Chromium Code Reviews Chromium Code Reviews
Issue 1005903003:
Implement robustness strings in requestMediaKeySystemAccess(). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: media/blink/webencryptedmediaclient_impl.cc |
| diff --git a/media/blink/webencryptedmediaclient_impl.cc b/media/blink/webencryptedmediaclient_impl.cc |
| index e770c4ec78786e5d5c7fade96f484b240b35d5a9..2ba2ecda007ebdd64a7efe7d9d2fb806063e24d5 100644 |
| --- a/media/blink/webencryptedmediaclient_impl.cc |
| +++ b/media/blink/webencryptedmediaclient_impl.cc |
| @@ -31,6 +31,117 @@ enum ConfigurationSupport { |
| CONFIGURATION_SUPPORTED, |
| }; |
| +// Accumulates configuration rules to determine if a feature (additional |
| +// configuration rule) can be added to an accumulated configuration. |
| +class ConfigState { |
| + public: |
| + ConfigState(bool was_permission_requested, bool is_permission_granted) |
| + : was_permission_requested_(was_permission_requested), |
| + is_permission_granted_(is_permission_granted), |
| + is_identifier_required_(false), |
| + is_identifier_recommended_(false){ |
| + } |
| + |
| + bool IsPermissionGranted() const { |
| + return is_permission_granted_; |
| + } |
| + |
| + // Permission is possible if it has not been denied. |
| + bool IsPermissionPossible() const { |
| + return is_permission_granted_ || !was_permission_requested_; |
| + } |
| + |
| + bool IsIdentifierRequired() const { |
| + return is_identifier_required_; |
| + } |
| + |
| + bool IsIdentifierRecommended() const { |
| + return is_identifier_recommended_; |
| + } |
| + |
| + // Checks whether a rule is compatible with all previously added rules. |
| + bool IsRuleSupported(EmeConfigRule rule) const { |
| + switch (rule) { |
| + case EmeConfigRule::NOT_SUPPORTED: |
| + return false; |
| + case EmeConfigRule::IDENTIFIER_REQUIRED: |
| + return IsPermissionPossible(); |
| + case EmeConfigRule::IDENTIFIER_RECOMMENDED: |
| + return true; |
| + case EmeConfigRule::SUPPORTED: |
| + return true; |
| + } |
| + NOTREACHED(); |
| + return false; |
| + } |
| + |
| + // Checks whether a rule is compatible with all previously added rules, and |
| + // can be accepted without needing to add it to the configuration state. This |
| + // allows considering more rules after the configuration state is final (that |
| + // is, after distinctiveIdentifier has been resolved). |
| + bool IsRuleSupportedWithCurrentState(EmeConfigRule rule) const { |
| + switch (rule) { |
| + case EmeConfigRule::NOT_SUPPORTED: |
| + return false; |
| + case EmeConfigRule::IDENTIFIER_REQUIRED: |
| + return is_permission_granted_; |
| + case EmeConfigRule::IDENTIFIER_RECOMMENDED: |
| + return true; |
| + case EmeConfigRule::SUPPORTED: |
| + return true; |
| + } |
| + NOTREACHED(); |
| + return false; |
| + } |
| + |
| + // Add a rule to the accumulated configuration state. |
| + void AddRule(EmeConfigRule rule) { |
| + switch (rule) { |
| + case EmeConfigRule::NOT_SUPPORTED: |
| + return; |
| + case EmeConfigRule::IDENTIFIER_REQUIRED: |
| + is_identifier_required_ = true; |
| + return; |
| + case EmeConfigRule::IDENTIFIER_RECOMMENDED: |
| + is_identifier_recommended_ = true; |
| + return; |
| + case EmeConfigRule::SUPPORTED: |
| + return; |
| + } |
| + NOTREACHED(); |
| + } |
| + |
| + private: |
| + // Whether permission to use a distinctive identifier was requested. If set, |
| + // |is_permission_granted_| represents the final decision. |
| + const bool was_permission_requested_; |
| + |
| + // Whether permission to use a distinctive identifier has been granted. |
| + const bool is_permission_granted_; |
| + |
| + // Whether a rule has been added that requires a distinctive identifier. |
| + bool is_identifier_required_; |
| + |
| + // Whether a rule has been added that recommends a distinctive identifier. |
| + bool is_identifier_recommended_; |
| +}; |
| + |
| +static EmeRobustness ConvertRobustness(const blink::WebString& robustness) { |
| + if (robustness.isEmpty()) |
| + return EmeRobustness::EMPTY; |
| + if (robustness == "SW_SECURE_CRYPTO") |
| + return EmeRobustness::SW_SECURE_CRYPTO; |
| + if (robustness == "SW_SECURE_DECODE") |
| + return EmeRobustness::SW_SECURE_DECODE; |
