Chromium Code Reviews Chromium Code Reviews
Issue 1828803003:
Media permissions: Remove plumbing for insecure pepper requests in Chrome (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/media/media_stream_device_permission_context.h" | 5 #include "chrome/browser/media/media_stream_device_permission_context.h" |
| 6 #include "chrome/browser/media/media_stream_device_permissions.h" | 6 #include "chrome/browser/media/media_stream_device_permissions.h" |
| 7 #include "chrome/browser/profiles/profile.h" | 7 #include "chrome/browser/profiles/profile.h" |
| 8 #include "chrome/common/pref_names.h" | 8 #include "chrome/common/pref_names.h" |
| 9 #include "components/content_settings/core/browser/host_content_settings_map.h" | 9 #include "components/content_settings/core/browser/host_content_settings_map.h" |
| 10 #include "components/content_settings/core/common/content_settings.h" | 10 #include "components/content_settings/core/common/content_settings.h" |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 28 const PermissionRequestID& id, | 28 const PermissionRequestID& id, |
| 29 const GURL& requesting_frame, | 29 const GURL& requesting_frame, |
| 30 const BrowserPermissionCallback& callback) { | 30 const BrowserPermissionCallback& callback) { |
| 31 NOTREACHED() << "RequestPermission is not implemented"; | 31 NOTREACHED() << "RequestPermission is not implemented"; |
| 32 callback.Run(CONTENT_SETTING_BLOCK); | 32 callback.Run(CONTENT_SETTING_BLOCK); |
| 33 } | 33 } |
| 34 | 34 |
| 35 ContentSetting MediaStreamDevicePermissionContext::GetPermissionStatus( | 35 ContentSetting MediaStreamDevicePermissionContext::GetPermissionStatus( |
| 36 const GURL& requesting_origin, | 36 const GURL& requesting_origin, |
| 37 const GURL& embedding_origin) const { | 37 const GURL& embedding_origin) const { |
| 38 return GetPermissionStatusInternal(requesting_origin, embedding_origin, | 38 return GetPermissionStatusInternal(requesting_origin, embedding_origin); |
|
raymes
2016/06/06 05:11:10
nit: should we inline this now?
tsergeant
2016/06/06 07:19:33
Done.
| |
| 39 false); | |
| 40 } | |
| 41 | |
| 42 ContentSetting MediaStreamDevicePermissionContext:: | |
| 43 GetPermissionStatusAllowingInsecureForPepper( | |
| 44 const GURL& requesting_origin, | |
| 45 const GURL& embedding_origin) const { | |
| 46 return GetPermissionStatusInternal(requesting_origin, embedding_origin, true); | |
| 47 } | 39 } |
| 48 | 40 |
| 49 void MediaStreamDevicePermissionContext::ResetPermission( | 41 void MediaStreamDevicePermissionContext::ResetPermission( |
| 50 const GURL& requesting_origin, | 42 const GURL& requesting_origin, |
| 51 const GURL& embedding_origin) { | 43 const GURL& embedding_origin) { |
| 52 NOTREACHED() << "ResetPermission is not implemented"; | 44 NOTREACHED() << "ResetPermission is not implemented"; |
| 53 } | 45 } |
| 54 | 46 |
| 55 void MediaStreamDevicePermissionContext::CancelPermissionRequest( | 47 void MediaStreamDevicePermissionContext::CancelPermissionRequest( |
| 56 content::WebContents* web_contents, | 48 content::WebContents* web_contents, |
| 57 const PermissionRequestID& id) { | 49 const PermissionRequestID& id) { |
| 58 NOTREACHED() << "CancelPermissionRequest is not implemented"; | 50 NOTREACHED() << "CancelPermissionRequest is not implemented"; |
| 59 } | 51 } |
| 60 | 52 |
| 61 ContentSetting MediaStreamDevicePermissionContext::GetPermissionStatusInternal( | 53 ContentSetting MediaStreamDevicePermissionContext::GetPermissionStatusInternal( |
| 62 const GURL& requesting_origin, | 54 const GURL& requesting_origin, |
| 63 const GURL& embedding_origin, | 55 const GURL& embedding_origin) const { |
| 64 bool is_pepper_request) const { | |
| 65 // TODO(raymes): Merge this policy check into content settings | 56 // TODO(raymes): Merge this policy check into content settings |
