Revert "Detect when unable to meet policy requirements"

This reverts commit 1223330ccc.

b/37460568

Change-Id: I936c06f679126ac50fb2d4753b4270b4ba42def5

libwvdrmengine/cdm/core/include/policy_engine.h

@@ -34,10 +34,6 @@ class PolicyEngine {
   // status is not calculated to avoid overhead in the decryption path.
   virtual bool CanDecryptContent(const KeyId& key_id);
 
-  // Verifies whether the policy allows use of the specified key of
-  // a given security level for content decryption.
-  virtual bool CanUseKey(const KeyId& key_id, CdmSecurityLevel security_level);
-
   // OnTimerEvent is called when a timer fires. It notifies the Policy Engine
   // that the timer has fired and dispatches the relevant events through
   // |event_listener_|.

libwvdrmengine/cdm/core/include/wv_cdm_types.h

@@ -295,7 +295,6 @@ enum CdmResponseType {
   RELEASE_USAGE_INFO_FAILED,
   INCORRECT_USAGE_SUPPORT_TYPE_1,
   INCORRECT_USAGE_SUPPORT_TYPE_2, /* 255 */
-  KEY_PROHIBITED_FOR_SECURITY_LEVEL,
 };
 
 enum CdmKeyStatus {
@@ -393,16 +392,6 @@ struct CdmUsageEntryInfo {
   std::string usage_info_file_name;
 };
 
-enum CdmKeySecurityLevel {
-  kKeySecurityLevelUnset,
-  kSoftwareSecureCrypto,
-  kSoftwareSecureDecode,
-  kHardwareSecureCrypto,
-  kHardwareSecureDecode,
-  kHardwareSecureAll,
-  kKeySecurityLevelUnknown,
-};
-
 class CdmKeyAllowedUsage {
  public:
   CdmKeyAllowedUsage() {
@@ -419,7 +408,6 @@ class CdmKeyAllowedUsage {
     generic_decrypt = false;
     generic_sign = false;
     generic_verify = false;
-    key_security_level_ = kKeySecurityLevelUnset;
     valid_ = false;
   }
 
@@ -430,8 +418,7 @@ class CdmKeyAllowedUsage {
         generic_encrypt != other.generic_encrypt ||
         generic_decrypt != other.generic_decrypt ||
         generic_sign != other.generic_sign ||
-        generic_verify != other.generic_verify ||
+        generic_verify != other.generic_verify) {
-        key_security_level_ != other.key_security_level_) {
       return false;
     }
     return true;
@@ -443,7 +430,6 @@ class CdmKeyAllowedUsage {
   bool generic_decrypt;
   bool generic_sign;
   bool generic_verify;
-  CdmKeySecurityLevel key_security_level_;
 
  private:
   bool valid_;

libwvdrmengine/cdm/core/src/cdm_session.cpp

@@ -553,9 +553,6 @@ CdmResponseType CdmSession::Decrypt(const CdmDecryptionParameters& params) {
     return policy_engine_->IsLicenseForFuture() ? DECRYPT_NOT_READY : NEED_KEY;
   }
 
-  if (!policy_engine_->CanUseKey(*params.key_id, security_level_))
-    return KEY_PROHIBITED_FOR_SECURITY_LEVEL;
-
   CdmResponseType status = crypto_session_->Decrypt(params);
 