| + if (robustness == "HW_SECURE_CRYPTO") |
| + return EmeRobustness::HW_SECURE_CRYPTO; |
| + if (robustness == "HW_SECURE_DECODE") |
| + return EmeRobustness::HW_SECURE_DECODE; |
| + if (robustness == "HW_SECURE_ALL") |
| + return EmeRobustness::HW_SECURE_ALL; |
| + return EmeRobustness::INVALID; |
| +} |
| + |
| static bool IsSupportedContentType(const std::string& key_system, |
| const std::string& mime_type, |
| const std::string& codecs) { |
| @@ -66,8 +177,10 @@ static bool GetSupportedCapabilities( |
| const std::string& key_system, |
| const blink::WebVector<blink::WebMediaKeySystemMediaCapability>& |
| capabilities, |
| + EmeMediaType media_type, |
| std::vector<blink::WebMediaKeySystemMediaCapability>* |
| - media_type_capabilities) { |
| + media_type_capabilities, |
| + ConfigState* config_state) { |
| // From |
| // https://w3c.github.io/encrypted-media/#get-supported-capabilities-for-media-type |
| // 1. Let accumulated capabilities be partial configuration. |
| @@ -80,8 +193,11 @@ static bool GetSupportedCapabilities( |
| // 3.2. Let robustness be the value's robustness member. |
| const blink::WebMediaKeySystemMediaCapability& capability = capabilities[i]; |
| // 3.3. If contentType is the empty string, return null. |
| - if (capability.mimeType.isEmpty()) |
| + if (capability.mimeType.isEmpty()) { |
| + DVLOG(2) << "Rejecting requested configuration because " |
| + << "a capability contentType was empty."; |
| return false; |
| + } |
| // 3.4-3.11. (Implemented by IsSupportedContentType().) |
| if (!base::IsStringASCII(capability.mimeType) || |
| !base::IsStringASCII(capability.codecs) || |
| @@ -91,25 +207,39 @@ static bool GetSupportedCapabilities( |
| continue; |
| } |
| // 3.12. If robustness is not the empty string, run the following steps: |
| - // (Robustness is not supported.) |
| - // TODO(sandersd): Implement robustness. http://crbug.com/442586 |
| if (!capability.robustness.isEmpty()) { |
| - LOG(WARNING) << "Configuration rejected because rubustness strings are " |
| - << "not yet supported."; |
| - continue; |
| + // 3.12.1. If robustness is an unrecognized value or not supported by |
| + // implementation, continue to the next iteration. String |
| + // comparison is case-sensitive. |
| + EmeConfigRule robustness_rule = GetRobustnessConfigRule( |
| + key_system, media_type, ConvertRobustness(capability.robustness)); |
| + if (!config_state->IsRuleSupported(robustness_rule)) |
| + continue; |
| + config_state->AddRule(robustness_rule); |
| + // 3.12.2. Add robustness to configuration. |
| + // (It's already added, we use capability as the configuration.) |
| } |
| // 3.13. If the user agent and implementation do not support playback of |
| // encrypted media data as specified by configuration, including all |
| // media types, in combination with accumulated capabilities, |
| // continue to the next iteration. |
| - // (Skipped as there are no configuration-based codec restrictions.) |
| + // (Skipped as there are no configuration-based codec restrictions. |
| + // There will be when the Android security level becomes configurable |
| + // based on robustness. http://crbug.com/467779) |
| // 3.14. Add configuration to media type capabilities. |
| media_type_capabilities->push_back(capability); |
| // 3.15. Add configuration to accumulated capabilities. |
| - // (Skipped as there are no configuration-based codec restrictions.) |
| + // (Skipped as there are no configuration-based codec restrictions. |
| + // Note that this is the local accumulated capabilities, the global |
| + // one is updated by the caller.) |
| } |
| // 4. If media type capabilities is empty, return null. |
| // 5. Return media type capabilities. |
| + if (media_type_capabilities->empty()) { |
|
ddorwin
2015/03/19 22:11:57
Move up under 4.
sandersd (OOO until July 31)
2015/03/19 23:05:43
Done.
|
| + DVLOG(2) << "Rejecting requested configuration because " |
| + << "no capabilities were supported."; |
| + return false; |
| + } |
| return !media_type_capabilities->empty(); |
|
ddorwin
2015/03/19 22:11:57
Just return true.
sandersd (OOO until July 31)
2015/03/19 23:05:44
Done.
