Implement robustness strings in requestMediaKeySystemAccess().

media/base/key_systems.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "media/base/key_systems.h"
 
 #include <string>
 
 #include "base/containers/hash_tables.h"
 #include "base/lazy_instance.h"
@@ skipping 57 matching lines @@
     {"vp8.0", EME_CODEC_WEBM_VP8},
     {"vp9", EME_CODEC_WEBM_VP9},
     {"vp9.0", EME_CODEC_WEBM_VP9},
 #if defined(USE_PROPRIETARY_CODECS)
     {"mp4a", EME_CODEC_MP4_AAC},
     {"avc1", EME_CODEC_MP4_AVC1},
     {"avc3", EME_CODEC_MP4_AVC1}
 #endif  // defined(USE_PROPRIETARY_CODECS)
 };
 
+static EmeConfigRule ConvertSessionTypeSupport(
+    EmeSessionTypeSupport support) {
+  switch (support) {
+    case EME_SESSION_TYPE_INVALID:
+      NOTREACHED();
+      return EmeConfigRule::NOT_SUPPORTED;
+    case EME_SESSION_TYPE_NOT_SUPPORTED:
+      return EmeConfigRule::NOT_SUPPORTED;
+    case EME_SESSION_TYPE_SUPPORTED_WITH_IDENTIFIER:
+      return EmeConfigRule::IDENTIFIER_REQUIRED;
+    case EME_SESSION_TYPE_SUPPORTED:
+      return EmeConfigRule::SUPPORTED;
+  }
+  NOTREACHED();
+  return EmeConfigRule::NOT_SUPPORTED;
+}
+
 static void AddClearKey(std::vector<KeySystemInfo>* concrete_key_systems) {
   KeySystemInfo info;
   info.key_system = kClearKeyKeySystem;
 
   // On Android, Vorbis, VP8, AAC and AVC1 are supported in MediaCodec:
   // http://developer.android.com/guide/appendix/media-formats.html
   // VP9 support is device dependent.
 
   info.supported_init_data_types = EME_INIT_DATA_TYPE_WEBM;
   info.supported_codecs = EME_CODEC_WEBM_ALL;
@@ skipping 94 matching lines @@
       bool is_prefixed);
 
   std::string GetKeySystemNameForUMA(const std::string& key_system) const;
 
   bool UseAesDecryptor(const std::string& concrete_key_system);
 
 #if defined(ENABLE_PEPPER_CDMS)
   std::string GetPepperType(const std::string& concrete_key_system);
 #endif
 
-  bool IsPersistentLicenseSessionSupported(
+  EmeConfigRule GetRobustnessConfigRule(
       const std::string& key_system,
-      bool is_permission_granted);
+      EmeMediaType media_type,
+      EmeRobustness robustness);
 
-  bool IsPersistentReleaseMessageSessionSupported(
+  EmeConfigRule GetPersistentLicenseSessionConfigRule(
+      const std::string& key_system);
+
+  EmeConfigRule GetPersistentReleaseMessageSessionConfigRule(
+      const std::string& key_system);
+
+  EmeConfigRule GetPersistentStateConfigRule(
       const std::string& key_system,
-      bool is_permission_granted);
+      EmeFeatureRequirement requirement);
 
-  bool IsPersistentStateRequirementSupported(
+  EmeConfigRule GetDistinctiveIdentifierConfigRule(
       const std::string& key_system,
-      EmeFeatureRequirement requirement,
-      bool is_permission_granted);
-
-  bool IsDistinctiveIdentifierRequirementSupported(
-      const std::string& key_system,
-      EmeFeatureRequirement requirement,
-      bool is_permission_granted);
+      EmeFeatureRequirement requirement);
 
   void AddContainerMask(const std::string& container, uint32 mask);
   void AddCodecMask(const std::string& codec, uint32 mask);
 
  private:
   void InitializeUMAInfo();
 
   void UpdateSupportedKeySystems();
 
   void AddConcreteSupportedKeySystems(
@@ skipping 166 matching lines @@
 }
 
 void KeySystems::AddConcreteSupportedKeySystems(
     const std::vector<KeySystemInfo>& concrete_key_systems) {
   DCHECK(thread_checker_.CalledOnValidThread());
   DCHECK(concrete_key_system_map_.empty());
   DCHECK(parent_key_system_map_.empty());
 
