {
public:
CdmKeyAllowedUsage() {
@@ -419,7 +408,6 @@ class CdmKeyAllowedUsage {
generic_decrypt = false;
generic_sign = false;
generic_verify = false;
key_security_level_ = kKeySecurityLevelUnset;
valid_ = false;
}
@@ -430,8 +418,7 @@ class CdmKeyAllowedUsage {
generic_encrypt != other.generic_encrypt ||
generic_decrypt != other.generic_decrypt ||
generic_sign != other.generic_sign ||
generic_verify != other.generic_verify ||
key_security_level_ != other.key_security_level_) {
generic_verify != other.generic_verify) {
return false;
}
return true;
@@ -443,7 +430,6 @@ class CdmKeyAllowedUsage {
bool generic_decrypt;
bool generic_sign;
bool generic_verify;
CdmKeySecurityLevel key_security_level_;
private:
bool valid_;

3
libwvdrmengine/cdm/core/src/cdm_session.cpp
View File

@@ -553,9 +553,6 @@ CdmResponseType CdmSession::Decrypt(const CdmDecryptionParameters& params) {
return policy_engine_->IsLicenseForFuture() ? DECRYPT_NOT_READY : NEED_KEY;
}
if (!policy_engine_->CanUseKey(*params.key_id, security_level_))
return KEY_PROHIBITED_FOR_SECURITY_LEVEL;
CdmResponseType status = crypto_session_->Decrypt(params);
if (status == NO_ERROR) {

25
libwvdrmengine/cdm/core/src/license_key_status.cpp
View File

@@ -169,31 +169,6 @@ void LicenseKeyStatus::ParseContentKey(const KeyContainer& key) {
allowed_usage_.decrypt_to_clear_buffer = true;
allowed_usage_.decrypt_to_secure_buffer = true;
}
if (key.has_level()) {
switch (key.level()) {
case KeyContainer::SW_SECURE_CRYPTO:
allowed_usage_.key_security_level_ = kSoftwareSecureCrypto;
break;
case KeyContainer::SW_SECURE_DECODE:
allowed_usage_.key_security_level_ = kSoftwareSecureDecode;
break;
case KeyContainer::HW_SECURE_CRYPTO:
allowed_usage_.key_security_level_ = kHardwareSecureCrypto;
break;
case KeyContainer::HW_SECURE_DECODE:
allowed_usage_.key_security_level_ = kHardwareSecureDecode;
break;
case KeyContainer::HW_SECURE_ALL:
allowed_usage_.key_security_level_ = kHardwareSecureAll;
break;
default:
allowed_usage_.key_security_level_ = kKeySecurityLevelUnknown;
break;
}
} else {
allowed_usage_.key_security_level_ = kKeySecurityLevelUnset;
}
allowed_usage_.SetValid();
if (key.video_resolution_constraints_size() > 0) {

26
libwvdrmengine/cdm/core/src/policy_engine.cpp
View File

@@ -283,32 +283,6 @@ CdmResponseType PolicyEngine::QueryKeyAllowedUsage(
return KEY_NOT_FOUND_1;
}
bool PolicyEngine::CanUseKey(
const KeyId& key_id,
CdmSecurityLevel security_level) {
if (security_level == kSecurityLevelL1) return true;
CdmKeyAllowedUsage key_usage;
CdmResponseType status = QueryKeyAllowedUsage(key_id, &key_usage);
if (status != NO_ERROR) return false;
// L1 has already been addressed so verify that L2/3 are allowed
switch (key_usage.key_security_level_) {
case kKeySecurityLevelUnset:
return true;
case kSoftwareSecureCrypto:
return security_level == kSecurityLevelL2 ||
security_level == kSecurityLevelL3;
case kSoftwareSecureDecode:
case kHardwareSecureCrypto:
return security_level == kSecurityLevelL2;
default:
return false;
}
}
bool PolicyEngine::GetSecondsSinceStarted(int64_t* seconds_since_started) {
if (playback_start_time_ == 0) return false;

