Report if video capturing meets output protection requirement.

chrome/browser/media/capture_access_handler_base.cc

Index: chrome/browser/media/capture_access_handler_base.cc
diff --git a/chrome/browser/media/capture_access_handler_base.cc b/chrome/browser/media/capture_access_handler_base.cc
new file mode 100644
index 0000000000000000000000000000000000000000..c6db524e1fe57ab595daa25805a2bf3b2102ee03
--- /dev/null
+++ b/chrome/browser/media/capture_access_handler_base.cc
@@ -0,0 +1,171 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/media/capture_access_handler_base.h"
+
+#include <utility>
+
+#include "base/strings/string_number_conversions.h"
+#include "chrome/browser/media/media_capture_devices_dispatcher.h"
+#include "content/public/browser/browser_thread.h"
+#include "extensions/common/extension.h"
+
+#if defined(OS_CHROMEOS)
+#include "base/sha1.h"
+#endif  // defined(OS_CHROMEOS)
+
+using content::BrowserThread;
+
+CaptureAccessHandlerBase::CaptureAccessHandlerBase() {}
+
+CaptureAccessHandlerBase::~CaptureAccessHandlerBase() {}
+
+void CaptureAccessHandlerBase::AddCaptureSession(int render_process_id,
+                                                 int render_frame_id,
+                                                 int page_request_id,
+                                                 bool is_extension_trusted) {
+  Session session = {render_process_id, render_frame_id, page_request_id,
+                     is_extension_trusted, true};
+  sessions_.push_back(session);
+}
+
+void CaptureAccessHandlerBase::RemoveCaptureSession(int render_process_id,
+                                                    int render_frame_id,
+                                                    int page_request_id) {
+  std::list<CaptureAccessHandlerBase::Session>::iterator it =
+      FindSession(render_process_id, render_frame_id, page_request_id);
+  if (it != sessions_.end())
+    sessions_.erase(it);
+}
+
+std::list<CaptureAccessHandlerBase::Session>::iterator
+CaptureAccessHandlerBase::FindSession(int render_process_id,
+                                      int render_frame_id,
+                                      int page_request_id) {
+  for (auto it = sessions_.begin(); it != sessions_.end(); ++it) {
+    if (it->render_process_id == render_process_id &&
+        it->render_frame_id == render_frame_id &&
+        it->page_request_id == page_request_id) {
+      return it;
+    }
+  }
+  return sessions_.end();
+}
+
+void CaptureAccessHandlerBase::UpdateMediaRequestState(
+    int render_process_id,
+    int render_frame_id,
+    int page_request_id,
+    content::MediaStreamType stream_type,
+    content::MediaRequestState state) {
+  DCHECK_CURRENTLY_ON(BrowserThread::UI);
+  if ((stream_type != content::MEDIA_DESKTOP_VIDEO_CAPTURE) &&
+      (stream_type != content::MEDIA_TAB_VIDEO_CAPTURE))
+    return;
+
+  if (state == content::MEDIA_REQUEST_STATE_DONE) {
+    if (FindSession(render_process_id, render_frame_id, page_request_id) ==
+        sessions_.end()) {
+      AddCaptureSession(render_process_id, render_frame_id, page_request_id,
+                        false);
+      VLOG(2) << "Add new session while UpdateMediaRequestState"

[miu, 2016/05/06 18:56:22]

Consider making all these DVLOGs instead of VLOGs. (Otherwise, they will be
bloating the release binaries.) However, if you think you'll need them to
sanity-check things "in-the-wild" over the next few months, it would be okay to
keep them as VLOG (with the intention of changing them to DVLOG later).

