Add a policy list for access to capture devices

chrome/browser/media/media_stream_devices_controller.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/media/media_stream_devices_controller.h"
 
 #include "base/command_line.h"
 #include "base/prefs/pref_service.h"
 #include "base/values.h"
 #include "chrome/browser/content_settings/content_settings_provider.h"
 #include "chrome/browser/content_settings/host_content_settings_map.h"
 #include "chrome/browser/content_settings/tab_specific_content_settings.h"
 #include "chrome/browser/media/media_capture_devices_dispatcher.h"
 #include "chrome/browser/media/media_stream_capture_indicator.h"
 #include "chrome/browser/prefs/scoped_user_pref_update.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/content_settings.h"
+#include "chrome/common/content_settings_pattern.h"
 #include "chrome/common/pref_names.h"
 #include "components/user_prefs/pref_registry_syncable.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/common/media_stream_request.h"
 
+#if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/login/user_manager.h"
+#endif
+
 using content::BrowserThread;
 
 namespace {
 
 bool HasAnyAvailableDevice() {
   const content::MediaStreamDevices& audio_devices =
       MediaCaptureDevicesDispatcher::GetInstance()->GetAudioCaptureDevices();
   const content::MediaStreamDevices& video_devices =
       MediaCaptureDevicesDispatcher::GetInstance()->GetVideoCaptureDevices();
 
   return !audio_devices.empty() || !video_devices.empty();
-};
+}
+
+bool IsInKioskMode() {
+  if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kKioskMode))
+    return true;
+
+#if defined(OS_CHROMEOS)
+  const chromeos::UserManager* user_manager = chromeos::UserManager::Get();
+  if (user_manager && user_manager->IsLoggedInAsKioskApp())
+    return true;

[markusheintz_, 2013/05/28 08:06:31]

Nit. Absolutely optional to fix:

#if defined(OS_CHROMEOS)
  const chromeos::UserManager* user_manager = chromeos::UserManager::Get();
  return (user_manager && user_manager->IsLoggedInAsKioskApp())
#else
  return false;
#endif

[tommi (sloooow) - chröme, 2013/05/28 10:19:43]

Done.

+#endif
+
+  return false;
+}
 
 }  // namespace
 
 MediaStreamDevicesController::MediaStreamDevicesController(
     content::WebContents* web_contents,
     const content::MediaStreamRequest& request,
     const content::MediaResponseCallback& callback)
     : web_contents_(web_contents),
       request_(request),
       callback_(callback),
       microphone_requested_(
           request.audio_type == content::MEDIA_DEVICE_AUDIO_CAPTURE),
       webcam_requested_(
           request.video_type == content::MEDIA_DEVICE_VIDEO_CAPTURE) {
   profile_ = Profile::FromBrowserContext(web_contents->GetBrowserContext());
   content_settings_ = TabSpecificContentSettings::FromWebContents(web_contents);
 
   // Don't call GetDevicePolicy from the initializer list since the
   // implementation depends on member variables.
   if (microphone_requested_ &&
-      GetDevicePolicy(prefs::kAudioCaptureAllowed) == ALWAYS_DENY) {
+      GetDevicePolicy(prefs::kAudioCaptureAllowed,
+                      prefs::kAudioCaptureAllowedUrls) == ALWAYS_DENY) {
     microphone_requested_ = false;
   }
 
   if (webcam_requested_ &&
-      GetDevicePolicy(prefs::kVideoCaptureAllowed) == ALWAYS_DENY) {
+      GetDevicePolicy(prefs::kVideoCaptureAllowed,
+                      prefs::kVideoCaptureAllowedUrls) == ALWAYS_DENY) {
     webcam_requested_ = false;
   }
 }
 
 MediaStreamDevicesController::~MediaStreamDevicesController() {}
 
 // static
 void MediaStreamDevicesController::RegisterUserPrefs(
     user_prefs::PrefRegistrySyncable* prefs) {
   prefs->RegisterBooleanPref(prefs::kVideoCaptureAllowed,
                              true,
                              user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
   prefs->RegisterBooleanPref(prefs::kAudioCaptureAllowed,
                              true,
                              user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
+  prefs->RegisterListPref(prefs::kVideoCaptureAllowedUrls,
+                          user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
+  prefs->RegisterListPref(prefs::kAudioCaptureAllowedUrls,
+                          user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
 }
 
 
 bool MediaStreamDevicesController::DismissInfoBarAndTakeActionOnSettings() {
   // If this is a no UI check for policies only go straight to accept - policy
   // check will be done automatically on the way.
   if (request_.request_type == content::MEDIA_OPEN_DEVICE) {
     Accept(false);
     return true;
   }
@@ skipping 97 matching lines @@
   }
 
   if (update_content_setting)
     SetPermission(false);
 
   callback_.Run(content::MediaStreamDevices(),
                 scoped_ptr<content::MediaStreamUI>());
 }
 
 MediaStreamDevicesController::DevicePolicy
-MediaStreamDevicesController::GetDevicePolicy(const char* policy_name) const {
+MediaStreamDevicesController::GetDevicePolicy(
+    const char* policy_name,
+    const char* whitelist_policy_name) const {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 
+  // TODO(tommi): Remove the kiosk mode check when the whitelist below
+  // is visible in the media exceptions UI.
+  // See discussion here: https://codereview.chromium.org/15738004/
+  bool kiosk_mode = IsInKioskMode();

[markusheintz_, 2013/05/28 08:06:31]

Nit. Optional to fix:

Inline this bool. And move the comment to the if clause in line 233.

[tommi (sloooow) - chröme, 2013/05/28 10:19:43]

Done.

+
+  // If the security origin policy matches a value in the whitelist, allow it.
+  // Otherwise, check the |policy_name| master switch for the default behavior.
+
   PrefService* prefs = profile_->GetPrefs();
-  if (!prefs->IsManagedPreference(policy_name))
-    return POLICY_NOT_SET;
+  if (kiosk_mode && prefs->IsManagedPreference(whitelist_policy_name)) {

[Joao da Silva, 2013/05/28 07:54:23]

IIUC the whitelist only works in kiosk mode, and this is a temporary condition
until it integrates with the content settings and the UI.

If that's the case then please document that this policy only works in kiosk
mode, in policy_templates.json.

[Mattias Nissler (ping if slow), 2013/05/28 08:11:39]

nit: You probably want to drop the IsManagedPreference check here. With the
current code it doesn't make a difference, but when integrating with regular
content settings you don't care where the pref comes from.

[markusheintz_, 2013/05/28 08:11:51]

What's the recommended way of doing this in policy_templates.json? Using the
desc? Is there a similar case in policy_templates.json that could be used as
example?

[markusheintz_, 2013/05/28 08:15:27]

@Mattias: why can't this test stay for now? Once we integrate with the host
content settings map. We won't use prefs at all here. So I don't see why this
should be removed.
I would argue that we need this, since this is supposed to be a policy and not a
pref. Otherwise you could put this into the pref file.

same below.

[Mattias Nissler (ping if slow), 2013/05/28 08:21:03]

So how would that hurt? We don't have UI for setting that pref in the prefs
file, and users wanting to shoot themselves in the foot have plenty opportunity
to do so otherwise already.

The PrefService interface is designed to supply values mostly, no matter whether
they come from policy or prefs or the command line or elsewhere. The whole point
of the PrefService abstraction is that callers don't have to worry about the
nitty-gritty details of where the value comes from - meta data like whether a
pref comes from policy, is still the default, etc. shouldn't influence behavior
in the common case IMHO.

[tommi (sloooow) - chröme, 2013/05/28 10:19:43]

I added this note to the description in policy_templates.json: "NOTE: This
policy is currently only supported when running in Kiosk mode."

Removed the call to IsManagedPreference() (I don't have a preference - no pun
intended - and am just going with the last comment :)).

+    const base::ListValue* list = prefs->GetList(whitelist_policy_name);
+    std::string value;
+    for (size_t i = 0; i < list->GetSize(); ++i) {
+      if (list->GetString(i, &value)) {
+        ContentSettingsPattern pattern =
+            ContentSettingsPattern::FromString(value);
+        if (pattern == ContentSettingsPattern::Wildcard()) {
+          DLOG(WARNING) << "Ignoring wildcard URL pattern: " << value;
+          continue;
+        }
+        DLOG_IF(ERROR, !pattern.IsValid()) << "Invalid URL pattern: " << value;
+        if (pattern.IsValid() && pattern.Matches(request_.security_origin))
+          return ALWAYS_ALLOW;
+      }
+    }
+  }
 
-  return prefs->GetBoolean(policy_name) ? ALWAYS_ALLOW : ALWAYS_DENY;
+  // If a match was not found, check if audio capture is otherwise disallowed
+  // or if the user should be prompted.  Setting the policy value to "true"
+  // is equal to not setting it at all, so from hereon out, we will return
+  // either POLICY_NOT_SET (prompt) or ALWAYS_DENY (no prompt, no access).
+  if (prefs->IsManagedPreference(policy_name) &&

[Mattias Nissler (ping if slow), 2013/05/28 08:11:39]

same here.

[tommi (sloooow) - chröme, 2013/05/28 10:19:43]

Done.

+      !prefs->GetBoolean(policy_name)) {
+    return ALWAYS_DENY;
+  }
+
+  return POLICY_NOT_SET;
 }
 
 bool MediaStreamDevicesController::IsRequestAllowedByDefault() const {
   // The request from internal objects like chrome://URLs is always allowed.
   if (ShouldAlwaysAllowOrigin())
     return true;
 
   struct {
     bool has_capability;
     const char* policy_name;
+    const char* list_policy_name;
     ContentSettingsType settings_type;
   } device_checks[] = {
     { microphone_requested_, prefs::kAudioCaptureAllowed,
-      CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC },
+      prefs::kAudioCaptureAllowedUrls, CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC },
     { webcam_requested_, prefs::kVideoCaptureAllowed,
+      prefs::kVideoCaptureAllowedUrls,
       CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA },
   };
 
   for (size_t i = 0; i < ARRAYSIZE_UNSAFE(device_checks); ++i) {
     if (!device_checks[i].has_capability)
       continue;
 
-    DevicePolicy policy = GetDevicePolicy(device_checks[i].policy_name);
+    DevicePolicy policy = GetDevicePolicy(device_checks[i].policy_name,
+                                          device_checks[i].list_policy_name);
     if (policy == ALWAYS_DENY ||
         (policy == POLICY_NOT_SET &&
          profile_->GetHostContentSettingsMap()->GetContentSetting(
             request_.security_origin, request_.security_origin,
             device_checks[i].settings_type, NO_RESOURCE_IDENTIFIER) !=
          CONTENT_SETTING_ALLOW)) {
       return false;
     }
     // If we get here, then either policy is set to ALWAYS_ALLOW or the content
     // settings allow the request by default.
@@ skipping 73 matching lines @@
   }
   if (webcam_requested_) {
     profile_->GetHostContentSettingsMap()->SetContentSetting(
         primary_pattern,
         ContentSettingsPattern::Wildcard(),
         CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA,
         std::string(),
         content_setting);
   }
 }