Make default media device ID salts random by default

content/browser/renderer_host/media/media_stream_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/renderer_host/media/media_stream_manager.h"
 
 #include <stddef.h>
 #include <stdint.h>
 #include <string.h>
 #include <algorithm>
@@ skipping 159 matching lines @@
                                 const StreamDeviceInfoArray& device_infos) {
   std::string output_string =
       base::StringPrintf("Getting devices for stream type %d:\n", stream_type);
   if (device_infos.empty())
     return output_string + "No devices found.";
   for (const content::StreamDeviceInfo& device_info : device_infos)
     output_string += "  " + device_info.device.name + "\n";
   return output_string;
 }
 
-// Needed for MediaStreamManager::GenerateStream below.
-std::string ReturnEmptySalt() {
-  return std::string();
-}
-
 // Clears the MediaStreamDevice.name from all devices in |devices|.
 void ClearDeviceLabels(content::StreamDeviceInfoArray* devices) {
   for (content::StreamDeviceInfo& device_info : *devices)
     device_info.device.name.clear();
 }
 
 bool CalledOnIOThread() {
   // Check if this function call is on the IO thread, except for unittests where
   // an IO thread might not have been created.
   return BrowserThread::CurrentlyOn(BrowserThread::IO) ||
@@ skipping 16 matching lines @@
 class MediaStreamManager::DeviceRequest {
  public:
   DeviceRequest(MediaStreamRequester* requester,
                 int requesting_process_id,
                 int requesting_frame_id,
                 int page_request_id,
                 const url::Origin& security_origin,
                 bool user_gesture,
                 MediaStreamRequestType request_type,
                 const StreamControls& controls,
-                const ResourceContext::SaltCallback& salt_callback)
+                const std::string& salt)
       : requester(requester),
         requesting_process_id(requesting_process_id),
         requesting_frame_id(requesting_frame_id),
         page_request_id(page_request_id),
         security_origin(security_origin),
         user_gesture(user_gesture),
         request_type(request_type),
         controls(controls),
-        salt_callback(salt_callback),
+        salt(salt),
         state_(NUM_MEDIA_TYPES, MEDIA_REQUEST_STATE_NOT_REQUESTED),
         audio_type_(MEDIA_NO_SERVICE),
         video_type_(MEDIA_NO_SERVICE),
         target_process_id_(-1),
         target_frame_id_(-1) {}
 
   ~DeviceRequest() {}
 
   void SetAudioType(MediaStreamType audio_type) {
     DCHECK(IsAudioInputMediaType(audio_type) ||
@@ skipping 98 matching lines @@
   const int page_request_id;
 
   const url::Origin security_origin;
 
   const bool user_gesture;
 
   const MediaStreamRequestType request_type;
 
   const StreamControls controls;
 
-  ResourceContext::SaltCallback salt_callback;
+  const std::string salt;
 
   StreamDeviceInfoArray devices;
 
   // Callback to the requester which audio/video devices have been selected.
   // It can be null if the requester has no interest to know the result.
   // Currently it is only used by |DEVICE_ACCESS| type.
   MediaStreamManager::MediaRequestResponseCallback callback;
 
   std::unique_ptr<MediaStreamUIProxy> ui_proxy;
 
@@ skipping 99 matching lines @@
     int render_process_id,
     int render_frame_id,
     int page_request_id,
     const StreamControls& controls,
     const url::Origin& security_origin,
     const MediaRequestResponseCallback& callback) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
 
   // TODO(perkj): The argument list with NULL parameters to DeviceRequest
   // suggests that this is the wrong design. Can this be refactored?
-  DeviceRequest* request = new DeviceRequest(
-      NULL, render_process_id, render_frame_id, page_request_id,
-      security_origin,
-      false,  // user gesture
-      MEDIA_DEVICE_ACCESS, controls, base::Bind(&ReturnEmptySalt));
+  DeviceRequest* request =
+      new DeviceRequest(NULL, render_process_id, render_frame_id,
+                        page_request_id, security_origin,
+                        false,  // user gesture
+                        MEDIA_DEVICE_ACCESS, controls, std::string());
 
   const std::string& label = AddRequest(request);
 
   request->callback = callback;
   // Post a task and handle the request asynchronously. The reason is that the
   // requester won't have a label for the request until this function returns
   // and thus can not handle a response. Using base::Unretained is safe since
   // MediaStreamManager is deleted on the UI thread, after the IO thread has
   // been stopped.
   BrowserThread::PostTask(
       BrowserThread::IO, FROM_HERE,
       base::Bind(&MediaStreamManager::SetupRequest,
                  base::Unretained(this), label));
   return label;
 }
 
 void MediaStreamManager::GenerateStream(MediaStreamRequester* requester,
                                         int render_process_id,
                                         int render_frame_id,
-                                        const ResourceContext::SaltCallback& sc,
+                                        const std::string& salt,
                                         int page_request_id,
                                         const StreamControls& controls,
                                         const url::Origin& security_origin,
                                         bool user_gesture) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   DVLOG(1) << "GenerateStream()";
 