[xjz, 2016/05/06 22:08:45]

Done. Changed to DVLOGs. :)

+              << " render_process_id: " << render_process_id
+              << " render_frame_id: " << render_frame_id
+              << " page_request_id: " << page_request_id;
+    }
+  } else if (state == content::MEDIA_REQUEST_STATE_CLOSING) {
+    RemoveCaptureSession(render_process_id, render_frame_id, page_request_id);
+    VLOG(2) << "Remove session: "
+            << " render_process_id: " << render_process_id
+            << " render_frame_id: " << render_frame_id
+            << " page_request_id: " << page_request_id;
+  }
+}
+
+void CaptureAccessHandlerBase::UpdateExtensionTrusted(
+    const content::MediaStreamRequest& request,
+    const extensions::Extension* extension) {
+  bool is_extension_trusted =
+      MediaCaptureDevicesDispatcher::IsOriginForCasting(
+          request.security_origin) ||
+      IsExtensionWhitelistedForScreenCapture(extension) ||
+      IsBuiltInExtension(request.security_origin);
+
+  std::list<CaptureAccessHandlerBase::Session>::iterator it =
+      FindSession(request.render_process_id, request.render_frame_id,
+                  request.page_request_id);
+  if (it != sessions_.end()) {
+    it->is_extension_trusted = is_extension_trusted;
+    VLOG(2) << "CaptureAccessHandlerBase::UpdateExtensionTrusted"
+            << " render_process_id: " << request.render_process_id
+            << " render_frame_id: " << request.render_frame_id
+            << "page_request_id: " << request.page_request_id
+            << " is_extension_trusted: " << is_extension_trusted;
+    return;
+  }
+
+  AddCaptureSession(request.render_process_id, request.render_frame_id,
+                    request.page_request_id, is_extension_trusted);
+  VLOG(2) << "Add new session while UpdateExtensionTrusted"
+          << " render_process_id: " << request.render_process_id
+          << " render_frame_id: " << request.render_frame_id
+          << " page_request_id: " << request.page_request_id
+          << " is_extension_trusted: " << is_extension_trusted;
+}
+
+bool CaptureAccessHandlerBase::IsInsecureCapturingInProgress(
+    int render_process_id,
+    int render_frame_id) {
+  if (sessions_.empty())
+    return false;
+  for (const Session& session : sessions_) {
+    if (session.render_process_id != render_process_id ||
+        session.render_frame_id != render_frame_id)
+      continue;
+    if (!session.is_extension_trusted || !session.is_capturing_link_secure)
+      return true;
+  }
+  return false;
+}
+
+void CaptureAccessHandlerBase::UpdateCapturingLinkSecured(int render_process_id,
+                                                          int render_frame_id,
+                                                          int page_request_id,
+                                                          bool is_secure) {
+  std::list<CaptureAccessHandlerBase::Session>::iterator it =
+      FindSession(render_process_id, render_frame_id, page_request_id);
+  if (it != sessions_.end()) {
+    it->is_capturing_link_secure = is_secure;
+    VLOG(2) << "UpdateCapturingLinkSecured:"
+            << " render_process_id: " << render_process_id
+            << " render_frame_id: " << render_frame_id
+            << " page_request_id: " << page_request_id
+            << " is_capturing_link_secure: " << is_secure;
+  }
+}
+
+bool CaptureAccessHandlerBase::IsExtensionWhitelistedForScreenCapture(
+    const extensions::Extension* extension) {
+  if (!extension)
+    return false;
+
+#if defined(OS_CHROMEOS)
+  std::string hash = base::SHA1HashString(extension->id());
+  std::string hex_hash = base::HexEncode(hash.c_str(), hash.length());
+
+  // crbug.com/446688
+  return hex_hash == "4F25792AF1AA7483936DE29C07806F203C7170A0" ||
+         hex_hash == "BD8781D757D830FC2E85470A1B6E8A718B7EE0D9" ||
+         hex_hash == "4AC2B6C63C6480D150DFDA13E4A5956EB1D0DDBB" ||
+         hex_hash == "81986D4F846CEDDDB962643FA501D1780DD441BB";
+#else
+  return false;
+#endif  // defined(OS_CHROMEOS)
+}
+
+bool CaptureAccessHandlerBase::IsBuiltInExtension(const GURL& origin) {
+  return
+      // Feedback Extension.
+      origin.spec() == "chrome-extension://gfdkimpbcpahaombhbimeihdjnejgicl/";
+}