| Index: media/blink/webencryptedmediaclient_impl.cc
|
| diff --git a/media/blink/webencryptedmediaclient_impl.cc b/media/blink/webencryptedmediaclient_impl.cc
|
| index e770c4ec78786e5d5c7fade96f484b240b35d5a9..73c51e56391c74d254e38526fa103be4bb63449b 100644
|
| --- a/media/blink/webencryptedmediaclient_impl.cc
|
| +++ b/media/blink/webencryptedmediaclient_impl.cc
|
| @@ -31,6 +31,106 @@ enum ConfigurationSupport {
|
| CONFIGURATION_SUPPORTED,
|
| };
|
|
|
| +// Note: We consider the encrypted media permission to be equivalent to access
|
| +// to a distinctive identifier, even though they are conceptually distinct. We
|
| +// may want to separate the concepts in the future to make it possible to
|
| +// recommend or require permission without providing access to a distinctive
|
| +// identifier.
|
| +class PermissionState {
|
| + public:
|
| + PermissionState(bool was_permission_requested, bool is_permission_granted)
|
| + : was_permission_requested_(was_permission_requested),
|
| + is_permission_granted_(is_permission_granted),
|
| + is_permission_required_(false),
|
| + is_permission_recommended_(false) {
|
| + }
|
| +
|
| + // Permission state is invalid if permission is required but has been denied.
|
| + bool IsValid() {
|
| + return !is_permission_required_ || is_permission_granted_ ||
|
| + !was_permission_requested_;
|
| + }
|
| +
|
| + // Permission is possible it has not been denied.
|
| + bool IsPermissionPossible() {
|
| + return is_permission_granted_ || !was_permission_requested_;
|
| + }
|
| +
|
| + // Permission is required (read 'should be used') if it is explicitly
|
| + // required by a requirement, or if it has been recommended and has not
|
| + // denied.
|
| + bool IsPermissionRequired() {
|
| + return is_permission_required_ || (is_permission_recommended_ &&
|
| + IsPermissionPossible());
|
| + }
|
| +
|
| + // A permission request is required if permission is required but has not
|
| + // been requested yet.
|
| + bool IsPermissionRequestRequired() {
|
| + return is_permission_required_ && !is_permission_granted_ &&
|
| + !was_permission_requested_;
|
| + }
|
| +
|
| + bool IsRequirementSupported(EmeRequirementSupport support) {
|
| + switch (support) {
|
| + case EME_REQUIREMENT_NOT_SUPPORTED:
|
| + return false;
|
| + case EME_REQUIREMENT_SUPPORTED_WITH_PERMISSION:
|
| + return IsPermissionPossible();
|
| + case EME_REQUIREMENT_SUPPORTED_PERMISSION_RECOMMENDED:
|
| + return true;
|
| + case EME_REQUIREMENT_SUPPORTED:
|
| + return true;
|
| + }
|
| + NOTREACHED();
|
| + return false;
|
| + }
|
| +
|
| + bool IsRequirementSupportedWithoutPrompt(EmeRequirementSupport support) {
|
| + switch (support) {
|
| + case EME_REQUIREMENT_NOT_SUPPORTED:
|
| + return false;
|
| + case EME_REQUIREMENT_SUPPORTED_WITH_PERMISSION:
|
| + return is_permission_granted_;
|
| + case EME_REQUIREMENT_SUPPORTED_PERMISSION_RECOMMENDED:
|
| + return true;
|
| + case EME_REQUIREMENT_SUPPORTED:
|
| + return true;
|
| + }
|
| + NOTREACHED();
|
| + return false;
|
| + }
|
| +
|
| + void AddRequirement(EmeRequirementSupport support) {
|
| + if (support == EME_REQUIREMENT_SUPPORTED_WITH_PERMISSION)
|
| + is_permission_required_ = true;
|
| + if (support == EME_REQUIREMENT_SUPPORTED_PERMISSION_RECOMMENDED)
|
| + is_permission_recommended_ = true;
|
| + }
|
| +
|
| + private:
|
| + bool was_permission_requested_;
|
| + bool is_permission_granted_;
|
| + bool is_permission_required_;
|
| + bool is_permission_recommended_;
|
| +};
|
| +
|
| +static EmeRobustness ConvertRobustness(const blink::WebString& robustness) {
|
| + if (robustness.isEmpty())
|
| + return EmeRobustness::EMPTY;
|
| + if (robustness == "SW_SECURE_CRYPTO")
|
| + return EmeRobustness::SW_SECURE_CRYPTO;