23
libwvdrmengine/cdm/core/test/license_keys_unittest.cpp
View File

@@ -157,11 +157,9 @@ class LicenseKeysTest : public ::testing::Test {
}
virtual void ExpectAllowedUsageContent(
const CdmKeyAllowedUsage& key_usage, KeyFlag secure, KeyFlag clear,
CdmKeySecurityLevel key_security_level) {
const CdmKeyAllowedUsage& key_usage, KeyFlag secure, KeyFlag clear) {
EXPECT_EQ(key_usage.decrypt_to_secure_buffer, secure == kKeyFlagTrue);
EXPECT_EQ(key_usage.decrypt_to_clear_buffer, clear == kKeyFlagTrue);
EXPECT_EQ(key_usage.key_security_level_, key_security_level);
EXPECT_FALSE(key_usage.generic_encrypt);
EXPECT_FALSE(key_usage.generic_decrypt);
EXPECT_FALSE(key_usage.generic_sign);
@@ -422,41 +420,36 @@ TEST_F(LicenseKeysTest, AllowedUsageNull) {
CdmKeyAllowedUsage usage_2;
EXPECT_TRUE(license_keys_.GetAllowedUsage(c_key, &usage_2));
ExpectAllowedUsageContent(usage_2, kContentClearTrue, kContentSecureTrue,
kKeySecurityLevelUnset);
ExpectAllowedUsageContent(usage_2, kContentClearTrue, kContentSecureTrue);
CdmKeyAllowedUsage usage_3;
EXPECT_TRUE(license_keys_.GetAllowedUsage(os_key, &usage_3));
ExpectAllowedUsageContent(usage_3, kContentClearFalse, kContentSecureFalse,
kKeySecurityLevelUnset);
ExpectAllowedUsageContent(usage_3, kContentClearFalse, kContentSecureFalse);
}
TEST_F(LicenseKeysTest, AllowedUsageContent) {
StageContentKeys();
CdmKeyAllowedUsage u_sw_crypto;
EXPECT_TRUE(license_keys_.GetAllowedUsage(ck_sw_crypto, &u_sw_crypto));
ExpectAllowedUsageContent(u_sw_crypto, kContentSecureTrue, kContentClearTrue,
kSoftwareSecureCrypto);
ExpectAllowedUsageContent(u_sw_crypto, kContentSecureTrue, kContentClearTrue);
CdmKeyAllowedUsage u_sw_decode;
EXPECT_TRUE(license_keys_.GetAllowedUsage(ck_sw_decode, &u_sw_decode));
ExpectAllowedUsageContent(u_sw_decode, kContentSecureTrue, kContentClearTrue,
kSoftwareSecureDecode);
ExpectAllowedUsageContent(u_sw_decode, kContentSecureTrue, kContentClearTrue);
CdmKeyAllowedUsage u_hw_crypto;
EXPECT_TRUE(license_keys_.GetAllowedUsage(ck_hw_crypto, &u_hw_crypto));
ExpectAllowedUsageContent(u_hw_crypto, kContentSecureTrue, kContentClearTrue,
kHardwareSecureCrypto);
ExpectAllowedUsageContent(u_hw_crypto, kContentSecureTrue, kContentClearTrue);
CdmKeyAllowedUsage u_hw_decode;
EXPECT_TRUE(license_keys_.GetAllowedUsage(ck_hw_decode, &u_hw_decode));
ExpectAllowedUsageContent(u_hw_decode, kContentSecureTrue,
kContentClearFalse, kHardwareSecureDecode);
kContentClearFalse);
CdmKeyAllowedUsage u_hw_secure;
EXPECT_TRUE(license_keys_.GetAllowedUsage(ck_hw_secure, &u_hw_secure));
ExpectAllowedUsageContent(u_hw_secure, kContentSecureTrue,
kContentClearFalse, kHardwareSecureAll);
kContentClearFalse);
}
TEST_F(LicenseKeysTest, AllowedUsageOperatorSession) {

