chromium/src
0
Fork 0
Code Activity

Restore L3 support on CrOS when the media permission is denied.

Browse Source 
BUG=446263,457482

Review URL: https://codereview.chromium.org/945063002

Cr-Commit-Position: refs/heads/master@{#317483}
(cherry picked from commit cd52b1d018)

Review URL: https://codereview.chromium.org/960793002

Cr-Commit-Position: refs/branch-heads/2311@{#33}
Cr-Branched-From: 09b7de5dd7254947cd4306de907274fa63373d48-refs/heads/master@{#317474}
This commit is contained in:
matthewyuan
2015-02-25 22:31:42 -08:00
parent 61c27c9264
commit 1237422fec
3 changed files with 41 additions and 15 deletions

14
chrome/renderer/media/chrome_key_systems.cc

@ -190,8 +190,7 @@ static void AddPepperBasedWidevine(
}
cdm::AddWidevineWithCodecs(
cdm::WIDEVINE,
supported_codecs,
cdm::WIDEVINE, supported_codecs,
#if defined(OS_CHROMEOS)
// Persistent licenses are supported if remote attestation succeeds.
media::EME_SESSION_TYPE_SUPPORTED_WITH_PERMISSION,
@ -199,21 +198,18 @@ static void AddPepperBasedWidevine(
// TODO(sandersd): Using ALWAYS_ENABLED prevents "not-allowed" from
// succeeding. Change this to REQUESTABLE once the state can be blocked.
// http://crbug.com/457482
media::EME_FEATURE_ALWAYS_ENABLED, // Persistent state.
media::EME_FEATURE_ALWAYS_ENABLED, // Persistent state.
// A distinctive identifier will be available if remote attestation
// succeeds.
// TODO(sandersd): Using ALWAYS_ENABLED prevents "not-allowed" from
// succeeding. Change this to REQUESTABLE_WITH_PERMISSION once the
// distinctive identifier can be blocked. http://crbug.com/457482
media::EME_FEATURE_ALWAYS_ENABLED,
media::EME_FEATURE_REQUESTABLE_WITH_PERMISSION,
#else // (Desktop)
media::EME_SESSION_TYPE_NOT_SUPPORTED, // Persistent license.
media::EME_SESSION_TYPE_NOT_SUPPORTED, // Persistent release message.
// TODO(sandersd): Using ALWAYS_ENABLED prevents "not-allowed" from
// succeeding. Change this to REQUESTABLE once the state can be blocked.
// http://crbug.com/457482
media::EME_FEATURE_ALWAYS_ENABLED, // Persistent state.
media::EME_FEATURE_NOT_SUPPORTED, // Distinctive identifier.
media::EME_FEATURE_ALWAYS_ENABLED, // Persistent state.
media::EME_FEATURE_NOT_SUPPORTED, // Distinctive identifier.
#endif // defined(OS_CHROMEOS)
concrete_key_systems);
}

26
media/base/key_systems.cc

@ -395,14 +395,26 @@ void KeySystems::AddConcreteSupportedKeySystems(
DCHECK_NE(info.persistent_license_support, EME_SESSION_TYPE_INVALID);
DCHECK_NE(info.persistent_release_message_support,
EME_SESSION_TYPE_INVALID);
// REQUESTABLE and REQUESTABLE_WITH_PERMISSION are not available until we
// can block access/ per-CDM-instance. http://crbug.com/457482
// Note: Even once that is fixed, distinctive identifiers should never be
// REQUESTABLE, since user permission is always required.
// TODO(sandersd): Add REQUESTABLE and REQUESTABLE_WITH_PERMISSION for
// persistent_state_support once we can block access per-CDM-instance
// (http://crbug.com/457482).
DCHECK(info.persistent_state_support == EME_FEATURE_NOT_SUPPORTED ||
info.persistent_state_support == EME_FEATURE_ALWAYS_ENABLED);
// TODO(sandersd): Allow REQUESTABLE_WITH_PERMISSION for all key systems on
// all platforms once we have proper enforcement (http://crbug.com/457482).
// On Chrome OS, an ID will not be used without permission, but we cannot
// currently prevent the CDM from requesting the permission again when no
// there was no initial prompt. Thus, we block "not-allowed" below.
#if defined(OS_CHROMEOS)
DCHECK(info.distinctive_identifier_support == EME_FEATURE_NOT_SUPPORTED ||
(info.distinctive_identifier_support ==
EME_FEATURE_REQUESTABLE_WITH_PERMISSION &&
info.key_system == kWidevineKeySystem) ||
info.distinctive_identifier_support == EME_FEATURE_ALWAYS_ENABLED);
#else
DCHECK(info.distinctive_identifier_support == EME_FEATURE_NOT_SUPPORTED ||
info.distinctive_identifier_support == EME_FEATURE_ALWAYS_ENABLED);
#endif
if (info.persistent_state_support == EME_FEATURE_NOT_SUPPORTED) {
DCHECK_EQ(info.persistent_license_support,
EME_SESSION_TYPE_NOT_SUPPORTED);
@ -715,6 +727,12 @@ bool KeySystems::IsDistinctiveIdentifierRequirementSupported(
case EME_FEATURE_NOT_SUPPORTED:
return requirement != EME_FEATURE_REQUIRED;
case EME_FEATURE_REQUESTABLE_WITH_PERMISSION:
// TODO(sandersd): Remove this hack once crbug.com/457482 and
// crbug.com/460616 are addressed.
// We cannot currently enforce "not-allowed", so don't allow it.
// Note: Removing this check will expose crbug.com/460616.
if (requirement == EME_FEATURE_NOT_ALLOWED)
return false;
return (requirement != EME_FEATURE_REQUIRED) || is_permission_granted;
case EME_FEATURE_REQUESTABLE:
NOTREACHED();

16
media/blink/webencryptedmediaclient_impl.cc

@ -140,6 +140,8 @@ static ConfigurationSupport GetSupportedConfiguration(
blink::WebMediaKeySystemConfiguration* accumulated_configuration,
bool was_permission_requested,
bool is_permission_granted) {
DCHECK(was_permission_requested || !is_permission_granted);
// It is possible to obtain user permission unless permission was already
// requested and denied.
bool is_permission_possible =
@ -302,8 +304,18 @@ static ConfigurationSupport GetSupportedConfiguration(
ConvertRequirement(accumulated_configuration->distinctiveIdentifier);
if (!IsDistinctiveIdentifierRequirementSupported(key_system, di_requirement,
is_permission_granted)) {
DCHECK(!was_permission_requested); // Should have failed at step 3.
return CONFIGURATION_REQUIRES_PERMISSION;
if (was_permission_requested) {
// The optional permission was requested and denied.
// TODO(sandersd): Avoid the need for this logic - crbug.com/460616.
DCHECK(candidate.distinctiveIdentifier ==
blink::WebMediaKeySystemConfiguration::Requirement::Optional);
DCHECK(di_requirement == EME_FEATURE_REQUIRED);
DCHECK(!is_permission_granted);
accumulated_configuration->distinctiveIdentifier =
blink::WebMediaKeySystemConfiguration::Requirement::NotAllowed;
} else {
return CONFIGURATION_REQUIRES_PERMISSION;
}
}
ps_requirement =