OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/media/protected_media_identifier_permission_context.h" | 5 #include "chrome/browser/media/protected_media_identifier_permission_context.h" |
6 | 6 |
7 #include "base/prefs/pref_service.h" | 7 #include "base/prefs/pref_service.h" |
8 #include "chrome/browser/content_settings/tab_specific_content_settings.h" | 8 #include "chrome/browser/content_settings/tab_specific_content_settings.h" |
9 #include "chrome/browser/profiles/profile.h" | 9 #include "chrome/browser/profiles/profile.h" |
10 #include "chrome/common/pref_names.h" | 10 #include "chrome/common/pref_names.h" |
11 #include "components/content_settings/core/common/permission_request_id.h" | 11 #include "components/content_settings/core/common/permission_request_id.h" |
12 #include "content/public/browser/browser_thread.h" | 12 #include "content/public/browser/browser_thread.h" |
13 #include "content/public/browser/user_metrics.h" | |
13 #include "content/public/browser/web_contents.h" | 14 #include "content/public/browser/web_contents.h" |
14 | 15 |
15 #if defined(OS_CHROMEOS) | 16 #if defined(OS_CHROMEOS) |
16 #include <utility> | 17 #include <utility> |
17 | 18 |
18 #include "chrome/browser/chromeos/attestation/platform_verification_dialog.h" | 19 #include "chrome/browser/chromeos/attestation/platform_verification_dialog.h" |
19 #include "chrome/browser/chromeos/settings/cros_settings.h" | 20 #include "chrome/browser/chromeos/settings/cros_settings.h" |
20 #include "chromeos/settings/cros_settings_names.h" | 21 #include "chromeos/settings/cros_settings_names.h" |
22 #include "components/pref_registry/pref_registry_syncable.h" | |
23 #include "components/user_prefs/user_prefs.h" | |
21 #include "ui/views/widget/widget.h" | 24 #include "ui/views/widget/widget.h" |
22 | 25 |
23 using chromeos::attestation::PlatformVerificationDialog; | 26 using chromeos::attestation::PlatformVerificationDialog; |
24 using chromeos::attestation::PlatformVerificationFlow; | |
25 #endif | 27 #endif |
26 | 28 |
27 ProtectedMediaIdentifierPermissionContext:: | 29 ProtectedMediaIdentifierPermissionContext:: |
28 ProtectedMediaIdentifierPermissionContext(Profile* profile) | 30 ProtectedMediaIdentifierPermissionContext(Profile* profile) |
29 : PermissionContextBase(profile, | 31 : PermissionContextBase(profile, |
30 CONTENT_SETTINGS_TYPE_PROTECTED_MEDIA_IDENTIFIER) | 32 CONTENT_SETTINGS_TYPE_PROTECTED_MEDIA_IDENTIFIER) |
31 #if defined(OS_CHROMEOS) | 33 #if defined(OS_CHROMEOS) |
32 , | 34 , |
33 weak_factory_(this) | 35 weak_factory_(this) |
34 #endif | 36 #endif |
35 { | 37 { |
36 } | 38 } |
37 | 39 |
38 ProtectedMediaIdentifierPermissionContext:: | 40 ProtectedMediaIdentifierPermissionContext:: |
39 ~ProtectedMediaIdentifierPermissionContext() { | 41 ~ProtectedMediaIdentifierPermissionContext() { |
40 } | 42 } |
41 | 43 |
44 #if defined(OS_CHROMEOS) | |
45 // static | |
46 void ProtectedMediaIdentifierPermissionContext::RegisterProfilePrefs( | |
47 user_prefs::PrefRegistrySyncable* prefs) { | |
48 prefs->RegisterBooleanPref(prefs::kRAConsentGranted, | |
49 false, // Default value. | |
50 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); | |
51 } | |
52 #endif | |
53 | |
42 void ProtectedMediaIdentifierPermissionContext::RequestPermission( | 54 void ProtectedMediaIdentifierPermissionContext::RequestPermission( |
43 content::WebContents* web_contents, | 55 content::WebContents* web_contents, |
44 const PermissionRequestID& id, | 56 const PermissionRequestID& id, |
45 const GURL& requesting_origin, | 57 const GURL& requesting_origin, |
46 bool user_gesture, | 58 bool user_gesture, |