|
| + if (robustness == "SW_SECURE_DECODE")
|
| + return EmeRobustness::SW_SECURE_DECODE;
|
| + if (robustness == "HW_SECURE_CRYPTO")
|
| + return EmeRobustness::HW_SECURE_CRYPTO;
|
| + if (robustness == "HW_SECURE_DECODE")
|
| + return EmeRobustness::HW_SECURE_DECODE;
|
| + if (robustness == "HW_SECURE_ALL")
|
| + return EmeRobustness::HW_SECURE_ALL;
|
| + return EmeRobustness::INVALID;
|
| +}
|
| +
|
| static bool IsSupportedContentType(const std::string& key_system,
|
| const std::string& mime_type,
|
| const std::string& codecs) {
|
| @@ -66,8 +166,10 @@ static bool GetSupportedCapabilities(
|
| const std::string& key_system,
|
| const blink::WebVector<blink::WebMediaKeySystemMediaCapability>&
|
| capabilities,
|
| + EmeMediaType media_type,
|
| std::vector<blink::WebMediaKeySystemMediaCapability>*
|
| - media_type_capabilities) {
|
| + media_type_capabilities,
|
| + PermissionState* permission_state) {
|
| // From
|
| // https://w3c.github.io/encrypted-media/#get-supported-capabilities-for-media-type
|
| // 1. Let accumulated capabilities be partial configuration.
|
| @@ -91,22 +193,31 @@ static bool GetSupportedCapabilities(
|
| continue;
|
| }
|
| // 3.12. If robustness is not the empty string, run the following steps:
|
| - // (Robustness is not supported.)
|
| - // TODO(sandersd): Implement robustness. http://crbug.com/442586
|
| if (!capability.robustness.isEmpty()) {
|
| - LOG(WARNING) << "Configuration rejected because rubustness strings are "
|
| - << "not yet supported.";
|
| - continue;
|
| + // 3.12.1. If robustness is an unrecognized value or not supported by
|
| + // implementation, continue to the next iteration. String
|
| + // comparison is case-sensitive.
|
| + EmeRequirementSupport support = GetRobustnessRequirementSupport(
|
| + key_system, media_type, ConvertRobustness(capability.robustness));
|
| + if (!permission_state->IsRequirementSupported(support))
|
| + continue;
|
| + permission_state->AddRequirement(support);
|
| + // 3.12.2. Add robustness to configuration.
|
| + // (It's already added, the original object is used directly.)
|
| }
|
| // 3.13. If the user agent and implementation do not support playback of
|
| // encrypted media data as specified by configuration, including all
|
| // media types, in combination with accumulated capabilities,
|
| // continue to the next iteration.
|
| - // (Skipped as there are no configuration-based codec restrictions.)
|
| + // (Skipped as there are no configuration-based codec restrictions.
|
| + // There will be when the Android security level becomes configurable
|
| + // based on robustness.)
|
| // 3.14. Add configuration to media type capabilities.
|
| media_type_capabilities->push_back(capability);
|
| // 3.15. Add configuration to accumulated capabilities.
|
| - // (Skipped as there are no configuration-based codec restrictions.)
|
| + // (Skipped as there are no configuration-based codec restrictions.
|
| + // Note that this is the local accumulated capabilities, the global
|
| + // one is updated by the caller.)
|
| }
|
| // 4. If media type capabilities is empty, return null.
|
| // 5. Return media type capabilities.
|
| @@ -131,15 +242,11 @@ static EmeFeatureRequirement ConvertRequirement(
|
| static ConfigurationSupport GetSupportedConfiguration(
|
| const std::string& key_system,
|
| const blink::WebMediaKeySystemConfiguration& candidate,
|
| - blink::WebMediaKeySystemConfiguration* accumulated_configuration,
|
| bool was_permission_requested,
|
| - bool is_permission_granted) {
|
| - DCHECK(was_permission_requested || !is_permission_granted);
|
| -
|
| - // It is possible to obtain user permission unless permission was already
|
| - // requested and denied.
