Chromium Code Reviews Chromium Code Reviews
Issue 1349823004:
Check media permissions (mic/camera) before exposing local addresses to WebRTC. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/renderer/media/webrtc/peer_connection_dependency_factory.h" | 5 #include "content/renderer/media/webrtc/peer_connection_dependency_factory.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/location.h" | 10 #include "base/location.h" |
| 11 #include "base/metrics/field_trial.h" | |
| 11 #include "base/strings/utf_string_conversions.h" | 12 #include "base/strings/utf_string_conversions.h" |
| 12 #include "base/synchronization/waitable_event.h" | 13 #include "base/synchronization/waitable_event.h" |
| 13 #include "content/common/media/media_stream_messages.h" | 14 #include "content/common/media/media_stream_messages.h" |
| 14 #include "content/public/common/content_switches.h" | 15 #include "content/public/common/content_switches.h" |
| 15 #include "content/public/common/renderer_preferences.h" | 16 #include "content/public/common/renderer_preferences.h" |
| 16 #include "content/renderer/media/media_stream.h" | 17 #include "content/renderer/media/media_stream.h" |
| 17 #include "content/renderer/media/media_stream_audio_processor.h" | 18 #include "content/renderer/media/media_stream_audio_processor.h" |
| 18 #include "content/renderer/media/media_stream_audio_processor_options.h" | 19 #include "content/renderer/media/media_stream_audio_processor_options.h" |
| 19 #include "content/renderer/media/media_stream_audio_source.h" | 20 #include "content/renderer/media/media_stream_audio_source.h" |
| 20 #include "content/renderer/media/media_stream_video_source.h" | 21 #include "content/renderer/media/media_stream_video_source.h" |
| 21 #include "content/renderer/media/media_stream_video_track.h" | 22 #include "content/renderer/media/media_stream_video_track.h" |
| 22 #include "content/renderer/media/peer_connection_identity_store.h" | 23 #include "content/renderer/media/peer_connection_identity_store.h" |
| 23 #include "content/renderer/media/rtc_media_constraints.h" | 24 #include "content/renderer/media/rtc_media_constraints.h" |
| 24 #include "content/renderer/media/rtc_peer_connection_handler.h" | 25 #include "content/renderer/media/rtc_peer_connection_handler.h" |
| 25 #include "content/renderer/media/rtc_video_decoder_factory.h" | 26 #include "content/renderer/media/rtc_video_decoder_factory.h" |
| 26 #include "content/renderer/media/rtc_video_encoder_factory.h" | 27 #include "content/renderer/media/rtc_video_encoder_factory.h" |
| 27 #include "content/renderer/media/webaudio_capturer_source.h" | 28 #include "content/renderer/media/webaudio_capturer_source.h" |
| 28 #include "content/renderer/media/webrtc/stun_field_trial.h" | 29 #include "content/renderer/media/webrtc/stun_field_trial.h" |
| 29 #include "content/renderer/media/webrtc/webrtc_local_audio_track_adapter.h" | 30 #include "content/renderer/media/webrtc/webrtc_local_audio_track_adapter.h" |
| 30 #include "content/renderer/media/webrtc/webrtc_video_capturer_adapter.h" | 31 #include "content/renderer/media/webrtc/webrtc_video_capturer_adapter.h" |
| 31 #include "content/renderer/media/webrtc_audio_device_impl.h" | 32 #include "content/renderer/media/webrtc_audio_device_impl.h" |
| 32 #include "content/renderer/media/webrtc_local_audio_track.h" | 33 #include "content/renderer/media/webrtc_local_audio_track.h" |