47 const BrowserPermissionCallback& callback) { | 59 const BrowserPermissionCallback& callback) { |
48 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 60 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
49 | 61 |
50 GURL embedding_origin = web_contents->GetLastCommittedURL().GetOrigin(); | 62 GURL embedding_origin = web_contents->GetLastCommittedURL().GetOrigin(); |
51 | 63 |
64 DVLOG(1) << __FUNCTION__ << ": (" << requesting_origin.spec() << ", " | |
65 << embedding_origin.spec() << ")"; | |
66 | |
52 if (!requesting_origin.is_valid() || !embedding_origin.is_valid() || | 67 if (!requesting_origin.is_valid() || !embedding_origin.is_valid() || |
53 !IsProtectedMediaIdentifierEnabled()) { | 68 !IsProtectedMediaIdentifierEnabled()) { |
54 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, | 69 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
55 false /* persist */, CONTENT_SETTING_BLOCK); | 70 false /* persist */, CONTENT_SETTING_BLOCK); |
56 return; | 71 return; |
57 } | 72 } |
58 | 73 |
59 #if defined(OS_CHROMEOS) | 74 #if defined(OS_CHROMEOS) |
60 // On ChromeOS, we don't use PermissionContextBase::RequestPermission() which | 75 ContentSetting content_setting = PermissionContextBase::GetPermissionStatus( |
ddorwin
2015/03/13 17:03:10
If we called this class's method, we could elimina
xhwang
2015/03/13 21:31:15
Done.
| |
61 // uses the standard permission infobar/bubble UI. See http://crbug.com/454847 | 76 requesting_origin, embedding_origin); |
62 // Instead, we check the content setting and show the existing platform | 77 if (content_setting == CONTENT_SETTING_BLOCK) { |
63 // verification UI. | |
64 // TODO(xhwang): Remove when http://crbug.com/454847 is fixed. | |
65 ContentSetting content_setting = | |
66 GetPermissionStatus(requesting_origin, embedding_origin); | |
67 | |
68 if (content_setting == CONTENT_SETTING_ALLOW || | |
69 content_setting == CONTENT_SETTING_BLOCK) { | |
70 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, | 78 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
71 false /* persist */, content_setting); | 79 false /* persist */, CONTENT_SETTING_BLOCK); |
72 return; | 80 return; |
73 } | 81 } |
74 | 82 |
83 // Consent granted if user has given consent for this origin, and if user has | |
84 // given consent to attestation for content protection on this device. | |
85 if (content_setting == CONTENT_SETTING_ALLOW && | |
86 profile()->GetPrefs()->GetBoolean(prefs::kRAConsentGranted)) { | |
87 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, | |
88 false /* persist */, CONTENT_SETTING_ALLOW); | |
89 return; | |
90 } | |
91 | |
75 // Since the dialog is modal, we only support one prompt per |web_contents|. | 92 // Since the dialog is modal, we only support one prompt per |web_contents|. |
76 // Reject the new one if there is already one pending. See | 93 // Reject the new one if there is already one pending. See |
77 // http://crbug.com/447005 | 94 // http://crbug.com/447005 |
78 if (pending_requests_.count(web_contents)) { | 95 if (pending_requests_.count(web_contents)) { |
79 callback.Run(CONTENT_SETTING_DEFAULT); | 96 callback.Run(CONTENT_SETTING_DEFAULT); |
80 return; | 97 return; |
81 } | 98 } |
82 | 99 |
100 // On ChromeOS, we don't use PermissionContextBase::RequestPermission() which | |
101 // uses the standard permission infobar/bubble UI. See http://crbug.com/454847 | |
102 // Instead, we show the existing platform verification UI. | |
103 // TODO(xhwang): Remove when http://crbug.com/454847 is fixed. | |
83 views::Widget* widget = PlatformVerificationDialog::ShowDialog( | 104 views::Widget* widget = PlatformVerificationDialog::ShowDialog( |
