Added switch for bypassing protected media identifier permission

For testing protected content we need to bypass the prompt
for permission to play protected content. This change add the
switch --unsafely-allow-protected-media-identifier-for-domain
which will disable the info bar when protected content needs
permission when playing from localhost.

BUG=718608

Review-Url: https://codereview.chromium.org/2816773002
Cr-Commit-Position: refs/heads/master@{#471150}

chrome/browser/media/protected_media_identifier_permission_context.cc

@@ -6,15 +6,19 @@
 
 #include "base/command_line.h"
 #include "base/metrics/user_metrics.h"
+#include "base/strings/string_split.h"
 #include "build/build_config.h"
 #include "chrome/browser/content_settings/tab_specific_content_settings.h"
 #include "chrome/browser/permissions/permission_util.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "components/prefs/pref_service.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/web_contents.h"
+#include "media/base/media_switches.h"
+#include "net/base/url_util.h"
 #if defined(OS_CHROMEOS)
 #include <utility>
 
@@ -102,9 +106,39 @@ ProtectedMediaIdentifierPermissionContext::GetPermissionStatusInternal(
          content_setting == CONTENT_SETTING_BLOCK ||
          content_setting == CONTENT_SETTING_ASK);
 
+  // For automated testing of protected content - having a prompt that
+  // requires user intervention is problematic. If the domain has been
+  // whitelisted as safe - suppress the request and allow.
+  if (content_setting == CONTENT_SETTING_ASK &&
+      IsOriginWhitelisted(requesting_origin)) {
+    content_setting = CONTENT_SETTING_ALLOW;
+  }
+
   return content_setting;
 }
 
+bool ProtectedMediaIdentifierPermissionContext::IsOriginWhitelisted(
+    const GURL& origin) {
+  const base::CommandLine& command_line =
+      *base::CommandLine::ForCurrentProcess();
+
+  if (command_line.GetSwitchValueASCII(switches::kUserDataDir).empty()) {
+    return false;
+  }
+
+  const std::string whitelist = command_line.GetSwitchValueASCII(
+      switches::kUnsafelyAllowProtectedMediaIdentifierForDomain);
+
+  for (const std::string& domain : base::SplitString(
+           whitelist, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY)) {
+    if (origin.DomainIs(domain)) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
 void ProtectedMediaIdentifierPermissionContext::CancelPermissionRequest(
     content::WebContents* web_contents,
     const PermissionRequestID& id) {

chrome/browser/media/protected_media_identifier_permission_context.h

@@ -53,6 +53,9 @@ class ProtectedMediaIdentifierPermissionContext
                                const PermissionRequestID& id) override;
 
  private:
+  friend class ProtectedMediaIdentifierPermissionContextTest;
+  static bool IsOriginWhitelisted(const GURL& origin);
+
   void UpdateTabContext(const PermissionRequestID& id,
                         const GURL& requesting_frame,
                         bool allowed) override;

