Restrict use of hardware-secure codecs based on the RendererPreference.

media/blink/key_system_config_selector.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "key_system_config_selector.h"
 
 #include "base/bind.h"
 #include "base/logging.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
@@ skipping 118 matching lines @@
 struct KeySystemConfigSelector::SelectionRequest {
   std::string key_system;
   blink::WebVector<blink::WebMediaKeySystemConfiguration>
       candidate_configurations;
   blink::WebSecurityOrigin security_origin;
   base::Callback<void(const blink::WebMediaKeySystemConfiguration&)>
       succeeded_cb;
   base::Callback<void(const blink::WebString&)> not_supported_cb;
   bool was_permission_requested = false;
   bool is_permission_granted = false;
+#if defined(OS_ANDROID)
+  bool allow_secure_surfaces = false;
+#endif  // defined(OS_ANDROID)
 };
 
 // Accumulates configuration rules to determine if a feature (additional
 // configuration rule) can be added to an accumulated configuration.
 class KeySystemConfigSelector::ConfigState {
  public:
   ConfigState(bool was_permission_requested, bool is_permission_granted)
       : was_permission_requested_(was_permission_requested),
         is_permission_granted_(is_permission_granted) {}
 
   bool IsPermissionGranted() const { return is_permission_granted_; }
 
   // Permission is possible if it has not been denied.
   bool IsPermissionPossible() const {
     return is_permission_granted_ || !was_permission_requested_;
   }
 
   bool IsIdentifierRequired() const { return is_identifier_required_; }
 
   bool IsIdentifierRecommended() const { return is_identifier_recommended_; }
 
+  bool AreSecureCodecsRequired() const { return are_secure_codecs_required_; }
+
   // Checks whether a rule is compatible with all previously added rules.
   bool IsRuleSupported(EmeConfigRule rule) const {
     switch (rule) {
       case EmeConfigRule::NOT_SUPPORTED:
         return false;
       case EmeConfigRule::IDENTIFIER_NOT_ALLOWED:
         return !is_identifier_required_;
       case EmeConfigRule::IDENTIFIER_REQUIRED:
         // TODO(sandersd): Confirm if we should be refusing these rules when
         // permission has been denied (as the spec currently says).
@@ skipping 215 matching lines @@
   // 5. Return media type capabilities.
   return true;
 }
 
 KeySystemConfigSelector::ConfigurationSupport
 KeySystemConfigSelector::GetSupportedConfiguration(
     const std::string& key_system,
     const blink::WebMediaKeySystemConfiguration& candidate,
     ConfigState* config_state,
     blink::WebMediaKeySystemConfiguration* accumulated_configuration) {
-  // TODO(sandersd): Set state of SECURE_CODECS from renderer pref.
   // From https://w3c.github.io/encrypted-media/#get-supported-configuration
   // 1. Let accumulated configuration be empty. (Done by caller.)
   // 2. If the initDataTypes member is present in candidate configuration, run
   //    the following steps:
   if (candidate.hasInitDataTypes) {
     // 2.1. Let supported types be empty.
     std::vector<blink::WebEncryptedMediaInitDataType> supported_types;
 
     // 2.2. For each value in candidate configuration's initDataTypes member:
     for (size_t i = 0; i < candidate.initDataTypes.size(); i++) {
@@ skipping 257 matching lines @@
   //     value of the candidate configuration's label member to accumulated
   //     configuration.
   accumulated_configuration->label = candidate.label;
 
   // 17. Return accumulated configuration.
   return CONFIGURATION_SUPPORTED;
 }
 
 void KeySystemConfigSelector::SelectConfig(
     const blink::WebString& key_system,
+#if defined(OS_ANDROID)
+    const bool allow_secure_surfaces,
+#endif  // defined(OS_ANDROID)
     const blink::WebVector<blink::WebMediaKeySystemConfiguration>&
         candidate_configurations,
     const blink::WebSecurityOrigin& security_origin,
     base::Callback<void(const blink::WebMediaKeySystemConfiguration&)>
         succeeded_cb,
     base::Callback<void(const blink::WebString&)> not_supported_cb) {
   // Continued from requestMediaKeySystemAccess(), step 7, from
   // https://w3c.github.io/encrypted-media/#requestmediakeysystemaccess
   //
   // 7.1. If keySystem is not one of the Key Systems supported by the user
   //      agent, reject promise with with a new DOMException whose name is
   //      NotSupportedError. String comparison is case-sensitive.
   if (!base::IsStringASCII(key_system)) {
     not_supported_cb.Run("Only ASCII keySystems are supported");
     return;
   }
 
   std::string key_system_ascii = base::UTF16ToASCII(key_system);
   if (!key_systems_->IsSupportedKeySystem(key_system_ascii)) {
     not_supported_cb.Run("Unsupported keySystem");
     return;
   }
 
