Revert "Detect when unable to meet policy requirements"
This reverts commit 1223330ccc.
b/37460568
Change-Id: I936c06f679126ac50fb2d4753b4270b4ba42def5
This commit is contained in:
Rahul Frias
@@ -157,11 +157,9 @@ class LicenseKeysTest : public ::testing::Test {
|
||||
}
|
||||
|
||||
virtual void ExpectAllowedUsageContent(
|
||||
const CdmKeyAllowedUsage& key_usage, KeyFlag secure, KeyFlag clear,
|
||||
CdmKeySecurityLevel key_security_level) {
|
||||
const CdmKeyAllowedUsage& key_usage, KeyFlag secure, KeyFlag clear) {
|
||||
EXPECT_EQ(key_usage.decrypt_to_secure_buffer, secure == kKeyFlagTrue);
|
||||
EXPECT_EQ(key_usage.decrypt_to_clear_buffer, clear == kKeyFlagTrue);
|
||||
EXPECT_EQ(key_usage.key_security_level_, key_security_level);
|
||||
EXPECT_FALSE(key_usage.generic_encrypt);
|
||||
EXPECT_FALSE(key_usage.generic_decrypt);
|
||||
EXPECT_FALSE(key_usage.generic_sign);
|
||||
@@ -422,41 +420,36 @@ TEST_F(LicenseKeysTest, AllowedUsageNull) {
|
||||
|
||||
CdmKeyAllowedUsage usage_2;
|
||||
EXPECT_TRUE(license_keys_.GetAllowedUsage(c_key, &usage_2));
|
||||
ExpectAllowedUsageContent(usage_2, kContentClearTrue, kContentSecureTrue,
|
||||
kKeySecurityLevelUnset);
|
||||
ExpectAllowedUsageContent(usage_2, kContentClearTrue, kContentSecureTrue);
|
||||
|
||||
CdmKeyAllowedUsage usage_3;
|
||||
EXPECT_TRUE(license_keys_.GetAllowedUsage(os_key, &usage_3));
|
||||
ExpectAllowedUsageContent(usage_3, kContentClearFalse, kContentSecureFalse,
|
||||
kKeySecurityLevelUnset);
|
||||
ExpectAllowedUsageContent(usage_3, kContentClearFalse, kContentSecureFalse);
|
||||
}
|
||||
|
||||
TEST_F(LicenseKeysTest, AllowedUsageContent) {
|
||||
StageContentKeys();
|
||||
CdmKeyAllowedUsage u_sw_crypto;
|
||||
EXPECT_TRUE(license_keys_.GetAllowedUsage(ck_sw_crypto, &u_sw_crypto));
|
||||
ExpectAllowedUsageContent(u_sw_crypto, kContentSecureTrue, kContentClearTrue,
|
||||
kSoftwareSecureCrypto);
|
||||
ExpectAllowedUsageContent(u_sw_crypto, kContentSecureTrue, kContentClearTrue);
|
||||
|
||||
CdmKeyAllowedUsage u_sw_decode;
|
||||
EXPECT_TRUE(license_keys_.GetAllowedUsage(ck_sw_decode, &u_sw_decode));
|
||||
ExpectAllowedUsageContent(u_sw_decode, kContentSecureTrue, kContentClearTrue,
|
||||
kSoftwareSecureDecode);
|
||||
ExpectAllowedUsageContent(u_sw_decode, kContentSecureTrue, kContentClearTrue);
|
||||
|
||||
CdmKeyAllowedUsage u_hw_crypto;
|
||||
EXPECT_TRUE(license_keys_.GetAllowedUsage(ck_hw_crypto, &u_hw_crypto));
|
||||
ExpectAllowedUsageContent(u_hw_crypto, kContentSecureTrue, kContentClearTrue,
|
||||
kHardwareSecureCrypto);
|
||||
ExpectAllowedUsageContent(u_hw_crypto, kContentSecureTrue, kContentClearTrue);
|
||||
|
||||
CdmKeyAllowedUsage u_hw_decode;
|
||||
EXPECT_TRUE(license_keys_.GetAllowedUsage(ck_hw_decode, &u_hw_decode));
|
||||
ExpectAllowedUsageContent(u_hw_decode, kContentSecureTrue,
|
||||
kContentClearFalse, kHardwareSecureDecode);
|
||||
kContentClearFalse);
|
||||
|
||||
CdmKeyAllowedUsage u_hw_secure;
|
||||
EXPECT_TRUE(license_keys_.GetAllowedUsage(ck_hw_secure, &u_hw_secure));
|
||||
ExpectAllowedUsageContent(u_hw_secure, kContentSecureTrue,
