Index: media/blink/webencryptedmediaclient_impl.cc |
diff --git a/media/blink/webencryptedmediaclient_impl.cc b/media/blink/webencryptedmediaclient_impl.cc |
index e770c4ec78786e5d5c7fade96f484b240b35d5a9..73c51e56391c74d254e38526fa103be4bb63449b 100644 |
--- a/media/blink/webencryptedmediaclient_impl.cc |
+++ b/media/blink/webencryptedmediaclient_impl.cc |
@@ -31,6 +31,106 @@ enum ConfigurationSupport { |
CONFIGURATION_SUPPORTED, |
}; |
+// Note: We consider the encrypted media permission to be equivalent to access |
+// to a distinctive identifier, even though they are conceptually distinct. We |
+// may want to separate the concepts in the future to make it possible to |
+// recommend or require permission without providing access to a distinctive |
+// identifier. |
+class PermissionState { |
+ public: |
+ PermissionState(bool was_permission_requested, bool is_permission_granted) |
+ : was_permission_requested_(was_permission_requested), |
+ is_permission_granted_(is_permission_granted), |
+ is_permission_required_(false), |
+ is_permission_recommended_(false) { |
+ } |
+ |
+ // Permission state is invalid if permission is required but has been denied. |
+ bool IsValid() { |
+ return !is_permission_required_ || is_permission_granted_ || |
+ !was_permission_requested_; |
+ } |
+ |
+ // Permission is possible it has not been denied. |
+ bool IsPermissionPossible() { |
+ return is_permission_granted_ || !was_permission_requested_; |
+ } |
+ |
+ // Permission is required (read 'should be used') if it is explicitly |
+ // required by a requirement, or if it has been recommended and has not |
+ // denied. |
+ bool IsPermissionRequired() { |
+ return is_permission_required_ || (is_permission_recommended_ && |
+ IsPermissionPossible()); |
+ } |
+ |
+ // A permission request is required if permission is required but has not |
+ // been requested yet. |
+ bool IsPermissionRequestRequired() { |
+ return is_permission_required_ && !is_permission_granted_ && |
+ !was_permission_requested_; |
+ } |
+ |
+ bool IsRequirementSupported(EmeRequirementSupport support) { |
+ switch (support) { |
+ case EME_REQUIREMENT_NOT_SUPPORTED: |
+ return false; |
+ case EME_REQUIREMENT_SUPPORTED_WITH_PERMISSION: |
+ return IsPermissionPossible(); |
+ case EME_REQUIREMENT_SUPPORTED_PERMISSION_RECOMMENDED: |
+ return true; |
+ case EME_REQUIREMENT_SUPPORTED: |
+ return true; |
+ } |
+ NOTREACHED(); |
+ return false; |
+ } |
+ |
+ bool IsRequirementSupportedWithoutPrompt(EmeRequirementSupport support) { |
+ switch (support) { |
+ case EME_REQUIREMENT_NOT_SUPPORTED: |
+ return false; |
+ case EME_REQUIREMENT_SUPPORTED_WITH_PERMISSION: |
+ return is_permission_granted_; |
+ case EME_REQUIREMENT_SUPPORTED_PERMISSION_RECOMMENDED: |
+ return true; |
+ case EME_REQUIREMENT_SUPPORTED: |
+ return true; |
+ } |
+ NOTREACHED(); |
+ return false; |
+ } |
+ |
+ void AddRequirement(EmeRequirementSupport support) { |
+ if (support == EME_REQUIREMENT_SUPPORTED_WITH_PERMISSION) |
+ is_permission_required_ = true; |
+ if (support == EME_REQUIREMENT_SUPPORTED_PERMISSION_RECOMMENDED) |
+ is_permission_recommended_ = true; |
+ } |
+ |
+ private: |
+ bool was_permission_requested_; |
+ bool is_permission_granted_; |
+ bool is_permission_required_; |
+ bool is_permission_recommended_; |
+}; |
+ |
+static EmeRobustness ConvertRobustness(const blink::WebString& robustness) { |
+ if (robustness.isEmpty()) |
+ return EmeRobustness::EMPTY; |
