Clear OTA keybox flag.

[ Cherry-pick of http://ag/16087795 ]
[ Merge of http://go/wvgerrit/136432 ]

Once OTA keybox succeeds, the |needs_keybox_provisioning_| flag is
cleared.  Access to the system fallback policy is allowed after
provisioning to check status.

Bug: 203177668
Test: ExoPlayer test
Change-Id: I2d28c896c554cfbc9b008340bb415d4c7fac62f2
(cherry picked from commit cac2dcaa6c)

libwvdrmengine/cdm/core/include/crypto_session.h

@@ -302,7 +302,7 @@ class CryptoSession {
   // Returns a system-wide singleton instance of SystemFallbackPolicy
   // to be used for communicating OTA keybox provisioning state between
   // apps.  Returns a null pointer if OTA provisioning is not supported,
-  // or if the device has already been provisioned.
+  // or not required.
   static okp::SystemFallbackPolicy* GetOkpFallbackPolicy();
 
   // Generates an OTA provisioning request.

libwvdrmengine/cdm/core/src/crypto_session.cpp

@@ -3041,8 +3041,6 @@ okp::SystemFallbackPolicy* CryptoSession::GetOkpFallbackPolicy() {
     // If not set, then OTA keybox provisioning is not supported or
     // not needed.
     if (!okp_fallback_policy_l1_) return nullptr;
-    // May have already been initialized.
-    if (okp_fallback_policy_l1_->IsProvisioned()) return nullptr;
     return okp_fallback_policy_l1_.get();
   };
   return WithStaticFieldReadLock("GetOkpFallbackPolicy", getter);
@@ -3053,8 +3051,11 @@ CdmResponseType CryptoSession::PrepareOtaProvisioningRequest(
   RETURN_IF_NULL(request, PARAMETER_NULL);
   RETURN_IF_NOT_OPEN(CRYPTO_SESSION_NOT_OPEN);
   size_t buffer_length = 0;
-  OEMCryptoResult status = OEMCrypto_GenerateOTARequest(
-      oec_session_id_, nullptr, &buffer_length, use_test_key);
+  OEMCryptoResult status =
+      WithOecWriteLock("PrepareOtaProvisioningRequest", [&] {
+        return OEMCrypto_GenerateOTARequest(
+            oec_session_id_, nullptr, &buffer_length, use_test_key ? 1 : 0);
+      });
   if (status != OEMCrypto_ERROR_SHORT_BUFFER)
     return MapOEMCryptoResult(status, UNKNOWN_ERROR,
                               "PrepareOtaProvisioningRequest");
@@ -3064,8 +3065,10 @@ CdmResponseType CryptoSession::PrepareOtaProvisioningRequest(
   }
   request->resize(buffer_length);
   uint8_t* buf = reinterpret_cast<uint8_t*>(&request->front());
-  status = OEMCrypto_GenerateOTARequest(oec_session_id_, buf, &buffer_length,
+  status = WithOecWriteLock("PrepareOtaProvisioningRequest", [&] {
+    return OEMCrypto_GenerateOTARequest(oec_session_id_, buf, &buffer_length,
                                         use_test_key ? 1 : 0);
+  });
   if (OEMCrypto_SUCCESS != status) {
     request->clear();
   } else if (buffer_length != request->size()) {
@@ -3078,9 +3081,15 @@ CdmResponseType CryptoSession::PrepareOtaProvisioningRequest(
 CdmResponseType CryptoSession::LoadOtaProvisioning(
     bool use_test_key, const std::string& response) {
   RETURN_IF_NOT_OPEN(CRYPTO_SESSION_NOT_OPEN);
-  const OEMCryptoResult status = OEMCrypto_ProcessOTAKeybox(
-      oec_session_id_, reinterpret_cast<const uint8_t*>(response.data()),
-      response.size(), use_test_key ? 1 : 0);
+  const OEMCryptoResult status = WithOecWriteLock("LoadOtaProvisioning", [&] {
+    return OEMCrypto_ProcessOTAKeybox(
+        oec_session_id_, reinterpret_cast<const uint8_t*>(response.data()),
+        response.size(), use_test_key ? 1 : 0);
+  });
+  if (status == OEMCrypto_SUCCESS) {
+    WithOecWriteLock("LoadOtaProvisioning",
+                     [&] { needs_keybox_provisioning_ = false; });
+  }
   return MapOEMCryptoResult(status, UNKNOWN_ERROR, "LoadOtaProvisioning");
 }