Implement robustness strings in requestMediaKeySystemAccess().

media/base/key_systems.cc

Index: media/base/key_systems.cc
diff --git a/media/base/key_systems.cc b/media/base/key_systems.cc
index db12a13919196536d6de8b0dc1ff7ca7deea26ed..f3007da613dad7057a607d1636d03cf707551bf6 100644
--- a/media/base/key_systems.cc
+++ b/media/base/key_systems.cc
@@ -75,6 +75,23 @@ static NamedCodec kCodecStrings[] = {
 #endif  // defined(USE_PROPRIETARY_CODECS)
 };
 
+static EmeConfigRule ConvertSessionTypeSupport(
+    EmeSessionTypeSupport support) {
+  switch (support) {
+    case EME_SESSION_TYPE_INVALID:
+      NOTREACHED();
+      return EmeConfigRule::NOT_SUPPORTED;
+    case EME_SESSION_TYPE_NOT_SUPPORTED:
+      return EmeConfigRule::NOT_SUPPORTED;
+    case EME_SESSION_TYPE_SUPPORTED_WITH_PERMISSION:
+      return EmeConfigRule::PERMISSION_REQUIRED;
+    case EME_SESSION_TYPE_SUPPORTED:
+      return EmeConfigRule::SUPPORTED;
+  }
+  NOTREACHED();
+  return EmeConfigRule::NOT_SUPPORTED;
+}
+
 static void AddClearKey(std::vector<KeySystemInfo>* concrete_key_systems) {
   KeySystemInfo info;
   info.key_system = kClearKeyKeySystem;
@@ -189,23 +206,24 @@ class KeySystems {
   std::string GetPepperType(const std::string& concrete_key_system);
 #endif
 
-  bool IsPersistentLicenseSessionSupported(
+  EmeConfigRule GetRobustnessConfigRule(
       const std::string& key_system,
-      bool is_permission_granted);
+      EmeMediaType media_type,
+      EmeRobustness robustness);
 
-  bool IsPersistentReleaseMessageSessionSupported(
-      const std::string& key_system,
-      bool is_permission_granted);
+  EmeConfigRule GetPersistentLicenseSessionConfigRule(
+      const std::string& key_system);
 
-  bool IsPersistentStateRequirementSupported(
+  EmeConfigRule GetPersistentReleaseMessageSessionConfigRule(
+      const std::string& key_system);
+
+  EmeConfigRule GetPersistentStateConfigRule(
       const std::string& key_system,
-      EmeFeatureRequirement requirement,
-      bool is_permission_granted);
+      EmeFeatureRequirement requirement);
 
-  bool IsDistinctiveIdentifierRequirementSupported(
+  EmeConfigRule GetDistinctiveIdentifierConfigRule(
       const std::string& key_system,
-      EmeFeatureRequirement requirement,
-      bool is_permission_granted);
+      EmeFeatureRequirement requirement);
 
   void AddContainerMask(const std::string& container, uint32 mask);
   void AddCodecMask(const std::string& codec, uint32 mask);
@@ -392,45 +410,42 @@ void KeySystems::AddConcreteSupportedKeySystems(
 
