content/browser/renderer_host/media/audio_output_authorization_handler.h - Issue 2424163004: Factor out authorization from AudioRendererHost.

Side by Side Diff: content/browser/renderer_host/media/audio_output_authorization_handler.h

Issue 2424163004: Factor out authorization from AudioRendererHost. (Closed)

Patch Set: . Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « content/browser/renderer_host/media/audio_input_device_manager.cc ('k') | content/browser/renderer_host/media/audio_output_authorization_handler.cc » ('j') | content/browser/renderer_host/media/audio_output_authorization_handler.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2016 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 // This class implements authorization checking for AudioRendererHost.

	6 #ifndef CONTENT_BROWSER_RENDERER_HOST_MEDIA_AUDIO_OUTPUT_AUTHORIZATION_HANDLER_H _

	7 #define CONTENT_BROWSER_RENDERER_HOST_MEDIA_AUDIO_OUTPUT_AUTHORIZATION_HANDLER_H _

	8

	9 #include <memory>

	10 #include <string>

	11 #include <utility>

	12

	13 #include "base/callback_forward.h"

	14 #include "base/memory/weak_ptr.h"

	15 #include "content/browser/media/media_devices_permission_checker.h"

	16 #include "content/browser/renderer_host/media/media_stream_manager.h"

	17 #include "media/audio/audio_device_description.h"

	18 #include "media/audio/audio_manager.h"

	19 #include "media/base/audio_parameters.h"

	20 #include "media/base/output_device_info.h"

	21

	22 namespace content {

	23

	24 // This class, which lives on the IO thread, handles the logic of an IPC device

	25 // request from the renderer. It checks which device to use (in case of using

	26 // session_id to select device), verifies that the renderer is authorized to use

	27 // the device, and gets the default device parameters for the selected audio

	28 // device.

	29 class CONTENT_EXPORT AudioOutputAuthorizationHandler {

	30 public:

	31 // The result of an authorization check. In addition to the status,

	32 // it indicates whether a device was found using the session_id in the

	33 // variable should_send_id, in which case the renderer expects to get the id
	Guido Urdaneta 2016/11/16 12:40:19 should_send_id -> \|should_send_id\|. Also, why is t should_send_id -> \|should_send_id\|. Also, why is this necessary? The renderer always knows if it needs to read the device_id coming in the reply or not. \|translated_device_id\| is not a good name since it could be interpreted as translated to raw or translated to hashed (as happened to me in a previous round). Since this is intended to be raw, perhaps it's better to use \|raw_device_id\|. Finally, wouldn't it be more consistent for this class to receive and return hashed IDs instead of receiving hashed IDs and returning raw IDs? It would provide a better path for a mojo migration since this callback would be the callback sent by the mojo client. Max Morin 2016/11/16 14:12:19 The ARH (and mojo replacement) needs to know if it Show quoted text On 2016/11/16 12:40:19, Guido Urdaneta wrote: > should_send_id -> \|should_send_id\|. Also, why is this necessary? > The renderer always knows if it needs to read the device_id coming in the reply > or not. > > \|translated_device_id\| is not a good name since it could be interpreted as > translated to raw or translated to hashed (as happened to me in a previous > round). Since this is intended to be raw, perhaps it's better to use > \|raw_device_id\|. > > Finally, wouldn't it be more consistent for this class to receive and return > hashed IDs instead of receiving hashed IDs and returning raw IDs? > It would provide a better path for a mojo migration since this callback would be > the callback sent by the mojo client. The ARH (and mojo replacement) needs to know if it should send the id to the renderer. This is what \|should_send_id\| indicates. They also need the raw id for the stream, since the raw id is the one that the audio manager expects. The current plan is not to just send the callback from the renderer straight here, there will be a class in-between (~taking the place of AudioRendererHost). Guido Urdaneta 2016/11/16 14:28:33 I see. You can't send an empty string for some of Show quoted text On 2016/11/16 14:12:19, Max Morin Chromium wrote: > On 2016/11/16 12:40:19, Guido Urdaneta wrote: > > should_send_id -> \|should_send_id\|. Also, why is this necessary? > > The renderer always knows if it needs to read the device_id coming in the > reply > > or not. > > > > \|translated_device_id\| is not a good name since it could be interpreted as > > translated to raw or translated to hashed (as happened to me in a previous > > round). Since this is intended to be raw, perhaps it's better to use > > \|raw_device_id\|. > > > > Finally, wouldn't it be more consistent for this class to receive and return > > hashed IDs instead of receiving hashed IDs and returning raw IDs? > > It would provide a better path for a mojo migration since this callback would > be > > the callback sent by the mojo client. > > The ARH (and mojo replacement) needs to know if it should send the id to the > renderer. This is what \|should_send_id\| indicates. They also need the raw id for > the stream, since the raw id is the one that the audio manager expects. The > current plan is not to just send the callback from the renderer straight here, > there will be a class in-between (~taking the place of AudioRendererHost). I see. You can't send an empty string for some of the cases where \|should_send_id\| is false because you need the ID to create the streams in ARH.
	34 // hash. It also has the default audio parameters for the device, and the id