| 33 #include "content/renderer/media/webrtc_logging.h" | 34 #include "content/renderer/media/webrtc_logging.h" |
| 34 #include "content/renderer/media/webrtc_uma_histograms.h" | 35 #include "content/renderer/media/webrtc_uma_histograms.h" |
| 36 #include "content/renderer/p2p/empty_network_manager.h" | |
| 37 #include "content/renderer/p2p/filtering_network_manager.h" | |
| 35 #include "content/renderer/p2p/ipc_network_manager.h" | 38 #include "content/renderer/p2p/ipc_network_manager.h" |
| 36 #include "content/renderer/p2p/ipc_socket_factory.h" | 39 #include "content/renderer/p2p/ipc_socket_factory.h" |
| 37 #include "content/renderer/p2p/port_allocator.h" | 40 #include "content/renderer/p2p/port_allocator.h" |
| 41 #include "content/renderer/render_frame_impl.h" | |
| 38 #include "content/renderer/render_thread_impl.h" | 42 #include "content/renderer/render_thread_impl.h" |
| 39 #include "content/renderer/render_view_impl.h" | 43 #include "content/renderer/render_view_impl.h" |
| 40 #include "jingle/glue/thread_wrapper.h" | 44 #include "jingle/glue/thread_wrapper.h" |
| 45 #include "media/base/media_permission.h" | |
| 41 #include "media/renderers/gpu_video_accelerator_factories.h" | 46 #include "media/renderers/gpu_video_accelerator_factories.h" |
| 42 #include "third_party/WebKit/public/platform/WebMediaConstraints.h" | 47 #include "third_party/WebKit/public/platform/WebMediaConstraints.h" |
| 43 #include "third_party/WebKit/public/platform/WebMediaStream.h" | 48 #include "third_party/WebKit/public/platform/WebMediaStream.h" |
| 44 #include "third_party/WebKit/public/platform/WebMediaStreamSource.h" | 49 #include "third_party/WebKit/public/platform/WebMediaStreamSource.h" |
| 45 #include "third_party/WebKit/public/platform/WebMediaStreamTrack.h" | 50 #include "third_party/WebKit/public/platform/WebMediaStreamTrack.h" |
| 46 #include "third_party/WebKit/public/platform/WebURL.h" | 51 #include "third_party/WebKit/public/platform/WebURL.h" |
| 47 #include "third_party/WebKit/public/web/WebDocument.h" | 52 #include "third_party/WebKit/public/web/WebDocument.h" |
| 48 #include "third_party/WebKit/public/web/WebFrame.h" | 53 #include "third_party/WebKit/public/web/WebFrame.h" |
| 49 #include "third_party/libjingle/source/talk/app/webrtc/mediaconstraintsinterface .h" | 54 #include "third_party/libjingle/source/talk/app/webrtc/mediaconstraintsinterface .h" |
| 50 | 55 |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 101 } | 106 } |
| 102 DVLOG(1) << "Disabling constraint: " | 107 DVLOG(1) << "Disabling constraint: " |
| 103 << kConstraintEffectMap[i].constraint; | 108 << kConstraintEffectMap[i].constraint; |
| 104 } | 109 } |
| 105 } | 110 } |
| 106 } | 111 } |
| 107 } | 112 } |
| 108 | 113 |
| 109 class P2PPortAllocatorFactory : public webrtc::PortAllocatorFactoryInterface { | 114 class P2PPortAllocatorFactory : public webrtc::PortAllocatorFactoryInterface { |
| 110 public: | 115 public: |
| 111 P2PPortAllocatorFactory(P2PSocketDispatcher* socket_dispatcher, | 116 P2PPortAllocatorFactory( |
| 112 rtc::NetworkManager* network_manager, | 117 scoped_ptr<media::MediaPermission>& media_permission, |
|
Sergey Ulanov
2015/09/24 19:37:28
this shouldn't be a reference. scoped_ptr<> is usu
guoweis_left_chromium
2015/09/24 23:06:00
Added comment to explain why it is this way.