79
libwvdrmengine/cdm/core/test/policy_engine_unittest.cpp
View File

@@ -1259,63 +1259,6 @@ TEST_F(PolicyEngineTest, PlaybackOk_CanStoreGracePeriod) {
EXPECT_EQ(kPlaybackStartTime, policy_engine_->GetGracePeriodEndTime());
}
struct KeySecurityLevelParams {
bool is_security_level_set;
License::KeyContainer::SecurityLevel security_level;
bool expect_can_L1_use_key;
bool expect_can_L2_use_key;
bool expect_can_L3_use_key;
bool expect_can_L_unknown_use_key;
};
KeySecurityLevelParams key_security_test_vectors[] = {
{ false, License::KeyContainer::HW_SECURE_ALL, true, true, true, true },
{ true, License::KeyContainer::SW_SECURE_CRYPTO, true, true, true, false },
{ true, License::KeyContainer::SW_SECURE_DECODE, true, true, false, false },
{ true, License::KeyContainer::HW_SECURE_CRYPTO, true, true, false, false },
{ true, License::KeyContainer::HW_SECURE_DECODE, true, false, false, false },
{ true, License::KeyContainer::HW_SECURE_ALL, true, false, false, false },
};
class PolicyEngineKeySecurityLevelTest
: public PolicyEngineTest,
public ::testing::WithParamInterface<KeySecurityLevelParams*> {};
TEST_P(PolicyEngineKeySecurityLevelTest, CanUseKey) {
KeySecurityLevelParams* param = GetParam();
license_.clear_key();
License::KeyContainer* content_key = license_.add_key();
content_key->set_type(License::KeyContainer::CONTENT);
content_key->set_id(kKeyId);
if (param->is_security_level_set)
content_key->set_level(param->security_level);
EXPECT_CALL(*mock_clock_, GetCurrentTime())
.WillOnce(Return(kLicenseStartTime + 1));
ExpectSessionKeysChange(kKeyStatusUsable, true);
EXPECT_CALL(mock_event_listener_, OnExpirationUpdate(_, _));
policy_engine_->SetLicense(license_);
EXPECT_EQ(param->expect_can_L1_use_key,
policy_engine_->CanUseKey(kKeyId, kSecurityLevelL1));
EXPECT_EQ(param->expect_can_L2_use_key,
policy_engine_->CanUseKey(kKeyId, kSecurityLevelL2));
EXPECT_EQ(param->expect_can_L3_use_key,
policy_engine_->CanUseKey(kKeyId, kSecurityLevelL3));
EXPECT_EQ(param->expect_can_L_unknown_use_key,
policy_engine_->CanUseKey(kKeyId, kSecurityLevelUnknown));
}
INSTANTIATE_TEST_CASE_P(
PolicyEngine, PolicyEngineKeySecurityLevelTest,
::testing::Range(&key_security_test_vectors[0],
&key_security_test_vectors[5]));
class PolicyEngineKeyAllowedUsageTest : public PolicyEngineTest {
protected:
enum KeyFlag {
@@ -1344,11 +1287,9 @@ class PolicyEngineKeyAllowedUsageTest : public PolicyEngineTest {
void ExpectAllowedContentKeySettings(const CdmKeyAllowedUsage& key_usage,
KeyFlag secure, KeyFlag clear,
CdmKeySecurityLevel key_security_level) {
KeyFlag secure, KeyFlag clear) {
EXPECT_EQ(key_usage.decrypt_to_secure_buffer, secure == kKeyFlagTrue);
EXPECT_EQ(key_usage.decrypt_to_clear_buffer, clear == kKeyFlagTrue);
EXPECT_EQ(key_usage.key_security_level_, key_security_level);
EXPECT_FALSE(key_usage.generic_encrypt);
EXPECT_FALSE(key_usage.generic_decrypt);
EXPECT_FALSE(key_usage.generic_sign);
@@ -1366,24 +1307,22 @@ class PolicyEngineKeyAllowedUsageTest : public PolicyEngineTest {
EXPECT_EQ(key_usage.generic_verify, verify == kKeyFlagTrue);
}
void ExpectSecureContentKey(const KeyId& key_id,
CdmKeySecurityLevel key_security_level) {
void ExpectSecureContentKey(const KeyId& key_id) {
CdmKeyAllowedUsage key_usage;
EXPECT_EQ(NO_ERROR,
policy_engine_->QueryKeyAllowedUsage(key_id, &key_usage));
ExpectAllowedContentKeySettings(key_usage, kContentSecureTrue,
kContentSecureFalse, key_security_level);
kContentSecureFalse);
}
void ExpectLessSecureContentKey(const KeyId& key_id,
CdmKeySecurityLevel key_security_level) {
void ExpectLessSecureContentKey(const KeyId& key_id) {
CdmKeyAllowedUsage key_usage;
EXPECT_EQ(NO_ERROR,
policy_engine_->QueryKeyAllowedUsage(key_id, &key_usage));
ExpectAllowedContentKeySettings(key_usage, kContentSecureTrue,
kContentSecureTrue, key_security_level);
kContentSecureTrue);
}
void ExpectOperatorSessionKey(const KeyId& key_id, KeyFlag encrypt,
@@ -1449,8 +1388,8 @@ TEST_F(PolicyEngineKeyAllowedUsageTest, AllowedUsageBasic) {
policy_engine_->SetLicense(license_);
ExpectSecureContentKey(kKeyId, kHardwareSecureAll);
ExpectLessSecureContentKey(kAnotherKeyId, kKeySecurityLevelUnset);
ExpectSecureContentKey(kKeyId);
ExpectLessSecureContentKey(kAnotherKeyId);
ExpectOperatorSessionKey(kGenericKeyId, kEncryptNull, kDecryptNull,
kSignTrue, kVerifyNull);
@@ -1504,8 +1443,8 @@ TEST_F(PolicyEngineKeyAllowedUsageTest, AllowedUsageGeneric) {
policy_engine_->SetLicense(license_);
ExpectSecureContentKey(kKeyId, kHardwareSecureDecode);
ExpectLessSecureContentKey(kAnotherKeyId, kHardwareSecureCrypto);
ExpectSecureContentKey(kKeyId);
ExpectLessSecureContentKey(kAnotherKeyId);
ExpectOperatorSessionKey(kGenericEncryptKeyId, kEncryptTrue, kDecryptFalse,
kSignFalse, kVerifyFalse);
ExpectOperatorSessionKey(kGenericDecryptKeyId, kEncryptFalse, kDecryptTrue,

