Restrict use of hardware-secure codecs based on the RendererPreference.

media/blink/key_system_config_selector.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "key_system_config_selector.h"
 
 #include "base/bind.h"
 #include "base/logging.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
@@ skipping 113 matching lines @@
   return EmeConfigRule::PERSISTENCE_REQUIRED;
 }
 
 }  // namespace
 
 struct KeySystemConfigSelector::SelectionRequest {
   std::string key_system;
   blink::WebVector<blink::WebMediaKeySystemConfiguration>
       candidate_configurations;
   blink::WebSecurityOrigin security_origin;
-  base::Callback<void(const blink::WebMediaKeySystemConfiguration&)>
+  base::Callback<void(const blink::WebMediaKeySystemConfiguration&, bool)>
       succeeded_cb;
   base::Callback<void(const blink::WebString&)> not_supported_cb;
   bool was_permission_requested = false;
   bool is_permission_granted = false;
+  bool are_secure_surfaces_supported = false;
 };
 
 // Accumulates configuration rules to determine if a feature (additional
 // configuration rule) can be added to an accumulated configuration.
 class KeySystemConfigSelector::ConfigState {
  public:
   ConfigState(bool was_permission_requested, bool is_permission_granted)
       : was_permission_requested_(was_permission_requested),
         is_permission_granted_(is_permission_granted) {}
 
   bool IsPermissionGranted() const { return is_permission_granted_; }
 
   // Permission is possible if it has not been denied.
   bool IsPermissionPossible() const {
     return is_permission_granted_ || !was_permission_requested_;
   }
 
   bool IsIdentifierRequired() const { return is_identifier_required_; }
 
   bool IsIdentifierRecommended() const { return is_identifier_recommended_; }
 
+  bool AreSecureSurfacesRequired() const {
+    return are_secure_surfaces_required_;
+  }
+
   // Checks whether a rule is compatible with all previously added rules.
   bool IsRuleSupported(EmeConfigRule rule) const {
     switch (rule) {
       case EmeConfigRule::NOT_SUPPORTED:
         return false;
       case EmeConfigRule::IDENTIFIER_NOT_ALLOWED:
         return !is_identifier_required_;
       case EmeConfigRule::IDENTIFIER_REQUIRED:
         // TODO(sandersd): Confirm if we should be refusing these rules when
         // permission has been denied (as the spec currently says).
         return !is_identifier_not_allowed_ && IsPermissionPossible();
       case EmeConfigRule::IDENTIFIER_RECOMMENDED:
         return true;
       case EmeConfigRule::PERSISTENCE_NOT_ALLOWED:
         return !is_persistence_required_;
       case EmeConfigRule::PERSISTENCE_REQUIRED:
         return !is_persistence_not_allowed_;
       case EmeConfigRule::IDENTIFIER_AND_PERSISTENCE_REQUIRED:
         return (!is_identifier_not_allowed_ && IsPermissionPossible() &&
                 !is_persistence_not_allowed_);
-#if defined(OS_ANDROID)
-      case EmeConfigRule::SECURE_CODECS_NOT_ALLOWED:
-        return !are_secure_codecs_required_;
-      case EmeConfigRule::SECURE_CODECS_REQUIRED:
-        return !are_secure_codecs_not_allowed_;
-#endif  // defined(OS_ANDROID)
+      case EmeConfigRule::SECURE_SURFACES_NOT_REQUIRABLE:
+        return !are_secure_surfaces_required_;
+      case EmeConfigRule::SECURE_SURFACES_REQUIRED:
+        return !are_secure_surfaces_not_requirable_;
       case EmeConfigRule::SUPPORTED:
         return true;
     }
     NOTREACHED();
     return false;
   }
 