   for (const KeySystemInfo& info : concrete_key_systems) {
     DCHECK(!info.key_system.empty());
-    DCHECK_NE(info.persistent_license_support, EME_SESSION_TYPE_INVALID);
-    DCHECK_NE(info.persistent_release_message_support,
-              EME_SESSION_TYPE_INVALID);
-    // TODO(sandersd): Add REQUESTABLE and REQUESTABLE_WITH_PERMISSION for
-    // persistent_state_support once we can block access per-CDM-instance
-    // (http://crbug.com/457482).
-    DCHECK(info.persistent_state_support == EME_FEATURE_NOT_SUPPORTED ||
-           info.persistent_state_support == EME_FEATURE_ALWAYS_ENABLED);
-// TODO(sandersd): Allow REQUESTABLE_WITH_PERMISSION for all key systems on
-// all platforms once we have proper enforcement (http://crbug.com/457482).
-// On Chrome OS, an ID will not be used without permission, but we cannot
-// currently prevent the CDM from requesting the permission again when no
-// there was no initial prompt. Thus, we block "not-allowed" below.
-#if defined(OS_CHROMEOS)
-    DCHECK(info.distinctive_identifier_support == EME_FEATURE_NOT_SUPPORTED ||
-           (info.distinctive_identifier_support ==
-                EME_FEATURE_REQUESTABLE_WITH_PERMISSION &&
-            info.key_system == kWidevineKeySystem) ||
-           info.distinctive_identifier_support == EME_FEATURE_ALWAYS_ENABLED);
-#else
-    DCHECK(info.distinctive_identifier_support == EME_FEATURE_NOT_SUPPORTED ||
-           info.distinctive_identifier_support == EME_FEATURE_ALWAYS_ENABLED);
+    DCHECK(info.max_audio_robustness != EmeRobustness::INVALID);
+    DCHECK(info.max_video_robustness != EmeRobustness::INVALID);
+    DCHECK(info.persistent_license_support != EME_SESSION_TYPE_INVALID);
+    DCHECK(info.persistent_release_message_support != EME_SESSION_TYPE_INVALID);
+    DCHECK(info.persistent_state_support != EME_FEATURE_INVALID);
+    DCHECK(info.distinctive_identifier_support != EME_FEATURE_INVALID);
+
+    // Supporting persistent state is a prerequsite for supporting persistent
+    // sessions.
+    if (info.persistent_state_support == EME_FEATURE_NOT_SUPPORTED) {
+      DCHECK(info.persistent_license_support == EME_SESSION_TYPE_NOT_SUPPORTED);
+      DCHECK(info.persistent_release_message_support ==
+             EME_SESSION_TYPE_NOT_SUPPORTED);
+    }
+    else if (info.persistent_state_support ==
+             EME_FEATURE_REQUESTABLE_WITH_IDENTIFIER) {
+      // Must be either NOT_SUPPORTED or SUPPORTED_WITH_IDENTIFIER.
+      DCHECK(info.persistent_license_support != EME_SESSION_TYPE_SUPPORTED);
+      DCHECK(info.persistent_release_message_support !=
+             EME_SESSION_TYPE_SUPPORTED);
+    }
+
+    // persistent-release-message sessions are not currently supported.
+    // http://crbug.com/448888
+    DCHECK(info.persistent_release_message_support ==
+           EME_SESSION_TYPE_NOT_SUPPORTED);
+
+    // Because an optional persistent state value is resolved after an optional
+    // distinctive identifier, persistent state requiring a distinctive
+    // identifier may not resolve correctly.
+    DCHECK(info.persistent_state_support !=
+           EME_FEATURE_REQUESTABLE_WITH_IDENTIFIER);
+
+    // If supported, distinctive identifiers always require permission.
+    DCHECK(info.distinctive_identifier_support != EME_FEATURE_REQUESTABLE);
+
+    // If distinctive identifiers are not supported, then no other features can
+    // require them.
+    if (info.distinctive_identifier_support == EME_FEATURE_NOT_SUPPORTED) {
+      DCHECK(info.persistent_license_support !=
+             EME_SESSION_TYPE_SUPPORTED_WITH_IDENTIFIER);
+      DCHECK(info.persistent_release_message_support !=
+             EME_SESSION_TYPE_SUPPORTED_WITH_IDENTIFIER);
+    }
+
+    // Distinctive identifiers and persistent state can only be reliably blocked
+    // (and therefore be safely configurable) for Pepper-hosted key systems. For
+    // other platforms, only non-configurable values are valid.
+    bool can_block = false;
+#if defined(ENABLE_PEPPER_CDMS)
+    DCHECK_EQ(info.use_aes_decryptor, info.pepper_type.empty());
+    can_block = !info.pepper_type.empty();
 #endif
-    if (info.persistent_state_support == EME_FEATURE_NOT_SUPPORTED) {
-      DCHECK_EQ(info.persistent_license_support,
-                EME_SESSION_TYPE_NOT_SUPPORTED);
-      DCHECK_EQ(info.persistent_release_message_support,
-                EME_SESSION_TYPE_NOT_SUPPORTED);
+    if (!can_block) {
+      DCHECK(info.distinctive_identifier_support == EME_FEATURE_NOT_SUPPORTED ||
+             info.distinctive_identifier_support == EME_FEATURE_ALWAYS_ENABLED);
+      DCHECK(info.persistent_state_support == EME_FEATURE_NOT_SUPPORTED ||
+             info.persistent_state_support == EME_FEATURE_ALWAYS_ENABLED);
     }
+
     DCHECK(!IsSupportedKeySystem(info.key_system))
         << "Key system '" << info.key_system << "' already registered";
     DCHECK(!parent_key_system_map_.count(info.key_system))
         <<  "'" << info.key_system << "' is already registered as a parent";
-#if defined(ENABLE_PEPPER_CDMS)
-    DCHECK_EQ(info.use_aes_decryptor, info.pepper_type.empty());
-#endif
-
     concrete_key_system_map_[info.key_system] = info;
-
     if (!info.parent_key_system.empty()) {
       DCHECK(!IsConcreteSupportedKeySystem(info.parent_key_system))
           << "Parent '" << info.parent_key_system << "' "
           << "already registered concrete";
       DCHECK(!parent_key_system_map_.count(info.parent_key_system))
           << "Parent '" << info.parent_key_system << "' already registered";
       parent_key_system_map_[info.parent_key_system] = info.key_system;
     }
   }
 }
@@ skipping 167 matching lines @@
       DLOG(FATAL) << concrete_key_system << " is not a known concrete system";
       return std::string();
   }
 