|
||||
kContentClearFalse, kHardwareSecureAll);
|
||||
kContentClearFalse);
|
||||
}
|
||||
|
||||
TEST_F(LicenseKeysTest, AllowedUsageOperatorSession) {
|
||||
|
||||
@@ -1259,63 +1259,6 @@ TEST_F(PolicyEngineTest, PlaybackOk_CanStoreGracePeriod) {
|
||||
EXPECT_EQ(kPlaybackStartTime, policy_engine_->GetGracePeriodEndTime());
|
||||
}
|
||||
|
||||
struct KeySecurityLevelParams {
|
||||
bool is_security_level_set;
|
||||
License::KeyContainer::SecurityLevel security_level;
|
||||
bool expect_can_L1_use_key;
|
||||
bool expect_can_L2_use_key;
|
||||
bool expect_can_L3_use_key;
|
||||
bool expect_can_L_unknown_use_key;
|
||||
};
|
||||
|
||||
KeySecurityLevelParams key_security_test_vectors[] = {
|
||||
{ false, License::KeyContainer::HW_SECURE_ALL, true, true, true, true },
|
||||
{ true, License::KeyContainer::SW_SECURE_CRYPTO, true, true, true, false },
|
||||
{ true, License::KeyContainer::SW_SECURE_DECODE, true, true, false, false },
|
||||
{ true, License::KeyContainer::HW_SECURE_CRYPTO, true, true, false, false },
|
||||
{ true, License::KeyContainer::HW_SECURE_DECODE, true, false, false, false },
|
||||
{ true, License::KeyContainer::HW_SECURE_ALL, true, false, false, false },
|
||||
};
|
||||
|
||||
class PolicyEngineKeySecurityLevelTest
|
||||
: public PolicyEngineTest,
|
||||
public ::testing::WithParamInterface<KeySecurityLevelParams*> {};
|
||||
|
||||
TEST_P(PolicyEngineKeySecurityLevelTest, CanUseKey) {
|
||||
|
||||
KeySecurityLevelParams* param = GetParam();
|
||||
|
||||
license_.clear_key();
|
||||
|
||||
License::KeyContainer* content_key = license_.add_key();
|
||||
content_key->set_type(License::KeyContainer::CONTENT);
|
||||
content_key->set_id(kKeyId);
|
||||
if (param->is_security_level_set)
|
||||
content_key->set_level(param->security_level);
|
||||
|
||||
EXPECT_CALL(*mock_clock_, GetCurrentTime())
|
||||
.WillOnce(Return(kLicenseStartTime + 1));
|
||||
|
||||
ExpectSessionKeysChange(kKeyStatusUsable, true);
|
||||
EXPECT_CALL(mock_event_listener_, OnExpirationUpdate(_, _));
|
||||
|
||||
policy_engine_->SetLicense(license_);
|
||||
|
||||
EXPECT_EQ(param->expect_can_L1_use_key,
|
||||
policy_engine_->CanUseKey(kKeyId, kSecurityLevelL1));
|
||||
EXPECT_EQ(param->expect_can_L2_use_key,
|
||||
policy_engine_->CanUseKey(kKeyId, kSecurityLevelL2));
|
||||
EXPECT_EQ(param->expect_can_L3_use_key,
|
||||
policy_engine_->CanUseKey(kKeyId, kSecurityLevelL3));
|
||||
EXPECT_EQ(param->expect_can_L_unknown_use_key,
|
||||
policy_engine_->CanUseKey(kKeyId, kSecurityLevelUnknown));
|
||||
}
|
||||
|
||||
INSTANTIATE_TEST_CASE_P(
|
||||
PolicyEngine, PolicyEngineKeySecurityLevelTest,
|
||||
::testing::Range(&key_security_test_vectors[0],
|
||||
&key_security_test_vectors[5]));
|
||||
|
||||
class PolicyEngineKeyAllowedUsageTest : public PolicyEngineTest {
|
||||
protected:
|
||||
enum KeyFlag {
|
||||
@@ -1344,11 +1287,9 @@ class PolicyEngineKeyAllowedUsageTest : public PolicyEngineTest {
|
||||
|
||||
|
||||
void ExpectAllowedContentKeySettings(const CdmKeyAllowedUsage& key_usage,
|
||||
KeyFlag secure, KeyFlag clear,
|
||||
