Add kill switch for getDisplayMedia

getDisplayMedia() allows capturing user's display content. Before launching this feature, we want to add a kill switch that can be set from server side in case there exists some use case that causes security or privacy problems. Bug: 326740 Change-Id: I34cf0cb412c599712fa10b0beb40b18404cf0440 Reviewed-on: https://chromium-review.googlesource.com/c/1313192 Commit-Queue: Emircan Uysaler <emircan@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Reviewed-by: Weiyong Yao <braveyao@chromium.org> Reviewed-by: Philip Jägenstedt <foolip@chromium.org> Reviewed-by: Guido Urdaneta <guidou@chromium.org> Reviewed-by: Henrik Boström <hbos@chromium.org> Cr-Commit-Position: refs/heads/master@{#610208}

Add kill switch for getDisplayMedia
getDisplayMedia() allows capturing user's display content. Before launching this feature, we want to add a kill switch that can be set from server side in case there exists some use case that causes security or privacy problems. Bug: 326740 Change-Id: I34cf0cb412c599712fa10b0beb40b18404cf0440 Reviewed-on: https://chromium-review.googlesource.com/c/1313192 Commit-Queue: Emircan Uysaler <emircan@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Reviewed-by: Weiyong Yao <braveyao@chromium.org> Reviewed-by: Philip Jägenstedt <foolip@chromium.org> Reviewed-by: Guido Urdaneta <guidou@chromium.org> Reviewed-by: Henrik Boström <hbos@chromium.org> Cr-Commit-Position: refs/heads/master@{#610208}
0ec959f9 · Emircan Uysaler · Commit Bot · 312cadeb · 0ec959f9 · 0ec959f9
Commit 0ec959f9 authored Nov 21, 2018 by Emircan Uysaler Committed by Commit Bot Nov 21, 2018
6 changed files
--- a/chrome/browser/media/webrtc/media_capture_devices_dispatcher.cc
+++ b/chrome/browser/media/webrtc/media_capture_devices_dispatcher.cc
@@ -37,6 +37,7 @@
 #include "extensions/buildflags/buildflags.h"
 #include "extensions/common/constants.h"
 #include "media/base/media_switches.h"
+#include "third_party/blink/public/common/features.h"

 #if !defined(OS_ANDROID)
 #include "chrome/browser/media/webrtc/display_media_access_handler.h"
@@ -181,6 +182,15 @@ void MediaCaptureDevicesDispatcher::ProcessMediaAccessRequest(
    const extensions::Extension* extension) {
  DCHECK_CURRENTLY_ON(BrowserThread::UI);

+  // Kill switch for getDisplayMedia() on browser side to prevent renderer from
+  // bypassing blink side checks.
+  if (request.video_type == content::MEDIA_DISPLAY_VIDEO_CAPTURE &&
+      !base::FeatureList::IsEnabled(blink::features::kRTCGetDisplayMedia)) {
+    std::move(callback).Run(content::MediaStreamDevices(),
+                            content::MEDIA_DEVICE_NOT_SUPPORTED, nullptr);
+    return;
+  }
+
  for (const auto& handler : media_access_handlers_) {
    if (handler->SupportsStreamType(web_contents, request.video_type,
                                    extension) ||

--- a/content/child/runtime_features.cc
+++ b/content/child/runtime_features.cc
@@ -521,6 +521,9 @@ void SetRuntimeFeaturesDefaultsAndUpdateFromArgs(

  WebRuntimeFeatures::EnableNoHoverDuringScroll(
      base::FeatureList::IsEnabled(features::kNoHoverDuringScroll));
+
+  WebRuntimeFeatures::EnableGetDisplayMedia(
+      base::FeatureList::IsEnabled(blink::features::kRTCGetDisplayMedia));
 }

 }  // namespace content
--- a/third_party/blink/common/features.cc
+++ b/third_party/blink/common/features.cc
@@ -107,6 +107,11 @@ const base::Feature kJankTracking{"JankTracking",
 const base::Feature kRTCUnifiedPlanByDefault{"RTCUnifiedPlanByDefault",
                                             base::FEATURE_DISABLED_BY_DEFAULT};

+// Enables usage of getDisplayMedia() that allows capture of web content, see
+// https://crbug.com/865060.
+const base::Feature kRTCGetDisplayMedia{"RTCGetDisplayMedia",
+                                        base::FEATURE_ENABLED_BY_DEFAULT};
+
 // Enables the site isolated Wasm code cache that is keyed on the resource URL
 // and the origin lock of the renderer that is requesting the resource. When
 // this flag is enabled, content/GeneratedCodeCache handles code cache requests.

--- a/third_party/blink/public/common/features.h
+++ b/third_party/blink/public/common/features.h
@@ -34,6 +34,7 @@ BLINK_COMMON_EXPORT extern const base::Feature kWritableFilesAPI;
 BLINK_COMMON_EXPORT extern const base::Feature kMixedContentAutoupgrade;
 BLINK_COMMON_EXPORT extern const base::Feature kJankTracking;
 BLINK_COMMON_EXPORT extern const base::Feature kRTCUnifiedPlanByDefault;
+BLINK_COMMON_EXPORT extern const base::Feature kRTCGetDisplayMedia;
 BLINK_COMMON_EXPORT extern const base::Feature kWasmCodeCache;

 BLINK_COMMON_EXPORT extern const char

--- a/third_party/blink/public/platform/web_runtime_features.h
+++ b/third_party/blink/public/platform/web_runtime_features.h
@@ -212,6 +212,7 @@ class WebRuntimeFeatures {
  BLINK_PLATFORM_EXPORT static void EnableMediaControlsExpandGesture(bool);
  BLINK_PLATFORM_EXPORT static void EnableTranslateService(bool);
  BLINK_PLATFORM_EXPORT static void EnableMergeBlockingNonBlockingPools(bool);
+  BLINK_PLATFORM_EXPORT static void EnableGetDisplayMedia(bool);

 private:
  WebRuntimeFeatures();

--- a/third_party/blink/renderer/platform/exported/web_runtime_features.cc
+++ b/third_party/blink/renderer/platform/exported/web_runtime_features.cc
@@ -588,4 +588,8 @@ void WebRuntimeFeatures::EnableMergeBlockingNonBlockingPools(bool enable) {
  RuntimeEnabledFeatures::SetMergeBlockingNonBlockingPoolsEnabled(enable);
 }

+void WebRuntimeFeatures::EnableGetDisplayMedia(bool enable) {
+  RuntimeEnabledFeatures::SetGetDisplayMediaEnabled(enable);
+}
+
 }  // namespace blink