   if (status == NO_ERROR) {

libwvdrmengine/cdm/core/src/license_key_status.cpp

@@ -169,31 +169,6 @@ void LicenseKeyStatus::ParseContentKey(const KeyContainer& key) {
     allowed_usage_.decrypt_to_clear_buffer = true;
     allowed_usage_.decrypt_to_secure_buffer = true;
   }
-
-  if (key.has_level()) {
-    switch (key.level()) {
-      case KeyContainer::SW_SECURE_CRYPTO:
-        allowed_usage_.key_security_level_ = kSoftwareSecureCrypto;
-        break;
-      case KeyContainer::SW_SECURE_DECODE:
-        allowed_usage_.key_security_level_ = kSoftwareSecureDecode;
-        break;
-      case KeyContainer::HW_SECURE_CRYPTO:
-        allowed_usage_.key_security_level_ = kHardwareSecureCrypto;
-        break;
-      case KeyContainer::HW_SECURE_DECODE:
-        allowed_usage_.key_security_level_ = kHardwareSecureDecode;
-        break;
-      case KeyContainer::HW_SECURE_ALL:
-        allowed_usage_.key_security_level_ = kHardwareSecureAll;
-        break;
-      default:
-        allowed_usage_.key_security_level_ = kKeySecurityLevelUnknown;
-        break;
-    }
-  } else {
-    allowed_usage_.key_security_level_ = kKeySecurityLevelUnset;
-  }
   allowed_usage_.SetValid();
 
   if (key.video_resolution_constraints_size() > 0) {

libwvdrmengine/cdm/core/src/policy_engine.cpp

@@ -283,32 +283,6 @@ CdmResponseType PolicyEngine::QueryKeyAllowedUsage(
   return KEY_NOT_FOUND_1;
 }
 
-bool PolicyEngine::CanUseKey(
-    const KeyId& key_id,
-    CdmSecurityLevel security_level) {
-
-  if (security_level == kSecurityLevelL1) return true;
-
-  CdmKeyAllowedUsage key_usage;
-  CdmResponseType status = QueryKeyAllowedUsage(key_id, &key_usage);
-
-  if (status != NO_ERROR) return false;
-
-  // L1 has already been addressed so verify that L2/3 are allowed
-  switch (key_usage.key_security_level_) {
-    case kKeySecurityLevelUnset:
-      return true;
-    case kSoftwareSecureCrypto:
-      return security_level == kSecurityLevelL2 ||
-          security_level == kSecurityLevelL3;
-    case kSoftwareSecureDecode:
-    case kHardwareSecureCrypto:
-      return security_level == kSecurityLevelL2;
-    default:
-      return false;
-  }
-}
-
 bool PolicyEngine::GetSecondsSinceStarted(int64_t* seconds_since_started) {
   if (playback_start_time_ == 0) return false;
 

libwvdrmengine/cdm/core/test/license_keys_unittest.cpp

@@ -157,11 +157,9 @@ class LicenseKeysTest : public ::testing::Test {
   }
 
   virtual void ExpectAllowedUsageContent(
-      const CdmKeyAllowedUsage& key_usage, KeyFlag secure, KeyFlag clear,
+      const CdmKeyAllowedUsage& key_usage, KeyFlag secure, KeyFlag clear) {
-      CdmKeySecurityLevel key_security_level) {
     EXPECT_EQ(key_usage.decrypt_to_secure_buffer, secure == kKeyFlagTrue);
     EXPECT_EQ(key_usage.decrypt_to_clear_buffer, clear == kKeyFlagTrue);
-    EXPECT_EQ(key_usage.key_security_level_, key_security_level);
     EXPECT_FALSE(key_usage.generic_encrypt);
     EXPECT_FALSE(key_usage.generic_decrypt);
     EXPECT_FALSE(key_usage.generic_sign);
@@ -422,41 +420,36 @@ TEST_F(LicenseKeysTest, AllowedUsageNull) {
 
   CdmKeyAllowedUsage usage_2;
   EXPECT_TRUE(license_keys_.GetAllowedUsage(c_key, &usage_2));
-  ExpectAllowedUsageContent(usage_2, kContentClearTrue, kContentSecureTrue,
+  ExpectAllowedUsageContent(usage_2, kContentClearTrue, kContentSecureTrue);
-                            kKeySecurityLevelUnset);
 
   CdmKeyAllowedUsage usage_3;
   EXPECT_TRUE(license_keys_.GetAllowedUsage(os_key, &usage_3));
-  ExpectAllowedUsageContent(usage_3, kContentClearFalse, kContentSecureFalse,
+  ExpectAllowedUsageContent(usage_3, kContentClearFalse, kContentSecureFalse);
-                            kKeySecurityLevelUnset);
 }
 