chrome/browser/media/protected_media_identifier_permission_context_unittest.cc

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/media/protected_media_identifier_permission_context.h"
+
+#include "base/test/scoped_command_line.h"
+#include "chrome/common/chrome_switches.h"
+#include "media/base/media_switches.h"
+#include "testing/gtest/include/gtest/gtest.h"
+#include "url/gurl.h"
+
+class ProtectedMediaIdentifierPermissionContextTest : public testing::Test {
+ public:
+  ProtectedMediaIdentifierPermissionContextTest()
+      : requesting_origin_("https://example.com"),
+        requesting_sub_domain_origin_("https://subdomain.example.com") {
+    command_line_ = scoped_command_line_.GetProcessCommandLine();
+  }
+
+  bool IsOriginWhitelisted(const GURL& origin) {
+    return ProtectedMediaIdentifierPermissionContext::IsOriginWhitelisted(
+        origin);
+  }
+
+  GURL requesting_origin_;
+  GURL requesting_sub_domain_origin_;
+
+  base::test::ScopedCommandLine scoped_command_line_;
+  base::CommandLine* command_line_;
+};
+
+TEST_F(ProtectedMediaIdentifierPermissionContextTest,
+       BypassWithFlagWithSingleDomain) {
+  // The request should need to ask for permission
+  ASSERT_FALSE(IsOriginWhitelisted(requesting_origin_));
+
+  // Add the switch value that the
+  // ProtectedMediaIdentifierPermissionContext::reads from
+  command_line_->AppendSwitchASCII(switches::kUserDataDir, "/dir/for/testing");
+  command_line_->AppendSwitchASCII(
+      switches::kUnsafelyAllowProtectedMediaIdentifierForDomain, "example.com");
+
+  // The request should no longer need to ask for permission
+  ASSERT_TRUE(IsOriginWhitelisted(requesting_origin_));
+}
+
+TEST_F(ProtectedMediaIdentifierPermissionContextTest,
+       BypassWithFlagWithDomainList) {
+  // The request should need to ask for permission
+  ASSERT_FALSE(IsOriginWhitelisted(requesting_origin_));
+
+  // Add the switch value that the
+  // ProtectedMediaIdentifierPermissionContext::reads from
+  command_line_->AppendSwitchASCII(switches::kUserDataDir, "/dir/for/testing");
+  command_line_->AppendSwitchASCII(
+      switches::kUnsafelyAllowProtectedMediaIdentifierForDomain,
+      "example.ca,example.com,example.edu");
+
+  // The request should no longer need to ask for permission
+  ASSERT_TRUE(IsOriginWhitelisted(requesting_origin_));
+}
+
+TEST_F(ProtectedMediaIdentifierPermissionContextTest,
+       BypassWithFlagAndSubdomain) {
+  // The request should need to ask for permission
+  ASSERT_FALSE(IsOriginWhitelisted(requesting_sub_domain_origin_));
+
+  // Add the switch value that the
+  // ProtectedMediaIdentifierPermissionContext::reads from
+  command_line_->AppendSwitchASCII(switches::kUserDataDir, "/dir/for/testing");
+  command_line_->AppendSwitchASCII(
+      switches::kUnsafelyAllowProtectedMediaIdentifierForDomain, "example.com");
+
+  // The request should no longer need to ask for permission
+  ASSERT_TRUE(IsOriginWhitelisted(requesting_sub_domain_origin_));
+}
+
+TEST_F(ProtectedMediaIdentifierPermissionContextTest,
+       BypassRequiresUserDataDir) {
+  // The request should need to ask for permission
+  ASSERT_FALSE(IsOriginWhitelisted(requesting_origin_));
+
+  // Add the switch value that the
+  // ProtectedMediaIdentifierPermissionContext::reads from
+  command_line_->AppendSwitchASCII(
+      switches::kUnsafelyAllowProtectedMediaIdentifierForDomain, "example.com");
+
+  // The request should still need to ask for permission
+  ASSERT_FALSE(IsOriginWhitelisted(requesting_origin_));
+
+  // Set the user data dir switch but do not give it a value, this should still
+  // require the request to ask for permission.
+  command_line_->AppendSwitch(switches::kUserDataDir);
+
+  // The request should still need to ask for permission
+  ASSERT_FALSE(IsOriginWhitelisted(requesting_origin_));
+
+  // Set the user data dir so the request should no longer need to ask for
+  // permission
+  command_line_->AppendSwitchASCII(switches::kUserDataDir, "/dir/for/testing");
+
+  // The request should no longer need to ask for permission
+  ASSERT_TRUE(IsOriginWhitelisted(requesting_origin_));
+}

chrome/browser/ui/startup/bad_flags_prompt.cc

@@ -27,6 +27,7 @@
 #include "content/public/common/content_switches.h"
 #include "extensions/common/switches.h"
 #include "google_apis/gaia/gaia_switches.h"
+#include "media/base/media_switches.h"
 #include "media/media_features.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/base/resource/resource_bundle.h"
@@ -90,6 +91,10 @@ void ShowBadFlagsPrompt(Browser* browser) {
     // getting the user's permission.
     switches::kUseFakeUIForMediaStream,
 
+    // This flag allows sites to access protected media identifiers without
+    // getting the user's permission.
+    switches::kUnsafelyAllowProtectedMediaIdentifierForDomain,
+
     NULL
   };
 

chrome/test/BUILD.gn

@@ -4102,7 +4102,10 @@ test("unit_tests") {
       "../browser/ui/input_method/input_method_engine_unittest.cc",
     ]
   }
-  if (!is_android && !is_chromeos) {
+
+  if (is_android || is_chromeos) {
+    sources += [ "../browser/media/protected_media_identifier_permission_context_unittest.cc" ]
+  } else {
     sources += [
       "../browser/net/disk_cache_dir_policy_handler_unittest.cc",
       "//chrome/browser/profiles/profile_list_desktop_unittest.cc",

media/base/media_switches.cc

@@ -68,6 +68,18 @@ const char kWaveOutBuffers[] = "waveout-buffers";
 const char kUseCras[] = "use-cras";
 #endif
 
+// For automated testing of protected content, this switch allows specific
+// domains (e.g. example.com) to skip asking the user for permission to share
+// their personal identifier. In this context, domain does not include the
+// port number. This flag will have no effect if user-data-dir is not set and
+// will not affect the user's content settings.
+// Reference: http://crbug.com/718608
+// Example:
+// --unsafely-allow-protected-media-identifier-for-domain=a.com,b.ca
+// --user-data-dir=/test/only/profile/dir
+const char kUnsafelyAllowProtectedMediaIdentifierForDomain[] =
+    "unsafely-allow-protected-media-identifier-for-domain";
+
 #if !defined(OS_ANDROID) || BUILDFLAG(ENABLE_PLUGINS)
 // Enable a internal audio focus management between tabs in such a way that two
 // tabs can't  play on top of each other.

media/base/media_switches.h

@@ -49,6 +49,9 @@ MEDIA_EXPORT extern const char kWaveOutBuffers[];
 MEDIA_EXPORT extern const char kUseCras[];
 #endif
 
+MEDIA_EXPORT extern const char
+    kUnsafelyAllowProtectedMediaIdentifierForDomain[];
+
 #if !defined(OS_ANDROID) || BUILDFLAG(ENABLE_PLUGINS)
 MEDIA_EXPORT extern const char kEnableAudioFocus[];
 #endif  // !defined(OS_ANDROID) || BUILDFLAG(ENABLE_PLUGINS)