+ if (robustness == "SW_SECURE_CRYPTO") |
+ return EmeRobustness::SW_SECURE_CRYPTO; |
+ if (robustness == "SW_SECURE_DECODE") |
+ return EmeRobustness::SW_SECURE_DECODE; |
+ if (robustness == "HW_SECURE_CRYPTO") |
+ return EmeRobustness::HW_SECURE_CRYPTO; |
+ if (robustness == "HW_SECURE_DECODE") |
+ return EmeRobustness::HW_SECURE_DECODE; |
+ if (robustness == "HW_SECURE_ALL") |
+ return EmeRobustness::HW_SECURE_ALL; |
+ return EmeRobustness::INVALID; |
+} |
+ |
static bool IsSupportedContentType(const std::string& key_system, |
const std::string& mime_type, |
const std::string& codecs) { |
@@ -66,8 +166,10 @@ static bool GetSupportedCapabilities( |
const std::string& key_system, |
const blink::WebVector<blink::WebMediaKeySystemMediaCapability>& |
capabilities, |
+ EmeMediaType media_type, |
std::vector<blink::WebMediaKeySystemMediaCapability>* |
- media_type_capabilities) { |
+ media_type_capabilities, |
+ PermissionState* permission_state) { |
// From |
// https://w3c.github.io/encrypted-media/#get-supported-capabilities-for-media-type |
// 1. Let accumulated capabilities be partial configuration. |
@@ -91,22 +193,31 @@ static bool GetSupportedCapabilities( |
continue; |
} |
// 3.12. If robustness is not the empty string, run the following steps: |
- // (Robustness is not supported.) |
- // TODO(sandersd): Implement robustness. http://crbug.com/442586 |
if (!capability.robustness.isEmpty()) { |
- LOG(WARNING) << "Configuration rejected because rubustness strings are " |
- << "not yet supported."; |
- continue; |
+ // 3.12.1. If robustness is an unrecognized value or not supported by |
+ // implementation, continue to the next iteration. String |
+ // comparison is case-sensitive. |
+ EmeRequirementSupport support = GetRobustnessRequirementSupport( |
+ key_system, media_type, ConvertRobustness(capability.robustness)); |
+ if (!permission_state->IsRequirementSupported(support)) |
+ continue; |
+ permission_state->AddRequirement(support); |
+ // 3.12.2. Add robustness to configuration. |
+ // (It's already added, the original object is used directly.) |
} |
// 3.13. If the user agent and implementation do not support playback of |
// encrypted media data as specified by configuration, including all |
// media types, in combination with accumulated capabilities, |
// continue to the next iteration. |
- // (Skipped as there are no configuration-based codec restrictions.) |
+ // (Skipped as there are no configuration-based codec restrictions. |
+ // There will be when the Android security level becomes configurable |
+ // based on robustness.) |
// 3.14. Add configuration to media type capabilities. |
media_type_capabilities->push_back(capability); |
// 3.15. Add configuration to accumulated capabilities. |
- // (Skipped as there are no configuration-based codec restrictions.) |
+ // (Skipped as there are no configuration-based codec restrictions. |
+ // Note that this is the local accumulated capabilities, the global |
+ // one is updated by the caller.) |
} |
// 4. If media type capabilities is empty, return null. |
// 5. Return media type capabilities. |
@@ -131,15 +242,11 @@ static EmeFeatureRequirement ConvertRequirement( |
static ConfigurationSupport GetSupportedConfiguration( |
const std::string& key_system, |
const blink::WebMediaKeySystemConfiguration& candidate, |
- blink::WebMediaKeySystemConfiguration* accumulated_configuration, |
bool was_permission_requested, |
- bool is_permission_granted) { |
