Cast audio only policy enforcement support.

extensions/browser/api/cast_channel/cast_socket.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/browser/api/cast_channel/cast_socket.h"
 
 #include <stdlib.h>
 #include <string.h>
 
 #include "base/bind.h"
@@ skipping 71 matching lines @@
 
 CastSocket::CastSocket(const std::string& owner_extension_id)
     : ApiResource(owner_extension_id) {
 }
 
 CastSocketImpl::CastSocketImpl(const std::string& owner_extension_id,
                                const net::IPEndPoint& ip_endpoint,
                                ChannelAuthType channel_auth,
                                net::NetLog* net_log,
                                const base::TimeDelta& timeout,
-                               const scoped_refptr<Logger>& logger)
+                               const scoped_refptr<Logger>& logger,
+                               long device_capabilities)
     : CastSocket(owner_extension_id),
       auth_delegate_(this),
       owner_extension_id_(owner_extension_id),
       channel_id_(0),
       ip_endpoint_(ip_endpoint),
       channel_auth_(channel_auth),
       net_log_(net_log),
       logger_(logger),
       connect_timeout_(timeout),
       connect_timeout_timer_(new base::OneShotTimer<CastSocketImpl>),
       is_canceled_(false),
+      device_capabilities_(device_capabilities),
       connect_state_(proto::CONN_STATE_NONE),
       error_state_(CHANNEL_ERROR_NONE),
       ready_state_(READY_STATE_NONE) {
   DCHECK(net_log_);
   DCHECK(channel_auth_ == CHANNEL_AUTH_TYPE_SSL ||
          channel_auth_ == CHANNEL_AUTH_TYPE_SSL_VERIFIED);
   net_log_source_.type = net::NetLog::SOURCE_SOCKET;
   net_log_source_.id = net_log_->NextID();
 }
 
@@ skipping 95 matching lines @@
      ssl_info.cert->os_cert_handle(), cert);
   if (result) {
     VLOG_WITH_CONNECTION(1) << "Successfully extracted peer certificate";
   }
 
   logger_->LogSocketEventWithRv(
       channel_id_, proto::DER_ENCODED_CERT_OBTAIN, result ? 1 : 0);
   return result;
 }
 
+bool CastSocketImpl::VerifyChannelPolicy(const AuthResult& result) {
+  if ((device_capabilities_ & CastDeviceCapability::VIDEO_OUT) != 0 &&
+      (result.channel_policies & AuthResult::POLICY_AUDIO_ONLY) != 0) {
+    LOG(ERROR) << "Audio only policy enforced";
+    logger_->LogSocketEventWithDetails(
+        channel_id_, proto::CHANNEL_POLICY_ENFORCED, std::string());
+    return false;
+  }
+  return true;
+}
+
 bool CastSocketImpl::VerifyChallengeReply() {
   AuthResult result = AuthenticateChallengeReply(*challenge_reply_, peer_cert_);
   if (result.success()) {
     VLOG(1) << result.error_message;
+    if (!VerifyChannelPolicy(result)) {
+      return false;
+    }
   }
   logger_->LogSocketChallengeReplyEvent(channel_id_, result);
   return result.success();
 }
 
 void CastSocketImpl::SetTransportForTesting(
     scoped_ptr<CastTransport> transport) {
   transport_ = transport.Pass();
 }
 
@@ skipping 327 matching lines @@
 void CastSocketImpl::SetErrorState(ChannelError error_state) {
   VLOG_WITH_CONNECTION(1) << "SetErrorState " << error_state;
   DCHECK_EQ(CHANNEL_ERROR_NONE, error_state_);
   error_state_ = error_state;
   logger_->LogSocketErrorState(channel_id_, ErrorStateToProto(error_state_));
 }
 }  // namespace cast_channel
 }  // namespace core_api
 }  // namespace extensions
 #undef VLOG_WITH_CONNECTION