 TEST_F(LicenseKeysTest, AllowedUsageContent) {
   StageContentKeys();
   CdmKeyAllowedUsage u_sw_crypto;
   EXPECT_TRUE(license_keys_.GetAllowedUsage(ck_sw_crypto, &u_sw_crypto));
-  ExpectAllowedUsageContent(u_sw_crypto, kContentSecureTrue, kContentClearTrue,
+  ExpectAllowedUsageContent(u_sw_crypto, kContentSecureTrue, kContentClearTrue);
-                            kSoftwareSecureCrypto);
 
   CdmKeyAllowedUsage u_sw_decode;
   EXPECT_TRUE(license_keys_.GetAllowedUsage(ck_sw_decode, &u_sw_decode));
-  ExpectAllowedUsageContent(u_sw_decode, kContentSecureTrue, kContentClearTrue,
+  ExpectAllowedUsageContent(u_sw_decode, kContentSecureTrue, kContentClearTrue);
-                            kSoftwareSecureDecode);
 
   CdmKeyAllowedUsage u_hw_crypto;
   EXPECT_TRUE(license_keys_.GetAllowedUsage(ck_hw_crypto, &u_hw_crypto));
-  ExpectAllowedUsageContent(u_hw_crypto, kContentSecureTrue, kContentClearTrue,
+  ExpectAllowedUsageContent(u_hw_crypto, kContentSecureTrue, kContentClearTrue);
-                            kHardwareSecureCrypto);
 
   CdmKeyAllowedUsage u_hw_decode;
   EXPECT_TRUE(license_keys_.GetAllowedUsage(ck_hw_decode, &u_hw_decode));
   ExpectAllowedUsageContent(u_hw_decode, kContentSecureTrue,
-                            kContentClearFalse, kHardwareSecureDecode);
+                            kContentClearFalse);
 
   CdmKeyAllowedUsage u_hw_secure;
   EXPECT_TRUE(license_keys_.GetAllowedUsage(ck_hw_secure, &u_hw_secure));
   ExpectAllowedUsageContent(u_hw_secure, kContentSecureTrue,
-                            kContentClearFalse, kHardwareSecureAll);
+                            kContentClearFalse);
 }
 
 TEST_F(LicenseKeysTest, AllowedUsageOperatorSession) {

libwvdrmengine/cdm/core/test/policy_engine_unittest.cpp

@@ -1259,63 +1259,6 @@ TEST_F(PolicyEngineTest, PlaybackOk_CanStoreGracePeriod) {
   EXPECT_EQ(kPlaybackStartTime, policy_engine_->GetGracePeriodEndTime());
 }
 