   for (const KeySystemInfo& info : concrete_key_systems) {
     DCHECK(!info.key_system.empty());
-    DCHECK_NE(info.persistent_license_support, EME_SESSION_TYPE_INVALID);
-    DCHECK_NE(info.persistent_release_message_support,
-              EME_SESSION_TYPE_INVALID);
-    // TODO(sandersd): Add REQUESTABLE and REQUESTABLE_WITH_PERMISSION for
-    // persistent_state_support once we can block access per-CDM-instance
-    // (http://crbug.com/457482).
-    DCHECK(info.persistent_state_support == EME_FEATURE_NOT_SUPPORTED ||
-           info.persistent_state_support == EME_FEATURE_ALWAYS_ENABLED);
-// TODO(sandersd): Allow REQUESTABLE_WITH_PERMISSION for all key systems on
-// all platforms once we have proper enforcement (http://crbug.com/457482).
-// On Chrome OS, an ID will not be used without permission, but we cannot
-// currently prevent the CDM from requesting the permission again when no
-// there was no initial prompt. Thus, we block "not-allowed" below.
-#if defined(OS_CHROMEOS)
-    DCHECK(info.distinctive_identifier_support == EME_FEATURE_NOT_SUPPORTED ||
-           (info.distinctive_identifier_support ==
-                EME_FEATURE_REQUESTABLE_WITH_PERMISSION &&
-            info.key_system == kWidevineKeySystem) ||
-           info.distinctive_identifier_support == EME_FEATURE_ALWAYS_ENABLED);
-#else
-    DCHECK(info.distinctive_identifier_support == EME_FEATURE_NOT_SUPPORTED ||
-           info.distinctive_identifier_support == EME_FEATURE_ALWAYS_ENABLED);
-#endif
+    DCHECK(info.max_audio_robustness != EmeRobustness::INVALID);
+    DCHECK(info.max_video_robustness != EmeRobustness::INVALID);
+    DCHECK(info.persistent_license_support != EME_SESSION_TYPE_INVALID);
+    DCHECK(info.persistent_release_message_support != EME_SESSION_TYPE_INVALID);
+    DCHECK(info.persistent_state_support != EME_FEATURE_INVALID);
+    DCHECK(info.distinctive_identifier_support != EME_FEATURE_INVALID);
+
+    // If persistent state is not supported, then persistent sessions are not
+    // either. This is enforced in requestMediaKeySystemAccess(), but we want
+    // to catch the miconfiguration early.
     if (info.persistent_state_support == EME_FEATURE_NOT_SUPPORTED) {
-      DCHECK_EQ(info.persistent_license_support,
-                EME_SESSION_TYPE_NOT_SUPPORTED);
-      DCHECK_EQ(info.persistent_release_message_support,
-                EME_SESSION_TYPE_NOT_SUPPORTED);
+      DCHECK(info.persistent_license_support == EME_SESSION_TYPE_NOT_SUPPORTED);
+      DCHECK(info.persistent_release_message_support ==
+             EME_SESSION_TYPE_NOT_SUPPORTED);
     }
-    DCHECK(!IsSupportedKeySystem(info.key_system))
-        << "Key system '" << info.key_system << "' already registered";
-    DCHECK(!parent_key_system_map_.count(info.key_system))
-        <<  "'" << info.key_system << "' is already registered as a parent";
+

[ddorwin, 2015/03/16 23:25:08]

// Do not allow registration because it is not currently supported:
http://crbug.com/448888.
DCHECK(info.persistent_release_message_support == EME_FEATURE_NOT_SUPPORTED);

[sandersd (OOO until July 31), 2015/03/17 22:10:39]

Done.

+    // Distinctive identifiers always require permission.
+    DCHECK(info.distinctive_identifier_support != EME_FEATURE_REQUESTABLE);
+
+    // Distinctive identifiers and persistent state can only be reliably blocked
+    // for PPAPI key systems.

[ddorwin, 2015/03/16 23:25:08]

nit: s/PPAPI/Pepper-hosted/

new sentence - something like: Do not allow registration with non-absolute
values on other platforms.

[sandersd (OOO until July 31), 2015/03/17 22:10:39]

Done.

+    bool can_block = false;
 #if defined(ENABLE_PEPPER_CDMS)
     DCHECK_EQ(info.use_aes_decryptor, info.pepper_type.empty());
+    can_block = !info.pepper_type.empty();
 #endif
+    if (!can_block) {
+      DCHECK(info.distinctive_identifier_support == EME_FEATURE_NOT_SUPPORTED ||

[ddorwin, 2015/03/16 23:25:08]

Should we be checking persistent state too?

[sandersd (OOO until July 31), 2015/03/17 22:10:39]

Done.

+             info.distinctive_identifier_support == EME_FEATURE_ALWAYS_ENABLED);
+    }
 
+    DCHECK(!IsSupportedKeySystem(info.key_system))
+        << "Key system '" << info.key_system << "' already registered";
+    DCHECK(!parent_key_system_map_.count(info.key_system))
+        <<  "'" << info.key_system << "' is already registered as a parent";
     concrete_key_system_map_[info.key_system] = info;
-
     if (!info.parent_key_system.empty()) {
       DCHECK(!IsConcreteSupportedKeySystem(info.parent_key_system))
           << "Parent '" << info.parent_key_system << "' "
@@ -618,132 +633,146 @@ std::string KeySystems::GetPepperType(const std::string& concrete_key_system) {
 }
 #endif
 