|
| } |
| @@ -131,15 +261,10 @@ static EmeFeatureRequirement ConvertRequirement( |
| static ConfigurationSupport GetSupportedConfiguration( |
| const std::string& key_system, |
| const blink::WebMediaKeySystemConfiguration& candidate, |
| - blink::WebMediaKeySystemConfiguration* accumulated_configuration, |
| bool was_permission_requested, |
| - bool is_permission_granted) { |
| - DCHECK(was_permission_requested || !is_permission_granted); |
| - |
| - // It is possible to obtain user permission unless permission was already |
| - // requested and denied. |
| - bool is_permission_possible = |
| - !was_permission_requested || is_permission_granted; |
| + bool is_permission_granted, |
| + blink::WebMediaKeySystemConfiguration* accumulated_configuration) { |
| + ConfigState config_state(was_permission_requested, is_permission_granted); |
| // From https://w3c.github.io/encrypted-media/#get-supported-configuration |
| // 1. Let accumulated configuration be empty. (Done by caller.) |
| @@ -184,8 +309,11 @@ static ConfigurationSupport GetSupportedConfiguration( |
| } |
| // 2.3. If supported types is empty, return null. |
| - if (supported_types.empty()) |
| + if (supported_types.empty()) { |
| + DVLOG(2) << "Rejecting requested configuration because " |
| + << "no initDataType values were supported."; |
| return CONFIGURATION_NOT_SUPPORTED; |
| + } |
| // 2.4. Add supported types to accumulated configuration. |
| accumulated_configuration->initDataTypes = supported_types; |
| @@ -200,12 +328,16 @@ static ConfigurationSupport GetSupportedConfiguration( |
| // - "not-allowed": If the implementation requires a Distinctive |
| // Identifier in combination with accumulated configuration, return |
| // null. |
| - EmeFeatureRequirement di_requirement = |
| - ConvertRequirement(candidate.distinctiveIdentifier); |
| - if (!IsDistinctiveIdentifierRequirementSupported(key_system, di_requirement, |
| - is_permission_possible)) { |
| + // We also reject OPTIONAL when distinctive identifiers are ALWAYS_ENABLED and |
| + // permission has already been denied. This would happen anyway at step 11. |
| + EmeConfigRule di_rule = GetDistinctiveIdentifierConfigRule( |
| + key_system, ConvertRequirement(candidate.distinctiveIdentifier)); |
| + if (!config_state.IsRuleSupported(di_rule)) { |
| + DVLOG(2) << "Rejecting requested configuration because " |
| + << "the distinctiveIdentifier requirement was not supported."; |
| return CONFIGURATION_NOT_SUPPORTED; |
| } |
| + config_state.AddRule(di_rule); |
| // 4. Add the value of the candidate configuration's distinctiveIdentifier |
| // attribute to accumulated configuration. |
| @@ -219,12 +351,14 @@ static ConfigurationSupport GetSupportedConfiguration( |
| // - "optional": Continue. |
| // - "not-allowed": If the implementation requires persisting state in |
| // combination with accumulated configuration, return null. |
| - EmeFeatureRequirement ps_requirement = |
| - ConvertRequirement(candidate.persistentState); |
| - if (!IsPersistentStateRequirementSupported(key_system, ps_requirement, |
| - is_permission_possible)) { |
| + EmeConfigRule ps_rule = GetPersistentStateConfigRule( |
| + key_system, ConvertRequirement(candidate.persistentState)); |
| + if (!config_state.IsRuleSupported(ps_rule)) { |
| + DVLOG(2) << "Rejecting requested configuration because " |
| + << "the persistentState requirement was not supported."; |
| return CONFIGURATION_NOT_SUPPORTED; |
| } |
| + config_state.AddRule(ps_rule); |
| // 6. Add the value of the candidate configuration's persistentState |
| // attribute to accumulated configuration. |
