Move media permission checking logic for ChromeOS login pages

chrome/browser/media/webrtc/media_permission.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/media/webrtc/media_permission.h"
 
 #include "chrome/browser/media/webrtc/media_capture_devices_dispatcher.h"
 #include "chrome/browser/media/webrtc/media_stream_device_permissions.h"
 #include "chrome/browser/permissions/permission_context_base.h"
 #include "chrome/browser/permissions/permission_manager.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/pref_names.h"
 #include "content/public/browser/permission_manager.h"
 #include "content/public/browser/permission_type.h"
+#include "content/public/browser/web_contents.h"
 #include "content/public/common/url_constants.h"
 #include "extensions/common/constants.h"
 #include "third_party/WebKit/public/platform/modules/permissions/permission_status.mojom.h"
 
+#if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/login/ui/webui_login_view.h"
+#include "chrome/browser/chromeos/settings/cros_settings.h"
+#include "chromeos/settings/cros_settings_names.h"
+#endif
+
 namespace {
 
 content::PermissionType ContentSettingsTypeToPermission(
     ContentSettingsType content_setting) {
   if (content_setting == CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC) {
     return content::PermissionType::AUDIO_CAPTURE;
   } else {
     DCHECK_EQ(CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA, content_setting);
     return content::PermissionType::VIDEO_CAPTURE;
   }
 }
 
 }  // namespace
 
 MediaPermission::MediaPermission(ContentSettingsType content_type,
                                  const GURL& requesting_origin,
                                  const GURL& embedding_origin,
-                                 Profile* profile)
+                                 Profile* profile,
+                                 content::WebContents* web_contents)
     : content_type_(content_type),
       requesting_origin_(requesting_origin),
       embedding_origin_(embedding_origin),
-      profile_(profile) {}
+      profile_(profile),
+      web_contents_(web_contents) {
+  // Currently |web_contents_| is only used on ChromeOS but it's not worth
+  // #ifdef'ing out all its usage, so just mark it used here.
+  (void)web_contents_;

[achuithb, 2017/02/16 09:05:38]

This seems pretty sketchy. Are there any other places in the codebase where we
do this?

[raymes, 2017/02/16 10:36:14]

+jyasskin (C++ expert): Jeffrey does this seem like a reasonable approach to
you? The alternative would be to ifdef out the member in all the places. At some
point it's likely that the web_contents will get used on other platforms too.

[Sergey Ulanov, 2017/02/16 19:26:17]

ALLOW_UNUSED_LOCAL()?

[Jeffrey Yasskin, 2017/02/17 17:34:32]

That seems misleading for a non-local variable, but it does compile to the same
thing.

I'm not necessarily the best person to judge this: (void)variable is definitely
in my vocabulary, but the important question is whether it's in most
non-experts' vocabulary.

#ifdef'ing will save some memory, of course, but I doubt there are enough
MediaPermission objects for that to matter.

[raymes, 2017/02/21 01:29:55]

I'd like to stick with this for now as I think it's the most sensible way
forward. I think I've made it clear what is happening by the comment. 

[achuithb, 2017/02/21 13:54:37]

Acknowledged.

+}
 
 ContentSetting MediaPermission::GetPermissionStatus(
     content::MediaStreamRequestResult* denial_reason) const {
   // Deny the request if the security origin is empty, this happens with
   // file access without |--allow-file-access-from-files| flag.
   if (requesting_origin_.is_empty()) {
     *denial_reason = content::MEDIA_DEVICE_INVALID_SECURITY_ORIGIN;
     return CONTENT_SETTING_BLOCK;
   }
 
   content::PermissionType permission_type =
       ContentSettingsTypeToPermission(content_type_);
   PermissionManager* permission_manager = PermissionManager::Get(profile_);
 
   // Find out if the kill switch is on. Set the denial reason to kill switch.
   if (permission_manager->IsPermissionKillSwitchOn(permission_type)) {
     *denial_reason = content::MEDIA_DEVICE_KILL_SWITCH_ON;
     return CONTENT_SETTING_BLOCK;
   }
 
+#if defined(OS_CHROMEOS)
+  // Special permissions if the request is coming from a ChromeOS login page.
+  if (chromeos::WebUILoginView::IsWebUILoginView(
+          web_contents_->GetDelegate())) {
+    if (content_type_ == CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC) {
+      *denial_reason = content::MEDIA_DEVICE_PERMISSION_DENIED;
+      return CONTENT_SETTING_BLOCK;
+    }
+
+    const chromeos::CrosSettings* const settings =
+        chromeos::CrosSettings::Get();
+    if (!settings) {
+      *denial_reason = content::MEDIA_DEVICE_PERMISSION_DENIED;
+      return CONTENT_SETTING_BLOCK;
+    }
+
+    const base::Value* const raw_list_value =
+        settings->GetPref(chromeos::kLoginVideoCaptureAllowedUrls);
+    if (!raw_list_value) {
+      *denial_reason = content::MEDIA_DEVICE_PERMISSION_DENIED;
+      return CONTENT_SETTING_BLOCK;
+    }
+
+    const base::ListValue* list_value;
+    CHECK(raw_list_value->GetAsList(&list_value));

[Sergey Ulanov, 2017/02/16 19:26:17]

It's best to avoid side-effects in CHECK() statements. If someone decides to
change this to DCHECK then release builds would stop working.
The following would be better:
 if (!raw_list_value->GetAsList(&list_value))) {
   LOG(FATAL) << "Boo";
 }

[raymes, 2017/02/21 01:29:55]

Agreed - I just copied this code over from the other file. Done.

+    for (const auto& base_value : *list_value) {
+      std::string value;
+      if (base_value->GetAsString(&value)) {
+        ContentSettingsPattern pattern =

[achuithb, 2017/02/16 09:05:38]

nit const

[raymes, 2017/02/21 01:29:55]

Done.

+            ContentSettingsPattern::FromString(value);
+        if (pattern == ContentSettingsPattern::Wildcard()) {
+          LOG(WARNING) << "Ignoring wildcard URL pattern: " << value;
+          continue;
+        }
+        if (pattern.IsValid() && pattern.Matches(requesting_origin_))
+          return CONTENT_SETTING_ALLOW;
+      }
+    }
+    *denial_reason = content::MEDIA_DEVICE_PERMISSION_DENIED;
+    return CONTENT_SETTING_BLOCK;

[achuithb, 2017/02/16 09:05:38]

Wonder if there's a way to avoid the 4x repetition of these two lines.

[raymes, 2017/02/21 01:29:55]

I don't think there's a simple way right now but it may be simpler after some
subsequent refactorings.

+  }
+#endif

[Sergey Ulanov, 2017/02/16 19:26:17]

 // defined(OS_CHROMEOS)

[raymes, 2017/02/21 01:29:55]

Done.

+
   // Check policy and content settings.
   blink::mojom::PermissionStatus status =
       permission_manager->GetPermissionStatus(
           permission_type, requesting_origin_, embedding_origin_);
   switch (status) {
     case blink::mojom::PermissionStatus::DENIED:
       *denial_reason = content::MEDIA_DEVICE_PERMISSION_DENIED;
       return CONTENT_SETTING_BLOCK;
     case blink::mojom::PermissionStatus::ASK:
       return CONTENT_SETTING_ASK;
@@ skipping 39 matching lines @@
     return false;
 
   // Note: we check device_id before dereferencing devices. If the requested
   // device id is non-empty, then the corresponding device list must not be
   // NULL.
   if (!device_id.empty() && !devices->FindById(device_id))
     return false;
 
   return true;
 }