- DCHECK(was_permission_requested || !is_permission_granted); |
- |
- // It is possible to obtain user permission unless permission was already |
- // requested and denied. |
- bool is_permission_possible = |
- !was_permission_requested || is_permission_granted; |
+ bool is_permission_granted, |
+ blink::WebMediaKeySystemConfiguration* accumulated_configuration) { |
+ PermissionState permission_state(was_permission_requested, |
+ is_permission_granted); |
// From https://w3c.github.io/encrypted-media/#get-supported-configuration |
// 1. Let accumulated configuration be empty. (Done by caller.) |
@@ -200,12 +307,11 @@ static ConfigurationSupport GetSupportedConfiguration( |
// - "not-allowed": If the implementation requires a Distinctive |
// Identifier in combination with accumulated configuration, return |
// null. |
- EmeFeatureRequirement di_requirement = |
- ConvertRequirement(candidate.distinctiveIdentifier); |
- if (!IsDistinctiveIdentifierRequirementSupported(key_system, di_requirement, |
- is_permission_possible)) { |
+ EmeRequirementSupport di_support = GetDistinctiveIdentifierRequirementSupport( |
+ key_system, ConvertRequirement(candidate.distinctiveIdentifier)); |
+ if (!permission_state.IsRequirementSupported(di_support)) |
return CONFIGURATION_NOT_SUPPORTED; |
- } |
+ permission_state.AddRequirement(di_support); |
// 4. Add the value of the candidate configuration's distinctiveIdentifier |
// attribute to accumulated configuration. |
@@ -219,12 +325,11 @@ static ConfigurationSupport GetSupportedConfiguration( |
// - "optional": Continue. |
// - "not-allowed": If the implementation requires persisting state in |
// combination with accumulated configuration, return null. |
- EmeFeatureRequirement ps_requirement = |
- ConvertRequirement(candidate.persistentState); |
- if (!IsPersistentStateRequirementSupported(key_system, ps_requirement, |
- is_permission_possible)) { |
+ EmeRequirementSupport ps_support = GetPersistentStateRequirementSupport( |
+ key_system, ConvertRequirement(candidate.persistentState)); |
+ if (!permission_state.IsRequirementSupported(ps_support)) |
return CONFIGURATION_NOT_SUPPORTED; |
- } |
+ permission_state.AddRequirement(ps_support); |
// 6. Add the value of the candidate configuration's persistentState |
// attribute to accumulated configuration. |
@@ -240,7 +345,8 @@ static ConfigurationSupport GetSupportedConfiguration( |
// 7.2. If video capabilities is null, return null. |
std::vector<blink::WebMediaKeySystemMediaCapability> video_capabilities; |
if (!GetSupportedCapabilities(key_system, candidate.videoCapabilities, |
- &video_capabilities)) { |
+ EmeMediaType::VIDEO, &video_capabilities, |
+ &permission_state)) { |
return CONFIGURATION_NOT_SUPPORTED; |
} |
@@ -258,7 +364,8 @@ static ConfigurationSupport GetSupportedConfiguration( |
// 8.2. If audio capabilities is null, return null. |
std::vector<blink::WebMediaKeySystemMediaCapability> audio_capabilities; |
if (!GetSupportedCapabilities(key_system, candidate.audioCapabilities, |
- &audio_capabilities)) { |
+ EmeMediaType::AUDIO, &audio_capabilities, |
+ &permission_state)) { |
return CONFIGURATION_NOT_SUPPORTED; |
} |
@@ -274,17 +381,38 @@ static ConfigurationSupport GetSupportedConfiguration( |
// configuration's distinctiveIdentifier value to "required". |
// - Otherwise, change accumulated configuration's distinctiveIdentifier |
// value to "not-allowed". |
