Check all settings when checking mic and camera access

content/browser/renderer_host/media/media_stream_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/renderer_host/media/media_stream_manager.h"
 
 #include <list>
 #include <vector>
 
 #include "base/bind.h"
@@ skipping 13 matching lines @@
 #include "content/browser/renderer_host/media/media_stream_requester.h"
 #include "content/browser/renderer_host/media/media_stream_ui_proxy.h"
 #include "content/browser/renderer_host/media/video_capture_manager.h"
 #include "content/browser/renderer_host/render_process_host_impl.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/browser/media_device_id.h"
 #include "content/public/browser/media_observer.h"
 #include "content/public/browser/media_request_state.h"
 #include "content/public/browser/render_process_host.h"
+#include "content/public/common/content_client.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/media_stream_request.h"
 #include "media/audio/audio_manager_base.h"
 #include "media/audio/audio_parameters.h"
 #include "media/base/channel_layout.h"
 #include "media/base/media_switches.h"
 #include "media/video/capture/video_capture_device_factory.h"
 #include "url/gurl.h"
 
 #if defined(OS_WIN)
@@ skipping 147 matching lines @@
 // several subclasses of DeviceRequest and move some of the responsibility of
 // the MediaStreamManager to the subclasses to get rid of the way too many if
 // statements in MediaStreamManager.
 class MediaStreamManager::DeviceRequest {
  public:
   DeviceRequest(MediaStreamRequester* requester,
                 int requesting_process_id,
                 int requesting_frame_id,
                 int page_request_id,
                 const GURL& security_origin,
-                bool have_permission,
                 bool user_gesture,
                 MediaStreamRequestType request_type,
                 const StreamOptions& options,
                 const ResourceContext::SaltCallback& salt_callback)
       : requester(requester),
         requesting_process_id(requesting_process_id),
         requesting_frame_id(requesting_frame_id),
         page_request_id(page_request_id),
         security_origin(security_origin),
-        have_permission(have_permission),
         user_gesture(user_gesture),
         request_type(request_type),
         options(options),
         salt_callback(salt_callback),
         state_(NUM_MEDIA_TYPES, MEDIA_REQUEST_STATE_NOT_REQUESTED),
         audio_type_(MEDIA_NO_SERVICE),
         video_type_(MEDIA_NO_SERVICE) {
   }
 
   ~DeviceRequest() {}
@@ skipping 96 matching lines @@
   // will receive a handle to the MediaStream. This may be different from
   // MediaStreamRequest::render_frame_id which in the tab capture case
   // specifies the target renderer from which audio and video is captured.
   const int requesting_frame_id;
 
   // An ID the render frame provided to identify this request.
   const int page_request_id;
 
   const GURL security_origin;
 
-  // This is used when enumerating devices; if we don't have device access
-  // permission, we remove the device label.
-  bool have_permission;
-
   const bool user_gesture;
 
   const MediaStreamRequestType request_type;
 
   const StreamOptions options;
 
   ResourceContext::SaltCallback salt_callback;
 
   StreamDeviceInfoArray devices;
 
@@ skipping 84 matching lines @@
     const MediaRequestResponseCallback& callback) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
 
   // TODO(perkj): The argument list with NULL parameters to DeviceRequest
   // suggests that this is the wrong design. Can this be refactored?
   DeviceRequest* request = new DeviceRequest(NULL,
                                              render_process_id,
                                              render_frame_id,
                                              page_request_id,
                                              security_origin,
-                                             true,
                                              false,  // user gesture
                                              MEDIA_DEVICE_ACCESS,
                                              options,
                                              base::Bind(&ReturnEmptySalt));
 
   const std::string& label = AddRequest(request);
 
   request->callback = callback;
   // Post a task and handle the request asynchronously. The reason is that the
   // requester won't have a label for the request until this function returns
@@ skipping 20 matching lines @@
   if (CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kUseFakeUIForMediaStream)) {
     UseFakeUI(scoped_ptr<FakeMediaStreamUIProxy>());
   }
 
   DeviceRequest* request = new DeviceRequest(requester,
                                              render_process_id,
                                              render_frame_id,
                                              page_request_id,
                                              security_origin,
-                                             true,
                                              user_gesture,
                                              MEDIA_GENERATE_STREAM,
                                              options,
                                              sc);
 
   const std::string& label = AddRequest(request);
 
   // Post a task and handle the request asynchronously. The reason is that the
   // requester won't have a label for the request until this function returns
   // and thus can not handle a response. Using base::Unretained is safe since
@@ skipping 162 matching lines @@
   }
 }
 
 std::string MediaStreamManager::EnumerateDevices(
     MediaStreamRequester* requester,
     int render_process_id,
     int render_frame_id,
     const ResourceContext::SaltCallback& sc,
     int page_request_id,
     MediaStreamType type,
-    const GURL& security_origin,
-    bool have_permission) {
+    const GURL& security_origin) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   DCHECK(requester);
   DCHECK(type == MEDIA_DEVICE_AUDIO_CAPTURE ||
          type == MEDIA_DEVICE_VIDEO_CAPTURE ||
          type == MEDIA_DEVICE_AUDIO_OUTPUT);
 
