Allow alternative audio device authorization for GMC in RenderHostImpl.

The Global Media Controls (GMC) UI will allow the user to change the audio output device used for a webpage. This change adds a method to the RenderHostImpl allowing normal output device authorization to be bypassed for a single device selected by the user. The bypass works by storing a single device id hashed for a particular security origin in the AudioOutputAuthorizationHandler. The result of access permission checks will then be overwritten if the requested device has the same id as what was stored. Bug: 1105132 Change-Id: I9d22e617c502ed8d69fdddc06571017c7ba1f33e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2295824 Commit-Queue: Noah Rose Ledesma <noahrose@google.com> Reviewed-by: Aaron Colwell <acolwell@chromium.org> Reviewed-by: Guido Urdaneta <guidou@chromium.org> Cr-Commit-Position: refs/heads/master@{#794722}

Allow alternative audio device authorization for GMC in RenderHostImpl.
The Global Media Controls (GMC) UI will allow the user to change the audio output device used for a webpage. This change adds a method to the RenderHostImpl allowing normal output device authorization to be bypassed for a single device selected by the user. The bypass works by storing a single device id hashed for a particular security origin in the AudioOutputAuthorizationHandler. The result of access permission checks will then be overwritten if the requested device has the same id as what was stored. Bug: 1105132 Change-Id: I9d22e617c502ed8d69fdddc06571017c7ba1f33e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2295824 Commit-Queue: Noah Rose Ledesma <noahrose@google.com> Reviewed-by: Aaron Colwell <acolwell@chromium.org> Reviewed-by: Guido Urdaneta <guidou@chromium.org> Cr-Commit-Position: refs/heads/master@{#794722}
38a481be · Noah Rose Ledesma · Commit Bot · 59d5a5a3 · 38a481be · 38a481be
Commit 38a481be authored Aug 04, 2020 by Noah Rose Ledesma Committed by Commit Bot Aug 04, 2020
6 changed files
--- a/content/browser/frame_host/render_frame_host_impl.cc
+++ b/content/browser/frame_host/render_frame_host_impl.cc
@@ -7799,6 +7799,13 @@ bool RenderFrameHostImpl::ShouldBypassSecurityChecksForErrorPage(
  return false;
 }
+void RenderFrameHostImpl::SetAudioOutputDeviceIdForGlobalMediaControls(
+    std::string hashed_device_id) {
+  audio_service_audio_output_stream_factory_
+      ->SetAuthorizedDeviceIdForGlobalMediaControls(
+          std::move(hashed_device_id));
+}
 bool RenderFrameHostImpl::ValidateDidCommitParams(
    NavigationRequest* navigation_request,
    FrameHostMsg_DidCommitProvisionalLoad_Params* params,

--- a/content/browser/frame_host/render_frame_host_impl.h
+++ b/content/browser/frame_host/render_frame_host_impl.h
@@ -715,7 +715,6 @@ class CONTENT_EXPORT RenderFrameHostImpl
  // out.
  void OnUnloaded();
  // Stop the load in progress.
  void Stop();
@@ -1724,6 +1723,14 @@ class CONTENT_EXPORT RenderFrameHostImpl
      NavigationRequest* navigation_request,
      bool* should_commit_unreachable_url = nullptr);
+  // Explicitly allow the use of an audio output device in this render frame.
+  // When called with a hashed device id string the renderer will be allowed to
+  // use the associated device for audio output until this method is called
+  // again with a different hashed device id or the origin changes. To remove
+  // this permission, this method may be called with the empty string.
+  void SetAudioOutputDeviceIdForGlobalMediaControls(
+      std::string hashed_device_id);
 protected:
  friend class RenderFrameHostFactory;