84 web_contents, requesting_origin, | 105 web_contents, requesting_origin, |
85 base::Bind(&ProtectedMediaIdentifierPermissionContext:: | 106 base::Bind(&ProtectedMediaIdentifierPermissionContext:: |
86 OnPlatformVerificationResult, | 107 OnPlatformVerificationConsentResponse, |
87 weak_factory_.GetWeakPtr(), web_contents, id, | 108 weak_factory_.GetWeakPtr(), web_contents, id, |
88 requesting_origin, embedding_origin, callback)); | 109 requesting_origin, embedding_origin, callback)); |
89 pending_requests_.insert( | 110 pending_requests_.insert( |
90 std::make_pair(web_contents, std::make_pair(widget, id))); | 111 std::make_pair(web_contents, std::make_pair(widget, id))); |
91 #else | 112 #else |
92 PermissionContextBase::RequestPermission(web_contents, id, requesting_origin, | 113 PermissionContextBase::RequestPermission(web_contents, id, requesting_origin, |
93 user_gesture, callback); | 114 user_gesture, callback); |
94 #endif | 115 #endif |
95 } | 116 } |
96 | 117 |
97 ContentSetting ProtectedMediaIdentifierPermissionContext::GetPermissionStatus( | 118 ContentSetting ProtectedMediaIdentifierPermissionContext::GetPermissionStatus( |
98 const GURL& requesting_origin, | 119 const GURL& requesting_origin, |
99 const GURL& embedding_origin) const { | 120 const GURL& embedding_origin) const { |
121 DVLOG(1) << __FUNCTION__ << ": (" << requesting_origin.spec() << ", " | |
122 << embedding_origin.spec() << ")"; | |
123 | |
100 if (!IsProtectedMediaIdentifierEnabled()) | 124 if (!IsProtectedMediaIdentifierEnabled()) |
101 return CONTENT_SETTING_BLOCK; | 125 return CONTENT_SETTING_BLOCK; |
102 | 126 |
103 return PermissionContextBase::GetPermissionStatus(requesting_origin, | 127 ContentSetting content_setting = PermissionContextBase::GetPermissionStatus( |
104 embedding_origin); | 128 requesting_origin, embedding_origin); |
129 if (content_setting == CONTENT_SETTING_BLOCK) | |
ddorwin
2015/03/13 17:03:10
This only applies to OS_CHROMEOS too.
It's probabl
xhwang
2015/03/13 21:31:15
Done.
| |
130 return CONTENT_SETTING_BLOCK; | |
131 | |
132 #if defined(OS_CHROMEOS) | |
133 if (content_setting == CONTENT_SETTING_ALLOW) { | |
134 // Check kRAConsentGranted here because it's possible that user dismissed | |
135 // the dialog triggered by RequestPermission() and the content setting is | |
136 // set to "allow" by server sync. In this case, we should still "ask". | |
137 if (profile()->GetPrefs()->GetBoolean(prefs::kRAConsentGranted)) | |
138 return CONTENT_SETTING_ALLOW; | |
139 else | |
140 return CONTENT_SETTING_ASK; | |
141 } | |
142 #endif | |
143 | |
144 return content_setting; | |
105 } | 145 } |
106 | 146 |
107 void ProtectedMediaIdentifierPermissionContext::CancelPermissionRequest( | 147 void ProtectedMediaIdentifierPermissionContext::CancelPermissionRequest( |
108 content::WebContents* web_contents, | 148 content::WebContents* web_contents, |
109 const PermissionRequestID& id) { | 149 const PermissionRequestID& id) { |
110 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 150 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
111 | 151 |
112 #if defined(OS_CHROMEOS) | 152 #if defined(OS_CHROMEOS) |
113 PendingRequestMap::iterator request = pending_requests_.find(web_contents); | 153 PendingRequestMap::iterator request = pending_requests_.find(web_contents); |
114 if (request == pending_requests_.end() || !request->second.second.Equals(id)) | 154 if (request == pending_requests_.end() || !request->second.second.Equals(id)) |
115 return; | 155 return; |
116 | 156 |
