media: Verify CDM Host files

media/cdm/ppapi/external_clear_key/clear_key_cdm.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "media/cdm/ppapi/external_clear_key/clear_key_cdm.h"
 
 #include <algorithm>
 #include <cstring>
 #include <sstream>
 #include <utility>
 
 #include "base/bind.h"
+#include "base/files/file.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/time/time.h"
 #include "base/trace_event/trace_event.h"
 #include "media/base/cdm_callback_promise.h"
 #include "media/base/cdm_key_information.h"
 #include "media/base/decoder_buffer.h"
 #include "media/base/decrypt_config.h"
+#include "media/cdm/api/content_decryption_module_ext.h"
 #include "media/cdm/json_web_key.h"
 #include "media/cdm/ppapi/cdm_file_io_test.h"
 #include "media/cdm/ppapi/external_clear_key/cdm_video_decoder.h"
 #include "url/gurl.h"
 
 #if defined(CLEAR_KEY_CDM_USE_FAKE_AUDIO_DECODER)
 const int64_t kNoTimestamp = INT64_MIN;
 #endif  // CLEAR_KEY_CDM_USE_FAKE_AUDIO_DECODER
 
 #if defined(CLEAR_KEY_CDM_USE_FFMPEG_DECODER)
@@ skipping 26 matching lines @@
 const char kExternalClearKeyRenewalKeySystem[] =
     "org.chromium.externalclearkey.renewal";
 const char kExternalClearKeyFileIOTestKeySystem[] =
     "org.chromium.externalclearkey.fileiotest";
 const char kExternalClearKeyOutputProtectionTestKeySystem[] =
     "org.chromium.externalclearkey.outputprotectiontest";
 const char kExternalClearKeyPlatformVerificationTestKeySystem[] =
     "org.chromium.externalclearkey.platformverificationtest";
 const char kExternalClearKeyCrashKeySystem[] =
     "org.chromium.externalclearkey.crash";
+const char kExternalClearKeyVerifyHostFilesTestKeySystem[] =
+    "org.chromium.externalclearkey.verifyhostfilestest";
 
 // Constants for the enumalted session that can be loaded by LoadSession().
 // These constants need to be in sync with
 // chrome/test/data/media/encrypted_media_utils.js
 const char kLoadableSessionId[] = "LoadableSession";
 const uint8_t kLoadableSessionKeyId[] = "0123456789012345";
 const uint8_t kLoadableSessionKey[] = {0xeb, 0xdd, 0x62, 0xf1, 0x68, 0x14,
                                        0xd2, 0x7b, 0x68, 0xef, 0x12, 0x2a,
                                        0xfc, 0xe4, 0xae, 0x3c};
 
@@ skipping 150 matching lines @@
                         void* user_data) {
   DVLOG(1) << "CreateCdmInstance()";
 
   std::string key_system_string(key_system, key_system_size);
   if (key_system_string != kExternalClearKeyKeySystem &&
       key_system_string != kExternalClearKeyDecryptOnlyKeySystem &&
       key_system_string != kExternalClearKeyRenewalKeySystem &&
       key_system_string != kExternalClearKeyFileIOTestKeySystem &&
       key_system_string != kExternalClearKeyOutputProtectionTestKeySystem &&
       key_system_string != kExternalClearKeyPlatformVerificationTestKeySystem &&
-      key_system_string != kExternalClearKeyCrashKeySystem) {
+      key_system_string != kExternalClearKeyCrashKeySystem &&
+      key_system_string != kExternalClearKeyVerifyHostFilesTestKeySystem) {
     DVLOG(1) << "Unsupported key system:" << key_system_string;
     return NULL;
   }
 
   if (cdm_interface_version != media::ClearKeyCdmInterface::kVersion)
     return NULL;
 
   media::ClearKeyCdmHost* host = static_cast<media::ClearKeyCdmHost*>(
       get_cdm_host_func(media::ClearKeyCdmHost::kVersion, user_data));
   if (!host)
     return NULL;
 