| |
| 113 rtc::PacketSocketFactory* socket_factory, | 118 const scoped_refptr<P2PSocketDispatcher>& socket_dispatcher, |
| 114 const GURL& origin, | 119 rtc::NetworkManager* network_manager, |
| 115 const P2PPortAllocator::Config& config) | 120 rtc::PacketSocketFactory* socket_factory, |
| 116 : socket_dispatcher_(socket_dispatcher), | 121 const P2PPortAllocator::Config& config, |
| 122 const GURL& origin, | |
| 123 const scoped_refptr<base::SingleThreadTaskRunner> task_runner) | |
| 124 : media_permission_(media_permission.Pass()), | |
| 125 socket_dispatcher_(socket_dispatcher), | |
| 117 network_manager_(network_manager), | 126 network_manager_(network_manager), |
| 118 socket_factory_(socket_factory), | 127 socket_factory_(socket_factory), |
| 128 config_(config), | |
| 119 origin_(origin), | 129 origin_(origin), |
| 120 config_(config) {} | 130 task_runner_(task_runner) {} |
| 121 | 131 |
| 122 cricket::PortAllocator* CreatePortAllocator( | 132 cricket::PortAllocator* CreatePortAllocator( |
| 123 const std::vector<StunConfiguration>& stun_servers, | 133 const std::vector<StunConfiguration>& stun_servers, |
| 124 const std::vector<TurnConfiguration>& turn_configurations) override { | 134 const std::vector<TurnConfiguration>& turn_configurations) override { |
| 125 P2PPortAllocator::Config config = config_; | 135 P2PPortAllocator::Config config = config_; |
| 126 for (size_t i = 0; i < stun_servers.size(); ++i) { | 136 for (size_t i = 0; i < stun_servers.size(); ++i) { |
| 127 config.stun_servers.insert(rtc::SocketAddress( | 137 config.stun_servers.insert(rtc::SocketAddress( |
| 128 stun_servers[i].server.hostname(), | 138 stun_servers[i].server.hostname(), |
| 129 stun_servers[i].server.port())); | 139 stun_servers[i].server.port())); |
| 130 } | 140 } |
| 131 for (size_t i = 0; i < turn_configurations.size(); ++i) { | 141 for (size_t i = 0; i < turn_configurations.size(); ++i) { |
| 132 P2PPortAllocator::Config::RelayServerConfig relay_config; | 142 P2PPortAllocator::Config::RelayServerConfig relay_config; |
| 133 relay_config.server_address = turn_configurations[i].server.hostname(); | 143 relay_config.server_address = turn_configurations[i].server.hostname(); |
| 134 relay_config.port = turn_configurations[i].server.port(); | 144 relay_config.port = turn_configurations[i].server.port(); |
| 135 relay_config.username = turn_configurations[i].username; | 145 relay_config.username = turn_configurations[i].username; |
| 136 relay_config.password = turn_configurations[i].password; | 146 relay_config.password = turn_configurations[i].password; |
| 137 relay_config.transport_type = turn_configurations[i].transport_type; | 147 relay_config.transport_type = turn_configurations[i].transport_type; |
| 138 relay_config.secure = turn_configurations[i].secure; | 148 relay_config.secure = turn_configurations[i].secure; |
| 139 config.relays.push_back(relay_config); | 149 config.relays.push_back(relay_config); |
| 140 } | 150 } |
| 141 | 151 |
| 142 return new P2PPortAllocator( | 152 scoped_ptr<rtc::NetworkManager> network_manager; |
| 143 socket_dispatcher_.get(), network_manager_, | 153 if (config.enable_multiple_routes) { |
| 144 socket_factory_, config, origin_); | 154 network_manager.reset(new FilteringNetworkManager( |
| 155 network_manager_, task_runner_, origin_, media_permission_.Pass())); | |
| 156 } else { | |
| 157 network_manager.reset(new EmptyNetworkManager()); | |
| 158 } | |
| 159 | |
| 160 return new P2PPortAllocator(socket_dispatcher_, network_manager.Pass(), | |