	35 // for the device, which is needed to open a stream for the device. This id

	36 // is not hashed, so it must be hashed before sending it to the renderer.

	37 // TODO(maxmorin): Change to OnceCallback once base:: code is ready for it.

	38 using AuthorizationCompletedCallback =

	39 base::Callback<void(media::OutputDeviceStatus status,

	40 bool should_send_id,

	41 const media::AudioParameters& params,

	42 const std::string& translated_device_id)>;

	43

	44 AudioOutputAuthorizationHandler(MediaStreamManager* media_stream_manager,

	45 int render_process_id_,

	46 const std::string& salt);

	47

	48 ~AudioOutputAuthorizationHandler();

	49

	50 // Checks authorization of the device with the hashed id device_id for the

	51 // given render frame id and security origin, or uses session_id for

	52 // authorization. Looks up device id (if session_id is used for device

	53 // selection) and default device parameters.

	54 void RequestDeviceAuthorization(int render_frame_id,

	55 int session_id,

	56 const std::string& device_id,

	57 const url::Origin& security_origin,

	58 AuthorizationCompletedCallback cb) const;

	59

	60 void OverridePermissionsForTesting(bool override_value);
	Guido Urdaneta 2016/11/16 12:40:19 Document what \|override_value\| means. Document what \|override_value\| means. Max Morin 2016/11/16 14:12:19 Done. Show quoted text On 2016/11/16 12:40:19, Guido Urdaneta wrote: > Document what \|override_value\| means. Done.
	61

	62 private:

	63 // The comments give a simplified overview of implementation. The sequence of

	64 // calls can be broken at various places, e.g. if access rights are missing or

	65 // the device cannot be found. In this case, a non-ok status indicating the

	66 // error is returned through the callback.

	67

	68 // RequestDeviceAuthorization will check if session_id should be used. If yes,
	Guido Urdaneta 2016/11/16 12:40:19 session_id -> \|session_id\| I think such detailed session_id -> \|session_id\| I think such detailed comments for the private methods are overkill and will be a maintenance burden as the implementation changes over time. I would prefer shorter comments that explain what the methods do (or why) or no comment at all, than this kind of detailed comment saying how the methods do what they do. Max Morin 2016/11/16 14:12:19 I don't disagree, but I'm not sure how I would fin Show quoted text On 2016/11/16 12:40:19, Guido Urdaneta wrote: > session_id -> \|session_id\| > > I think such detailed comments for the private methods are overkill and will be > a maintenance burden as the implementation changes over time. > I would prefer shorter comments that explain what the methods do (or why) or no > comment at all, than this kind of detailed comment saying how the methods do > what they do. I don't disagree, but I'm not sure how I would find a solution that both you and Olga find acceptable, since she wanted more comments here. Guido Urdaneta 2016/11/16 14:28:33 I'm OK with comments that clarify what the method Show quoted text On 2016/11/16 14:12:19, Max Morin Chromium wrote: > On 2016/11/16 12:40:19, Guido Urdaneta wrote: > > session_id -> \|session_id\| > > > > I think such detailed comments for the private methods are overkill and will > be > > a maintenance burden as the implementation changes over time. > > I would prefer shorter comments that explain what the methods do (or why) or > no > > comment at all, than this kind of detailed comment saying how the methods do > > what they do. > > I don't disagree, but I'm not sure how I would find a solution that both you and > Olga find acceptable, since she wanted more comments here. I'm OK with comments that clarify what the method does if the name is not sufficiently obvious. For example, I would leave the first sentence in the comment for TranslateDeviceID, but remove the second. Details about the internal implementation details are never as precise as the code and can easily become obsolete.
	69 // fetch saved device and parameters and skip to DeviceParametersRecieved.