- // (Without robustness support, capabilities do not affect this.) |
- // TODO(sandersd): Implement robustness. http://crbug.com/442586 |
if (accumulated_configuration->distinctiveIdentifier == |
blink::WebMediaKeySystemConfiguration::Requirement::Optional) { |
- if (IsDistinctiveIdentifierRequirementSupported( |
- key_system, EME_FEATURE_NOT_ALLOWED, is_permission_possible)) { |
+ EmeRequirementSupport not_allowed_support = |
+ GetDistinctiveIdentifierRequirementSupport( |
+ key_system, EME_FEATURE_NOT_ALLOWED); |
+ EmeRequirementSupport required_support = |
+ GetDistinctiveIdentifierRequirementSupport( |
+ key_system, EME_FEATURE_REQUIRED); |
+ bool not_allowed_support_valid = |
+ permission_state.IsRequirementSupported(not_allowed_support); |
+ bool required_support_valid = |
+ permission_state.IsRequirementSupported(required_support); |
+ if (not_allowed_support_valid && required_support_valid) { |
+ if (permission_state.IsPermissionRequired()) { |
+ accumulated_configuration->distinctiveIdentifier = |
+ blink::WebMediaKeySystemConfiguration::Requirement::Required; |
+ permission_state.AddRequirement(required_support); |
+ } else { |
+ accumulated_configuration->distinctiveIdentifier = |
+ blink::WebMediaKeySystemConfiguration::Requirement::NotAllowed; |
+ permission_state.AddRequirement(not_allowed_support); |
+ } |
+ } else if (not_allowed_support_valid) { |
accumulated_configuration->distinctiveIdentifier = |
blink::WebMediaKeySystemConfiguration::Requirement::NotAllowed; |
- } else { |
+ permission_state.AddRequirement(not_allowed_support); |
+ } else if (required_support_valid) { |
accumulated_configuration->distinctiveIdentifier = |
blink::WebMediaKeySystemConfiguration::Requirement::Required; |
+ permission_state.AddRequirement(required_support); |
+ } else { |
+ return CONFIGURATION_NOT_SUPPORTED; |
} |
} |
@@ -298,44 +426,48 @@ static ConfigurationSupport GetSupportedConfiguration( |
// to "not-allowed". |
if (accumulated_configuration->persistentState == |
blink::WebMediaKeySystemConfiguration::Requirement::Optional) { |
- if (IsPersistentStateRequirementSupported( |
- key_system, EME_FEATURE_NOT_ALLOWED, is_permission_possible)) { |
+ EmeRequirementSupport not_allowed_support = |
+ GetPersistentStateRequirementSupport( |
+ key_system, EME_FEATURE_NOT_ALLOWED); |
+ EmeRequirementSupport required_support = |
+ GetPersistentStateRequirementSupport( |
+ key_system, EME_FEATURE_REQUIRED); |
+ bool not_allowed_support_valid = |
+ permission_state.IsRequirementSupported(not_allowed_support); |
+ bool required_support_valid = |
+ permission_state.IsRequirementSupported(required_support); |
+ if (not_allowed_support_valid) { |
accumulated_configuration->persistentState = |
blink::WebMediaKeySystemConfiguration::Requirement::NotAllowed; |
- } else { |
+ permission_state.AddRequirement(not_allowed_support); |
+ } else if (required_support_valid) { |
accumulated_configuration->persistentState = |
blink::WebMediaKeySystemConfiguration::Requirement::Required; |
+ permission_state.AddRequirement(required_support); |
+ } else { |
+ return CONFIGURATION_NOT_SUPPORTED; |
} |
} |
// 11. If implementation in the configuration specified by the combination of |
// the values in accumulated configuration is not supported or not allowed |
// in the origin, return null. |
- di_requirement = |
- ConvertRequirement(accumulated_configuration->distinctiveIdentifier); |
- if (!IsDistinctiveIdentifierRequirementSupported(key_system, di_requirement, |