| 161 socket_factory_, config, origin_, task_runner_); | |
| 145 } | 162 } |
| 146 | 163 |
| 147 protected: | 164 protected: |
| 148 ~P2PPortAllocatorFactory() override {} | 165 ~P2PPortAllocatorFactory() override {} |
| 149 | 166 |
| 150 private: | 167 private: |
| 151 scoped_refptr<P2PSocketDispatcher> socket_dispatcher_; | 168 // |media_permission_| is a raw pointer, owned by |
| 152 // |network_manager_| and |socket_factory_| are a weak references, owned by | |
| 153 // PeerConnectionDependencyFactory. | 169 // PeerConnectionDependencyFactory. |
| 170 scoped_ptr<media::MediaPermission> media_permission_; | |
| 171 | |
| 172 const scoped_refptr<P2PSocketDispatcher>& socket_dispatcher_; | |
| 154 rtc::NetworkManager* network_manager_; | 173 rtc::NetworkManager* network_manager_; |
| 155 rtc::PacketSocketFactory* socket_factory_; | 174 rtc::PacketSocketFactory* socket_factory_; |
| 156 // The origin URL of the WebFrame that created the | 175 const P2PPortAllocator::Config& config_; |
| 157 // P2PPortAllocatorFactory. | 176 const GURL& origin_; |
| 158 GURL origin_; | 177 const scoped_refptr<base::SingleThreadTaskRunner> task_runner_; |
| 159 | |
| 160 // Keep track of configuration common to all PortAllocators created by this | |
| 161 // factory; additional, per-allocator configuration is passed into | |
| 162 // CreatePortAllocator. | |
| 163 P2PPortAllocator::Config config_; | |
| 164 }; | 178 }; |
| 165 | 179 |
| 166 PeerConnectionDependencyFactory::PeerConnectionDependencyFactory( | 180 PeerConnectionDependencyFactory::PeerConnectionDependencyFactory( |
| 167 P2PSocketDispatcher* p2p_socket_dispatcher) | 181 P2PSocketDispatcher* p2p_socket_dispatcher) |
| 168 : network_manager_(NULL), | 182 : network_manager_(NULL), |
| 169 p2p_socket_dispatcher_(p2p_socket_dispatcher), | 183 p2p_socket_dispatcher_(p2p_socket_dispatcher), |
| 170 signaling_thread_(NULL), | 184 signaling_thread_(NULL), |
| 171 worker_thread_(NULL), | 185 worker_thread_(NULL), |
| 172 chrome_signaling_thread_("Chrome_libJingle_Signaling"), | 186 chrome_signaling_thread_("Chrome_libJingle_Signaling"), |
| 173 chrome_worker_thread_("Chrome_libJingle_WorkerThread") { | 187 chrome_worker_thread_("Chrome_libJingle_WorkerThread") { |
| (...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 395 CHECK(web_frame); | 409 CHECK(web_frame); |
| 396 CHECK(observer); | 410 CHECK(observer); |
| 397 if (!GetPcFactory().get()) | 411 if (!GetPcFactory().get()) |
| 398 return NULL; | 412 return NULL; |
| 399 | 413 |
| 400 rtc::scoped_ptr<PeerConnectionIdentityStore> identity_store( | 414 rtc::scoped_ptr<PeerConnectionIdentityStore> identity_store( |
| 401 new PeerConnectionIdentityStore( | 415 new PeerConnectionIdentityStore( |
| 402 GURL(web_frame->document().url()), | 416 GURL(web_frame->document().url()), |
| 403 GURL(web_frame->document().firstPartyForCookies()))); | 417 GURL(web_frame->document().firstPartyForCookies()))); |
| 404 | 418 |
| 419 // |media_permission| will be called to check mic/camera permission. If at | |
| 420 // least one of them is granted, P2PPortAllocator is allowed to gather local | |
| 421 // host IP addresses as ICE candidates. | |
| 422 // If the experiment is not enabled, turn off the permission check by | |
| 423 // passing nullptr to FilteringNetworkManager constructor. | |
| 424 scoped_ptr<media::MediaPermission> media_permission; | |
| 425 if (base::FieldTrialList::FindFullName("WebRTC-LocalIPPermissionCheck") == | |
| 426 "Enabled") { | |
