Do not always store media device rejection.

chrome/browser/media/media_stream_devices_controller.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/media/media_stream_devices_controller.h"
 
 #include "base/metrics/histogram.h"
 #include "base/prefs/scoped_user_pref_update.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/values.h"
@@ skipping 367 matching lines @@
         break;
       }
     }  // switch
 
     // TODO(raymes): We currently set the content permission for non-https
     // websites for Pepper requests as well. This is temporary and should be
     // removed.
     if (update_content_setting) {
       if ((IsSchemeSecure() && !devices.empty()) ||
           request_.request_type == content::MEDIA_OPEN_DEVICE) {
-        SetPermission(true);
+        StorePermission(true);
       }
     }
 
     if (audio_allowed) {
       profile_->GetHostContentSettingsMap()->UpdateLastUsageByPattern(
           ContentSettingsPattern::FromURLNoWildcard(request_.security_origin),
           ContentSettingsPattern::Wildcard(),
           CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC);
     }
     if (video_allowed) {
@@ skipping 17 matching lines @@
              content::MEDIA_DEVICE_NO_HARDWARE : content::MEDIA_DEVICE_OK,
          ui.Pass());
 }
 
 void MediaStreamDevicesController::Deny(
     bool update_content_setting,
     content::MediaStreamRequestResult result) {
   DLOG(WARNING) << "MediaStreamDevicesController::Deny: " << result;
   NotifyUIRequestDenied();
 
-  if (update_content_setting) {
+  if (update_content_setting && request_.all_ancestors_have_same_origin) {
+    // Store sticky permissions if |update_content_setting| and the request
+    // is not done from an iframe where the ancestor has a different origin.
     CHECK_EQ(content::MEDIA_DEVICE_PERMISSION_DENIED, result);
-    SetPermission(false);
+    StorePermission(false);
   }
 
   content::MediaResponseCallback cb = callback_;
   callback_.Reset();
   cb.Run(content::MediaStreamDevices(),
          result,
          scoped_ptr<content::MediaStreamUI>());
 }
 
 int MediaStreamDevicesController::GetIconID() const {
@@ skipping 158 matching lines @@
       profile_->GetHostContentSettingsMap()->GetDefaultContentSetting(
           CONTENT_SETTINGS_TYPE_MEDIASTREAM, NULL);
   return (current_setting == CONTENT_SETTING_BLOCK);
 }
 
 bool MediaStreamDevicesController::IsSchemeSecure() const {
   return request_.security_origin.SchemeIsSecure() ||
       request_.security_origin.SchemeIs(extensions::kExtensionScheme);
 }
 
-void MediaStreamDevicesController::SetPermission(bool allowed) const {
+void MediaStreamDevicesController::StorePermission(bool allowed) const {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   ContentSettingsPattern primary_pattern =
       ContentSettingsPattern::FromURLNoWildcard(request_.security_origin);
   // Check the pattern is valid or not. When the request is from a file access,
   // no exception will be made.
   if (!primary_pattern.IsValid())
     return;
 
   ContentSetting content_setting = allowed ?
       CONTENT_SETTING_ALLOW : CONTENT_SETTING_BLOCK;
@@ skipping 63 matching lines @@
 }
 
 bool MediaStreamDevicesController::IsCaptureDeviceRequestAllowed() const {
 #if defined(OS_ANDROID)
   // Don't approve device requests if the tab was hidden.
   // TODO(qinmin): Add a test for this. http://crbug.com/396869.
   return web_contents_->GetRenderWidgetHostView()->IsShowing();
 #endif
   return true;
 }