- is_permission_granted)) { |
- if (was_permission_requested) { |
- // The optional permission was requested and denied. |
- // TODO(sandersd): Avoid the need for this logic - crbug.com/460616. |
- DCHECK(candidate.distinctiveIdentifier == |
- blink::WebMediaKeySystemConfiguration::Requirement::Optional); |
- DCHECK(di_requirement == EME_FEATURE_REQUIRED); |
- DCHECK(!is_permission_granted); |
- accumulated_configuration->distinctiveIdentifier = |
- blink::WebMediaKeySystemConfiguration::Requirement::NotAllowed; |
- } else { |
- return CONFIGURATION_REQUIRES_PERMISSION; |
- } |
+ |
+ // Enforce that distinctiveIdentifier is equivalent to the encrypted media |
+ // permission. |
+ if (permission_state.IsPermissionRequired() != |
+ (accumulated_configuration->distinctiveIdentifier == |
+ blink::WebMediaKeySystemConfiguration::Requirement::Required)) { |
+ return CONFIGURATION_NOT_SUPPORTED; |
} |
- ps_requirement = |
- ConvertRequirement(accumulated_configuration->persistentState); |
- if (!IsPersistentStateRequirementSupported(key_system, ps_requirement, |
- is_permission_granted)) { |
- DCHECK(!was_permission_requested); // Should have failed at step 5. |
+ // If the combination of permissions cannot be satisfied, give up. |
+ if (!permission_state.IsValid()) |
+ return CONFIGURATION_NOT_SUPPORTED; |
+ |
+ // If a permission is required but has not been requested, prompt. |
+ if (permission_state.IsPermissionRequestRequired()) |
return CONFIGURATION_REQUIRES_PERMISSION; |
- } |
// 12. Return accumulated configuration. |
// (As an extra step, we record the available session types so that |
@@ -344,13 +476,15 @@ static ConfigurationSupport GetSupportedConfiguration( |
session_types.push_back(blink::WebEncryptedMediaSessionType::Temporary); |
if (accumulated_configuration->persistentState == |
blink::WebMediaKeySystemConfiguration::Requirement::Required) { |
- if (IsPersistentLicenseSessionSupported(key_system, |
- is_permission_granted)) { |
+ // TODO(sandersd): This should happen sooner so that it can affect the |
+ // permission state. |
+ if (permission_state.IsRequirementSupportedWithoutPrompt( |
+ GetPersistentLicenseSessionSupport(key_system))) { |
session_types.push_back( |
blink::WebEncryptedMediaSessionType::PersistentLicense); |
} |
- if (IsPersistentReleaseMessageSessionSupported(key_system, |
- is_permission_granted)) { |
+ if (permission_state.IsRequirementSupportedWithoutPrompt( |
+ GetPersistentReleaseMessageSessionSupport(key_system))) { |
session_types.push_back( |
blink::WebEncryptedMediaSessionType::PersistentReleaseMessage); |
} |
@@ -447,6 +581,7 @@ void WebEncryptedMediaClientImpl::requestMediaKeySystemAccess( |
} |
// 7.2-7.4. Implemented by SelectSupportedConfiguration(). |
+ // TODO(sandersd): Query the permission first. |
SelectSupportedConfiguration(request, false, false); |
} |
@@ -474,8 +609,8 @@ void WebEncryptedMediaClientImpl::SelectSupportedConfiguration( |
// new MediaKeySystemAccess object.] |
blink::WebMediaKeySystemConfiguration accumulated_configuration; |
ConfigurationSupport supported = GetSupportedConfiguration( |
- key_system, candidate_configuration, &accumulated_configuration, |
- was_permission_requested, is_permission_granted); |
+ key_system, candidate_configuration, was_permission_requested, |
+ is_permission_granted, &accumulated_configuration); |
switch (supported) { |
case CONFIGURATION_NOT_SUPPORTED: |
continue; |