-bool KeySystems::IsPersistentLicenseSessionSupported(
+EmeConfigRule KeySystems::GetRobustnessConfigRule(
     const std::string& key_system,
-    bool is_permission_granted) {
+    EmeMediaType media_type,
+    EmeRobustness robustness) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
+  if (robustness == EmeRobustness::INVALID)
+    return EmeConfigRule::NOT_SUPPORTED;
+  if (robustness == EmeRobustness::EMPTY)
+    return EmeConfigRule::SUPPORTED;
+
   KeySystemInfoMap::const_iterator key_system_iter =
       concrete_key_system_map_.find(key_system);
   if (key_system_iter == concrete_key_system_map_.end()) {
     NOTREACHED();
-    return false;
+    return EmeConfigRule::NOT_SUPPORTED;
   }
 
-  switch (key_system_iter->second.persistent_license_support) {
-    case EME_SESSION_TYPE_INVALID:
-      NOTREACHED();
-      return false;
-    case EME_SESSION_TYPE_NOT_SUPPORTED:
-      return false;
-    case EME_SESSION_TYPE_SUPPORTED_WITH_PERMISSION:
-      return is_permission_granted;
-    case EME_SESSION_TYPE_SUPPORTED:
-      return true;
+  EmeRobustness max_robustness = EmeRobustness::INVALID;
+  switch (media_type) {
+    case EmeMediaType::AUDIO:
+      max_robustness = key_system_iter->second.max_audio_robustness;
+      break;
+    case EmeMediaType::VIDEO:
+      max_robustness = key_system_iter->second.max_video_robustness;
+      break;
   }
 
-  NOTREACHED();
-  return false;
+#if defined(OS_CHROMEOS)
+  if (key_system == kWidevineKeySystem) {
+    // CrOS Widevine supports L1 when remote attestation succeeds, but the
+    // encrypted media permission is required to do so. Even when not strictly
+    // requred, we prefer to support L1 for video because it allows hardware
+    // acceleration to be used.
+    // TODO(sandersd): Only recommend permission when hardware acceleration is
+    // available for the specific codecs requested.
+    EmeConfigRule recommendation =
+        (media_type == EmeMediaType::VIDEO)
+            ? EmeConfigRule::PERMISSION_RECOMMENDED
+            : EmeConfigRule::SUPPORTED;
+    return (robustness <= max_robustness)

[ddorwin, 2015/03/16 23:25:08]

You could get rid of this by having
#else
  recommendation = EmeConfigRule::SUPPORTED;

and replacing line 683.

[sandersd (OOO until July 31), 2015/03/17 22:10:39]

See next comment.

+        ? recommendation
+        : EmeConfigRule::PERMISSION_REQUIRED;

[ddorwin, 2015/03/16 23:25:08]

Otherwise: NOT_SUPPORTED, right?

[sandersd (OOO until July 31), 2015/03/17 22:10:39]

This is confusing because I am imagining that max_robustness will be L3. (Thus
everything above max_robustness is in fact supported, as long as RA succeeds.)
It may make more sense to hardcode both limits, WDYT?

+  }
+#endif  // defined(OS_CHROMEOS)
+
+  return (robustness <= max_robustness)
+      ? EmeConfigRule::SUPPORTED
+      : EmeConfigRule::NOT_SUPPORTED;
 }
 
-bool KeySystems::IsPersistentReleaseMessageSessionSupported(
-    const std::string& key_system,
-    bool is_permission_granted) {
+EmeConfigRule KeySystems::GetPersistentLicenseSessionConfigRule(
+    const std::string& key_system) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   KeySystemInfoMap::const_iterator key_system_iter =
       concrete_key_system_map_.find(key_system);
   if (key_system_iter == concrete_key_system_map_.end()) {
     NOTREACHED();
-    return false;
+    return EmeConfigRule::NOT_SUPPORTED;
   }
+  return ConvertSessionTypeSupport(
+      key_system_iter->second.persistent_license_support);
+}
 
-  switch (key_system_iter->second.persistent_release_message_support) {
-    case EME_SESSION_TYPE_INVALID:
-      NOTREACHED();
-      return false;
-    case EME_SESSION_TYPE_NOT_SUPPORTED:
-      return false;
-    case EME_SESSION_TYPE_SUPPORTED_WITH_PERMISSION:
-      return is_permission_granted;
-    case EME_SESSION_TYPE_SUPPORTED:
-      return true;
-  }
+EmeConfigRule KeySystems::GetPersistentReleaseMessageSessionConfigRule(
+    const std::string& key_system) {
+  DCHECK(thread_checker_.CalledOnValidThread());
 