   const std::string& type = key_system_iter->second.pepper_type;
   DLOG_IF(FATAL, type.empty()) << concrete_key_system << " is not Pepper-based";
   return type;
 }
 #endif
 
-bool KeySystems::IsPersistentLicenseSessionSupported(
+EmeConfigRule KeySystems::GetRobustnessConfigRule(
     const std::string& key_system,
-    bool is_permission_granted) {
+    EmeMediaType media_type,
+    EmeRobustness robustness) {
+  DCHECK(thread_checker_.CalledOnValidThread());
+
+  if (robustness == EmeRobustness::INVALID)
+    return EmeConfigRule::NOT_SUPPORTED;
+  if (robustness == EmeRobustness::EMPTY)
+    return EmeConfigRule::SUPPORTED;
+
+  KeySystemInfoMap::const_iterator key_system_iter =
+      concrete_key_system_map_.find(key_system);
+  if (key_system_iter == concrete_key_system_map_.end()) {
+    NOTREACHED();
+    return EmeConfigRule::NOT_SUPPORTED;
+  }
+
+  EmeRobustness max_robustness = EmeRobustness::INVALID;
+  switch (media_type) {
+    case EmeMediaType::AUDIO:
+      max_robustness = key_system_iter->second.max_audio_robustness;
+      break;
+    case EmeMediaType::VIDEO:
+      max_robustness = key_system_iter->second.max_video_robustness;
+      break;
+  }
+
+  if (robustness > max_robustness)
+    return EmeConfigRule::NOT_SUPPORTED;
+
+#if defined(OS_CHROMEOS)
+  if (key_system == kWidevineKeySystem) {
+    // Above SW_SECURE_DECODE, remote attestation is required.
+    if (robustness > EmeRobustness::SW_SECURE_DECODE)
+      return EmeConfigRule::IDENTIFIER_REQUIRED;
+
+    // For video, recommend remote attestation if HW_SECURE_ALL is available,
+    // because it enables hardware accelerated decoding.
+    // TODO(sandersd): Only do this when hardware accelerated decoding is
+    // available for the requested codecs.
+    if (media_type == EmeMediaType::VIDEO &&
+        max_robustness == EmeRobustness::HW_SECURE_ALL) {
+      return EmeConfigRule::IDENTIFIER_RECOMMENDED;
+    }
+  }
+#endif  // defined(OS_CHROMEOS)
+
+  return EmeConfigRule::SUPPORTED;
+}
+
+EmeConfigRule KeySystems::GetPersistentLicenseSessionConfigRule(
+    const std::string& key_system) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   KeySystemInfoMap::const_iterator key_system_iter =
       concrete_key_system_map_.find(key_system);
   if (key_system_iter == concrete_key_system_map_.end()) {
     NOTREACHED();
-    return false;
+    return EmeConfigRule::NOT_SUPPORTED;
   }
-
-  switch (key_system_iter->second.persistent_license_support) {
-    case EME_SESSION_TYPE_INVALID:
-      NOTREACHED();
-      return false;
-    case EME_SESSION_TYPE_NOT_SUPPORTED:
-      return false;
-    case EME_SESSION_TYPE_SUPPORTED_WITH_PERMISSION:
-      return is_permission_granted;
-    case EME_SESSION_TYPE_SUPPORTED:
-      return true;
-  }
-
-  NOTREACHED();
-  return false;
+  return ConvertSessionTypeSupport(
+      key_system_iter->second.persistent_license_support);
 }
 
