content/renderer/media/android/renderer_media_session_manager.cc - Issue 1515623002: Media Session: passing metadata from renderer/ to browser/.

Side by Side Diff: content/renderer/media/android/renderer_media_session_manager.cc

Issue 1515623002: Media Session: passing metadata from renderer/ to browser/. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@media_session_ipc

Patch Set: cleanup Created 5 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« content/renderer/media/android/renderer_media_session_manager.h ('K') | « content/renderer/media/android/renderer_media_session_manager.h ('k') | content/renderer/media/android/webmediasession_android.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/renderer/media/android/renderer_media_session_manager.h"	5 #include "content/renderer/media/android/renderer_media_session_manager.h"

6	6

7 #include "base/logging.h"	7 #include "base/logging.h"

8 #include "content/common/media/media_session_messages_android.h"	8 #include "content/common/media/media_session_messages_android.h"

	9 #include "content/public/common/media_metadata.h"

9 #include "content/public/renderer/render_thread.h"	10 #include "content/public/renderer/render_thread.h"

10 #include "content/renderer/media/android/webmediasession_android.h"	11 #include "content/renderer/media/android/webmediasession_android.h"

11	12

12 namespace content {	13 namespace content {

13	14

14 static const int kDefaultMediaSessionID = 0;	15 static const int kDefaultMediaSessionID = 0;

15	16

16 RendererMediaSessionManager::RendererMediaSessionManager(	17 RendererMediaSessionManager::RendererMediaSessionManager(

17 RenderFrame* render_frame)	18 RenderFrame* render_frame)

18 : RenderFrameObserver(render_frame),	19 : RenderFrameObserver(render_frame),

(...skipping 33 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
52 }	53 }

53	54

54 void RendererMediaSessionManager::Deactivate(	55 void RendererMediaSessionManager::Deactivate(

55 int session_id,	56 int session_id,

56 scoped_ptr<blink::WebMediaSessionDeactivateCallback> callback) {	57 scoped_ptr<blink::WebMediaSessionDeactivateCallback> callback) {

57 int request_id = pending_deactivation_requests_.Add(callback.release());	58 int request_id = pending_deactivation_requests_.Add(callback.release());

58 Send(	59 Send(

59 new MediaSessionHostMsg_Deactivate(routing_id(), session_id, request_id));	60 new MediaSessionHostMsg_Deactivate(routing_id(), session_id, request_id));

60 }	61 }

61	62

	63 void RendererMediaSessionManager::SetMetadata(

	64 int session_id,

	65 const content::MediaMetadata& metadata) {

	66 // Apply some security rules on the MediaMetadata before sending over IPC.
	philipj_slow 2015/12/14 14:09:24 Does it help to apply this on the renderer side as Does it help to apply this on the renderer side as well? If the renderer is compromised, then presumably these checks won't stop it from being naughty? (Pardon my ignorance if this is how it's always done, for some reason.) mlamouri (slow - plz ping) 2016/01/05 16:01:17 This is mostly sanity check: a string more than 40 Show quoted text On 2015/12/14 at 14:09:24, philipj_OOO_til_Jan_11 wrote: > Does it help to apply this on the renderer side as well? If the renderer is compromised, then presumably these checks won't stop it from being naughty? (Pardon my ignorance if this is how it's always done, for some reason.) This is mostly sanity check: a string more than 4000 characters long is whether a bug or an attempt to mess with the browser process. A process sending a string with 10k characters will not be killed, the string will only be shortened. philipj_slow 2016/01/18 12:31:43 If it's only a sanity check, maybe s/security rule Show quoted text On 2016/01/05 16:01:17, Mounir Lamouri wrote: > On 2015/12/14 at 14:09:24, philipj_OOO_til_Jan_11 wrote: > > Does it help to apply this on the renderer side as well? If the renderer is > compromised, then presumably these checks won't stop it from being naughty? > (Pardon my ignorance if this is how it's always done, for some reason.) > > This is mostly sanity check: a string more than 4000 characters long is whether > a bug or an attempt to mess with the browser process. A process sending a string > with 10k characters will not be killed, the string will only be shortened. If it's only a sanity check, maybe s/security rules/sanity check/ in the comment so that it doesn't look like this code matters for security? Still not sure if there's any harm in just removing the checks, would like to learn :) mlamouri (slow - plz ping) 2016/01/19 14:20:09 Updated the comment. I was asked to do that a whil Show quoted text On 2016/01/18 at 12:31:43, philipj wrote: > On 2016/01/05 16:01:17, Mounir Lamouri wrote: > > On 2015/12/14 at 14:09:24, philipj_OOO_til_Jan_11 wrote: > > > Does it help to apply this on the renderer side as well? If the renderer is > > compromised, then presumably these checks won't stop it from being naughty? > > (Pardon my ignorance if this is how it's always done, for some reason.) > > > > This is mostly sanity check: a string more than 4000 characters long is whether > > a bug or an attempt to mess with the browser process. A process sending a string > > with 10k characters will not be killed, the string will only be shortened. > > If it's only a sanity check, maybe s/security rules/sanity check/ in the comment so that it doesn't look like this code matters for security? Still not sure if there's any harm in just removing the checks, would like to learn :) Updated the comment. I was asked to do that a while ago by the security team for websites provided string sent over IPC. My understanding is that malicious websites might try to overflow the browser process. Also, long string might help using exploit. Though, my understanding might be wrong. I'm not part of the security team for a reason ;)
	67 MediaMetadata ipc_metadata = metadata;