   // TODO(jrummell): Obtain the proper origin for this instance.
   GURL empty_origin;
   return new media::ClearKeyCdm(host, key_system_string, empty_origin);
 }
 
 const char* GetCdmVersion() {
   return kClearKeyCdmVersion;
 }
 
+static bool g_verify_host_files_result = false;
+
+// Makes sure files and corresponding signature files are readable but not
+// writable.
+void VerifyHostFiles(const cdm::HostFile* host_files, uint32_t num_files) {
+  DVLOG(1) << __func__;
+
+  // We should always have the CDM and CDM adapter.
+  // We might not have any common CDM host file (e.g. chrome) since we are
+  // running in browser_tests.
+  if (num_files < 2) {
+    LOG(ERROR) << "Too few host files: " << num_files;
+    g_verify_host_files_result = false;
+    return;
+  }
+
+  for (uint32_t i = 0; i < num_files; ++i) {
+    const int kBytesToRead = 10;
+    std::vector<char> buffer(kBytesToRead);
+
+    base::File file(static_cast<base::PlatformFile>(host_files[i].file));
+    int bytes_read = file.Read(0, buffer.data(), buffer.size());
+    if (bytes_read != kBytesToRead) {
+      LOG(ERROR) << "File bytes read: " << bytes_read;
+      g_verify_host_files_result = false;
+      return;
+    }
+
+    const char kDataToWrite[] = "Data to write into file.";
+    int bytes_written = file.Write(0, kDataToWrite, 1);

[Greg K, 2017/01/19 04:13:07]

Isn't it extremely dangerous to check that a file isn't writable by actually
writing to it?

[xhwang, 2017/01/19 08:30:51]

Good point. At least on Linux, we should be able to use fcntl (fd, F_GETFL) to
get the file access mode. That'll involve some base/file/ change so I'll leave
it to another CL. For now, I replace this check with a TODO.

[Greg K, 2017/01/25 06:15:32]

Yeah please make that a TODO, I'm not comfortable actually trying to write to a
file. 

[xhwang, 2017/01/25 06:51:54]

Thanks for the review!!!

A TODO is already added in the latest PS.

+    if (bytes_written != -1) {
+      LOG(ERROR) << "File is writable (" << bytes_written << " bytes written).";
+      g_verify_host_files_result = false;
+      return;
+    }
+
+    // TODO(xhwang): Also verify the signature file when it's available.
+  }
+
+  g_verify_host_files_result = true;
+}
+
 namespace media {
 
 ClearKeyCdm::ClearKeyCdm(ClearKeyCdmHost* host,
                          const std::string& key_system,
                          const GURL& origin)
     : decryptor_(new AesDecryptor(
           origin,
           base::Bind(&ClearKeyCdm::OnSessionMessage, base::Unretained(this)),
           base::Bind(&ClearKeyCdm::OnSessionClosed, base::Unretained(this)),
           base::Bind(&ClearKeyCdm::OnSessionKeysChange,
@@ skipping 41 matching lines @@
       std::vector<uint8_t>(init_data, init_data + init_data_size),
       std::move(promise));
 
   if (key_system_ == kExternalClearKeyFileIOTestKeySystem) {
     StartFileIOTest();
   } else if (key_system_ == kExternalClearKeyOutputProtectionTestKeySystem) {
     StartOutputProtectionTest();
   } else if (key_system_ ==
              kExternalClearKeyPlatformVerificationTestKeySystem) {
     StartPlatformVerificationTest();
+  } else if (key_system_ == kExternalClearKeyVerifyHostFilesTestKeySystem) {
+    VerifyHostFilesTest();
   }
 }
 
 // Loads a emulated stored session. Currently only |kLoadableSessionId|
 // (containing a |kLoadableSessionKey| for |kLoadableSessionKeyId|) is
 // supported.
 void ClearKeyCdm::LoadSession(uint32_t promise_id,
                               cdm::SessionType session_type,
                               const char* session_id,
                               uint32_t session_id_length) {
@@ skipping 645 matching lines @@
   DVLOG(1) << __func__;
   is_running_platform_verification_test_ = true;
 
   std::string service_id = "test_service_id";
   std::string challenge = "test_challenge";
 
   host_->SendPlatformChallenge(service_id.data(), service_id.size(),
                                challenge.data(), challenge.size());
 }
 
+void ClearKeyCdm::VerifyHostFilesTest() {
+  // VerifyHostFiles() should have already been called and test result stored
+  // in |g_verify_host_files_result|.
+  OnUnitTestComplete(g_verify_host_files_result);
+}
+
 }  // namespace media