-bool KeySystems::IsPersistentReleaseMessageSessionSupported(
-    const std::string& key_system,
-    bool is_permission_granted) {
+EmeConfigRule KeySystems::GetPersistentReleaseMessageSessionConfigRule(
+    const std::string& key_system) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   KeySystemInfoMap::const_iterator key_system_iter =
       concrete_key_system_map_.find(key_system);
   if (key_system_iter == concrete_key_system_map_.end()) {
     NOTREACHED();
-    return false;
+    return EmeConfigRule::NOT_SUPPORTED;
   }
-
-  switch (key_system_iter->second.persistent_release_message_support) {
-    case EME_SESSION_TYPE_INVALID:
-      NOTREACHED();
-      return false;
-    case EME_SESSION_TYPE_NOT_SUPPORTED:
-      return false;
-    case EME_SESSION_TYPE_SUPPORTED_WITH_PERMISSION:
-      return is_permission_granted;
-    case EME_SESSION_TYPE_SUPPORTED:
-      return true;
-  }
-
-  NOTREACHED();
-  return false;
+  return ConvertSessionTypeSupport(
+      key_system_iter->second.persistent_release_message_support);
 }
 
-bool KeySystems::IsPersistentStateRequirementSupported(
+EmeConfigRule KeySystems::GetPersistentStateConfigRule(
     const std::string& key_system,
-    EmeFeatureRequirement requirement,
-    bool is_permission_granted) {
+    EmeFeatureRequirement requirement) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   KeySystemInfoMap::const_iterator key_system_iter =
       concrete_key_system_map_.find(key_system);
   if (key_system_iter == concrete_key_system_map_.end()) {
     NOTREACHED();
-    return false;
+    return EmeConfigRule::NOT_SUPPORTED;
   }
 