   // 7.2-7.4. Implemented by OnSelectConfig().
   // TODO(sandersd): This should be async, ideally not on the main thread.
   scoped_ptr<SelectionRequest> request(new SelectionRequest());
   request->key_system = key_system_ascii;
+#if defined(OS_ANDROID)
+  request->allow_secure_surfaces = allow_secure_surfaces;
+#endif  // defined(OS_ANDROID)
   request->candidate_configurations = candidate_configurations;
   request->security_origin = security_origin;
   request->succeeded_cb = succeeded_cb;
   request->not_supported_cb = not_supported_cb;
   SelectConfigInternal(request.Pass());
 }
 
 void KeySystemConfigSelector::SelectConfigInternal(
     scoped_ptr<SelectionRequest> request) {
   // Continued from requestMediaKeySystemAccess(), step 7.1, from
   // https://w3c.github.io/encrypted-media/#requestmediakeysystemaccess
   //
   // 7.2. Let implementation be the implementation of keySystem.
   //      (|key_systems_| fills this role.)
   // 7.3. For each value in supportedConfigurations:
   for (size_t i = 0; i < request->candidate_configurations.size(); i++) {
     // 7.3.1. Let candidate configuration be the value.
     // 7.3.2. Let supported configuration be the result of executing the Get
     //        Supported Configuration algorithm on implementation, candidate
     //        configuration, and origin.
     // 7.3.3. If supported configuration is not null, [initialize and return a
     //        new MediaKeySystemAccess object.]
     ConfigState config_state(request->was_permission_requested,
                              request->is_permission_granted);
+#if defined(OS_ANDROID)
+    // On Android, hardware-secure codecs are not allowed when the renderer
+    // preference is not enabled.

[ddorwin, 2015/05/06 02:17:11]

This comment is specific to code outside the function.

[sandersd (OOO until July 31), 2015/05/08 00:37:42]

Done.

+    DCHECK(config_state.IsRuleSupported(
+        EmeConfigRule::SECURE_CODECS_NOT_ALLOWED);
+    if (!request->allow_secure_surfaces)
+      config_state.AddRule(EmeConfigRule::SECURE_CODECS_NOT_ALLOWED);
+#endif  // defined(OS_ANDROID)
     blink::WebMediaKeySystemConfiguration accumulated_configuration;
     ConfigurationSupport support = GetSupportedConfiguration(
         request->key_system, request->candidate_configurations[i],
         &config_state, &accumulated_configuration);
     switch (support) {
       case CONFIGURATION_NOT_SUPPORTED:
         continue;
       case CONFIGURATION_REQUIRES_PERMISSION:
         if (request->was_permission_requested) {
           DVLOG(2) << "Rejecting requested configuration because "
                    << "permission was denied.";
           continue;
         }
         media_permission_->RequestPermission(
             MediaPermission::PROTECTED_MEDIA_IDENTIFIER,
             GURL(request->security_origin.toString()),
             base::Bind(&KeySystemConfigSelector::OnPermissionResult,
                        weak_factory_.GetWeakPtr(), base::Passed(&request)));
         return;
       case CONFIGURATION_SUPPORTED:
+#if defined(OS_ANDROID)
+        request->succeeded_cb.Run(accumulated_configuration,
+                                  config_state.AreSecureCodecsRequired());
+#else
         request->succeeded_cb.Run(accumulated_configuration);
+#endif  // defined(OS_ANDROID)
         return;
     }
   }
 
   // 7.4. Reject promise with a new DOMException whose name is
   //      NotSupportedError.
   request->not_supported_cb.Run(
       "None of the requested configurations were supported.");
 }
 
 void KeySystemConfigSelector::OnPermissionResult(
     scoped_ptr<SelectionRequest> request,
     bool is_permission_granted) {
   request->was_permission_requested = true;
   request->is_permission_granted = is_permission_granted;
   SelectConfigInternal(request.Pass());
 }
 
 }  // namespace media