Restrict use of hardware-secure codecs based on the RendererPreference.

media/blink/webencryptedmediaclient_impl.cc

Index: media/blink/webencryptedmediaclient_impl.cc
diff --git a/media/blink/webencryptedmediaclient_impl.cc b/media/blink/webencryptedmediaclient_impl.cc
index dd7a2dc65f70991a5646665659bb7ce113c37ecd..ea2be5d8e4beef3ec1a0f64ab7d706ec34b8d8d0 100644
--- a/media/blink/webencryptedmediaclient_impl.cc
+++ b/media/blink/webencryptedmediaclient_impl.cc
@@ -78,12 +78,18 @@ class WebEncryptedMediaClientImpl::Reporter {
 };
 
 WebEncryptedMediaClientImpl::WebEncryptedMediaClientImpl(
+#if defined(OS_ANDROID)
+    base::Callback<bool(void)> allow_secure_surfaces_cb,
+#endif  // defined(OS_ANDROID)
     CdmFactory* cdm_factory,
     MediaPermission* media_permission)
     : cdm_factory_(cdm_factory),
       key_system_config_selector_(KeySystems::GetInstance(), media_permission),
       weak_factory_(this) {
   DCHECK(cdm_factory_);
+#if defined(OS_ANDROID)
+  allow_secure_surfaces_cb_ = allow_secure_surfaces_cb;
+#endif  // defined(OS_ANDROID)
 }
 
 WebEncryptedMediaClientImpl::~WebEncryptedMediaClientImpl() {
@@ -93,8 +99,11 @@ void WebEncryptedMediaClientImpl::requestMediaKeySystemAccess(
     blink::WebEncryptedMediaRequest request) {
   GetReporter(request.keySystem())->ReportRequested();
   key_system_config_selector_.SelectConfig(
-      request.keySystem(), request.supportedConfigurations(),
-      request.securityOrigin(),
+      request.keySystem(),
+#if defined(OS_ANDROID)
+      allow_secure_surfaces_cb_.Run(),
+#endif  // defined(OS_ANDROID)
+      request.supportedConfigurations(), request.securityOrigin(),
       base::Bind(&WebEncryptedMediaClientImpl::OnRequestSucceeded,
                  weak_factory_.GetWeakPtr(), request),
       base::Bind(&WebEncryptedMediaClientImpl::OnRequestNotSupported,
@@ -114,8 +123,16 @@ void WebEncryptedMediaClientImpl::CreateCdm(
 
 void WebEncryptedMediaClientImpl::OnRequestSucceeded(
     blink::WebEncryptedMediaRequest request,
-    const blink::WebMediaKeySystemConfiguration& accumulated_configuration) {
+    const blink::WebMediaKeySystemConfiguration& accumulated_configuration,
+#if defined(OS_ANDROID)
+    const bool require_secure_surfaces,

[ddorwin, 2015/05/06 02:17:12]

no const

[sandersd (OOO until July 31), 2015/05/08 00:37:42]

Done.

+#endif  // defined(OS_ANDROID)
+    ) {
+  if (!request.allow_seure_surfaces)
+    DCHECK(!require_secure_surfaces);
   GetReporter(request.keySystem())->ReportSupported();
+  // TODO(sandersd): Pass |require_secure_surfaces| along and use it to

[ddorwin, 2015/05/06 02:17:12]

Ideally, we would pass along something generic, such as the robustness level. Or
perhaps the max_robustness_level requested. That would help us avoid all these
ifdefs and maybe even remove some in this CL. WDYT?

[sandersd (OOO until July 31), 2015/05/08 00:37:42]

This is in the same category as |allow_persistent_state| and
|allow_distinctive_identifier|, except that we can't infer it from the
accumulated configuration. I'm thinking we should pull all those out into a
KeySystemConfiguration struct (as a Chromium counterpart to
WebMediaKeySystemConfiguration). Does that seem reasonable?

[ddorwin, 2015/05/08 03:18:31]

We can infer those from the accumulated_configuration, though, right?

My point was the type/meaning of the new passed value. I don't think it matters
whether it's in a struct or not. Or were you considering passing multiple items?

[sandersd (OOO until July 31), 2015/05/08 18:04:45]

Yes, I am considering passing all three of those bools in a struct, and getting
rid of the inference (the plan would be to do that in the next CL, as I would be
plumbing this bool through in that CL anyway).

This value isn't directly convertible to a robustness value, since it is a
property of the codecs used, not the configuration. It is true that you can only
currently get it by requesting robustness--do we want to turn the current state
into a guarantee? (The implication is that we could never support codecs that do
not have non-hardware-secure modes.)

+  // configure the CDM security level on Android.
   request.requestSucceeded(WebContentDecryptionModuleAccessImpl::Create(
       request.keySystem(), accumulated_configuration, request.securityOrigin(),
       weak_factory_.GetWeakPtr()));