-  switch (key_system_iter->second.persistent_state_support) {
-    case EME_FEATURE_INVALID:
-      NOTREACHED();
-      return false;
-    case EME_FEATURE_NOT_SUPPORTED:
-      return requirement != EME_FEATURE_REQUIRED;
-    case EME_FEATURE_REQUESTABLE_WITH_PERMISSION:
-      return (requirement != EME_FEATURE_REQUIRED) || is_permission_granted;
-    case EME_FEATURE_REQUESTABLE:
-      return true;
-    case EME_FEATURE_ALWAYS_ENABLED:
-      // Persistent state does not require user permission, but the session
-      // types that use it might.
-      return requirement != EME_FEATURE_NOT_ALLOWED;
+  // For NOT_ALLOWED and REQUIRED, the result is as expected. For OPTIONAL, we
+  // return the least restrictive of the two rules; this guarantees that if
+  // OPTIONAL is accepted, then it can always be resolved to some value. (In
+  // fact OPTIONAL is always accepted, because the least restrictive rule is
+  // always SUPPORTED.)
+  //
+  // Note that even if permission is not required for persistent state, it may
+  // be required for specific persistent session types.
+  //
+  //                              NOT_ALLOWED    OPTIONAL   REQUIRED
+  //               NOT_SUPPORTED  SUPPORTED      SUPPORTED  NOT_SUPPORTED
+  // REQUESTABLE_WITH_IDENTIFIER  SUPPORTED      SUPPORTED  IDENTIFIER_REQ
+  //                 REQUESTABLE  SUPPORTED      SUPPORTED  SUPPORTED
+  //              ALWAYS_ENABLED  NOT_SUPPORTED  SUPPORTED  SUPPORTED
+  EmeFeatureSupport support = key_system_iter->second.persistent_state_support;
+  if (support == EME_FEATURE_NOT_SUPPORTED &&
+      requirement == EME_FEATURE_REQUIRED) {
+    return EmeConfigRule::NOT_SUPPORTED;
   }
-
-  NOTREACHED();
-  return false;
+  if (support == EME_FEATURE_ALWAYS_ENABLED &&
+      requirement == EME_FEATURE_NOT_ALLOWED) {
+    return EmeConfigRule::NOT_SUPPORTED;
+  }
+  if (support == EME_FEATURE_REQUESTABLE_WITH_IDENTIFIER &&
+      requirement == EME_FEATURE_REQUIRED) {
+    return EmeConfigRule::IDENTIFIER_REQUIRED;
+  }
+  return EmeConfigRule::SUPPORTED;
 }
 
-bool KeySystems::IsDistinctiveIdentifierRequirementSupported(
+EmeConfigRule KeySystems::GetDistinctiveIdentifierConfigRule(
     const std::string& key_system,
-    EmeFeatureRequirement requirement,
-    bool is_permission_granted) {
+    EmeFeatureRequirement requirement) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   KeySystemInfoMap::const_iterator key_system_iter =
       concrete_key_system_map_.find(key_system);
   if (key_system_iter == concrete_key_system_map_.end()) {
     NOTREACHED();
-    return false;
+    return EmeConfigRule::NOT_SUPPORTED;
   }
 
-  switch (key_system_iter->second.distinctive_identifier_support) {
-    case EME_FEATURE_INVALID:
-      NOTREACHED();
-      return false;
-    case EME_FEATURE_NOT_SUPPORTED:
-      return requirement != EME_FEATURE_REQUIRED;
-    case EME_FEATURE_REQUESTABLE_WITH_PERMISSION:
-      // TODO(sandersd): Remove this hack once crbug.com/457482 and
-      // crbug.com/460616 are addressed.
-      // We cannot currently enforce "not-allowed", so don't allow it.
-      // Note: Removing this check will expose crbug.com/460616.
-      if (requirement == EME_FEATURE_NOT_ALLOWED)
-        return false;
-      return (requirement != EME_FEATURE_REQUIRED) || is_permission_granted;
-    case EME_FEATURE_REQUESTABLE:
-      NOTREACHED();
-      return true;
-    case EME_FEATURE_ALWAYS_ENABLED:
-      // Distinctive identifiers always require user permission.
-      return (requirement != EME_FEATURE_NOT_ALLOWED) && is_permission_granted;
+  // Permission is required for REQUIRED, but not for NOT_ALLOWED. For OPTIONAL,
+  // we return the least restrictive of the two rules; this guarantees that if
+  // OPTIONAL is accepted, then it can always be resolved to some value.
+  //
+  //                              NOT_ALLOWED    OPTIONAL        REQUIRED
+  //               NOT_SUPPORTED  SUPPORTED      SUPPORTED       NOT_SUPPORTED
+  // REQUESTABLE_WITH_IDENTIFIER  SUPPORTED      SUPPORTED       IDENTIFIER_REQ
+  //              ALWAYS_ENABLED  NOT_SUPPORTED  IDENTIFIER_REQ  IDENTIFIER_REQ
+  EmeFeatureSupport support =
+      key_system_iter->second.distinctive_identifier_support;
+  DCHECK(support != EME_FEATURE_REQUESTABLE);
+  if (support == EME_FEATURE_NOT_SUPPORTED &&
+      requirement == EME_FEATURE_REQUIRED) {
+    return EmeConfigRule::NOT_SUPPORTED;
   }
-
-  NOTREACHED();
-  return false;
+  if (support == EME_FEATURE_ALWAYS_ENABLED &&
+      requirement == EME_FEATURE_NOT_ALLOWED) {
+    return EmeConfigRule::NOT_SUPPORTED;
+  }
+  if (support == EME_FEATURE_ALWAYS_ENABLED ||
+      requirement == EME_FEATURE_REQUIRED) {
+    return EmeConfigRule::IDENTIFIER_REQUIRED;
+  }
+  return EmeConfigRule::SUPPORTED;
 }
 
