Report if video capturing meets output protection requirement.

chrome/browser/media/capture_access_handler_base.h

Index: chrome/browser/media/capture_access_handler_base.h
diff --git a/chrome/browser/media/capture_access_handler_base.h b/chrome/browser/media/capture_access_handler_base.h
new file mode 100644
index 0000000000000000000000000000000000000000..cd20a3dddf70e414b190b05434d3847dc26a3f88
--- /dev/null
+++ b/chrome/browser/media/capture_access_handler_base.h
@@ -0,0 +1,83 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#ifndef CHROME_BROWSER_MEDIA_CAPTURE_ACCESS_HANDLER_BASE_H_

[miu, 2016/04/26 01:25:13]

nit: need one blank line above this line

[xjz, 2016/04/29 00:11:42]

Done.

+#define CHROME_BROWSER_MEDIA_CAPTURE_ACCESS_HANDLER_BASE_H_
+
+#include <list>
+
+#include "base/callback.h"
+#include "chrome/browser/media/media_access_handler.h"
+#include "content/public/browser/media_request_state.h"
+#include "content/public/common/media_stream_request.h"
+
+// Base class for DesktopCaptureAccessHandler and TabCaptureAccessHandler. This
+// class tracks active capturing sessions, and provides API to check if there is
+// ongoing insecure video capturing.
+class CaptureAccessHandlerBase : public MediaAccessHandler {
+ public:
+  CaptureAccessHandlerBase();
+  ~CaptureAccessHandlerBase() override;
+
+  // MediaAccessHandler implementation.
+  void UpdateMediaRequestState(int render_process_id,
+                               int render_frame_id,
+                               int page_request_id,
+                               content::MediaStreamType stream_type,
+                               content::MediaRequestState state) override;
+
+  // TODO(xjz): To be removed after
+  // MediaCaptureDevicesDispatcher::IsDesktopCaptureInProgress() is removed.
+  bool IsCaptureInProgress();
+
+  // Return true if there is any ongoing insecured capturing. The capturing is
+  // deemed secure if all connected video sinks are reported secure and the
+  // extension is trusted.

[miu, 2016/04/26 01:25:13]

s/and the extensions is trusted/and the connections to the sinks are being
managed by a trusted extension/

(Because capture can also be initiated from web pages using
navigator.webkitGetUserMedia().)

[xjz, 2016/04/29 00:11:42]

Done.

+  bool IsInsecureCapturingInProgress(int render_process_id,
+                                     int render_frame_id);
+
+  void UpdateCapturingLinkSecured(int render_process_id,
+                                  int render_frame_id,
+                                  int page_request_id,
+                                  bool is_secure);
+
+ protected:
+  void UpdateExtensionTrusted(int render_process_id,
+                              int render_frame_id,
+                              int page_request_id,
+                              bool is_extension_trusted);
+
+  void AddCaptureSession(int render_process_id,

[miu, 2016/04/26 01:25:13]

It seems that subclasses don't call Add/RemoveCaptureSession() directly.  So,
perhaps these should be made private methods?

[xjz, 2016/04/29 00:11:42]

Done.

+                         int render_frame_id,
+                         int page_request_id,
+                         bool is_extension_trusted,
+                         bool is_link_secure);
+
+  void RemoveCaptureSession(int render_process_id,
+                            int render_frame_id,
+                            int page_request_id);
+
+ private:
+  // Tracks MEDIA_DESKTOP/TAB_VIDEO_CAPTURE sessions. Sessions are removed when
+  // MEDIA_REQUEST_STATE_CLOSING is encountered.
+  struct Session {
+    int render_process_id;
+    int render_frame_id;
+    int page_request_id;
+    // Extensions control the routing of the captured MediaStream content.

[miu, 2016/04/26 01:25:13]

Sometimes normal web pages can capture/route content.  This comment, like the
one above, should mention that only trusted extensions (and never normal web
pages) can be trusted to set-up secure links.

[xjz, 2016/04/29 00:11:42]

Done.

+    // Therefore, links can be deemed secure only when built-in extensions (and
+    // certain whitelisted ones) are in control of the routing.
+    bool is_extension_trusted;
+
+    // This is true only if all connected video sinks are reported secure.
+    bool is_capturing_link_secure;
+  };
+
+  std::list<Session>::iterator FindSession(int render_process_id,
+                                           int render_frame_id,
+                                           int page_request_id);
+
+  std::list<Session> sessions_;
+};
+
+#endif  // CHROME_BROWSER_MEDIA_CAPTURE_ACCESS_HANDLER_BASE_H_