| @@ -240,7 +374,8 @@ static ConfigurationSupport GetSupportedConfiguration( |
| // 7.2. If video capabilities is null, return null. |
| std::vector<blink::WebMediaKeySystemMediaCapability> video_capabilities; |
| if (!GetSupportedCapabilities(key_system, candidate.videoCapabilities, |
| - &video_capabilities)) { |
| + EmeMediaType::VIDEO, &video_capabilities, |
| + &config_state)) { |
| return CONFIGURATION_NOT_SUPPORTED; |
| } |
| @@ -258,7 +393,8 @@ static ConfigurationSupport GetSupportedConfiguration( |
| // 8.2. If audio capabilities is null, return null. |
| std::vector<blink::WebMediaKeySystemMediaCapability> audio_capabilities; |
| if (!GetSupportedCapabilities(key_system, candidate.audioCapabilities, |
| - &audio_capabilities)) { |
| + EmeMediaType::AUDIO, &audio_capabilities, |
| + &config_state)) { |
| return CONFIGURATION_NOT_SUPPORTED; |
| } |
| @@ -274,20 +410,50 @@ static ConfigurationSupport GetSupportedConfiguration( |
| // configuration's distinctiveIdentifier value to "required". |
| // - Otherwise, change accumulated configuration's distinctiveIdentifier |
| // value to "not-allowed". |
| - // (Without robustness support, capabilities do not affect this.) |
| - // TODO(sandersd): Implement robustness. http://crbug.com/442586 |
| if (accumulated_configuration->distinctiveIdentifier == |
| blink::WebMediaKeySystemConfiguration::Requirement::Optional) { |
| - if (IsDistinctiveIdentifierRequirementSupported( |
| - key_system, EME_FEATURE_NOT_ALLOWED, is_permission_possible)) { |
| - accumulated_configuration->distinctiveIdentifier = |
| - blink::WebMediaKeySystemConfiguration::Requirement::NotAllowed; |
| - } else { |
| + EmeConfigRule not_allowed_rule = |
| + GetDistinctiveIdentifierConfigRule(key_system, EME_FEATURE_NOT_ALLOWED); |
| + EmeConfigRule required_rule = |
| + GetDistinctiveIdentifierConfigRule(key_system, EME_FEATURE_REQUIRED); |
| + bool not_allowed_supported = config_state.IsRuleSupported(not_allowed_rule); |
| + bool required_supported = config_state.IsRuleSupported(required_rule); |
| + if (not_allowed_supported) { |
| + bool prefer_required = config_state.IsIdentifierRequired() || |
| + (config_state.IsIdentifierRecommended() && |
| + config_state.IsPermissionPossible()); |
| + if (required_supported && prefer_required) { |
| + accumulated_configuration->distinctiveIdentifier = |
| + blink::WebMediaKeySystemConfiguration::Requirement::Required; |
| + config_state.AddRule(required_rule); |
| + DCHECK(config_state.IsIdentifierRequired()); |
| + } else { |
| + accumulated_configuration->distinctiveIdentifier = |
| + blink::WebMediaKeySystemConfiguration::Requirement::NotAllowed; |
| + config_state.AddRule(not_allowed_rule); |
| + } |
| + } else if (required_supported) { |
| accumulated_configuration->distinctiveIdentifier = |
| blink::WebMediaKeySystemConfiguration::Requirement::Required; |
| + config_state.AddRule(required_rule); |
| + } else { |
| + // We should not have passed step 3. |
| + NOTREACHED(); |
| + return CONFIGURATION_NOT_SUPPORTED; |
| } |
| } |
| + // If permission is required but we couldn't enable it, reject the |
| + // configuration. |
| + if (config_state.IsIdentifierRequired() && |
| + accumulated_configuration->distinctiveIdentifier != |
| + blink::WebMediaKeySystemConfiguration::Requirement::Required) { |
| + DVLOG(2) << "Rejecting requested configuration because " |
| + << "distinctiveIdentifier was both not allowed and " |
|
ddorwin
2015/03/19 22:11:57
nit: I think the logic above is in the opposite or
sandersd (OOO until July 31)
2015/03/19 23:05:43
Done.