-struct KeySecurityLevelParams {
-  bool is_security_level_set;
-  License::KeyContainer::SecurityLevel security_level;
-  bool expect_can_L1_use_key;
-  bool expect_can_L2_use_key;
-  bool expect_can_L3_use_key;
-  bool expect_can_L_unknown_use_key;
-};
-
-KeySecurityLevelParams key_security_test_vectors[] = {
-  { false, License::KeyContainer::HW_SECURE_ALL, true, true, true, true },
-  { true, License::KeyContainer::SW_SECURE_CRYPTO, true, true, true, false },
-  { true, License::KeyContainer::SW_SECURE_DECODE, true, true, false, false },
-  { true, License::KeyContainer::HW_SECURE_CRYPTO, true, true, false, false },
-  { true, License::KeyContainer::HW_SECURE_DECODE, true, false, false, false },
-  { true, License::KeyContainer::HW_SECURE_ALL, true, false, false, false },
-};
-
-class PolicyEngineKeySecurityLevelTest
-  : public PolicyEngineTest,
-    public ::testing::WithParamInterface<KeySecurityLevelParams*> {};
-
-TEST_P(PolicyEngineKeySecurityLevelTest, CanUseKey) {
-
-  KeySecurityLevelParams* param = GetParam();
-
-  license_.clear_key();
-
-  License::KeyContainer* content_key = license_.add_key();
-  content_key->set_type(License::KeyContainer::CONTENT);
-  content_key->set_id(kKeyId);
-  if (param->is_security_level_set)
-    content_key->set_level(param->security_level);
-
-  EXPECT_CALL(*mock_clock_, GetCurrentTime())
-      .WillOnce(Return(kLicenseStartTime + 1));
-
-  ExpectSessionKeysChange(kKeyStatusUsable, true);
-  EXPECT_CALL(mock_event_listener_, OnExpirationUpdate(_, _));
-
-  policy_engine_->SetLicense(license_);
-
-  EXPECT_EQ(param->expect_can_L1_use_key,
-            policy_engine_->CanUseKey(kKeyId, kSecurityLevelL1));
-  EXPECT_EQ(param->expect_can_L2_use_key,
-            policy_engine_->CanUseKey(kKeyId, kSecurityLevelL2));
-  EXPECT_EQ(param->expect_can_L3_use_key,
-            policy_engine_->CanUseKey(kKeyId, kSecurityLevelL3));
-  EXPECT_EQ(param->expect_can_L_unknown_use_key,
-            policy_engine_->CanUseKey(kKeyId, kSecurityLevelUnknown));
-}
-
-INSTANTIATE_TEST_CASE_P(
-    PolicyEngine, PolicyEngineKeySecurityLevelTest,
-    ::testing::Range(&key_security_test_vectors[0],
-                     &key_security_test_vectors[5]));
-
 class PolicyEngineKeyAllowedUsageTest : public PolicyEngineTest {
  protected:
   enum KeyFlag {
@@ -1344,11 +1287,9 @@ class PolicyEngineKeyAllowedUsageTest : public PolicyEngineTest {
 
 
   void ExpectAllowedContentKeySettings(const CdmKeyAllowedUsage& key_usage,
-                                       KeyFlag secure, KeyFlag clear,
+                                       KeyFlag secure, KeyFlag clear) {
-                                       CdmKeySecurityLevel key_security_level) {
     EXPECT_EQ(key_usage.decrypt_to_secure_buffer, secure == kKeyFlagTrue);
     EXPECT_EQ(key_usage.decrypt_to_clear_buffer, clear == kKeyFlagTrue);
-    EXPECT_EQ(key_usage.key_security_level_, key_security_level);
     EXPECT_FALSE(key_usage.generic_encrypt);
     EXPECT_FALSE(key_usage.generic_decrypt);
     EXPECT_FALSE(key_usage.generic_sign);
@@ -1366,24 +1307,22 @@ class PolicyEngineKeyAllowedUsageTest : public PolicyEngineTest {
     EXPECT_EQ(key_usage.generic_verify, verify == kKeyFlagTrue);
   }
 
-  void ExpectSecureContentKey(const KeyId& key_id,
+  void ExpectSecureContentKey(const KeyId& key_id) {
-                              CdmKeySecurityLevel key_security_level) {
     CdmKeyAllowedUsage key_usage;
     EXPECT_EQ(NO_ERROR,
               policy_engine_->QueryKeyAllowedUsage(key_id, &key_usage));
 
     ExpectAllowedContentKeySettings(key_usage, kContentSecureTrue,
-                                    kContentSecureFalse, key_security_level);
+                                    kContentSecureFalse);
   }
 
-  void ExpectLessSecureContentKey(const KeyId& key_id,
+  void ExpectLessSecureContentKey(const KeyId& key_id) {
-                                  CdmKeySecurityLevel key_security_level) {
     CdmKeyAllowedUsage key_usage;
     EXPECT_EQ(NO_ERROR,
               policy_engine_->QueryKeyAllowedUsage(key_id, &key_usage));
 
     ExpectAllowedContentKeySettings(key_usage, kContentSecureTrue,
-                                    kContentSecureTrue, key_security_level);
+                                    kContentSecureTrue);
   }
 
   void ExpectOperatorSessionKey(const KeyId& key_id, KeyFlag encrypt,
@@ -1449,8 +1388,8 @@ TEST_F(PolicyEngineKeyAllowedUsageTest, AllowedUsageBasic) {
 
   policy_engine_->SetLicense(license_);
 