	68 ipc_metadata.title = base::NullableString16(
	jochen (gone - plz use gerrit) 2015/12/14 12:38:30 i'm surprised this has to be done manually, and yo i'm surprised this has to be done manually, and you don't have to just use the ipc macros to declare the struct fields :-/ mlamouri (slow - plz ping) 2016/01/05 16:01:17 AFAICT, it isn't done very often. Show quoted text On 2015/12/14 at 12:38:30, jochen (OOO) wrote: > i'm surprised this has to be done manually, and you don't have to just use the ipc macros to declare the struct fields :-/ AFAICT, it isn't done very often.
	69 ipc_metadata.title.string().substr(0, MediaMetadata::kMaxIPCStringLength),

	70 ipc_metadata.title.is_null());

	71 ipc_metadata.artist = base::NullableString16(

	72 ipc_metadata.artist.string().substr(0,

	73 MediaMetadata::kMaxIPCStringLength),

	74 ipc_metadata.artist.is_null());

	75 ipc_metadata.album = base::NullableString16(

	76 ipc_metadata.album.string().substr(0, MediaMetadata::kMaxIPCStringLength),

	77 ipc_metadata.album.is_null());

	78

	79 Send(new MediaSessionHostMsg_SetMetadata(routing_id(),

	80 session_id,

	81 ipc_metadata));

	82 }

	83

62 void RendererMediaSessionManager::OnDidActivate(int request_id, bool success) {	84 void RendererMediaSessionManager::OnDidActivate(int request_id, bool success) {

63 DCHECK(pending_activation_requests_.Lookup(request_id)) << request_id;	85 DCHECK(pending_activation_requests_.Lookup(request_id)) << request_id;

64 blink::WebMediaSessionActivateCallback* callback =	86 blink::WebMediaSessionActivateCallback* callback =

65 pending_activation_requests_.Lookup(request_id);	87 pending_activation_requests_.Lookup(request_id);

66 if (success) {	88 if (success) {

67 callback->onSuccess();	89 callback->onSuccess();

68 } else {	90 } else {

69 callback->onError(	91 callback->onError(

70 blink::WebMediaSessionError(blink::WebMediaSessionError::Activate));	92 blink::WebMediaSessionError(blink::WebMediaSessionError::Activate));

71 }	93 }

72 pending_activation_requests_.Remove(request_id);	94 pending_activation_requests_.Remove(request_id);

73 }	95 }

74	96

75 void RendererMediaSessionManager::OnDidDeactivate(int request_id) {	97 void RendererMediaSessionManager::OnDidDeactivate(int request_id) {

76 DCHECK(pending_deactivation_requests_.Lookup(request_id)) << request_id;	98 DCHECK(pending_deactivation_requests_.Lookup(request_id)) << request_id;

77 pending_deactivation_requests_.Lookup(request_id)->onSuccess();	99 pending_deactivation_requests_.Lookup(request_id)->onSuccess();

78 pending_deactivation_requests_.Remove(request_id);	100 pending_deactivation_requests_.Remove(request_id);

79 }	101 }

80	102

81 } // namespace content	103 } // namespace content

OLD	NEW