Allow SAML logins to use the webcam

chrome/browser/chromeos/login/ui/webui_login_view.cc

Index: chrome/browser/chromeos/login/ui/webui_login_view.cc
diff --git a/chrome/browser/chromeos/login/ui/webui_login_view.cc b/chrome/browser/chromeos/login/ui/webui_login_view.cc
index 27c42e222d8ea2beb060506ca9d9df5ef192b262..7ba9ea1ddb6f7403e956bb3895a3779ab719f0ca 100644
--- a/chrome/browser/chromeos/login/ui/webui_login_view.cc
+++ b/chrome/browser/chromeos/login/ui/webui_login_view.cc
@@ -31,6 +31,8 @@
 #include "chromeos/dbus/session_manager_client.h"
 #include "chromeos/network/network_state.h"
 #include "chromeos/network/network_state_handler.h"
+#include "chromeos/settings/cros_settings_names.h"
+#include "components/content_settings/core/common/content_settings_pattern.h"
 #include "components/password_manager/core/browser/password_manager.h"
 #include "components/web_modal/web_contents_modal_dialog_manager.h"
 #include "content/public/browser/notification_service.h"
@@ -435,8 +437,42 @@ void WebUILoginView::RequestMediaAccessPermission(
     const content::MediaStreamRequest& request,
     const content::MediaResponseCallback& callback) {
   MediaStreamDevicesController controller(web_contents, request, callback);
-  if (controller.IsAskingForVideo() || controller.IsAskingForAudio())
-    NOTREACHED() << "Media stream not allowed for WebUI";
+  if (controller.IsAskingForAudio() || !controller.IsAskingForVideo()) {
+    controller.PermissionDenied();

[bartfab (slow), 2016/05/02 10:30:28]

Nit: It would still make sense to have a NOTREACHED() in here for debugging
purposes.

[Kevin Cernekee, 2016/05/02 20:02:29]

It isn't a Chrome bug (i.e. assertion failure) if the site requests audio. 
We'll just deny it.

Could log a warning, although we don't log the other denials.

+    return;
+  }
+
+  chromeos::CrosSettings* settings = chromeos::CrosSettings::Get();

[bartfab (slow), 2016/05/02 10:30:28]

Nit 1: const pointer.
Nit 2: #include "chrome/browser/chromeos/settings/cros_settings.h"

[Kevin Cernekee, 2016/05/02 20:02:29]

Done.

+  if (!settings) {
+    controller.PermissionDenied();
+    return;
+  }
+
+  const base::Value* raw_types_value =

[bartfab (slow), 2016/05/02 10:30:28]

Nit: const pointer.

[Kevin Cernekee, 2016/05/02 20:02:29]

Done.

+      settings->GetPref(chromeos::kLoginVideoCaptureAllowedUrls);

[bartfab (slow), 2016/05/02 10:30:28]

Nit: s/chromeos:://

[Kevin Cernekee, 2016/05/02 20:02:29]

Done.

+  if (!raw_types_value) {
+    controller.PermissionDenied();
+    return;
+  }
+
+  const base::ListValue* types_value;
+  CHECK(raw_types_value->GetAsList(&types_value));

[bartfab (slow), 2016/05/02 10:30:28]

Nit: #include "base/logging.h"

[Kevin Cernekee, 2016/05/02 20:02:29]

Done.

+  for (size_t i = 0; i < types_value->GetSize(); ++i) {

[emaxx, 2016/05/02 18:42:08]

Nit: Range-based for loop?

[Kevin Cernekee, 2016/05/02 20:02:29]

Done.

+    std::string value;
+    if (types_value->GetString(i, &value)) {
+      ContentSettingsPattern pattern =
+          ContentSettingsPattern::FromString(value);
+      if (pattern == ContentSettingsPattern::Wildcard()) {
+        LOG(WARNING) << "Ignoring wildcard URL pattern: " << value;
+        continue;
+      }
+      if (pattern.IsValid() && pattern.Matches(request.security_origin)) {
+        controller.PermissionGranted();
+        return;
+      }
+    }
+  }
+  controller.PermissionDenied();
 }
 
 bool WebUILoginView::CheckMediaAccessPermission(