	70 // Otherwise, check whether the renderer has access to the output device

	71 // (async in case of a nondefault device). Result goes to AccessChecked.

	72

	73 // Calls GetDeviceParameters for default devices. Nondefault devices first

	74 // goes to TranslateDeviceId.

	75 void AccessChecked(AuthorizationCompletedCallback cb,

	76 const std::string& device_id,

	77 const url::Origin& security_origin,

	78 bool have_access) const;

	79

	80 // Takes the hashed device id device_id and finds the corresponding raw device

	81 // id. After that, it calls GetDeviceParameters with the result.

	82 void TranslateDeviceID(AuthorizationCompletedCallback cb,

	83 const std::string& device_id,

	84 const url::Origin& security_origin,

	85 const MediaDeviceEnumeration& enumeration) const;

	86

	87 // Takes a raw device id and gets the default device parameters for the device

	88 // from the OS. Calls DeviceParametersReceived.

	89 void GetDeviceParameters(AuthorizationCompletedCallback cb,

	90 const std::string& translated_device_id) const;

	91

	92 // Returns by calling the callback. should_send_id indicates whether the

	93 // renderer expects to get the chosen id back, which is the case if a device
	Guido Urdaneta 2016/11/16 12:40:19 The original contract was to let the renderer know The original contract was to let the renderer know which output device was going to be used, not if a match was found. Therefore, the empty string (default device) was sent when no device was found. For the case when the renderer already knows the device ID, the empty string was sent as a don't-care value. Max Morin 2016/11/16 14:12:19 Yes, I preserve this behavior by providing the Aud Show quoted text On 2016/11/16 12:40:19, Guido Urdaneta wrote: > The original contract was to let the renderer know which output device was going > to be used, not if a match was found. Therefore, the empty string (default > device) was sent when no device was found. > For the case when the renderer already knows the device ID, the empty string was > sent as a don't-care value. Yes, I preserve this behavior by providing the AudioRendererHost with a bool indicating if this is a request for which a device was found for a specific session id.
	94 // was found using a session id.

	95 void DeviceParametersReceived(

	96 AuthorizationCompletedCallback cb,

	97 bool should_send_id,

	98 const std::string& translated_device_id,

	99 const media::AudioParameters& output_params) const;

	100

	101 MediaStreamManager* const media_stream_manager_;

	102 std::unique_ptr<MediaDevicesPermissionChecker> permission_checker_;

	103 const int render_process_id_;

	104 const std::string salt_;

	105 // All access is on the IO thread, and taking a weak pointer to const looks

	106 // const, so this can be mutable.

	107 mutable base::WeakPtrFactory<const AudioOutputAuthorizationHandler>

	108 weak_factory_;

	109

	110 DISALLOW_COPY_AND_ASSIGN(AudioOutputAuthorizationHandler);

	111 };

	112

	113 } // namespace content

	114

	115 #endif // CONTENT_BROWSER_RENDERER_HOST_MEDIA_AUDIO_OUTPUT_AUTHORIZATION_HANDLE R_H_

OLD	NEW