   // Add a rule to the accumulated configuration state.
   void AddRule(EmeConfigRule rule) {
     DCHECK(IsRuleSupported(rule));
@@ skipping 13 matching lines @@
       case EmeConfigRule::PERSISTENCE_NOT_ALLOWED:
         is_persistence_not_allowed_ = true;
         return;
       case EmeConfigRule::PERSISTENCE_REQUIRED:
         is_persistence_required_ = true;
         return;
       case EmeConfigRule::IDENTIFIER_AND_PERSISTENCE_REQUIRED:
         is_identifier_required_ = true;
         is_persistence_required_ = true;
         return;
-#if defined(OS_ANDROID)
-      case EmeConfigRule::SECURE_CODECS_NOT_ALLOWED:
-        are_secure_codecs_not_allowed_ = true;
+      case EmeConfigRule::SECURE_SURFACES_NOT_REQUIRABLE:
+        are_secure_surfaces_not_requirable_ = true;
         return;
-      case EmeConfigRule::SECURE_CODECS_REQUIRED:
-        are_secure_codecs_required_ = true;
+      case EmeConfigRule::SECURE_SURFACES_REQUIRED:
+        are_secure_surfaces_required_ = true;
         return;
-#endif  // defined(OS_ANDROID)
       case EmeConfigRule::SUPPORTED:
         return;
     }
     NOTREACHED();
   }
 
  private:
   // Whether permission to use a distinctive identifier was requested. If set,
   // |is_permission_granted_| represents the final decision.
   // (Not changed by adding rules.)
   bool was_permission_requested_;
 
   // Whether permission to use a distinctive identifier has been granted.
   // (Not changed by adding rules.)
   bool is_permission_granted_;
 
   // Whether a rule has been added that requires or blocks a distinctive
   // identifier.
   bool is_identifier_required_ = false;
   bool is_identifier_not_allowed_ = false;
 
   // Whether a rule has been added that recommends a distinctive identifier.
   bool is_identifier_recommended_ = false;
 
   // Whether a rule has been added that requires or blocks persistent state.
   bool is_persistence_required_ = false;
   bool is_persistence_not_allowed_ = false;
 
-#if defined(OS_ANDROID)
-  // Whether a rule has been added that requires or blocks secure codecs.
-  bool are_secure_codecs_required_ = false;
-  bool are_secure_codecs_not_allowed_ = false;
-#endif  // defined(OS_ANDROID)
+  // Whether a rule has been added that requires or blocks requiring secure
+  // surfaces.
+  bool are_secure_surfaces_required_ = false;
+  bool are_secure_surfaces_not_requirable_ = false;
 };
 
 KeySystemConfigSelector::KeySystemConfigSelector(
     const KeySystems* key_systems,
     MediaPermission* media_permission)
     : key_systems_(key_systems),
       media_permission_(media_permission),
       weak_factory_(this) {
   DCHECK(key_systems_);
   DCHECK(media_permission_);
@@ skipping 115 matching lines @@
   // 5. Return media type capabilities.
   return true;
 }
 
 KeySystemConfigSelector::ConfigurationSupport
 KeySystemConfigSelector::GetSupportedConfiguration(
     const std::string& key_system,
     const blink::WebMediaKeySystemConfiguration& candidate,
     ConfigState* config_state,
     blink::WebMediaKeySystemConfiguration* accumulated_configuration) {
-  // TODO(sandersd): Set state of SECURE_CODECS from renderer pref.
   // From https://w3c.github.io/encrypted-media/#get-supported-configuration
   // 1. Let accumulated configuration be empty. (Done by caller.)
   // 2. If the initDataTypes member is present in candidate configuration, run
   //    the following steps:
   if (candidate.hasInitDataTypes) {
     // 2.1. Let supported types be empty.
     std::vector<blink::WebEncryptedMediaInitDataType> supported_types;
 
     // 2.2. For each value in candidate configuration's initDataTypes member:
     for (size_t i = 0; i < candidate.initDataTypes.size(); i++) {
@@ skipping 260 matching lines @@
 
   // 17. Return accumulated configuration.
   return CONFIGURATION_SUPPORTED;
 }
 
 void KeySystemConfigSelector::SelectConfig(
     const blink::WebString& key_system,
     const blink::WebVector<blink::WebMediaKeySystemConfiguration>&
         candidate_configurations,
     const blink::WebSecurityOrigin& security_origin,
-    base::Callback<void(const blink::WebMediaKeySystemConfiguration&)>
+    bool are_secure_surfaces_supported,
+    base::Callback<void(const blink::WebMediaKeySystemConfiguration&, bool)>
         succeeded_cb,
     base::Callback<void(const blink::WebString&)> not_supported_cb) {
   // Continued from requestMediaKeySystemAccess(), step 7, from
   // https://w3c.github.io/encrypted-media/#requestmediakeysystemaccess
   //
   // 7.1. If keySystem is not one of the Key Systems supported by the user
   //      agent, reject promise with with a new DOMException whose name is
   //      NotSupportedError. String comparison is case-sensitive.
   if (!base::IsStringASCII(key_system)) {
     not_supported_cb.Run("Only ASCII keySystems are supported");
     return;
   }
 