 void KeySystems::AddContainerMask(const std::string& container, uint32 mask) {
   DCHECK(thread_checker_.CalledOnValidThread());
   DCHECK(!container_to_codec_mask_map_.count(container));
   container_to_codec_mask_map_[container] = static_cast<EmeCodec>(mask);
 }
 
 void KeySystems::AddCodecMask(const std::string& codec, uint32 mask) {
   DCHECK(thread_checker_.CalledOnValidThread());
@@ skipping 84 matching lines @@
 bool CanUseAesDecryptor(const std::string& concrete_key_system) {
   return KeySystems::GetInstance().UseAesDecryptor(concrete_key_system);
 }
 
 #if defined(ENABLE_PEPPER_CDMS)
 std::string GetPepperType(const std::string& concrete_key_system) {
   return KeySystems::GetInstance().GetPepperType(concrete_key_system);
 }
 #endif
 
-bool IsPersistentLicenseSessionSupported(
+EmeConfigRule GetRobustnessConfigRule(
     const std::string& key_system,
-    bool is_permission_granted) {
-  return KeySystems::GetInstance().IsPersistentLicenseSessionSupported(
-      key_system, is_permission_granted);
+    EmeMediaType media_type,
+    EmeRobustness robustness) {
+  return KeySystems::GetInstance().GetRobustnessConfigRule(
+      key_system, media_type, robustness);
 }
 
-bool IsPersistentReleaseMessageSessionSupported(
-    const std::string& key_system,
-    bool is_permission_granted) {
-  return KeySystems::GetInstance().IsPersistentReleaseMessageSessionSupported(
-      key_system, is_permission_granted);
+EmeConfigRule GetPersistentLicenseSessionConfigRule(
+    const std::string& key_system) {
+  return KeySystems::GetInstance().GetPersistentLicenseSessionConfigRule(
+      key_system);
 }
 
-bool IsPersistentStateRequirementSupported(
-    const std::string& key_system,
-    EmeFeatureRequirement requirement,
-    bool is_permission_granted) {
-  return KeySystems::GetInstance().IsPersistentStateRequirementSupported(
-      key_system, requirement, is_permission_granted);
+EmeConfigRule GetPersistentReleaseMessageSessionConfigRule(
+    const std::string& key_system) {
+  return KeySystems::GetInstance().GetPersistentReleaseMessageSessionConfigRule(
+      key_system);
 }
 
-bool IsDistinctiveIdentifierRequirementSupported(
+EmeConfigRule GetPersistentStateConfigRule(
     const std::string& key_system,
-    EmeFeatureRequirement requirement,
-    bool is_permission_granted) {
-  return KeySystems::GetInstance().IsDistinctiveIdentifierRequirementSupported(
-      key_system, requirement, is_permission_granted);
+    EmeFeatureRequirement requirement) {
+  return KeySystems::GetInstance().GetPersistentStateConfigRule(
+      key_system, requirement);
+}
+
+EmeConfigRule GetDistinctiveIdentifierConfigRule(
+    const std::string& key_system,
+    EmeFeatureRequirement requirement) {
+  return KeySystems::GetInstance().GetDistinctiveIdentifierConfigRule(
+      key_system, requirement);
 }
 
 // These two functions are for testing purpose only. The declaration in the
 // header file is guarded by "#if defined(UNIT_TEST)" so that they can be used
 // by tests but not non-test code. However, this .cc file is compiled as part of
 // "media" where "UNIT_TEST" is not defined. So we need to specify
 // "MEDIA_EXPORT" here again so that they are visible to tests.
 
 MEDIA_EXPORT void AddContainerMask(const std::string& container, uint32 mask) {
   KeySystems::GetInstance().AddContainerMask(container, mask);
 }
 
 MEDIA_EXPORT void AddCodecMask(const std::string& codec, uint32 mask) {
   KeySystems::GetInstance().AddCodecMask(codec, mask);
 }
 
 }  // namespace media