Check policy when checking device access for enumerating devices.

chrome/browser/media/media_stream_devices_helper.cc

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/media/media_stream_devices_helper.h"
+
+#include "base/command_line.h"
+#include "base/prefs/pref_service.h"
+#include "base/values.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/common/chrome_switches.h"
+#include "chrome/common/content_settings_pattern.h"
+#include "content/public/browser/browser_thread.h"
+
+#if defined(OS_CHROMEOS)
+#include "components/user_manager/user_manager.h"
+#endif
+
+namespace {
+
+bool IsInKioskMode() {
+  if (base::CommandLine::ForCurrentProcess()->HasSwitch(switches::kKioskMode))
+    return true;
+
+#if defined(OS_CHROMEOS)
+  const user_manager::UserManager* user_manager =
+      user_manager::UserManager::Get();
+  return user_manager && user_manager->IsLoggedInAsKioskApp();
+#else
+  return false;
+#endif
+}
+
+}  // namespace
+
+MediaStreamDevicePolicy GetDevicePolicy(Profile* profile,
+                                        GURL security_origin,

[tommi (sloooow) - chröme, 2014/08/22 19:42:56]

const GURL&

+                                        const char* policy_name,
+                                        const char* whitelist_policy_name) {
+  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
+
+  // If the security origin policy matches a value in the whitelist, allow it.
+  // Otherwise, check the |policy_name| master switch for the default behavior.
+
+  PrefService* prefs = profile->GetPrefs();
+
+  // TODO(tommi): Remove the kiosk mode check when the whitelist below
+  // is visible in the media exceptions UI.
+  // See discussion here: https://codereview.chromium.org/15738004/
+  if (IsInKioskMode()) {
+    const base::ListValue* list = prefs->GetList(whitelist_policy_name);
+    std::string value;
+    for (size_t i = 0; i < list->GetSize(); ++i) {
+      if (list->GetString(i, &value)) {
+        ContentSettingsPattern pattern =
+            ContentSettingsPattern::FromString(value);
+        if (pattern == ContentSettingsPattern::Wildcard()) {
+          DLOG(WARNING) << "Ignoring wildcard URL pattern: " << value;
+          continue;
+        }
+        DLOG_IF(ERROR, !pattern.IsValid()) << "Invalid URL pattern: " << value;
+        if (pattern.IsValid() && pattern.Matches(security_origin))
+          return ALWAYS_ALLOW;
+      }
+    }
+  }
+
+  // If a match was not found, check if audio capture is otherwise disallowed
+  // or if the user should be prompted.  Setting the policy value to "true"
+  // is equal to not setting it at all, so from hereon out, we will return
+  // either POLICY_NOT_SET (prompt) or ALWAYS_DENY (no prompt, no access).
+  if (!prefs->GetBoolean(policy_name))
+    return ALWAYS_DENY;
+
+  return POLICY_NOT_SET;
+}