|
| + << "implicitly required."; |
| + return CONFIGURATION_NOT_SUPPORTED; |
| + } |
| + |
| // 10. If accumulated configuration's persistentState value is "optional", |
| // follow the steps for the first matching condition from the following |
| // list: |
| @@ -298,59 +464,54 @@ static ConfigurationSupport GetSupportedConfiguration( |
| // to "not-allowed". |
| if (accumulated_configuration->persistentState == |
| blink::WebMediaKeySystemConfiguration::Requirement::Optional) { |
| - if (IsPersistentStateRequirementSupported( |
| - key_system, EME_FEATURE_NOT_ALLOWED, is_permission_possible)) { |
| + EmeConfigRule not_allowed_rule = |
| + GetPersistentStateConfigRule(key_system, EME_FEATURE_NOT_ALLOWED); |
| + EmeConfigRule required_rule = |
| + GetPersistentStateConfigRule(key_system, EME_FEATURE_REQUIRED); |
| + bool not_allowed_supported = |
| + config_state.IsRuleSupportedWithCurrentState(not_allowed_rule); |
| + bool required_supported = |
| + config_state.IsRuleSupportedWithCurrentState(required_rule); |
| + if (not_allowed_supported) { |
| accumulated_configuration->persistentState = |
| blink::WebMediaKeySystemConfiguration::Requirement::NotAllowed; |
| - } else { |
| + } else if (required_supported) { |
| accumulated_configuration->persistentState = |
| blink::WebMediaKeySystemConfiguration::Requirement::Required; |
| + } else { |
| + // We should not have passed step 5. |
| + NOTREACHED(); |
| + return CONFIGURATION_NOT_SUPPORTED; |
| } |
| } |
| // 11. If implementation in the configuration specified by the combination of |
| // the values in accumulated configuration is not supported or not allowed |
| // in the origin, return null. |
| - di_requirement = |
| - ConvertRequirement(accumulated_configuration->distinctiveIdentifier); |
| - if (!IsDistinctiveIdentifierRequirementSupported(key_system, di_requirement, |
| - is_permission_granted)) { |
| - if (was_permission_requested) { |
| - // The optional permission was requested and denied. |
| - // TODO(sandersd): Avoid the need for this logic - crbug.com/460616. |
| - DCHECK(candidate.distinctiveIdentifier == |
| - blink::WebMediaKeySystemConfiguration::Requirement::Optional); |
| - DCHECK(di_requirement == EME_FEATURE_REQUIRED); |
| - DCHECK(!is_permission_granted); |
| - accumulated_configuration->distinctiveIdentifier = |
| - blink::WebMediaKeySystemConfiguration::Requirement::NotAllowed; |
| - } else { |
| + // |
| + // If accumulated configuration's distinctiveIdentifier value is |
| + // "required", [request user consent]. |
| + if (accumulated_configuration->distinctiveIdentifier == |
| + blink::WebMediaKeySystemConfiguration::Requirement::Required) { |
| + if (!config_state.IsPermissionGranted()) |
| return CONFIGURATION_REQUIRES_PERMISSION; |
| - } |
| - } |
| - |
| - ps_requirement = |
| - ConvertRequirement(accumulated_configuration->persistentState); |
| - if (!IsPersistentStateRequirementSupported(key_system, ps_requirement, |
| - is_permission_granted)) { |
| - DCHECK(!was_permission_requested); // Should have failed at step 5. |
| - return CONFIGURATION_REQUIRES_PERMISSION; |
| } |
| // 12. Return accumulated configuration. |
| - // (As an extra step, we record the available session types so that |
| - // createSession() can be synchronous.) |
| + // |
| + // We also record the available session types so that createSession() can be |
| + // synchronous. |
| std::vector<blink::WebEncryptedMediaSessionType> session_types; |
| session_types.push_back(blink::WebEncryptedMediaSessionType::Temporary); |
| if (accumulated_configuration->persistentState == |
| blink::WebMediaKeySystemConfiguration::Requirement::Required) { |
| - if (IsPersistentLicenseSessionSupported(key_system, |
| - is_permission_granted)) { |
| + if (config_state.IsRuleSupportedWithCurrentState( |
| + GetPersistentLicenseSessionConfigRule(key_system))) { |
| session_types.push_back( |
| blink::WebEncryptedMediaSessionType::PersistentLicense); |
| } |
| - if (IsPersistentReleaseMessageSessionSupported(key_system, |
| - is_permission_granted)) { |
| + if (config_state.IsRuleSupportedWithCurrentState( |
| + GetPersistentReleaseMessageSessionConfigRule(key_system))) { |
| session_types.push_back( |
| blink::WebEncryptedMediaSessionType::PersistentReleaseMessage); |
| } |
| @@ -474,13 +635,17 @@ void WebEncryptedMediaClientImpl::SelectSupportedConfiguration( |
| // new MediaKeySystemAccess object.] |
| blink::WebMediaKeySystemConfiguration accumulated_configuration; |
| ConfigurationSupport supported = GetSupportedConfiguration( |
| - key_system, candidate_configuration, &accumulated_configuration, |
| - was_permission_requested, is_permission_granted); |
| + key_system, candidate_configuration, was_permission_requested, |
| + is_permission_granted, &accumulated_configuration); |
| switch (supported) { |
| case CONFIGURATION_NOT_SUPPORTED: |
| continue; |
| case CONFIGURATION_REQUIRES_PERMISSION: |
| - DCHECK(!was_permission_requested); |
| + if (was_permission_requested) { |
| + DVLOG(2) << "Rejecting requested configuration because " |
| + << "permission was denied."; |
| + continue; |
| + } |
| media_permission_->RequestPermission( |
| MediaPermission::PROTECTED_MEDIA_IDENTIFIER, |
| GURL(request.securityOrigin().toString()), |