   std::string key_system_ascii = base::UTF16ToASCII(key_system);
   if (!key_systems_->IsSupportedKeySystem(key_system_ascii)) {
     not_supported_cb.Run("Unsupported keySystem");
     return;
   }
 
   // 7.2-7.4. Implemented by OnSelectConfig().
   // TODO(sandersd): This should be async, ideally not on the main thread.
   scoped_ptr<SelectionRequest> request(new SelectionRequest());
   request->key_system = key_system_ascii;
   request->candidate_configurations = candidate_configurations;
   request->security_origin = security_origin;
+  request->are_secure_surfaces_supported = are_secure_surfaces_supported;
   request->succeeded_cb = succeeded_cb;
   request->not_supported_cb = not_supported_cb;
   SelectConfigInternal(request.Pass());
 }
 
 void KeySystemConfigSelector::SelectConfigInternal(
     scoped_ptr<SelectionRequest> request) {
   // Continued from requestMediaKeySystemAccess(), step 7.1, from
   // https://w3c.github.io/encrypted-media/#requestmediakeysystemaccess
   //
   // 7.2. Let implementation be the implementation of keySystem.
   //      (|key_systems_| fills this role.)
   // 7.3. For each value in supportedConfigurations:
   for (size_t i = 0; i < request->candidate_configurations.size(); i++) {
     // 7.3.1. Let candidate configuration be the value.
     // 7.3.2. Let supported configuration be the result of executing the Get
     //        Supported Configuration algorithm on implementation, candidate
     //        configuration, and origin.
     // 7.3.3. If supported configuration is not null, [initialize and return a
     //        new MediaKeySystemAccess object.]
     ConfigState config_state(request->was_permission_requested,
                              request->is_permission_granted);
+    // Hardware-secure codecs are not supported without secure surfaces.
+    DCHECK(config_state.IsRuleSupported(
+        EmeConfigRule::SECURE_SURFACES_NOT_REQUIRABLE));
+    if (!request->are_secure_surfaces_supported)
+      config_state.AddRule(EmeConfigRule::SECURE_SURFACES_NOT_REQUIRABLE);
     blink::WebMediaKeySystemConfiguration accumulated_configuration;
     ConfigurationSupport support = GetSupportedConfiguration(
         request->key_system, request->candidate_configurations[i],
         &config_state, &accumulated_configuration);
     switch (support) {
       case CONFIGURATION_NOT_SUPPORTED:
         continue;
       case CONFIGURATION_REQUIRES_PERMISSION:
         if (request->was_permission_requested) {
           DVLOG(2) << "Rejecting requested configuration because "
                    << "permission was denied.";
           continue;
         }
         media_permission_->RequestPermission(
             MediaPermission::PROTECTED_MEDIA_IDENTIFIER,
             GURL(request->security_origin.toString()),
             base::Bind(&KeySystemConfigSelector::OnPermissionResult,
                        weak_factory_.GetWeakPtr(), base::Passed(&request)));
         return;
       case CONFIGURATION_SUPPORTED:
-        request->succeeded_cb.Run(accumulated_configuration);
+        request->succeeded_cb.Run(accumulated_configuration,
+                                  config_state.AreSecureSurfacesRequired());
         return;
     }
   }
 
   // 7.4. Reject promise with a new DOMException whose name is
   //      NotSupportedError.
   request->not_supported_cb.Run(
       "None of the requested configurations were supported.");
 }
 
 void KeySystemConfigSelector::OnPermissionResult(
     scoped_ptr<SelectionRequest> request,
     bool is_permission_granted) {
   request->was_permission_requested = true;
   request->is_permission_granted = is_permission_granted;
   SelectConfigInternal(request.Pass());
 }
 
 }  // namespace media