-  NOTREACHED();
-  return false;
+  KeySystemInfoMap::const_iterator key_system_iter =
+      concrete_key_system_map_.find(key_system);
+  if (key_system_iter == concrete_key_system_map_.end()) {
+    NOTREACHED();
+    return EmeConfigRule::NOT_SUPPORTED;
+  }
+  return ConvertSessionTypeSupport(
+      key_system_iter->second.persistent_release_message_support);
 }
 
-bool KeySystems::IsPersistentStateRequirementSupported(
+EmeConfigRule KeySystems::GetPersistentStateConfigRule(
     const std::string& key_system,
-    EmeFeatureRequirement requirement,
-    bool is_permission_granted) {
+    EmeFeatureRequirement requirement) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   KeySystemInfoMap::const_iterator key_system_iter =
       concrete_key_system_map_.find(key_system);
   if (key_system_iter == concrete_key_system_map_.end()) {
     NOTREACHED();
-    return false;
+    return EmeConfigRule::NOT_SUPPORTED;
   }
 
-  switch (key_system_iter->second.persistent_state_support) {
-    case EME_FEATURE_INVALID:
-      NOTREACHED();
-      return false;
-    case EME_FEATURE_NOT_SUPPORTED:
-      return requirement != EME_FEATURE_REQUIRED;
-    case EME_FEATURE_REQUESTABLE_WITH_PERMISSION:
-      return (requirement != EME_FEATURE_REQUIRED) || is_permission_granted;
-    case EME_FEATURE_REQUESTABLE:
-      return true;
-    case EME_FEATURE_ALWAYS_ENABLED:
-      // Persistent state does not require user permission, but the session
-      // types that use it might.
-      return requirement != EME_FEATURE_NOT_ALLOWED;
+  EmeFeatureSupport support = key_system_iter->second.persistent_state_support;
+  if (support == EME_FEATURE_NOT_SUPPORTED &&
+      requirement == EME_FEATURE_REQUIRED) {
+    return EmeConfigRule::NOT_SUPPORTED;
+  }
+  if (support == EME_FEATURE_ALWAYS_ENABLED &&
+      requirement == EME_FEATURE_NOT_ALLOWED) {

[ddorwin, 2015/03/16 23:25:08]

It is line 440 that ensures that EME_FEATURE_REQUESTABLE* is either not allowed
or is properly blockable for not-allowed, right?

It's probably worth commenting that here. Another option would be to put the
code at line 440 into a function and call it here and there.

[sandersd (OOO until July 31), 2015/03/17 22:10:39]

It turns out that the state table is really simple, there are only two cases
that are NOT_SUPPORTED; the rest are always supported in some capacity (how
exactly is different for PS and DI). If we didn't block those options at
registration, they would still be handled correctly here.

+    return EmeConfigRule::NOT_SUPPORTED;
   }
 
-  NOTREACHED();
-  return false;
+  // Permission is required only if the feature requires it; permission may
+  // still be required for individual persistent session types. Permission
+  // for optional requirements will be handled when they are resolved to

[ddorwin, 2015/03/16 23:25:08]

Just so I understand, EME_FEATURE_OPTIONAL could get here and fall through to
line 745 (on the first pass), right?

[sandersd (OOO until July 31), 2015/03/17 22:10:39]

Indeed.

+  // a specific value.
+  if (support == EME_FEATURE_REQUESTABLE_WITH_PERMISSION &&
+      requirement == EME_FEATURE_REQUIRED) {
+    return EmeConfigRule::PERMISSION_REQUIRED;
+  }
+  return EmeConfigRule::SUPPORTED;
 }
 
-bool KeySystems::IsDistinctiveIdentifierRequirementSupported(
+EmeConfigRule KeySystems::GetDistinctiveIdentifierConfigRule(
     const std::string& key_system,
-    EmeFeatureRequirement requirement,
-    bool is_permission_granted) {
+    EmeFeatureRequirement requirement) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   KeySystemInfoMap::const_iterator key_system_iter =
       concrete_key_system_map_.find(key_system);
   if (key_system_iter == concrete_key_system_map_.end()) {
     NOTREACHED();
-    return false;
+    return EmeConfigRule::NOT_SUPPORTED;
   }
 
