Public Sessions - prompt the user for audioCapture/videoCapture requests

chrome/browser/media/public_session_media_access_handler.h

Index: chrome/browser/media/public_session_media_access_handler.h
diff --git a/chrome/browser/media/public_session_media_access_handler.h b/chrome/browser/media/public_session_media_access_handler.h
new file mode 100644
index 0000000000000000000000000000000000000000..90ad64e327d6e1a05559a353d4ee226065e11789
--- /dev/null
+++ b/chrome/browser/media/public_session_media_access_handler.h
@@ -0,0 +1,81 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_MEDIA_PUBLIC_SESSION_MEDIA_ACCESS_HANDLER_H_
+#define CHROME_BROWSER_MEDIA_PUBLIC_SESSION_MEDIA_ACCESS_HANDLER_H_
+
+#include "chrome/browser/extensions/extension_install_prompt.h"
+#include "chrome/browser/media/extension_media_access_handler.h"
+#include "chrome/browser/media/media_access_handler.h"
+#include "content/public/common/media_stream_request.h"
+#include "extensions/common/extension_id.h"
+
+// MediaAccessHandler for extension capturing requests in Public Sessions. This
+// class is implemented as a wrapper around ExtensionMediaAccessHandler. It
+// allows for finer access control to audioCapture/videoCapture manifest
+// permission features inside of Public Sessions.
+//
+// In Public Sessions extensions are installed by admin policy hence they can
+// freely use the camera and microphone without the user knowing. This is not
+// acceptable from a security/privacy standpoint so we show the user a dialog
+// where he can choose whether to allow the extension access to camera and/or

[Devlin, 2016/11/30 19:02:48]

drive-by nit: prefer "they" (I wonder why this wasn't caught by
https://cs.chromium.org/chromium/tools/depot_tools/presubmit_canned_checks.py...
?)

[Ivan Šandrk, 2016/12/01 17:32:04]

Done.

+// microphone. Note: camera and microphone are used through audioCapture and
+// videoCapture manifest permissions which are limited to platform apps only.
+class PublicSessionMediaAccessHandler : public MediaAccessHandler {

[Devlin, 2016/11/30 19:02:48]

What's the lifetime of this object?

[Ivan Šandrk, 2016/12/01 17:32:05]

Let's merge this discussion with the one regarding safety of using
base::Unretained.

+ public:
+  explicit PublicSessionMediaAccessHandler(
+      ExtensionMediaAccessHandler& extension_media_access_handler);

[Devlin, 2016/11/30 19:02:48]

we disallow non-const references passed into functions or as members by style.

[Ivan Šandrk, 2016/12/01 17:32:05]

Acknowledged.

+  ~PublicSessionMediaAccessHandler() override;
+
+  // MediaAccessHandler implementation.
+  bool SupportsStreamType(const content::MediaStreamType type,
+                          const extensions::Extension* extension) override;
+  bool CheckMediaAccessPermission(
+      content::WebContents* web_contents,
+      const GURL& security_origin,
+      content::MediaStreamType type,
+      const extensions::Extension* extension) override;
+  void HandleRequest(content::WebContents* web_contents,
+                     const content::MediaStreamRequest& request,
+                     const content::MediaResponseCallback& callback,
+                     const extensions::Extension* extension) override;
+
+ private:
+  // Helper function used to chain the HandleRequest call into the original
+  // inside of ExtensionMediaAccessHandler.
+  void ChainHandleRequest(content::WebContents* web_contents,
+                          const content::MediaStreamRequest& request,
+                          const content::MediaResponseCallback& callback,
+                          const extensions::Extension* extension);
+
+  // Function used to resolve user decision regarding allowing audio/video.
+  void ResolvePermissionPrompt(
+      content::WebContents* web_contents,
+      const content::MediaStreamRequest& request,
+      const content::MediaResponseCallback& callback,
+      const extensions::Extension* extension,
+      std::unique_ptr<ExtensionInstallPrompt> prompt,
+      ExtensionInstallPrompt::Result prompt_result);
+
+  // Class used to cache user choice regarding allowing audio/video capture.
+  class UserChoice {
+   public:
+    // Helper function for checking if audio/video is allowed by user choice.
+    bool IsAllowed(content::MediaStreamType type) const;
+    // Helper function which returns true if audio/video wasn't prompted yet.
+    bool NeedsPrompting(content::MediaStreamType type) const;
+    void Set(content::MediaStreamType type, bool allowed);
+
+   private:
+    bool audio_prompted_ = false;
+    bool audio_allowed_ = false;
+    bool video_prompted_ = false;
+    bool video_allowed_ = false;
+  };
+
+  ExtensionMediaAccessHandler& extension_media_access_handler_;
+  std::map<extensions::ExtensionId, UserChoice> user_choice_cache_;
+};
+
+#endif  // CHROME_BROWSER_MEDIA_PUBLIC_SESSION_MEDIA_ACCESS_HANDLER_H_