Make preference media.storage_id_salt a secure preference

As Storage IDs are used by encrypted media to bind persistent licenses
to the device which is authorized to play the content, this updates the
preference so that it's authenticated and not easily modifiable via
plain text.

BUG=478960
TEST=unittests pass

Change-Id: I60c0a6a023f3532a6180859c753a1dd42f266c0e
Reviewed-on: https://chromium-review.googlesource.com/683309Reviewed-by: Xiaohan Wang <xhwang@chromium.org>
Reviewed-by: Dominic Battré <battre@chromium.org>
Commit-Queue: John Rummell <jrummell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#506875}

chrome/browser/media/media_storage_id_salt.cc

@@ -8,25 +8,21 @@
 
 #include "base/logging.h"
 #include "base/strings/string_number_conversions.h"
+#include "chrome/common/pref_names.h"
 #include "components/prefs/pref_registry_simple.h"
 #include "components/prefs/pref_service.h"
 #include "crypto/random.h"
 
-namespace {
-
-const char kMediaStorageIdSalt[] = "media.storage_id_salt";
-
-}  // namespace
-
 std::vector<uint8_t> MediaStorageIdSalt::GetSalt(PrefService* pref_service) {
   // Salt is stored as hex-encoded string.
-  std::string encoded_salt = pref_service->GetString(kMediaStorageIdSalt);
+  std::string encoded_salt =
+      pref_service->GetString(prefs::kMediaStorageIdSalt);
   std::vector<uint8_t> salt;
   if (encoded_salt.length() != kSaltLength * 2 ||
       !base::HexStringToBytes(encoded_salt, &salt)) {
     // If the salt is not the proper format log an error.
     if (encoded_salt.length() > 0) {
-      DLOG(ERROR) << "Saved value for " << kMediaStorageIdSalt
+      DLOG(ERROR) << "Saved value for " << prefs::kMediaStorageIdSalt
                   << " is not valid: " << encoded_salt;
       // Continue on to generate a new one.
     }
@@ -35,12 +31,12 @@ std::vector<uint8_t> MediaStorageIdSalt::GetSalt(PrefService* pref_service) {
     salt.resize(kSaltLength);
     crypto::RandBytes(salt.data(), salt.size());
     encoded_salt = base::HexEncode(salt.data(), salt.size());
-    pref_service->SetString(kMediaStorageIdSalt, encoded_salt);
+    pref_service->SetString(prefs::kMediaStorageIdSalt, encoded_salt);
   }
 
   return salt;
 }
 
 void MediaStorageIdSalt::RegisterProfilePrefs(PrefRegistrySimple* registry) {
-  registry->RegisterStringPref(kMediaStorageIdSalt, std::string());
+  registry->RegisterStringPref(prefs::kMediaStorageIdSalt, std::string());
 }

chrome/browser/media/media_storage_id_salt_unittest.cc

@@ -4,12 +4,11 @@
 
 #include "chrome/browser/media/media_storage_id_salt.h"
 
+#include "chrome/common/pref_names.h"
 #include "components/prefs/testing_pref_service.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-const char kPrefsName[] = "media.storage_id_salt";
-
 TEST(MediaStorageIdSalt, Register) {
   TestingPrefServiceSimple prefs;
 
@@ -33,7 +32,7 @@ TEST(MediaStorageIdSalt, Recreate) {
 
   // Now that the salt is created, mess it up and then try fetching it again
   // (should generate a new salt and log an error).
-  prefs.SetString(kPrefsName, "123");
+  prefs.SetString(prefs::kMediaStorageIdSalt, "123");
   std::vector<uint8_t> new_salt = MediaStorageIdSalt::GetSalt(&prefs);
   EXPECT_EQ(MediaStorageIdSalt::kSaltLength, new_salt.size());
   EXPECT_NE(original_salt, new_salt);

chrome/browser/prefs/chrome_pref_service_factory.cc

@@ -177,6 +177,8 @@ const prefs::TrackedPreferenceMetadata kTrackedPrefs[] = {
      EnforcementLevel::ENFORCE_ON_LOAD, PrefTrackingStrategy::ATOMIC,
      ValueType::IMPERSONAL},
 #endif  // defined(OS_WIN)
+    {29, prefs::kMediaStorageIdSalt, EnforcementLevel::ENFORCE_ON_LOAD,
+     PrefTrackingStrategy::ATOMIC, ValueType::IMPERSONAL},
 
     // See note at top, new items added here also need to be added to
     // histograms.xml's TrackedPreference enum.

chrome/common/pref_names.cc

@@ -1611,6 +1611,11 @@ const char kDefaultVideoCaptureDevice[] = "media.default_video_capture_Device";
 // The salt used for creating random MediaSource IDs.
 const char kMediaDeviceIdSalt[] = "media.device_id_salt";
 
+// The salt used for creating Storage IDs. The Storage ID is used by encrypted
+// media to bind persistent licenses to the device which is authorized to play
+// the content.
+const char kMediaStorageIdSalt[] = "media.storage_id_salt";
+
 // The last used printer and its settings.
 const char kPrintPreviewStickySettings[] =
     "printing.print_preview_sticky_settings";

chrome/common/pref_names.h

@@ -585,6 +585,7 @@ extern const char kGeolocationAccessToken[];
 extern const char kDefaultAudioCaptureDevice[];
 extern const char kDefaultVideoCaptureDevice[];
 extern const char kMediaDeviceIdSalt[];
+extern const char kMediaStorageIdSalt[];
 
 extern const char kPrintPreviewStickySettings[];
 extern const char kCloudPrintRoot[];

tools/metrics/histograms/enums.xml

@@ -38687,6 +38687,7 @@ would be helpful to identify which type is being sent.
   <int value="26" label="kSettingsResetPromptLastTriggeredForDefaultSearch"/>
   <int value="27" label="kSettingsResetPromptLastTriggeredForStartupUrls"/>
   <int value="28" label="kSettingsResetPromptLastTriggeredForHomepage"/>
+  <int value="29" label="kMediaStorageIdSalt"/>
 </enum>
 
 <enum name="TranslateBubbleUiEvent">