117 // Close the |widget_|. OnPlatformVerificationResult() will be fired | 157 // Close the |widget_|. OnPlatformVerificationConsentResponse() will be fired |
118 // during this process, but since |web_contents| is removed from | 158 // during this process, but since |web_contents| is removed from |
119 // |pending_requests_|, the callback will simply be dropped. | 159 // |pending_requests_|, the callback will simply be dropped. |
120 views::Widget* widget = request->second.first; | 160 views::Widget* widget = request->second.first; |
121 pending_requests_.erase(request); | 161 pending_requests_.erase(request); |
122 widget->Close(); | 162 widget->Close(); |
123 #else | 163 #else |
124 PermissionContextBase::CancelPermissionRequest(web_contents, id); | 164 PermissionContextBase::CancelPermissionRequest(web_contents, id); |
125 #endif | 165 #endif |
126 } | 166 } |
127 | 167 |
(...skipping 10 matching lines...) Expand all Loading... | |
138 if (content_settings) { | 178 if (content_settings) { |
139 content_settings->OnProtectedMediaIdentifierPermissionSet( | 179 content_settings->OnProtectedMediaIdentifierPermissionSet( |
140 requesting_frame.GetOrigin(), allowed); | 180 requesting_frame.GetOrigin(), allowed); |
141 } | 181 } |
142 } | 182 } |
143 | 183 |
144 // TODO(xhwang): We should consolidate the "protected content" related pref | 184 // TODO(xhwang): We should consolidate the "protected content" related pref |
145 // across platforms. | 185 // across platforms. |
146 bool ProtectedMediaIdentifierPermissionContext:: | 186 bool ProtectedMediaIdentifierPermissionContext:: |
147 IsProtectedMediaIdentifierEnabled() const { | 187 IsProtectedMediaIdentifierEnabled() const { |
148 bool enabled = false; | 188 #if defined(OS_ANDROID) |
189 if (!profile()->GetPrefs()->GetBoolean( | |
190 prefs::kProtectedMediaIdentifierEnabled)) { | |
191 DVLOG(1) << "Protected media identifier disabled by a user master switch."; | |
192 return false; | |
193 } | |
194 #elif defined(OS_CHROMEOS) | |
195 // Platform verification is not allowed in incognito or guest mode. | |
196 if (profile()->IsOffTheRecord() || profile()->IsGuestSession()) { | |
197 DVLOG(1) << "Protected media identifier disabled in incognito or guest " | |
198 "mode."; | |
199 return false; | |
200 } | |
149 | 201 |
150 #if defined(OS_ANDROID) | 202 // This could be disabled by the device policy or by user's master switch. |
151 enabled = profile()->GetPrefs()->GetBoolean( | 203 bool enabled_for_device = false; |
152 prefs::kProtectedMediaIdentifierEnabled); | 204 if (!chromeos::CrosSettings::Get()->GetBoolean( |
205 chromeos::kAttestationForContentProtectionEnabled, | |
206 &enabled_for_device) || | |
207 !enabled_for_device || | |
208 !profile()->GetPrefs()->GetBoolean(prefs::kEnableDRM)) { | |
209 DVLOG(1) << "Protected media identifier disabled by the user or by device " | |
210 "policy."; | |
211 return false; | |
212 } | |
153 #endif | 213 #endif |
154 | 214 |
155 #if defined(OS_CHROMEOS) | 215 return true; |
156 // This could be disabled by the device policy. | |
157 bool enabled_for_device = false; | |
158 enabled = chromeos::CrosSettings::Get()->GetBoolean( | |
159 chromeos::kAttestationForContentProtectionEnabled, | |
160 &enabled_for_device) && | |
161 enabled_for_device && | |
162 profile()->GetPrefs()->GetBoolean(prefs::kEnableDRM); | |
163 #endif | |
164 | |
165 DVLOG_IF(1, !enabled) | |
166 << "Protected media identifier disabled by the user or by device policy."; | |
167 return enabled; | |
168 } | 216 } |
169 | 217 |
170 #if defined(OS_CHROMEOS) | 218 #if defined(OS_CHROMEOS) |
