media: Verify CDM Host files

media/cdm/ppapi/external_clear_key/clear_key_cdm.cc

Index: media/cdm/ppapi/external_clear_key/clear_key_cdm.cc
diff --git a/media/cdm/ppapi/external_clear_key/clear_key_cdm.cc b/media/cdm/ppapi/external_clear_key/clear_key_cdm.cc
index 4820555fdaba1d18ea61d0822c495218786d4f62..56aaa134812ab5eb6216d4c4dcb01abf27508f2b 100644
--- a/media/cdm/ppapi/external_clear_key/clear_key_cdm.cc
+++ b/media/cdm/ppapi/external_clear_key/clear_key_cdm.cc
@@ -10,6 +10,7 @@
 #include <utility>
 
 #include "base/bind.h"
+#include "base/files/file.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/time/time.h"
@@ -18,6 +19,7 @@
 #include "media/base/cdm_key_information.h"
 #include "media/base/decoder_buffer.h"
 #include "media/base/decrypt_config.h"
+#include "media/cdm/api/content_decryption_module_ext.h"
 #include "media/cdm/json_web_key.h"
 #include "media/cdm/ppapi/cdm_file_io_test.h"
 #include "media/cdm/ppapi/external_clear_key/cdm_video_decoder.h"
@@ -64,6 +66,8 @@ const char kExternalClearKeyPlatformVerificationTestKeySystem[] =
     "org.chromium.externalclearkey.platformverificationtest";
 const char kExternalClearKeyCrashKeySystem[] =
     "org.chromium.externalclearkey.crash";
+const char kExternalClearKeyVerifyHostFilesTestKeySystem[] =
+    "org.chromium.externalclearkey.verifyhostfilestest";
 
 // Constants for the enumalted session that can be loaded by LoadSession().
 // These constants need to be in sync with
@@ -234,7 +238,8 @@ void* CreateCdmInstance(int cdm_interface_version,
       key_system_string != kExternalClearKeyFileIOTestKeySystem &&
       key_system_string != kExternalClearKeyOutputProtectionTestKeySystem &&
       key_system_string != kExternalClearKeyPlatformVerificationTestKeySystem &&
-      key_system_string != kExternalClearKeyCrashKeySystem) {
+      key_system_string != kExternalClearKeyCrashKeySystem &&
+      key_system_string != kExternalClearKeyVerifyHostFilesTestKeySystem) {
     DVLOG(1) << "Unsupported key system:" << key_system_string;
     return NULL;
   }
@@ -256,6 +261,48 @@ const char* GetCdmVersion() {
   return kClearKeyCdmVersion;
 }
 
+static bool g_verify_host_files_result = false;
+
+// Makes sure files and corresponding signature files are readable but not
+// writable.
+void VerifyHostFiles(const cdm::HostFile* host_files, uint32_t num_files) {
+  DVLOG(1) << __func__;
+
+  // We should always have the CDM and CDM adapter.
+  // We might not have any common CDM host file (e.g. chrome) since we are
+  // running in browser_tests.
+  if (num_files < 2) {
+    LOG(ERROR) << "Too few host files: " << num_files;
+    g_verify_host_files_result = false;
+    return;
+  }
+
+  for (uint32_t i = 0; i < num_files; ++i) {
+    const int kBytesToRead = 10;
+    std::vector<char> buffer(kBytesToRead);
+
+    base::File file(static_cast<base::PlatformFile>(host_files[i].file));
+    int bytes_read = file.Read(0, buffer.data(), buffer.size());
+    if (bytes_read != kBytesToRead) {
+      LOG(ERROR) << "File bytes read: " << bytes_read;
+      g_verify_host_files_result = false;
+      return;
+    }
+
+    const char kDataToWrite[] = "Data to write into file.";
+    int bytes_written = file.Write(0, kDataToWrite, 1);

[Greg K, 2017/01/19 04:13:07]

Isn't it extremely dangerous to check that a file isn't writable by actually
writing to it?

[xhwang, 2017/01/19 08:30:51]

Good point. At least on Linux, we should be able to use fcntl (fd, F_GETFL) to
get the file access mode. That'll involve some base/file/ change so I'll leave
it to another CL. For now, I replace this check with a TODO.

[Greg K, 2017/01/25 06:15:32]

Yeah please make that a TODO, I'm not comfortable actually trying to write to a
file. 

[xhwang, 2017/01/25 06:51:54]

Thanks for the review!!!

A TODO is already added in the latest PS.

+    if (bytes_written != -1) {
+      LOG(ERROR) << "File is writable (" << bytes_written << " bytes written).";
+      g_verify_host_files_result = false;
+      return;
+    }
+
+    // TODO(xhwang): Also verify the signature file when it's available.
+  }
+
+  g_verify_host_files_result = true;
+}
+
 namespace media {
 
 ClearKeyCdm::ClearKeyCdm(ClearKeyCdmHost* host,
@@ -317,6 +364,8 @@ void ClearKeyCdm::CreateSessionAndGenerateRequest(
   } else if (key_system_ ==
              kExternalClearKeyPlatformVerificationTestKeySystem) {
     StartPlatformVerificationTest();
+  } else if (key_system_ == kExternalClearKeyVerifyHostFilesTestKeySystem) {
+    VerifyHostFilesTest();
   }
 }
 
@@ -982,4 +1031,10 @@ void ClearKeyCdm::StartPlatformVerificationTest() {
                                challenge.data(), challenge.size());
 }
 
+void ClearKeyCdm::VerifyHostFilesTest() {
+  // VerifyHostFiles() should have already been called and test result stored
+  // in |g_verify_host_files_result|.
+  OnUnitTestComplete(g_verify_host_files_result);
+}
+
 }  // namespace media