3
libwvdrmengine/cdm/core/test/test_printers.cpp
View File

@@ -568,9 +568,6 @@ void PrintTo(const enum CdmResponseType& value, ::std::ostream* os) {
case INCORRECT_USAGE_SUPPORT_TYPE_2:
*os << "INCORRECT_USAGE_SUPPORT_TYPE_2";
break;
case KEY_PROHIBITED_FOR_SECURITY_LEVEL:
*os << "KEY_PROHIBITED_FOR_SECURITY_LEVEL";
break;
default:
*os << "Unknown CdmResponseType";

1
libwvdrmengine/include/mapErrors-inl.h
View File

@@ -377,7 +377,6 @@ static android::status_t mapCdmResponseType(wvcdm::CdmResponseType res) {
return android::ERROR_DRM_CANNOT_HANDLE;
case wvcdm::INSUFFICIENT_OUTPUT_PROTECTION:
case wvcdm::ANALOG_OUTPUT_ERROR:
case wvcdm::KEY_PROHIBITED_FOR_SECURITY_LEVEL:
return android::ERROR_DRM_INSUFFICIENT_OUTPUT_PROTECTION;
case wvcdm::SESSION_NOT_FOUND_12:
return kSessionNotFound12;

5
libwvdrmengine/mediacrypto/src/WVCryptoPlugin.cpp
View File

@@ -322,14 +322,9 @@ status_t WVCryptoPlugin::attemptDecrypt(const CdmDecryptionParameters& params,
"Error decrypting data: unspecified error");
break;
case wvcdm::INSUFFICIENT_OUTPUT_PROTECTION:
case wvcdm::ANALOG_OUTPUT_ERROR:
errorDetailMsg->setTo(
"Error decrypting data: insufficient output protection");
break;
case wvcdm::KEY_PROHIBITED_FOR_SECURITY_LEVEL:
errorDetailMsg->setTo(
"Error decrypting data: key prohibited for security level");
break;
default:
actionableError = false;
break;

5
libwvdrmengine/mediacrypto/src_hidl/WVCryptoPlugin.cpp
View File

@@ -354,14 +354,9 @@ status_t WVCryptoPlugin::attemptDecrypt(const CdmDecryptionParameters& params,
"Error decrypting data: unspecified error");
break;
case wvcdm::INSUFFICIENT_OUTPUT_PROTECTION:
case wvcdm::ANALOG_OUTPUT_ERROR:
errorDetailMsg->assign(
"Error decrypting data: insufficient output protection");
break;
case wvcdm::KEY_PROHIBITED_FOR_SECURITY_LEVEL:
errorDetailMsg->assign(
"Error decrypting data: key prohibited for security level");
break;
default:
actionableError = false;
break;