|
| - bool is_permission_possible =
|
| - !was_permission_requested || is_permission_granted;
|
| + bool is_permission_granted,
|
| + blink::WebMediaKeySystemConfiguration* accumulated_configuration) {
|
| + PermissionState permission_state(was_permission_requested,
|
| + is_permission_granted);
|
|
|
| // From https://w3c.github.io/encrypted-media/#get-supported-configuration
|
| // 1. Let accumulated configuration be empty. (Done by caller.)
|
| @@ -200,12 +307,11 @@ static ConfigurationSupport GetSupportedConfiguration(
|
| // - "not-allowed": If the implementation requires a Distinctive
|
| // Identifier in combination with accumulated configuration, return
|
| // null.
|
| - EmeFeatureRequirement di_requirement =
|
| - ConvertRequirement(candidate.distinctiveIdentifier);
|
| - if (!IsDistinctiveIdentifierRequirementSupported(key_system, di_requirement,
|
| - is_permission_possible)) {
|
| + EmeRequirementSupport di_support = GetDistinctiveIdentifierRequirementSupport(
|
| + key_system, ConvertRequirement(candidate.distinctiveIdentifier));
|
| + if (!permission_state.IsRequirementSupported(di_support))
|
| return CONFIGURATION_NOT_SUPPORTED;
|
| - }
|
| + permission_state.AddRequirement(di_support);
|
|
|
| // 4. Add the value of the candidate configuration's distinctiveIdentifier
|
| // attribute to accumulated configuration.
|
| @@ -219,12 +325,11 @@ static ConfigurationSupport GetSupportedConfiguration(
|
| // - "optional": Continue.
|
| // - "not-allowed": If the implementation requires persisting state in
|
| // combination with accumulated configuration, return null.
|
| - EmeFeatureRequirement ps_requirement =
|
| - ConvertRequirement(candidate.persistentState);
|
| - if (!IsPersistentStateRequirementSupported(key_system, ps_requirement,
|
| - is_permission_possible)) {
|
| + EmeRequirementSupport ps_support = GetPersistentStateRequirementSupport(
|
| + key_system, ConvertRequirement(candidate.persistentState));
|
| + if (!permission_state.IsRequirementSupported(ps_support))
|
| return CONFIGURATION_NOT_SUPPORTED;
|
| - }
|
| + permission_state.AddRequirement(ps_support);
|
|
|
| // 6. Add the value of the candidate configuration's persistentState
|
| // attribute to accumulated configuration.
|
| @@ -240,7 +345,8 @@ static ConfigurationSupport GetSupportedConfiguration(
|
| // 7.2. If video capabilities is null, return null.
|
| std::vector<blink::WebMediaKeySystemMediaCapability> video_capabilities;
|
| if (!GetSupportedCapabilities(key_system, candidate.videoCapabilities,
|
| - &video_capabilities)) {
|
| + EmeMediaType::VIDEO, &video_capabilities,
|
| + &permission_state)) {
|
| return CONFIGURATION_NOT_SUPPORTED;
|
| }
|
|
|
| @@ -258,7 +364,8 @@ static ConfigurationSupport GetSupportedConfiguration(
|
| // 8.2. If audio capabilities is null, return null.
|
| std::vector<blink::WebMediaKeySystemMediaCapability> audio_capabilities;
|
| if (!GetSupportedCapabilities(key_system, candidate.audioCapabilities,
|
| - &audio_capabilities)) {
|
| + EmeMediaType::AUDIO, &audio_capabilities,
|
| + &permission_state)) {
|
| return CONFIGURATION_NOT_SUPPORTED;
|
| }
|
|
|
| @@ -274,17 +381,38 @@ static ConfigurationSupport GetSupportedConfiguration(
|
| // configuration's distinctiveIdentifier value to "required".
|
| // - Otherwise, change accumulated configuration's distinctiveIdentifier
|
| // value to "not-allowed".
|
| - // (Without robustness support, capabilities do not affect this.)