171 void ProtectedMediaIdentifierPermissionContext::OnPlatformVerificationResult( | 219 static void RecordRAConsentGranted(content::WebContents* web_contents) { |
172 content::WebContents* web_contents, | 220 PrefService* pref_service = |
173 const PermissionRequestID& id, | 221 user_prefs::UserPrefs::Get(web_contents->GetBrowserContext()); |
174 const GURL& requesting_origin, | 222 if (!pref_service) { |
175 const GURL& embedding_origin, | 223 LOG(ERROR) << "Failed to get user prefs."; |
176 const BrowserPermissionCallback& callback, | 224 return; |
177 chromeos::attestation::PlatformVerificationFlow::ConsentResponse response) { | 225 } |
226 pref_service->SetBoolean(prefs::kRAConsentGranted, true); | |
227 } | |
228 | |
229 void ProtectedMediaIdentifierPermissionContext:: | |
230 OnPlatformVerificationConsentResponse( | |
231 content::WebContents* web_contents, | |
232 const PermissionRequestID& id, | |
233 const GURL& requesting_origin, | |
234 const GURL& embedding_origin, | |
235 const BrowserPermissionCallback& callback, | |
236 chromeos::attestation::PlatformVerificationDialog::ConsentResponse | |
237 response) { | |
178 // The request may have been canceled. Drop the callback in that case. | 238 // The request may have been canceled. Drop the callback in that case. |
179 PendingRequestMap::iterator request = pending_requests_.find(web_contents); | 239 PendingRequestMap::iterator request = pending_requests_.find(web_contents); |
180 if (request == pending_requests_.end()) | 240 if (request == pending_requests_.end()) |
181 return; | 241 return; |
182 | 242 |
183 DCHECK(request->second.second.Equals(id)); | 243 DCHECK(request->second.second.Equals(id)); |
184 pending_requests_.erase(request); | 244 pending_requests_.erase(request); |
185 | 245 |
186 ContentSetting content_setting = CONTENT_SETTING_DEFAULT; | 246 ContentSetting content_setting = CONTENT_SETTING_DEFAULT; |
187 bool persist = false; // Whether the ContentSetting should be saved. | 247 bool persist = false; // Whether the ContentSetting should be saved. |
188 switch (response) { | 248 switch (response) { |
189 case PlatformVerificationFlow::CONSENT_RESPONSE_NONE: | 249 case PlatformVerificationDialog::CONSENT_RESPONSE_NONE: |
190 content_setting = CONTENT_SETTING_DEFAULT; | 250 content_setting = CONTENT_SETTING_DEFAULT; |
191 persist = false; | 251 persist = false; |
192 break; | 252 break; |
193 case PlatformVerificationFlow::CONSENT_RESPONSE_ALLOW: | 253 case PlatformVerificationDialog::CONSENT_RESPONSE_ALLOW: |
254 VLOG(1) << "Platform verification accepted by user."; | |
255 content::RecordAction( | |
256 base::UserMetricsAction("PlatformVerificationAccepted")); | |
257 RecordRAConsentGranted(web_contents); | |
194 content_setting = CONTENT_SETTING_ALLOW; | 258 content_setting = CONTENT_SETTING_ALLOW; |
195 persist = true; | 259 persist = true; |
196 break; | 260 break; |
197 case PlatformVerificationFlow::CONSENT_RESPONSE_DENY: | 261 case PlatformVerificationDialog::CONSENT_RESPONSE_DENY: |
262 VLOG(1) << "Platform verification denied by user."; | |
263 content::RecordAction( | |
264 base::UserMetricsAction("PlatformVerificationRejected")); | |
198 content_setting = CONTENT_SETTING_BLOCK; | 265 content_setting = CONTENT_SETTING_BLOCK; |
199 persist = true; | 266 persist = true; |
200 break; | 267 break; |
201 } | 268 } |
202 | 269 |
203 NotifyPermissionSet( | 270 NotifyPermissionSet( |
204 id, requesting_origin, embedding_origin, callback, | 271 id, requesting_origin, embedding_origin, callback, |
205 persist, content_setting); | 272 persist, content_setting); |
206 } | 273 } |
207 #endif | 274 #endif |
OLD | NEW |