Restore L3 support on CrOS when the media permission is denied.

media/base/key_systems.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "media/base/key_systems.h"
 
 #include <string>
 
 #include "base/containers/hash_tables.h"
 #include "base/lazy_instance.h"
@@ skipping 377 matching lines @@
     const std::vector<KeySystemInfo>& concrete_key_systems) {
   DCHECK(thread_checker_.CalledOnValidThread());
   DCHECK(concrete_key_system_map_.empty());
   DCHECK(parent_key_system_map_.empty());
 
   for (const KeySystemInfo& info : concrete_key_systems) {
     DCHECK(!info.key_system.empty());
     DCHECK_NE(info.persistent_license_support, EME_SESSION_TYPE_INVALID);
     DCHECK_NE(info.persistent_release_message_support,
               EME_SESSION_TYPE_INVALID);
-    // REQUESTABLE and REQUESTABLE_WITH_PERMISSION are not available until we
-    // can block access/ per-CDM-instance. http://crbug.com/457482
-    // Note: Even once that is fixed, distinctive identifiers should never be
-    // REQUESTABLE, since user permission is always required.
+    // TODO(sandersd): Add REQUESTABLE and REQUESTABLE_WITH_PERMISSION for
+    // persistent_state_support once we can block access per-CDM-instance
+    // (http://crbug.com/457482).
     DCHECK(info.persistent_state_support == EME_FEATURE_NOT_SUPPORTED ||
            info.persistent_state_support == EME_FEATURE_ALWAYS_ENABLED);
     DCHECK(info.distinctive_identifier_support == EME_FEATURE_NOT_SUPPORTED ||
+// TODO(sandersd): REQUESTABLE_WITH_PERMISSION for all key systems on all
+// platforms once we have proper enforcement (http://crbug.com/457482).
+// On Chrome OS, an ID will not be used without permission, but we cannot
+// currently prevent the CDM from requesting the permission again when no
+// there was no initial prompt. Thus, we block "not-allowed" below.
+#if defined(OS_CHROMEOS)
+           (info.distinctive_identifier_support ==
+                EME_FEATURE_REQUESTABLE_WITH_PERMISSION &&
+            key_system == kWidevineKeySystem) ||
+#endif
            info.distinctive_identifier_support == EME_FEATURE_ALWAYS_ENABLED);
     if (info.persistent_state_support == EME_FEATURE_NOT_SUPPORTED) {
       DCHECK_EQ(info.persistent_license_support,
                 EME_SESSION_TYPE_NOT_SUPPORTED);
       DCHECK_EQ(info.persistent_release_message_support,
                 EME_SESSION_TYPE_NOT_SUPPORTED);
     }
     DCHECK(!IsSupportedKeySystem(info.key_system))
         << "Key system '" << info.key_system << "' already registered";
     DCHECK(!parent_key_system_map_.count(info.key_system))
@@ skipping 293 matching lines @@
     return false;
   }
 
   switch (key_system_iter->second.distinctive_identifier_support) {
     case EME_FEATURE_INVALID:
       NOTREACHED();
       return false;
     case EME_FEATURE_NOT_SUPPORTED:
       return requirement != EME_FEATURE_REQUIRED;
     case EME_FEATURE_REQUESTABLE_WITH_PERMISSION:
+      // TODO(sandersd): Remove this hack once crbug.com/457482 is addressed.
+      // We cannot currently enforce "not-allowed", so don't allow it.
+      if (requirement == EME_FEATURE_NOT_ALLOWED)
+        return false;
       return (requirement != EME_FEATURE_REQUIRED) || is_permission_granted;
     case EME_FEATURE_REQUESTABLE:
       NOTREACHED();
       return true;
     case EME_FEATURE_ALWAYS_ENABLED:
       // Distinctive identifiers always require user permission.
       return (requirement != EME_FEATURE_NOT_ALLOWED) && is_permission_granted;
   }
 
   NOTREACHED();
@@ skipping 140 matching lines @@
 
 MEDIA_EXPORT void AddContainerMask(const std::string& container, uint32 mask) {
   KeySystems::GetInstance().AddContainerMask(container, mask);
 }
 
 MEDIA_EXPORT void AddCodecMask(const std::string& codec, uint32 mask) {
   KeySystems::GetInstance().AddCodecMask(codec, mask);
 }
 
 }  // namespace media