|
| - // TODO(sandersd): Implement robustness. http://crbug.com/442586
|
| if (accumulated_configuration->distinctiveIdentifier ==
|
| blink::WebMediaKeySystemConfiguration::Requirement::Optional) {
|
| - if (IsDistinctiveIdentifierRequirementSupported(
|
| - key_system, EME_FEATURE_NOT_ALLOWED, is_permission_possible)) {
|
| + EmeRequirementSupport not_allowed_support =
|
| + GetDistinctiveIdentifierRequirementSupport(
|
| + key_system, EME_FEATURE_NOT_ALLOWED);
|
| + EmeRequirementSupport required_support =
|
| + GetDistinctiveIdentifierRequirementSupport(
|
| + key_system, EME_FEATURE_REQUIRED);
|
| + bool not_allowed_support_valid =
|
| + permission_state.IsRequirementSupported(not_allowed_support);
|
| + bool required_support_valid =
|
| + permission_state.IsRequirementSupported(required_support);
|
| + if (not_allowed_support_valid && required_support_valid) {
|
| + if (permission_state.IsPermissionRequired()) {
|
| + accumulated_configuration->distinctiveIdentifier =
|
| + blink::WebMediaKeySystemConfiguration::Requirement::Required;
|
| + permission_state.AddRequirement(required_support);
|
| + } else {
|
| + accumulated_configuration->distinctiveIdentifier =
|
| + blink::WebMediaKeySystemConfiguration::Requirement::NotAllowed;
|
| + permission_state.AddRequirement(not_allowed_support);
|
| + }
|
| + } else if (not_allowed_support_valid) {
|
| accumulated_configuration->distinctiveIdentifier =
|
| blink::WebMediaKeySystemConfiguration::Requirement::NotAllowed;
|
| - } else {
|
| + permission_state.AddRequirement(not_allowed_support);
|
| + } else if (required_support_valid) {
|
| accumulated_configuration->distinctiveIdentifier =
|
| blink::WebMediaKeySystemConfiguration::Requirement::Required;
|
| + permission_state.AddRequirement(required_support);
|
| + } else {
|
| + return CONFIGURATION_NOT_SUPPORTED;
|
| }
|
| }
|
|
|
| @@ -298,44 +426,48 @@ static ConfigurationSupport GetSupportedConfiguration(
|
| // to "not-allowed".
|
| if (accumulated_configuration->persistentState ==
|
| blink::WebMediaKeySystemConfiguration::Requirement::Optional) {
|
| - if (IsPersistentStateRequirementSupported(
|
| - key_system, EME_FEATURE_NOT_ALLOWED, is_permission_possible)) {
|
| + EmeRequirementSupport not_allowed_support =
|
| + GetPersistentStateRequirementSupport(
|
| + key_system, EME_FEATURE_NOT_ALLOWED);
|
| + EmeRequirementSupport required_support =
|
| + GetPersistentStateRequirementSupport(
|
| + key_system, EME_FEATURE_REQUIRED);
|
| + bool not_allowed_support_valid =
|
| + permission_state.IsRequirementSupported(not_allowed_support);
|
| + bool required_support_valid =
|
| + permission_state.IsRequirementSupported(required_support);
|
| + if (not_allowed_support_valid) {
|
| accumulated_configuration->persistentState =
|
| blink::WebMediaKeySystemConfiguration::Requirement::NotAllowed;
|
| - } else {
|
| + permission_state.AddRequirement(not_allowed_support);
|
| + } else if (required_support_valid) {
|
| accumulated_configuration->persistentState =
|
| blink::WebMediaKeySystemConfiguration::Requirement::Required;
|
| + permission_state.AddRequirement(required_support);
|
| + } else {
|
| + return CONFIGURATION_NOT_SUPPORTED;
|
| }
|
| }
|
|
|
| // 11. If implementation in the configuration specified by the combination of
|
| // the values in accumulated configuration is not supported or not allowed
|
| // in the origin, return null.
|
| - di_requirement =
|
| - ConvertRequirement(accumulated_configuration->distinctiveIdentifier);
|
| - if (!IsDistinctiveIdentifierRequirementSupported(key_system, di_requirement,
|
| - is_permission_granted)) {
|
| - if (was_permission_requested) {
|
| - // The optional permission was requested and denied.
