Report if video capturing meets output protection requirement.

chrome/browser/media/capture_access_handler_base.cc

+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/media/capture_access_handler_base.h"
+
+#include <utility>
+
+#include "chrome/browser/media/media_capture_devices_dispatcher.h"
+#include "content/public/browser/browser_thread.h"
+
+using content::BrowserThread;
+
+CaptureAccessHandlerBase::CaptureAccessHandlerBase() {}
+
+CaptureAccessHandlerBase::~CaptureAccessHandlerBase() {}
+
+void CaptureAccessHandlerBase::AddCaptureSession(int render_process_id,
+                                                 int render_frame_id,
+                                                 int page_request_id,
+                                                 bool is_extension_trusted) {
+  Session session = {render_process_id, render_frame_id, page_request_id,
+                     is_extension_trusted, false};

[miu, 2016/05/02 21:02:45]

I'm concerned about defaulting this to "false" (which means not secure). It
seems there could be a race condition where IsInsecureCapturingInProgress()
would return true during the brief period of time before any consumers (sinks)
notify the browser process (via VideoCaptureHost IPCs) that the link is secure.
From the user's perpective, that means the video could black-out for several
seconds for no good reason when tab capture is first started.

Logically, if there are no consumers/sinks of the captured video, then a link
should be considered secure, right?

[xjz, 2016/05/04 18:23:48]

Done. Changed the default to true.

+  sessions_.push_back(session);
+}
+
+void CaptureAccessHandlerBase::RemoveCaptureSession(int render_process_id,
+                                                    int render_frame_id,
+                                                    int page_request_id) {
+  std::list<CaptureAccessHandlerBase::Session>::iterator it =
+      FindSession(render_process_id, render_frame_id, page_request_id);
+  if (it != sessions_.end())
+    sessions_.erase(it);
+}
+
+std::list<CaptureAccessHandlerBase::Session>::iterator
+CaptureAccessHandlerBase::FindSession(int render_process_id,
+                                      int render_frame_id,
+                                      int page_request_id) {
+  for (auto it = sessions_.begin(); it != sessions_.end(); ++it) {
+    if (it->render_process_id == render_process_id &&
+        it->render_frame_id == render_frame_id &&
+        it->page_request_id == page_request_id) {
+      return it;
+    }
+  }
+  return sessions_.end();
+}
+
+void CaptureAccessHandlerBase::UpdateMediaRequestState(
+    int render_process_id,
+    int render_frame_id,
+    int page_request_id,
+    content::MediaStreamType stream_type,
+    content::MediaRequestState state) {
+  DCHECK_CURRENTLY_ON(BrowserThread::UI);
+  if ((stream_type != content::MEDIA_DESKTOP_VIDEO_CAPTURE) &&
+      (stream_type != content::MEDIA_TAB_VIDEO_CAPTURE))
+    return;
+
+  if (state == content::MEDIA_REQUEST_STATE_DONE) {
+    if (FindSession(render_process_id, render_frame_id, page_request_id) ==
+        sessions_.end()) {
+      AddCaptureSession(render_process_id, render_frame_id, page_request_id,
+                        false);
+      VLOG(2) << "Add new session while UpdateMediaRequestState"
+              << " render_process_id: " << render_process_id
+              << " render_frame_id: " << render_frame_id
+              << " page_request_id: " << page_request_id;
+    }
+  } else if (state == content::MEDIA_REQUEST_STATE_CLOSING) {
+    RemoveCaptureSession(render_process_id, render_frame_id, page_request_id);
+    VLOG(2) << "Remove session: "
+            << " render_process_id: " << render_process_id
+            << " render_frame_id: " << render_frame_id
+            << " page_request_id: " << page_request_id;
+  }
+}
+
+void CaptureAccessHandlerBase::UpdateExtensionTrusted(
+    const content::MediaStreamRequest& request,
+    const extensions::Extension* extension) {
+  bool is_extension_trusted =
+      MediaCaptureDevicesDispatcher::IsOriginForCasting(
+          request.security_origin) ||
+      IsExtensionWhitelistedForScreenCapture(extension) ||
+      IsBuiltInExtension(request.security_origin);
+
+  std::list<CaptureAccessHandlerBase::Session>::iterator it =
+      FindSession(request.render_process_id, request.render_frame_id,
+                  request.page_request_id);
+  if (it != sessions_.end()) {
+    it->is_extension_trusted = is_extension_trusted;
+    VLOG(2) << "CaptureAccessHandlerBase::UpdateExtensionTrusted"
+            << " render_process_id: " << request.render_process_id
+            << " render_frame_id: " << request.render_frame_id
+            << "page_request_id: " << request.page_request_id
+            << " is_extension_trusted: " << is_extension_trusted;
+    return;
+  }
+
+  AddCaptureSession(request.render_process_id, request.render_frame_id,
+                    request.page_request_id, is_extension_trusted);
+  VLOG(2) << "Add new session while UpdateExtensionTrusted"
+          << " render_process_id: " << request.render_process_id
+          << " render_frame_id: " << request.render_frame_id
+          << " page_request_id: " << request.page_request_id
+          << " is_extension_trusted: " << is_extension_trusted;
+}
+
+bool CaptureAccessHandlerBase::IsCaptureInProgress() {
+  return sessions_.size() > 0;
+}
+
+bool CaptureAccessHandlerBase::IsInsecureCapturingInProgress(
+    int render_process_id,
+    int render_frame_id) {
+  if (sessions_.empty())
+    return false;
+  for (const Session& session : sessions_) {
+    if (session.render_process_id != render_process_id ||
+        session.render_frame_id != render_frame_id)
+      continue;
+    if (!session.is_extension_trusted || !session.is_capturing_link_secure)
+      return true;
+  }
+  return false;
+}
+
+void CaptureAccessHandlerBase::UpdateCapturingLinkSecured(int render_process_id,
+                                                          int render_frame_id,
+                                                          int page_request_id,
+                                                          bool is_secure) {
+  std::list<CaptureAccessHandlerBase::Session>::iterator it =
+      FindSession(render_process_id, render_frame_id, page_request_id);
+  if (it != sessions_.end()) {
+    it->is_capturing_link_secure = is_secure;
+    VLOG(2) << "UpdateCapturingLinkSecured:"
+            << " render_process_id: " << render_process_id
+            << " render_frame_id: " << render_frame_id
+            << " page_request_id: " << page_request_id
+            << " is_capturing_link_secure: " << is_secure;
+  }
+}
+
+bool CaptureAccessHandlerBase::IsExtensionWhitelistedForScreenCapture(
+    const extensions::Extension* extension) {
+  if (!extension)
+    return false;
+
+#if defined(OS_CHROMEOS)
+  std::string hash = base::SHA1HashString(extension->id());
+  std::string hex_hash = base::HexEncode(hash.c_str(), hash.length());
+
+  // crbug.com/446688
+  return hex_hash == "4F25792AF1AA7483936DE29C07806F203C7170A0" ||
+         hex_hash == "BD8781D757D830FC2E85470A1B6E8A718B7EE0D9" ||
+         hex_hash == "4AC2B6C63C6480D150DFDA13E4A5956EB1D0DDBB" ||
+         hex_hash == "81986D4F846CEDDDB962643FA501D1780DD441BB";
+#else
+  return false;
+#endif  // defined(OS_CHROMEOS)
+}
+
+bool CaptureAccessHandlerBase::IsBuiltInExtension(const GURL& origin) {
+  return
+      // Feedback Extension.
+      origin.spec() == "chrome-extension://gfdkimpbcpahaombhbimeihdjnejgicl/";
+}