| 427 RenderFrameImpl* render_frame = RenderFrameImpl::FromWebFrame(web_frame); | |
| 428 if (render_frame) { | |
| 429 media_permission = render_frame->CreateMediaPermissionProxy( | |
| 430 chrome_worker_thread_.task_runner()); | |
| 431 DCHECK(media_permission); | |
| 432 } | |
| 433 } | |
| 434 | |
| 405 // Copy the flag from Preference associated with this WebFrame. | 435 // Copy the flag from Preference associated with this WebFrame. |
| 406 P2PPortAllocator::Config pref_config; | 436 P2PPortAllocator::Config port_config; |
| 407 if (web_frame && web_frame->view()) { | 437 if (web_frame && web_frame->view()) { |
| 408 RenderViewImpl* renderer_view_impl = | 438 RenderViewImpl* renderer_view_impl = |
| 409 RenderViewImpl::FromWebView(web_frame->view()); | 439 RenderViewImpl::FromWebView(web_frame->view()); |
| 410 if (renderer_view_impl) { | 440 if (renderer_view_impl) { |
| 411 pref_config.enable_multiple_routes = | 441 // TODO(guoweis): |enable_multiple_routes| should be renamed to |
| 442 // |request_multiple_routes|. Whether local IP addresses could be | |
| 443 // collected depends on if mic/camera permission is granted for this | |
| 444 // origin. | |
| 445 port_config.enable_multiple_routes = | |
| 412 renderer_view_impl->renderer_preferences() | 446 renderer_view_impl->renderer_preferences() |
| 413 .enable_webrtc_multiple_routes; | 447 .enable_webrtc_multiple_routes; |
| 414 pref_config.enable_nonproxied_udp = | 448 port_config.enable_nonproxied_udp = |
| 415 renderer_view_impl->renderer_preferences() | 449 renderer_view_impl->renderer_preferences() |
| 416 .enable_webrtc_nonproxied_udp; | 450 .enable_webrtc_nonproxied_udp; |
| 417 } | 451 } |
| 418 } | 452 } |
| 419 | 453 |
| 454 const GURL& requesting_origin = | |
| 455 GURL(web_frame->document().url().spec()).GetOrigin(); | |
| 456 | |
| 420 scoped_refptr<P2PPortAllocatorFactory> pa_factory = | 457 scoped_refptr<P2PPortAllocatorFactory> pa_factory = |
| 421 new rtc::RefCountedObject<P2PPortAllocatorFactory>( | 458 new rtc::RefCountedObject<P2PPortAllocatorFactory>( |
| 422 p2p_socket_dispatcher_.get(), network_manager_, socket_factory_.get(), | 459 media_permission.Pass(), p2p_socket_dispatcher_, network_manager_, |
| 423 GURL(web_frame->document().url().spec()).GetOrigin(), pref_config); | 460 socket_factory_.get(), port_config, requesting_origin, |
| 461 chrome_worker_thread_.task_runner()); | |
| 424 | 462 |
| 425 return GetPcFactory()->CreatePeerConnection(config, | 463 return GetPcFactory()->CreatePeerConnection(config, |
| 426 constraints, | 464 constraints, |
| 427 pa_factory.get(), | 465 pa_factory.get(), |
| 428 identity_store.Pass(), | 466 identity_store.Pass(), |
| 429 observer).get(); | 467 observer).get(); |
| 430 } | 468 } |
| 431 | 469 |
| 432 scoped_refptr<webrtc::MediaStreamInterface> | 470 scoped_refptr<webrtc::MediaStreamInterface> |
| 433 PeerConnectionDependencyFactory::CreateLocalMediaStream( | 471 PeerConnectionDependencyFactory::CreateLocalMediaStream( |
| (...skipping 247 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 681 } | 719 } |
| 682 | 720 |
| 683 void PeerConnectionDependencyFactory::EnsureWebRtcAudioDeviceImpl() { | 721 void PeerConnectionDependencyFactory::EnsureWebRtcAudioDeviceImpl() { |
| 684 if (audio_device_.get()) | 722 if (audio_device_.get()) |
| 685 return; | 723 return; |
| 686 | 724 |
| 687 audio_device_ = new WebRtcAudioDeviceImpl(); | 725 audio_device_ = new WebRtcAudioDeviceImpl(); |
| 688 } | 726 } |
| 689 | 727 |
| 690 } // namespace content | 728 } // namespace content |
| OLD | NEW |