   DeviceRequest* request = new DeviceRequest(
       requester, render_process_id, render_frame_id, page_request_id,
-      security_origin, user_gesture, MEDIA_GENERATE_STREAM, controls, sc);
+      security_origin, user_gesture, MEDIA_GENERATE_STREAM, controls, salt);
 
   const std::string& label = AddRequest(request);
 
   // Post a task and handle the request asynchronously. The reason is that the
   // requester won't have a label for the request until this function returns
   // and thus can not handle a response. Using base::Unretained is safe since
   // MediaStreamManager is deleted on the UI thread, after the IO thread has
   // been stopped.
   BrowserThread::PostTask(
       BrowserThread::IO, FROM_HERE,
@@ skipping 164 matching lines @@
         request->SetState(type, MEDIA_REQUEST_STATE_CLOSING);
       }
     }
   }
 }
 
 std::string MediaStreamManager::EnumerateDevices(
     MediaStreamRequester* requester,
     int render_process_id,
     int render_frame_id,
-    const ResourceContext::SaltCallback& sc,
+    const std::string& salt,
     int page_request_id,
     MediaStreamType type,
     const url::Origin& security_origin) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   DCHECK(requester);
   DCHECK(type == MEDIA_DEVICE_AUDIO_CAPTURE ||
          type == MEDIA_DEVICE_VIDEO_CAPTURE ||
          type == MEDIA_DEVICE_AUDIO_OUTPUT);
 
   DeviceRequest* request =
       new DeviceRequest(requester, render_process_id, render_frame_id,
                         page_request_id, security_origin,
                         false,  // user gesture
-                        MEDIA_ENUMERATE_DEVICES, StreamControls(), sc);
+                        MEDIA_ENUMERATE_DEVICES, StreamControls(), salt);
   if (IsAudioInputMediaType(type) || type == MEDIA_DEVICE_AUDIO_OUTPUT)
     request->SetAudioType(type);
   else if (IsVideoMediaType(type))
     request->SetVideoType(type);
 
   const std::string& label = AddRequest(request);
   // Post a task and handle the request asynchronously. The reason is that the
   // requester won't have a label for the request until this function returns
   // and thus can not handle a response. Using base::Unretained is safe since
   // MediaStreamManager is deleted on the UI thread, after the IO thread has
@@ skipping 81 matching lines @@
     }
   }
 
   --active_enumeration_ref_count_[MEDIA_DEVICE_AUDIO_OUTPUT];
   DCHECK_GE(active_enumeration_ref_count_[MEDIA_DEVICE_AUDIO_OUTPUT], 0);
 }
 
 void MediaStreamManager::OpenDevice(MediaStreamRequester* requester,
                                     int render_process_id,
                                     int render_frame_id,
-                                    const ResourceContext::SaltCallback& sc,
+                                    const std::string& salt,
                                     int page_request_id,
                                     const std::string& device_id,
                                     MediaStreamType type,
                                     const url::Origin& security_origin) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   DCHECK(type == MEDIA_DEVICE_AUDIO_CAPTURE ||
          type == MEDIA_DEVICE_VIDEO_CAPTURE);
   DVLOG(1) << "OpenDevice ({page_request_id = " << page_request_id <<  "})";
   StreamControls controls;
   if (IsAudioInputMediaType(type)) {
     controls.audio.requested = true;
     controls.audio.device_ids.push_back(device_id);
   } else if (IsVideoMediaType(type)) {
     controls.video.requested = true;
     controls.video.device_ids.push_back(device_id);
   } else {
     NOTREACHED();
   }
   DeviceRequest* request =
       new DeviceRequest(requester, render_process_id, render_frame_id,
                         page_request_id, security_origin,
                         false,  // user gesture
-                        MEDIA_OPEN_DEVICE_PEPPER_ONLY, controls, sc);
+                        MEDIA_OPEN_DEVICE_PEPPER_ONLY, controls, salt);
 
   const std::string& label = AddRequest(request);
   // Post a task and handle the request asynchronously. The reason is that the
   // requester won't have a label for the request until this function returns
   // and thus can not handle a response. Using base::Unretained is safe since
   // MediaStreamManager is deleted on the UI thread, after the IO thread has
   // been stopped.
   BrowserThread::PostTask(
       BrowserThread::IO, FROM_HERE,
       base::Bind(&MediaStreamManager::SetupRequest,
                  base::Unretained(this), label));
 }
 
 bool MediaStreamManager::TranslateSourceIdToDeviceId(
     MediaStreamType stream_type,
-    const ResourceContext::SaltCallback& sc,
+    const std::string& salt,
     const url::Origin& security_origin,
     const std::string& source_id,
     std::string* device_id) const {
   DCHECK(stream_type == MEDIA_DEVICE_AUDIO_CAPTURE ||
          stream_type == MEDIA_DEVICE_VIDEO_CAPTURE);
   // The source_id can be empty if the constraint is set but empty.
   if (source_id.empty())
     return false;
 
   const EnumerationCache* cache =
       stream_type == MEDIA_DEVICE_AUDIO_CAPTURE ?
       &audio_enumeration_cache_ : &video_enumeration_cache_;
 