-  ExpectSecureContentKey(kKeyId, kHardwareSecureAll);
+  ExpectSecureContentKey(kKeyId);
-  ExpectLessSecureContentKey(kAnotherKeyId, kKeySecurityLevelUnset);
+  ExpectLessSecureContentKey(kAnotherKeyId);
   ExpectOperatorSessionKey(kGenericKeyId, kEncryptNull, kDecryptNull,
                            kSignTrue, kVerifyNull);
 
@@ -1504,8 +1443,8 @@ TEST_F(PolicyEngineKeyAllowedUsageTest, AllowedUsageGeneric) {
 
   policy_engine_->SetLicense(license_);
 
-  ExpectSecureContentKey(kKeyId, kHardwareSecureDecode);
+  ExpectSecureContentKey(kKeyId);
-  ExpectLessSecureContentKey(kAnotherKeyId, kHardwareSecureCrypto);
+  ExpectLessSecureContentKey(kAnotherKeyId);
   ExpectOperatorSessionKey(kGenericEncryptKeyId, kEncryptTrue, kDecryptFalse,
                            kSignFalse, kVerifyFalse);
   ExpectOperatorSessionKey(kGenericDecryptKeyId, kEncryptFalse, kDecryptTrue,

libwvdrmengine/cdm/core/test/test_printers.cpp

@@ -568,9 +568,6 @@ void PrintTo(const enum CdmResponseType& value, ::std::ostream* os) {
     case INCORRECT_USAGE_SUPPORT_TYPE_2:
       *os << "INCORRECT_USAGE_SUPPORT_TYPE_2";
       break;
-    case KEY_PROHIBITED_FOR_SECURITY_LEVEL:
-      *os << "KEY_PROHIBITED_FOR_SECURITY_LEVEL";
-      break;
 
     default:
       *os                                        << "Unknown CdmResponseType";

libwvdrmengine/include/mapErrors-inl.h

@@ -377,7 +377,6 @@ static android::status_t mapCdmResponseType(wvcdm::CdmResponseType res) {
       return android::ERROR_DRM_CANNOT_HANDLE;
     case wvcdm::INSUFFICIENT_OUTPUT_PROTECTION:
     case wvcdm::ANALOG_OUTPUT_ERROR:
-    case wvcdm::KEY_PROHIBITED_FOR_SECURITY_LEVEL:
       return android::ERROR_DRM_INSUFFICIENT_OUTPUT_PROTECTION;
     case wvcdm::SESSION_NOT_FOUND_12:
       return kSessionNotFound12;

libwvdrmengine/mediacrypto/src/WVCryptoPlugin.cpp

@@ -322,14 +322,9 @@ status_t WVCryptoPlugin::attemptDecrypt(const CdmDecryptionParameters& params,
             "Error decrypting data: unspecified error");
         break;
       case wvcdm::INSUFFICIENT_OUTPUT_PROTECTION:
-      case wvcdm::ANALOG_OUTPUT_ERROR:
         errorDetailMsg->setTo(
             "Error decrypting data: insufficient output protection");
         break;
-      case wvcdm::KEY_PROHIBITED_FOR_SECURITY_LEVEL:
-        errorDetailMsg->setTo(
-            "Error decrypting data: key prohibited for security level");
-        break;
       default:
         actionableError = false;
         break;

libwvdrmengine/mediacrypto/src_hidl/WVCryptoPlugin.cpp

@@ -354,14 +354,9 @@ status_t WVCryptoPlugin::attemptDecrypt(const CdmDecryptionParameters& params,
             "Error decrypting data: unspecified error");
         break;
       case wvcdm::INSUFFICIENT_OUTPUT_PROTECTION:
-      case wvcdm::ANALOG_OUTPUT_ERROR:
         errorDetailMsg->assign(
             "Error decrypting data: insufficient output protection");
         break;
-      case wvcdm::KEY_PROHIBITED_FOR_SECURITY_LEVEL:
-        errorDetailMsg->assign(
-            "Error decrypting data: key prohibited for security level");
-        break;
       default:
         actionableError = false;
         break;