-  switch (key_system_iter->second.distinctive_identifier_support) {
-    case EME_FEATURE_INVALID:
-      NOTREACHED();
-      return false;
-    case EME_FEATURE_NOT_SUPPORTED:
-      return requirement != EME_FEATURE_REQUIRED;
-    case EME_FEATURE_REQUESTABLE_WITH_PERMISSION:
-      // TODO(sandersd): Remove this hack once crbug.com/457482 and
-      // crbug.com/460616 are addressed.
-      // We cannot currently enforce "not-allowed", so don't allow it.
-      // Note: Removing this check will expose crbug.com/460616.
-      if (requirement == EME_FEATURE_NOT_ALLOWED)
-        return false;
-      return (requirement != EME_FEATURE_REQUIRED) || is_permission_granted;
-    case EME_FEATURE_REQUESTABLE:
-      NOTREACHED();
-      return true;
-    case EME_FEATURE_ALWAYS_ENABLED:
-      // Distinctive identifiers always require user permission.
-      return (requirement != EME_FEATURE_NOT_ALLOWED) && is_permission_granted;
+  EmeFeatureSupport support =
+      key_system_iter->second.distinctive_identifier_support;
+  if (support == EME_FEATURE_NOT_SUPPORTED &&
+      requirement == EME_FEATURE_REQUIRED) {
+    return EmeConfigRule::NOT_SUPPORTED;
+  }
+  if (support == EME_FEATURE_ALWAYS_ENABLED &&
+      requirement == EME_FEATURE_NOT_ALLOWED) {

[ddorwin, 2015/03/16 23:25:08]

ditto

[sandersd (OOO until July 31), 2015/03/17 22:10:39]

Acknowledged.

+    return EmeConfigRule::NOT_SUPPORTED;
   }
 
-  NOTREACHED();
-  return false;
+  // Permission is always required, but permission for optional requirements
+  // will be handled when they are resolved to a specific value.
+  if (requirement == EME_FEATURE_REQUIRED)
+    return EmeConfigRule::PERMISSION_REQUIRED;
+  return EmeConfigRule::SUPPORTED;
 }
 
 void KeySystems::AddContainerMask(const std::string& container, uint32 mask) {
@@ -848,34 +877,38 @@ std::string GetPepperType(const std::string& concrete_key_system) {
 }
 #endif
 
-bool IsPersistentLicenseSessionSupported(
+EmeConfigRule GetRobustnessConfigRule(
     const std::string& key_system,
-    bool is_permission_granted) {
-  return KeySystems::GetInstance().IsPersistentLicenseSessionSupported(
-      key_system, is_permission_granted);
+    EmeMediaType media_type,
+    EmeRobustness robustness) {
+  return KeySystems::GetInstance().GetRobustnessConfigRule(
+      key_system, media_type, robustness);
 }
 
-bool IsPersistentReleaseMessageSessionSupported(
-    const std::string& key_system,
-    bool is_permission_granted) {
-  return KeySystems::GetInstance().IsPersistentReleaseMessageSessionSupported(
-      key_system, is_permission_granted);
+EmeConfigRule GetPersistentLicenseSessionConfigRule(
+    const std::string& key_system) {
+  return KeySystems::GetInstance().GetPersistentLicenseSessionConfigRule(
+      key_system);
+}
+
+EmeConfigRule GetPersistentReleaseMessageSessionConfigRule(
+    const std::string& key_system) {
+  return KeySystems::GetInstance().GetPersistentReleaseMessageSessionConfigRule(
+      key_system);
 }
 
-bool IsPersistentStateRequirementSupported(
+EmeConfigRule GetPersistentStateConfigRule(
     const std::string& key_system,
-    EmeFeatureRequirement requirement,
-    bool is_permission_granted) {
-  return KeySystems::GetInstance().IsPersistentStateRequirementSupported(
-      key_system, requirement, is_permission_granted);
+    EmeFeatureRequirement requirement) {
+  return KeySystems::GetInstance().GetPersistentStateConfigRule(
+      key_system, requirement);
 }
 
-bool IsDistinctiveIdentifierRequirementSupported(
+EmeConfigRule GetDistinctiveIdentifierConfigRule(
     const std::string& key_system,
-    EmeFeatureRequirement requirement,
-    bool is_permission_granted) {
-  return KeySystems::GetInstance().IsDistinctiveIdentifierRequirementSupported(
-      key_system, requirement, is_permission_granted);
+    EmeFeatureRequirement requirement) {
+  return KeySystems::GetInstance().GetDistinctiveIdentifierConfigRule(
+      key_system, requirement);
 }
 
 // These two functions are for testing purpose only. The declaration in the