| 66 // crbug.com/244389. | 57 // crbug.com/244389. |
| 67 const char* policy_name = nullptr; | 58 const char* policy_name = nullptr; |
| 68 const char* urls_policy_name = nullptr; | 59 const char* urls_policy_name = nullptr; |
| 69 if (content_settings_type_ == CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC) { | 60 if (content_settings_type_ == CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC) { |
| 70 policy_name = prefs::kAudioCaptureAllowed; | 61 policy_name = prefs::kAudioCaptureAllowed; |
| 71 urls_policy_name = prefs::kAudioCaptureAllowedUrls; | 62 urls_policy_name = prefs::kAudioCaptureAllowedUrls; |
| 72 } else { | 63 } else { |
| 73 DCHECK(content_settings_type_ == CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA); | 64 DCHECK(content_settings_type_ == CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA); |
| 74 policy_name = prefs::kVideoCaptureAllowed; | 65 policy_name = prefs::kVideoCaptureAllowed; |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 88 } | 79 } |
| 89 | 80 |
| 90 // Check the content setting. TODO(raymes): currently mic/camera permission | 81 // Check the content setting. TODO(raymes): currently mic/camera permission |
| 91 // doesn't consider the embedder. | 82 // doesn't consider the embedder. |
| 92 ContentSetting setting = PermissionContextBase::GetPermissionStatus( | 83 ContentSetting setting = PermissionContextBase::GetPermissionStatus( |
| 93 requesting_origin, requesting_origin); | 84 requesting_origin, requesting_origin); |
| 94 | 85 |
| 95 if (setting == CONTENT_SETTING_DEFAULT) | 86 if (setting == CONTENT_SETTING_DEFAULT) |
| 96 setting = CONTENT_SETTING_ASK; | 87 setting = CONTENT_SETTING_ASK; |
| 97 | 88 |
| 98 // TODO(raymes): This is here for safety to ensure that we always ask the user | 89 if (!ShouldPersistContentSetting(requesting_origin) && |
| 99 // even if a content setting is set to "allow" if the origin is insecure. In | |
| 100 // reality we shouldn't really need to check this here as we should respect | |
| 101 // the user's content setting. The problem is that pepper requests allow | |
| 102 // insecure origins to be persisted. We should remove this after | |
| 103 // crbug.com/526324 is fixed. | |
| 104 if (!ShouldPersistContentSetting(setting, requesting_origin, | |
| 105 is_pepper_request) && | |
| 106 !requesting_origin.SchemeIs(extensions::kExtensionScheme) && | 90 !requesting_origin.SchemeIs(extensions::kExtensionScheme) && |
| 107 !requesting_origin.SchemeIs(content::kChromeUIScheme) && | 91 !requesting_origin.SchemeIs(content::kChromeUIScheme) && |
| 108 !requesting_origin.SchemeIs(content::kChromeDevToolsScheme)) { | 92 !requesting_origin.SchemeIs(content::kChromeDevToolsScheme)) { |
| 109 return CONTENT_SETTING_ASK; | 93 return CONTENT_SETTING_ASK; |
|
raymes
2016/06/06 05:11:10
I don't *think* we should ever hit this anymore.
tsergeant
2016/06/06 07:19:33
Cool, I've removed it (I was unsure about whether
| |
| 110 } | 94 } |
| 111 | 95 |
| 112 return setting; | 96 return setting; |
| 113 } | 97 } |
| 114 | 98 |
| 115 bool MediaStreamDevicePermissionContext::IsRestrictedToSecureOrigins() const { | 99 bool MediaStreamDevicePermissionContext::IsRestrictedToSecureOrigins() const { |
| 116 // Flash currently doesn't require secure origin to use mic/camera. If we | 100 // Flash currently doesn't require secure origin to use mic/camera. If we |
| 117 // return true here, it'll break the use case like http://tinychat.com. | 101 // return true here, it'll break the use case like http://tinychat.com. |
| 118 // TODO(raymes): Change this to true after crbug.com/526324 is fixed. | 102 // TODO(raymes): Change this to true after crbug.com/526324 is fixed. |
| 119 return false; | 103 return false; |
| 120 } | 104 } |
| OLD | NEW |