CdmKeySecurityLevel key_security_level) {
|
||||
KeyFlag secure, KeyFlag clear) {
|
||||
EXPECT_EQ(key_usage.decrypt_to_secure_buffer, secure == kKeyFlagTrue);
|
||||
EXPECT_EQ(key_usage.decrypt_to_clear_buffer, clear == kKeyFlagTrue);
|
||||
EXPECT_EQ(key_usage.key_security_level_, key_security_level);
|
||||
EXPECT_FALSE(key_usage.generic_encrypt);
|
||||
EXPECT_FALSE(key_usage.generic_decrypt);
|
||||
EXPECT_FALSE(key_usage.generic_sign);
|
||||
@@ -1366,24 +1307,22 @@ class PolicyEngineKeyAllowedUsageTest : public PolicyEngineTest {
|
||||
EXPECT_EQ(key_usage.generic_verify, verify == kKeyFlagTrue);
|
||||
}
|
||||
|
||||
void ExpectSecureContentKey(const KeyId& key_id,
|
||||
CdmKeySecurityLevel key_security_level) {
|
||||
void ExpectSecureContentKey(const KeyId& key_id) {
|
||||
CdmKeyAllowedUsage key_usage;
|
||||
EXPECT_EQ(NO_ERROR,
|
||||
policy_engine_->QueryKeyAllowedUsage(key_id, &key_usage));
|
||||
|
||||
ExpectAllowedContentKeySettings(key_usage, kContentSecureTrue,
|
||||
kContentSecureFalse, key_security_level);
|
||||
kContentSecureFalse);
|
||||
}
|
||||
|
||||
void ExpectLessSecureContentKey(const KeyId& key_id,
|
||||
CdmKeySecurityLevel key_security_level) {
|
||||
void ExpectLessSecureContentKey(const KeyId& key_id) {
|
||||
CdmKeyAllowedUsage key_usage;
|
||||
EXPECT_EQ(NO_ERROR,
|
||||
policy_engine_->QueryKeyAllowedUsage(key_id, &key_usage));
|
||||
|
||||
ExpectAllowedContentKeySettings(key_usage, kContentSecureTrue,
|
||||
kContentSecureTrue, key_security_level);
|
||||
kContentSecureTrue);
|
||||
}
|
||||
|
||||
void ExpectOperatorSessionKey(const KeyId& key_id, KeyFlag encrypt,
|
||||
@@ -1449,8 +1388,8 @@ TEST_F(PolicyEngineKeyAllowedUsageTest, AllowedUsageBasic) {
|
||||
|
||||
policy_engine_->SetLicense(license_);
|
||||
|
||||
ExpectSecureContentKey(kKeyId, kHardwareSecureAll);
|
||||
ExpectLessSecureContentKey(kAnotherKeyId, kKeySecurityLevelUnset);
|
||||
ExpectSecureContentKey(kKeyId);
|
||||
ExpectLessSecureContentKey(kAnotherKeyId);
|
||||
ExpectOperatorSessionKey(kGenericKeyId, kEncryptNull, kDecryptNull,
|
||||
kSignTrue, kVerifyNull);
|
||||
|
||||
@@ -1504,8 +1443,8 @@ TEST_F(PolicyEngineKeyAllowedUsageTest, AllowedUsageGeneric) {
|
||||
|
||||
policy_engine_->SetLicense(license_);
|
||||
|
||||
ExpectSecureContentKey(kKeyId, kHardwareSecureDecode);
|
||||
ExpectLessSecureContentKey(kAnotherKeyId, kHardwareSecureCrypto);
|
||||
ExpectSecureContentKey(kKeyId);
|
||||
ExpectLessSecureContentKey(kAnotherKeyId);
|
||||
ExpectOperatorSessionKey(kGenericEncryptKeyId, kEncryptTrue, kDecryptFalse,
|
||||
kSignFalse, kVerifyFalse);
|
||||
ExpectOperatorSessionKey(kGenericDecryptKeyId, kEncryptFalse, kDecryptTrue,
|
||||
|
||||
@@ -568,9 +568,6 @@ void PrintTo(const enum CdmResponseType& value, ::std::ostream* os) {
|
||||
case INCORRECT_USAGE_SUPPORT_TYPE_2:
|
||||
*os << "INCORRECT_USAGE_SUPPORT_TYPE_2";
|
||||
break;
|
||||
case KEY_PROHIBITED_FOR_SECURITY_LEVEL:
|
||||
*os << "KEY_PROHIBITED_FOR_SECURITY_LEVEL";
|
||||
break;
|
||||
|
||||
default:
|
||||
*os << "Unknown CdmResponseType";
|
||||
|
||||
Reference in New Issue
Block a user