--- a/content/browser/renderer_host/media/audio_output_authorization_handler.cc
+++ b/content/browser/renderer_host/media/audio_output_authorization_handler.cc
@@ -208,6 +208,11 @@ void AudioOutputAuthorizationHandler::OverridePermissionsForTesting(
  permissions_override_value_ = override_value;
 }
+void AudioOutputAuthorizationHandler::
+    SetAuthorizedDeviceIdForGlobalMediaControls(std::string hashed_device_id) {
+  hashed_device_id_for_global_media_controls_ = std::move(hashed_device_id);
+}
 void AudioOutputAuthorizationHandler::UMALogDeviceAuthorizationTime(
    base::TimeTicks auth_start_time) {
  UMA_HISTOGRAM_CUSTOM_TIMES("Media.Audio.OutputDeviceAuthorizationTime",
@@ -243,6 +248,12 @@ void AudioOutputAuthorizationHandler::AccessChecked(
  DCHECK_CURRENTLY_ON(BrowserThread::IO);
  trace_scope->AccessChecked(has_access);
+  // If this device has been explicitly allowed by the browser, overwrite the
+  // result of the permission check.
+  has_access = device_id == hashed_device_id_for_global_media_controls_
+                   ? true
+                   : has_access;
  if (!has_access) {
    std::move(cb).Run(media::OUTPUT_DEVICE_STATUS_ERROR_NOT_AUTHORIZED,
                      media::AudioParameters::UnavailableDeviceParams(),

--- a/content/browser/renderer_host/media/audio_output_authorization_handler.h
+++ b/content/browser/renderer_host/media/audio_output_authorization_handler.h
@@ -62,6 +62,14 @@ class CONTENT_EXPORT AudioOutputAuthorizationHandler {
  // always return |override_value|.
  void OverridePermissionsForTesting(bool override_value);
+  // Calling this method will grant authorization to the device with the given
+  // hashed id until this method is called again with a different id. If
+  // |hashed_device_id| is the empty string, then this permission will be unset.
+  // |hashed_device_id| is a hash of the raw device id that is usable only on
+  // one origin.
+  void SetAuthorizedDeviceIdForGlobalMediaControls(
+      std::string hashed_device_id);
  static void UMALogDeviceAuthorizationTime(base::TimeTicks auth_start_time);
 private:
@@ -103,6 +111,7 @@ class CONTENT_EXPORT AudioOutputAuthorizationHandler {
  const int render_process_id_;
  bool override_permissions_ = false;
  bool permissions_override_value_ = false;
+  std::string hashed_device_id_for_global_media_controls_;
  // All access is on the IO thread, and taking a weak pointer to const looks
  // const, so this can be mutable.

--- a/content/browser/renderer_host/media/render_frame_audio_output_stream_factory.cc
+++ b/content/browser/renderer_host/media/render_frame_audio_output_stream_factory.cc
@@ -48,6 +48,9 @@ class RenderFrameAudioOutputStreamFactory::Core final
      mojo::PendingReceiver<blink::mojom::RendererAudioOutputStreamFactory>
          receiver);
+  void SetAuthorizedDeviceIdForGlobalMediaControls(
+      std::string hashed_device_id);
  size_t current_number_of_providers_for_testing() {
    return stream_providers_.size();
  }
@@ -178,6 +181,12 @@ RenderFrameAudioOutputStreamFactory::~RenderFrameAudioOutputStreamFactory() {
      base::BindOnce([](std::unique_ptr<Core>) {}, std::move(core_)));
 }
+void RenderFrameAudioOutputStreamFactory::
+    SetAuthorizedDeviceIdForGlobalMediaControls(std::string hashed_device_id) {
+  core_->SetAuthorizedDeviceIdForGlobalMediaControls(
+      std::move(hashed_device_id));
+}
 size_t
 RenderFrameAudioOutputStreamFactory::CurrentNumberOfProvidersForTesting() {
  return core_->current_number_of_providers_for_testing();
@@ -221,6 +230,12 @@ void RenderFrameAudioOutputStreamFactory::Core::Init(
  receiver_.Bind(std::move(receiver));
 }
+void RenderFrameAudioOutputStreamFactory::Core::
+    SetAuthorizedDeviceIdForGlobalMediaControls(std::string hashed_device_id) {
+  authorization_handler_.SetAuthorizedDeviceIdForGlobalMediaControls(
+      std::move(hashed_device_id));
+}
 void RenderFrameAudioOutputStreamFactory::Core::RequestDeviceAuthorization(
    mojo::PendingReceiver<media::mojom::AudioOutputStreamProvider>
        provider_receiver,

--- a/content/browser/renderer_host/media/render_frame_audio_output_stream_factory.h
+++ b/content/browser/renderer_host/media/render_frame_audio_output_stream_factory.h
@@ -51,6 +51,9 @@ class CONTENT_EXPORT RenderFrameAudioOutputStreamFactory final {
  ~RenderFrameAudioOutputStreamFactory();
+  void SetAuthorizedDeviceIdForGlobalMediaControls(
+      std::string hashed_device_id);
  size_t CurrentNumberOfProvidersForTesting();
 private: