Add a policy list for access to capture devices

chrome/browser/media/media_stream_devices_controller.cc

Index: chrome/browser/media/media_stream_devices_controller.cc
diff --git a/chrome/browser/media/media_stream_devices_controller.cc b/chrome/browser/media/media_stream_devices_controller.cc
index 7b8634830200f17e3583d1f004eeae2065a5a7fe..f82d12f166c8c8d431a937fdf10d4519ccad1df3 100644
--- a/chrome/browser/media/media_stream_devices_controller.cc
+++ b/chrome/browser/media/media_stream_devices_controller.cc
@@ -17,11 +17,16 @@
 #include "chrome/browser/ui/browser.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/content_settings.h"
+#include "chrome/common/content_settings_pattern.h"
 #include "chrome/common/pref_names.h"
 #include "components/user_prefs/pref_registry_syncable.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/common/media_stream_request.h"
 
+#if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/login/user_manager.h"
+#endif
+
 using content::BrowserThread;
 
 namespace {
@@ -33,7 +38,20 @@ bool HasAnyAvailableDevice() {
       MediaCaptureDevicesDispatcher::GetInstance()->GetVideoCaptureDevices();
 
   return !audio_devices.empty() || !video_devices.empty();
-};
+}
+
+bool IsInKioskMode() {
+  if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kKioskMode))
+    return true;
+
+#if defined(OS_CHROMEOS)
+  const chromeos::UserManager* user_manager = chromeos::UserManager::Get();
+  if (user_manager && user_manager->IsLoggedInAsKioskApp())
+    return true;

[markusheintz_, 2013/05/28 08:06:31]

Nit. Absolutely optional to fix:

#if defined(OS_CHROMEOS)
  const chromeos::UserManager* user_manager = chromeos::UserManager::Get();
  return (user_manager && user_manager->IsLoggedInAsKioskApp())
#else
  return false;
#endif

[tommi (sloooow) - chröme, 2013/05/28 10:19:43]

Done.

+#endif
+
+  return false;
+}
 
 }  // namespace
 
@@ -54,12 +72,14 @@ MediaStreamDevicesController::MediaStreamDevicesController(
   // Don't call GetDevicePolicy from the initializer list since the
   // implementation depends on member variables.
   if (microphone_requested_ &&
-      GetDevicePolicy(prefs::kAudioCaptureAllowed) == ALWAYS_DENY) {
+      GetDevicePolicy(prefs::kAudioCaptureAllowed,
+                      prefs::kAudioCaptureAllowedUrls) == ALWAYS_DENY) {
     microphone_requested_ = false;
   }
 
   if (webcam_requested_ &&
-      GetDevicePolicy(prefs::kVideoCaptureAllowed) == ALWAYS_DENY) {
+      GetDevicePolicy(prefs::kVideoCaptureAllowed,
+                      prefs::kVideoCaptureAllowedUrls) == ALWAYS_DENY) {
     webcam_requested_ = false;
   }
 }
@@ -75,6 +95,10 @@ void MediaStreamDevicesController::RegisterUserPrefs(
   prefs->RegisterBooleanPref(prefs::kAudioCaptureAllowed,
                              true,
                              user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
+  prefs->RegisterListPref(prefs::kVideoCaptureAllowedUrls,
+                          user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
+  prefs->RegisterListPref(prefs::kAudioCaptureAllowedUrls,
+                          user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
 }
 
 
@@ -192,14 +216,48 @@ void MediaStreamDevicesController::Deny(bool update_content_setting) {
 }
 
 MediaStreamDevicesController::DevicePolicy
-MediaStreamDevicesController::GetDevicePolicy(const char* policy_name) const {
+MediaStreamDevicesController::GetDevicePolicy(
+    const char* policy_name,
+    const char* whitelist_policy_name) const {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 
+  // TODO(tommi): Remove the kiosk mode check when the whitelist below
+  // is visible in the media exceptions UI.
+  // See discussion here: https://codereview.chromium.org/15738004/
+  bool kiosk_mode = IsInKioskMode();

[markusheintz_, 2013/05/28 08:06:31]

Nit. Optional to fix:

Inline this bool. And move the comment to the if clause in line 233.

[tommi (sloooow) - chröme, 2013/05/28 10:19:43]

Done.

+
+  // If the security origin policy matches a value in the whitelist, allow it.
+  // Otherwise, check the |policy_name| master switch for the default behavior.
+
   PrefService* prefs = profile_->GetPrefs();
-  if (!prefs->IsManagedPreference(policy_name))
-    return POLICY_NOT_SET;
+  if (kiosk_mode && prefs->IsManagedPreference(whitelist_policy_name)) {

[Joao da Silva, 2013/05/28 07:54:23]

IIUC the whitelist only works in kiosk mode, and this is a temporary condition
until it integrates with the content settings and the UI.

If that's the case then please document that this policy only works in kiosk
mode, in policy_templates.json.

[Mattias Nissler (ping if slow), 2013/05/28 08:11:39]

nit: You probably want to drop the IsManagedPreference check here. With the
current code it doesn't make a difference, but when integrating with regular
content settings you don't care where the pref comes from.

[markusheintz_, 2013/05/28 08:11:51]

What's the recommended way of doing this in policy_templates.json? Using the
desc? Is there a similar case in policy_templates.json that could be used as
example?

[markusheintz_, 2013/05/28 08:15:27]

@Mattias: why can't this test stay for now? Once we integrate with the host
content settings map. We won't use prefs at all here. So I don't see why this
should be removed.
I would argue that we need this, since this is supposed to be a policy and not a
pref. Otherwise you could put this into the pref file.

same below.

[Mattias Nissler (ping if slow), 2013/05/28 08:21:03]

So how would that hurt? We don't have UI for setting that pref in the prefs
file, and users wanting to shoot themselves in the foot have plenty opportunity
to do so otherwise already.

The PrefService interface is designed to supply values mostly, no matter whether
they come from policy or prefs or the command line or elsewhere. The whole point
of the PrefService abstraction is that callers don't have to worry about the
nitty-gritty details of where the value comes from - meta data like whether a
pref comes from policy, is still the default, etc. shouldn't influence behavior
in the common case IMHO.

[tommi (sloooow) - chröme, 2013/05/28 10:19:43]

I added this note to the description in policy_templates.json: "NOTE: This
policy is currently only supported when running in Kiosk mode."

Removed the call to IsManagedPreference() (I don't have a preference - no pun
intended - and am just going with the last comment :)).

+    const base::ListValue* list = prefs->GetList(whitelist_policy_name);
+    std::string value;
+    for (size_t i = 0; i < list->GetSize(); ++i) {
+      if (list->GetString(i, &value)) {
+        ContentSettingsPattern pattern =
+            ContentSettingsPattern::FromString(value);
+        if (pattern == ContentSettingsPattern::Wildcard()) {
+          DLOG(WARNING) << "Ignoring wildcard URL pattern: " << value;
+          continue;
+        }
+        DLOG_IF(ERROR, !pattern.IsValid()) << "Invalid URL pattern: " << value;
+        if (pattern.IsValid() && pattern.Matches(request_.security_origin))
+          return ALWAYS_ALLOW;
+      }
+    }
+  }
+
+  // If a match was not found, check if audio capture is otherwise disallowed
+  // or if the user should be prompted.  Setting the policy value to "true"
+  // is equal to not setting it at all, so from hereon out, we will return
+  // either POLICY_NOT_SET (prompt) or ALWAYS_DENY (no prompt, no access).
+  if (prefs->IsManagedPreference(policy_name) &&

[Mattias Nissler (ping if slow), 2013/05/28 08:11:39]

same here.

[tommi (sloooow) - chröme, 2013/05/28 10:19:43]

Done.

+      !prefs->GetBoolean(policy_name)) {
+    return ALWAYS_DENY;
+  }
 
-  return prefs->GetBoolean(policy_name) ? ALWAYS_ALLOW : ALWAYS_DENY;
+  return POLICY_NOT_SET;
 }
 
 bool MediaStreamDevicesController::IsRequestAllowedByDefault() const {
@@ -210,11 +268,13 @@ bool MediaStreamDevicesController::IsRequestAllowedByDefault() const {
   struct {
     bool has_capability;
     const char* policy_name;
+    const char* list_policy_name;
     ContentSettingsType settings_type;
   } device_checks[] = {
     { microphone_requested_, prefs::kAudioCaptureAllowed,
-      CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC },
+      prefs::kAudioCaptureAllowedUrls, CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC },
     { webcam_requested_, prefs::kVideoCaptureAllowed,
+      prefs::kVideoCaptureAllowedUrls,
       CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA },
   };
 
@@ -222,7 +282,8 @@ bool MediaStreamDevicesController::IsRequestAllowedByDefault() const {
     if (!device_checks[i].has_capability)
       continue;
 
-    DevicePolicy policy = GetDevicePolicy(device_checks[i].policy_name);
+    DevicePolicy policy = GetDevicePolicy(device_checks[i].policy_name,
+                                          device_checks[i].list_policy_name);
     if (policy == ALWAYS_DENY ||
         (policy == POLICY_NOT_SET &&
          profile_->GetHostContentSettingsMap()->GetContentSetting(