   // If device monitoring hasn't started, the |device_guid| is not valid.
   if (!cache->valid)
     return false;
 
   for (const StreamDeviceInfo& device_info : cache->devices) {
-    if (DoesMediaDeviceIDMatchHMAC(sc, security_origin, source_id,
+    if (DoesMediaDeviceIDMatchHMAC(salt, security_origin, source_id,
                                    device_info.device.id)) {
       *device_id = device_info.device.id;
       return true;
     }
   }
   return false;
 }
 
 void MediaStreamManager::EnsureDeviceMonitorStarted() {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
@@ skipping 22 matching lines @@
     }
   }
 }
 
 void MediaStreamManager::StopRemovedDevice(const MediaStreamDevice& device) {
   std::vector<int> session_ids;
   for (const LabeledDeviceRequest& labeled_request : requests_) {
     const DeviceRequest* request = labeled_request.second;
     for (const StreamDeviceInfo& device_info : request->devices) {
       const std::string source_id = GetHMACForMediaDeviceID(
-          request->salt_callback, request->security_origin, device.id);
+          request->salt, request->security_origin, device.id);
       if (device_info.device.id == source_id &&
           device_info.device.type == device.type) {
         session_ids.push_back(device_info.session_id);
         if (labeled_request.second->requester) {
           labeled_request.second->requester->DeviceStopped(
               labeled_request.second->requesting_frame_id,
               labeled_request.first, device_info);
         }
       }
     }
@@ skipping 68 matching lines @@
   // fixed.
   tracked_objects::ScopedTracker tracking_profile3(
       FROM_HERE_WITH_EXPLICIT_FUNCTION(
           "458404 MediaStreamManager::DeviceMonitorMac::StartMonitoring"));
   browser_main_loop->device_monitor_mac()->StartMonitoring(task_runner);
 }
 #endif
 
 // Pick the first valid (translatable) device ID from lists of required
 // and optional IDs.
-bool MediaStreamManager::PickDeviceId(
-    MediaStreamType type,
-    const ResourceContext::SaltCallback& salt_callback,
-    const url::Origin& security_origin,
-    const TrackControls& controls,
-    std::string* device_id) const {
+bool MediaStreamManager::PickDeviceId(MediaStreamType type,
+                                      const std::string& salt,
+                                      const url::Origin& security_origin,
+                                      const TrackControls& controls,
+                                      std::string* device_id) const {
   if (!controls.device_ids.empty()) {
     if (controls.device_ids.size() > 1) {
       LOG(ERROR) << "Only one required device ID is supported";
       return false;
     }
     const std::string& candidate_id = controls.device_ids[0];
-    if (!TranslateSourceIdToDeviceId(type, salt_callback, security_origin,
-                                     candidate_id, device_id)) {
+    if (!TranslateSourceIdToDeviceId(type, salt, security_origin, candidate_id,
+                                     device_id)) {
       LOG(WARNING) << "Invalid mandatory capture ID = " << candidate_id;
       return false;
     }
     return true;
   }
   // We don't have a required ID. Look at the alternates.
   for (const std::string& candidate_id : controls.alternate_device_ids) {
-    if (TranslateSourceIdToDeviceId(type, salt_callback, security_origin,
-                                    candidate_id, device_id)) {
+    if (TranslateSourceIdToDeviceId(type, salt, security_origin, candidate_id,
+                                    device_id)) {
       return true;
     } else {
       LOG(WARNING) << "Invalid optional capture ID = " << candidate_id;
     }
   }
   return true;  // If we get here, device_id is empty.
 }
 
 bool MediaStreamManager::GetRequestedDeviceCaptureId(
     const DeviceRequest* request,
     MediaStreamType type,
     std::string* device_id) const {
   if (type == MEDIA_DEVICE_AUDIO_CAPTURE) {
-    return PickDeviceId(type, request->salt_callback, request->security_origin,
-                        request->controls.audio,
-                        device_id);
+    return PickDeviceId(type, request->salt, request->security_origin,
+                        request->controls.audio, device_id);
   } else if (type == MEDIA_DEVICE_VIDEO_CAPTURE) {
-    return PickDeviceId(type, request->salt_callback, request->security_origin,
-                        request->controls.video,
-                        device_id);
+    return PickDeviceId(type, request->salt, request->security_origin,
+                        request->controls.video, device_id);
   } else {
     NOTREACHED();
   }
   return false;
 }
 
