Restrict use of hardware-secure codecs based on the RendererPreference.

media/base/key_systems.cc

Index: media/base/key_systems.cc
diff --git a/media/base/key_systems.cc b/media/base/key_systems.cc
index 17c4210da220be672128198333c711550a26f0da..49dd2a0bfb4e5133488d923a7cd1ef6d2f888618 100644
--- a/media/base/key_systems.cc
+++ b/media/base/key_systems.cc
@@ -716,14 +716,16 @@ EmeConfigRule KeySystemsImpl::GetContentTypeConfigRule(
     if ((codec & key_system_codec_mask & container_codec_mask) == 0)
       return EmeConfigRule::NOT_SUPPORTED;
 #if defined(OS_ANDROID)
-    // Check whether the codec supports a hardware-secure mode; if not, indicate
-    // that hardware-secure codecs are not available for all listed codecs.
+    // Check whether the codec supports a hardware-secure mode. The goal is to
+    // prevent mixing of non-hardware-secure codecs with hardware-secure codecs,
+    // since the mode is fixed at CDM creation.
+    //
     // Because the check for regular codec support is early-exit, we don't have
     // to consider codecs that are only supported in hardware-secure mode. We
-    // could do so, and make use of SECURE_CODECS_REQUIRED, if it turns out that
-    // hardware-secure-only codecs actually exist and are useful.
+    // could do so, and make use of SECURE_SURFACES_REQUIRED, if it turns out
+    // that hardware-secure-only codecs actually exist and are useful.
     if ((codec & key_system_secure_codec_mask) == 0)
-      support = EmeConfigRule::SECURE_CODECS_NOT_ALLOWED;
+      support = EmeConfigRule::SECURE_SURFACES_NOT_REQUIRABLE;
 #endif  // defined(OS_ANDROID)
 
   }
@@ -787,7 +789,7 @@ EmeConfigRule KeySystemsImpl::GetRobustnessConfigRule(
     }
 #elif defined(OS_ANDROID)
     if (robustness > EmeRobustness::SW_SECURE_CRYPTO)
-      return EmeConfigRule::SECURE_CODECS_REQUIRED;
+      return EmeConfigRule::SECURE_SURFACES_REQUIRED;
 #endif  // defined(OS_CHROMEOS)
   }