Allow Apps to Voluntarily Downgrade to L3 Crypto

This merges the following changes from the Widevine CDM repository:

564f4cc  Add CdmClientPropertySet to CDM
  Adds an interface to the CDM that allows it to query its client for
  certain properties.  In this case, this includes the ability to
  specify what security level is desired, as well as support for
  service ceritifcate privacy mode.

9cfbd3e  Force Level 3 fallback
  Adds support for voluntarily invoking L3 crypto to the OEMCrypto
  wrapper.

95d12c1  Add pointer to CdmClientPropertySet class to OpenSession.
  Adds support for storing the property set on a session-by-session
  basis and choosing the appropriate crypto level.

17de442  Add Settable Properties for Clank to Android
  Adds support for setting the aforementioned properties to the
  DrmEngine

bbe704d  Fixes to force fallback to level three security
  Corrections to invoke provisioning, OEMCrypto API with configured
  security level rather than the default. Unit tests were also revised.

Note that some parts of this are also support for the ability to use
a service certificate-based privacy mode. The remaining code for
supporting this mode is still forthcoming.

Bug: 10109249
Change-Id: I2755e4dea1de3e8a56cff237360298f7b7f1bddc

libwvdrmengine/cdm/core/src/cdm_engine.cpp

@@ -21,7 +21,8 @@ const int kCdmPolicyTimerDurationSeconds = 1;
 
 namespace wvcdm {
 
-CdmEngine::CdmEngine() {
+CdmEngine::CdmEngine()
+    : cert_provisioning_requested_security_level_(kLevelDefault) {
   Properties::Init();
 }
 
@@ -36,6 +37,7 @@ CdmEngine::~CdmEngine() {
 
 CdmResponseType CdmEngine::OpenSession(
     const CdmKeySystem& key_system,
+    const CdmClientPropertySet* property_set,
     CdmSessionId* session_id) {
   LOGI("CdmEngine::OpenSession");
 
@@ -49,8 +51,7 @@ CdmResponseType CdmEngine::OpenSession(
     return KEY_ERROR;
   }
 
-  scoped_ptr<CdmSession> new_session(new CdmSession());
-
+  scoped_ptr<CdmSession> new_session(new CdmSession(property_set));
   if (new_session->session_id().empty()) {
     LOGE("CdmEngine::OpenSession: failure to generate session ID");
     return UNKNOWN_ERROR;
@@ -58,10 +59,13 @@ CdmResponseType CdmEngine::OpenSession(
 
   CdmResponseType sts = new_session->Init();
   if (sts != NO_ERROR) {
-    LOGE("CdmEngine::OpenSession: bad session init");
+    if (sts == NEED_PROVISIONING) {
+      cert_provisioning_requested_security_level_ =
+          new_session->GetRequestedSecurityLevel();
+    }
+    LOGE("CdmEngine::OpenSession: bad session init: %u", sts);
     return sts;
   }
-
   *session_id = new_session->session_id();
   sessions_[*session_id] = new_session.release();
   return NO_ERROR;
@@ -76,7 +80,7 @@ CdmResponseType CdmEngine::OpenKeySetSession(const CdmKeySetId& key_set_id) {
   }
 
   CdmSessionId session_id;
-  CdmResponseType sts = OpenSession(KEY_SYSTEM, &session_id);
+  CdmResponseType sts = OpenSession(KEY_SYSTEM, NULL, &session_id);
 
   if (sts != NO_ERROR)
     return sts;
@@ -178,6 +182,10 @@ CdmResponseType CdmEngine::GenerateKeyRequest(
                                          server_url);
 
   if (KEY_MESSAGE != sts) {
+    if (sts == NEED_PROVISIONING) {
+      cert_provisioning_requested_security_level_ =
+          iter->second->GetRequestedSecurityLevel();
+    }
     LOGE("CdmEngine::GenerateKeyRequest: key request generation failed, "
         "sts = %d", (int)sts);
     return sts;
@@ -262,7 +270,13 @@ CdmResponseType CdmEngine::RestoreKey(
     return UNKNOWN_ERROR;
   }
 
-  return iter->second->RestoreOfflineSession(key_set_id, kLicenseTypeOffline);
+  CdmResponseType sts =
+      iter->second->RestoreOfflineSession(key_set_id, kLicenseTypeOffline);
+  if (sts == NEED_PROVISIONING) {
+    cert_provisioning_requested_security_level_ =
+        iter->second->GetRequestedSecurityLevel();
+  }
+  return sts;
 }
 
 CdmResponseType CdmEngine::CancelKeyRequest(const CdmSessionId& session_id) {
@@ -425,7 +439,10 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
     LOGE("CdmEngine::GetProvisioningRequest: invalid input parameters");
     return UNKNOWN_ERROR;
   }
-  return cert_provisioning_.GetProvisioningRequest(request, default_url);
+  return cert_provisioning_.GetProvisioningRequest(
+             cert_provisioning_requested_security_level_,
+             request,
+             default_url);
 }
 
 /*
@@ -479,9 +496,19 @@ CdmResponseType CdmEngine::Decrypt(
     return KEY_ERROR;
   }
 
-  CdmSessionMap::iterator iter = sessions_.find(session_id);
+  CdmSessionMap::iterator iter;
+  if (session_id.empty()) {
+    if (!Properties::decrypt_with_empty_session_support()) return KEY_ERROR;
+
+    // Loop through the sessions to find the session containing the key_id.
+    for (iter = sessions_.begin(); iter != sessions_.end(); ++iter) {
+      if (iter->second->IsKeyValid(*parameters.key_id)) break;
+    }
+  } else {
+    iter = sessions_.find(session_id);
+  }
   if (iter == sessions_.end()) {
-    LOGW("CdmEngine::Decrypt: session_id not found = %s", session_id.c_str());
+    LOGE("CdmEngine::Decrypt: session_id not found = %s", session_id.c_str());
     return KEY_ERROR;
   }