 void MediaStreamManager::TranslateDeviceIdToSourceId(
     DeviceRequest* request,
     MediaStreamDevice* device) {
   if (request->audio_type() == MEDIA_DEVICE_AUDIO_CAPTURE ||
       request->audio_type() == MEDIA_DEVICE_AUDIO_OUTPUT ||
       request->video_type() == MEDIA_DEVICE_VIDEO_CAPTURE) {
-    device->id = GetHMACForMediaDeviceID(request->salt_callback,
+    device->id = GetHMACForMediaDeviceID(request->salt,
                                          request->security_origin, device->id);
   }
 }
 
 void MediaStreamManager::ClearEnumerationCache(EnumerationCache* cache) {
   DCHECK(CalledOnIOThread());
   cache->valid = false;
 }
 
 bool MediaStreamManager::EnumerationRequired(EnumerationCache* cache,
@@ skipping 321 matching lines @@
 }
 
 bool MediaStreamManager::FindExistingRequestedDeviceInfo(
     const DeviceRequest& new_request,
     const MediaStreamDevice& new_device_info,
     StreamDeviceInfo* existing_device_info,
     MediaRequestState* existing_request_state) const {
   DCHECK(existing_device_info);
   DCHECK(existing_request_state);
 
-  std::string source_id =
-      GetHMACForMediaDeviceID(new_request.salt_callback,
-                              new_request.security_origin, new_device_info.id);
+  std::string source_id = GetHMACForMediaDeviceID(
+      new_request.salt, new_request.security_origin, new_device_info.id);
 
   for (const LabeledDeviceRequest& labeled_request : requests_) {
     const DeviceRequest* request = labeled_request.second;
     if (request->requesting_process_id == new_request.requesting_process_id &&
         request->requesting_frame_id == new_request.requesting_frame_id &&
         request->request_type == new_request.request_type) {
       for (const StreamDeviceInfo& device_info : request->devices) {
         if (device_info.device.id == source_id &&
             device_info.device.type == new_device_info.type) {
           *existing_device_info = device_info;
@@ skipping 722 matching lines @@
 }
 
 void MediaStreamManager::NotifyDeviceChangeSubscribers(MediaStreamType type) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   for (auto* subscriber : device_change_subscribers_)
     subscriber->DevicesChanged(type);
 }
 
 // static
 std::string MediaStreamManager::GetHMACForMediaDeviceID(
-    const ResourceContext::SaltCallback& sc,
+    const std::string& salt,
     const url::Origin& security_origin,
     const std::string& raw_unique_id) {
   DCHECK(!raw_unique_id.empty());
   if (raw_unique_id == media::AudioDeviceDescription::kDefaultDeviceId ||
       raw_unique_id == media::AudioDeviceDescription::kCommunicationsDeviceId) {
     return raw_unique_id;
   }
 
   crypto::HMAC hmac(crypto::HMAC::SHA256);
   const size_t digest_length = hmac.DigestLength();
   std::vector<uint8_t> digest(digest_length);
-  std::string salt = sc.Run();
   bool result = hmac.Init(security_origin.Serialize()) &&
                 hmac.Sign(raw_unique_id + salt, &digest[0], digest.size());
   DCHECK(result);
   return base::ToLowerASCII(base::HexEncode(&digest[0], digest.size()));
 }
 
 // static
 bool MediaStreamManager::DoesMediaDeviceIDMatchHMAC(
-    const ResourceContext::SaltCallback& sc,
+    const std::string& salt,
     const url::Origin& security_origin,
     const std::string& device_guid,
     const std::string& raw_unique_id) {
   DCHECK(!raw_unique_id.empty());
   std::string guid_from_raw_device_id =
-      GetHMACForMediaDeviceID(sc, security_origin, raw_unique_id);
+      GetHMACForMediaDeviceID(salt, security_origin, raw_unique_id);
   return guid_from_raw_device_id == device_guid;
 }
 
 // static
 bool MediaStreamManager::IsOriginAllowed(int render_process_id,
                                          const url::Origin& origin) {
   if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanRequestURL(
           render_process_id, ConvertToGURL(origin))) {
     LOG(ERROR) << "MSM: Renderer requested a URL it's not allowed to use.";
     return false;
@@ skipping 17 matching lines @@
       if (device_info.session_id == session_id &&
           device_info.device.type == type) {
         request->SetCapturingLinkSecured(is_secure);
         return;
       }
     }
   }
 }
 
 }  // namespace content