|
| - // TODO(sandersd): Avoid the need for this logic - crbug.com/460616.
|
| - DCHECK(candidate.distinctiveIdentifier ==
|
| - blink::WebMediaKeySystemConfiguration::Requirement::Optional);
|
| - DCHECK(di_requirement == EME_FEATURE_REQUIRED);
|
| - DCHECK(!is_permission_granted);
|
| - accumulated_configuration->distinctiveIdentifier =
|
| - blink::WebMediaKeySystemConfiguration::Requirement::NotAllowed;
|
| - } else {
|
| - return CONFIGURATION_REQUIRES_PERMISSION;
|
| - }
|
| +
|
| + // Enforce that distinctiveIdentifier is equivalent to the encrypted media
|
| + // permission.
|
| + if (permission_state.IsPermissionRequired() !=
|
| + (accumulated_configuration->distinctiveIdentifier ==
|
| + blink::WebMediaKeySystemConfiguration::Requirement::Required)) {
|
| + return CONFIGURATION_NOT_SUPPORTED;
|
| }
|
|
|
| - ps_requirement =
|
| - ConvertRequirement(accumulated_configuration->persistentState);
|
| - if (!IsPersistentStateRequirementSupported(key_system, ps_requirement,
|
| - is_permission_granted)) {
|
| - DCHECK(!was_permission_requested); // Should have failed at step 5.
|
| + // If the combination of permissions cannot be satisfied, give up.
|
| + if (!permission_state.IsValid())
|
| + return CONFIGURATION_NOT_SUPPORTED;
|
| +
|
| + // If a permission is required but has not been requested, prompt.
|
| + if (permission_state.IsPermissionRequestRequired())
|
| return CONFIGURATION_REQUIRES_PERMISSION;
|
| - }
|
|
|
| // 12. Return accumulated configuration.
|
| // (As an extra step, we record the available session types so that
|
| @@ -344,13 +476,15 @@ static ConfigurationSupport GetSupportedConfiguration(
|
| session_types.push_back(blink::WebEncryptedMediaSessionType::Temporary);
|
| if (accumulated_configuration->persistentState ==
|
| blink::WebMediaKeySystemConfiguration::Requirement::Required) {
|
| - if (IsPersistentLicenseSessionSupported(key_system,
|
| - is_permission_granted)) {
|
| + // TODO(sandersd): This should happen sooner so that it can affect the
|
| + // permission state.
|
| + if (permission_state.IsRequirementSupportedWithoutPrompt(
|
| + GetPersistentLicenseSessionSupport(key_system))) {
|
| session_types.push_back(
|
| blink::WebEncryptedMediaSessionType::PersistentLicense);
|
| }
|
| - if (IsPersistentReleaseMessageSessionSupported(key_system,
|
| - is_permission_granted)) {
|
| + if (permission_state.IsRequirementSupportedWithoutPrompt(
|
| + GetPersistentReleaseMessageSessionSupport(key_system))) {
|
| session_types.push_back(
|
| blink::WebEncryptedMediaSessionType::PersistentReleaseMessage);
|
| }
|
| @@ -447,6 +581,7 @@ void WebEncryptedMediaClientImpl::requestMediaKeySystemAccess(
|
| }
|
|
|
| // 7.2-7.4. Implemented by SelectSupportedConfiguration().
|
| + // TODO(sandersd): Query the permission first.
|
| SelectSupportedConfiguration(request, false, false);
|
| }
|
|
|
| @@ -474,8 +609,8 @@ void WebEncryptedMediaClientImpl::SelectSupportedConfiguration(
|
| // new MediaKeySystemAccess object.]
|
| blink::WebMediaKeySystemConfiguration accumulated_configuration;
|
| ConfigurationSupport supported = GetSupportedConfiguration(
|
| - key_system, candidate_configuration, &accumulated_configuration,
|
| - was_permission_requested, is_permission_granted);
|
| + key_system, candidate_configuration, was_permission_requested,
|
| + is_permission_granted, &accumulated_configuration);
|
| switch (supported) {
|
| case CONFIGURATION_NOT_SUPPORTED:
|
| continue;
|
|
|
Chromium Code Reviews
Issue 1005903003:
Implement robustness strings in requestMediaKeySystemAccess(). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master