   DeviceRequest* request = new DeviceRequest(requester,
                                              render_process_id,
                                              render_frame_id,
                                              page_request_id,
                                              security_origin,
-                                             have_permission,
                                              false,  // user gesture
                                              MEDIA_ENUMERATE_DEVICES,
                                              StreamOptions(),
                                              sc);
   if (IsAudioInputMediaType(type) || type == MEDIA_DEVICE_AUDIO_OUTPUT)
     request->SetAudioType(type);
   else if (IsVideoMediaType(type))
     request->SetVideoType(type);
 
   const std::string& label = AddRequest(request);
@@ skipping 126 matching lines @@
     options.mandatory_video.push_back(
         StreamOptions::Constraint(kMediaStreamSourceInfoId, device_id));
   } else {
     NOTREACHED();
   }
   DeviceRequest* request = new DeviceRequest(requester,
                                              render_process_id,
                                              render_frame_id,
                                              page_request_id,
                                              security_origin,
-                                             true,
                                              false,  // user gesture
                                              MEDIA_OPEN_DEVICE,
                                              options,
                                              sc);
 
   const std::string& label = AddRequest(request);
   // Post a task and handle the request asynchronously. The reason is that the
   // requester won't have a label for the request until this function returns
   // and thus can not handle a response. Using base::Unretained is safe since
   // MediaStreamManager is deleted on the UI thread, after the IO thread has
@@ skipping 629 matching lines @@
   const StreamDeviceInfoArray& requested_devices = request->devices;
   request->requester->DeviceOpened(request->requesting_frame_id,
                                    request->page_request_id,
                                    label, requested_devices.front());
 }
 
 void MediaStreamManager::FinalizeEnumerateDevices(const std::string& label,
                                                   DeviceRequest* request) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   DCHECK_EQ(request->request_type, MEDIA_ENUMERATE_DEVICES);
+  DCHECK(((request->audio_type() == MEDIA_DEVICE_AUDIO_CAPTURE ||
+           request->audio_type() == MEDIA_DEVICE_AUDIO_OUTPUT) &&
+          request->video_type() == MEDIA_NO_SERVICE) ||
+         (request->audio_type() == MEDIA_NO_SERVICE &&
+          request->video_type() == MEDIA_DEVICE_VIDEO_CAPTURE));
 
   if (request->security_origin.is_valid()) {
     for (StreamDeviceInfoArray::iterator it = request->devices.begin();
          it != request->devices.end(); ++it) {
       TranslateDeviceIdToSourceId(request, &it->device);
     }
   } else {
     request->devices.clear();
   }
 
-  if (!request->have_permission)
+  // Output label permissions are based on input permission.
+  MediaStreamType type =
+      request->audio_type() == MEDIA_DEVICE_AUDIO_CAPTURE ||
+      request->audio_type() == MEDIA_DEVICE_AUDIO_OUTPUT
+      ? MEDIA_DEVICE_AUDIO_CAPTURE
+      : MEDIA_DEVICE_VIDEO_CAPTURE;
+
+  BrowserThread::PostTaskAndReplyWithResult(
+      BrowserThread::UI,
+      FROM_HERE,
+      base::Bind(&MediaStreamManager::CheckMediaAccessOnUI,
+                 base::Unretained(this),
+                 request->requesting_process_id,
+                 request->security_origin,
+                 type),
+      base::Bind(&MediaStreamManager::HandleCheckMediaAccessResponse,
+                 base::Unretained(this),
+                 label));
+}
+
+bool MediaStreamManager::CheckMediaAccessOnUI(int render_process_id,

[perkj_chrome, 2014/08/29 09:38:10]

CheckMediaAccessPermissionsOnUi?

[Henrik Grunell, 2014/08/29 11:20:08]

Yes, that's good. Even ...OnUIThread() so that it's named exactly like existing
functions in the class. Done.

+                                              const GURL& security_origin,
+                                              MediaStreamType type) {
+  DCHECK_CURRENTLY_ON(BrowserThread::UI);
+
+  RenderProcessHost* host =
+      RenderProcessHost::FromID(render_process_id);
+  if (!host) {
+    // This can happen if the renderer goes away during the lifetime of a
+    // request.
+    return false;
+  }
+  content::BrowserContext* context = host->GetBrowserContext();
+  DCHECK(context);
+  return GetContentClient()->browser()->CheckMediaAccessPermission(
+      context,
+      security_origin,
+      type);
+}
+
+void MediaStreamManager::HandleCheckMediaAccessResponse(
+    const std::string& label,
+    bool have_access) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+
+  DeviceRequest* request = FindRequest(label);
+  if (!request) {
+    // This can happen if the request was cancelled.
+    DVLOG(1) << "The request with label " << label << " does not exist.";
+    return;
+  }
+
+  if (!have_access)
     ClearDeviceLabels(&request->devices);
 
   request->requester->DevicesEnumerated(
       request->requesting_frame_id,
       request->page_request_id,
       label,
       request->devices);
 
   // TODO(tommi):

[perkj_chrome, 2014/08/29 09:38:10]

Not this cl maybe, but is this todo still relevant? Should it rathter say that
EnumerateDevices should change name to reflect that its a subscriptions service
for device changes?

[Henrik Grunell, 2014/08/29 11:20:08]

I think we still should separate the notification from the request. In that case
it's relevant.

   // Ideally enumeration requests should be deleted once they have been served
   // (as any request).  However, this implementation mixes requests and
   // notifications together so enumeration requests are kept open by some
   // implementations (only Pepper?) and enumerations are done again when
   // device notifications are fired.
   // Implementations that just want to request the device list and be done
   // (e.g. DeviceRequestMessageFilter), they must (confusingly) call
   // CancelRequest() after the request has been fulfilled.  This is not
   // obvious, not consistent in this class (see e.g. FinalizeMediaAccessRequest)
   // and can lead to subtle bugs (requests not deleted at all deleted too
@@ skipping 539 matching lines @@
       if (it->device.type == MEDIA_DESKTOP_VIDEO_CAPTURE) {
         video_capture_manager_->SetDesktopCaptureWindowId(it->session_id,
                                                           window_id);
         break;
       }
     }
   }
 }
 
 }  // namespace content