media: Move the callsite of CdmHostFiles::InitVerification()

Previously CdmHostFiles::InitVerification() was called within the sandbox which doesn't work well on Windows. Move the call up so it's called out of the sandbox on Windows. On other platforms this is still called within the sandbox. Also rename VerifyFiles() to InitVerification() to better reflect what the call does. See http://shortn/_lAkREmcQYG and http://shortn/_o4p8OPylLu on how init verification is implemented in the CDM. BUG=709614 TEST=Manually tested on Windows; Existing browser_tests still works. Review-Url: https://codereview.chromium.org/2849163003 Cr-Commit-Position: refs/heads/master@{#468564}

media: Move the callsite of CdmHostFiles::InitVerification()
Previously CdmHostFiles::InitVerification() was called within the sandbox which doesn't work well on Windows. Move the call up so it's called out of the sandbox on Windows. On other platforms this is still called within the sandbox. Also rename VerifyFiles() to InitVerification() to better reflect what the call does. See http://shortn/_lAkREmcQYG and http://shortn/_o4p8OPylLu on how init verification is implemented in the CDM. BUG=709614 TEST=Manually tested on Windows; Existing browser_tests still works. Review-Url: https://codereview.chromium.org/2849163003 Cr-Commit-Position: refs/heads/master@{#468564}
4ae3646b · xhwang · Commit bot · b08fe054 · 4ae3646b · 4ae3646b
Commit 4ae3646b authored May 01, 2017 by xhwang Committed by Commit bot May 02, 2017
3 changed files
--- a/content/common/media/cdm_host_files.cc
+++ b/content/common/media/cdm_host_files.cc
@@ -134,16 +134,16 @@ std::unique_ptr<CdmHostFiles> CdmHostFiles::Create(
  return cdm_host_files;
 }

-bool CdmHostFiles::VerifyFiles(base::NativeLibrary cdm_adapter_library,
-                               const base::FilePath& cdm_adapter_path) {
+bool CdmHostFiles::InitVerification(base::NativeLibrary cdm_adapter_library,
+                                    const base::FilePath& cdm_adapter_path) {
  DVLOG(1) << __func__;
  DCHECK(cdm_adapter_library);

  // Get function pointer exported by the CDM.
  // See media/cdm/api/content_decryption_module_ext.h.
-  using VerifyCdmHostFunc =
+  using InitVerificationFunc =
      bool (*)(const cdm::HostFile* cdm_host_files, uint32_t num_files);
-  static const char kVerifyCdmHostFuncName[] = "VerifyCdmHost_0";
+  static const char kInitVerificationFuncName[] = "VerifyCdmHost_0";

  base::NativeLibrary cdm_library;
 #if defined(OS_LINUX) || defined(OS_MACOSX)
@@ -166,11 +166,12 @@ bool CdmHostFiles::VerifyFiles(base::NativeLibrary cdm_adapter_library,
  cdm_library = scoped_cdm_library.get();
 #endif

-  VerifyCdmHostFunc verify_cdm_host_func = reinterpret_cast<VerifyCdmHostFunc>(
-      base::GetFunctionPointerFromNativeLibrary(cdm_library,
-                                                kVerifyCdmHostFuncName));
-  if (!verify_cdm_host_func) {
-    LOG(ERROR) << "Function " << kVerifyCdmHostFuncName << " not found.";
+  InitVerificationFunc init_verification_func =
+      reinterpret_cast<InitVerificationFunc>(
+          base::GetFunctionPointerFromNativeLibrary(cdm_library,
+                                                    kInitVerificationFuncName));
+  if (!init_verification_func) {
+    LOG(ERROR) << "Function " << kInitVerificationFuncName << " not found.";
    CloseAllFiles();
    return true;
  }
@@ -184,18 +185,18 @@ bool CdmHostFiles::VerifyFiles(base::NativeLibrary cdm_adapter_library,
  const cdm::HostFile* cdm_host_files_ptr =
      cdm_host_files.empty() ? nullptr : cdm_host_files.data();

-  // Call |verify_cdm_host_func| on the CDM with |cdm_host_files|. Note that
+  // Call |init_verification_func| on the CDM with |cdm_host_files|. Note that
  // the ownership of these files are transferred to the CDM, which will close
  // the files immediately after use.
-  DVLOG(1) << __func__ << ": Calling " << kVerifyCdmHostFuncName << "() with "
-           << cdm_host_files.size() << " files.";
+  DVLOG(1) << __func__ << ": Calling " << kInitVerificationFuncName
+           << "() with " << cdm_host_files.size() << " files.";
  for (const auto& host_file : cdm_host_files) {
    DVLOG(1) << " - File Path: " << host_file.file_path;
    DVLOG(1) << " - File: " << host_file.file;
    DVLOG(1) << " - Sig File: " << host_file.sig_file;
  }

-  if (!verify_cdm_host_func(cdm_host_files_ptr, cdm_host_files.size())) {
+  if (!init_verification_func(cdm_host_files_ptr, cdm_host_files.size())) {
    DVLOG(1) << "Failed to verify CDM host.";
    CloseAllFiles();
    return false;

--- a/content/common/media/cdm_host_files.h
+++ b/content/common/media/cdm_host_files.h
@@ -59,15 +59,15 @@ class CdmHostFiles {
  static std::unique_ptr<CdmHostFiles> Create(
      const base::FilePath& cdm_adapter_path);

-  // Verifies |cdm_adapter_path| CDM files by calling the function exported
+  // Initializes the verification of CDM files by calling the function exported
  // by the CDM. If unexpected error happens, all files will be closed.
  // Otherwise, the PlatformFiles are passed to the CDM which will close the
  // files later.
  // Only returns false if the CDM returns false (when there's an immediate
  // failure). Otherwise always returns true for backward compatibility, e.g.
  // when using an old CDM which doesn't implement the verification API.
-  bool VerifyFiles(base::NativeLibrary cdm_adapter_library,
-                   const base::FilePath& cdm_adapter_path);
+  bool InitVerification(base::NativeLibrary cdm_adapter_library,
+                        const base::FilePath& cdm_adapter_path);

 private:
 #if defined(POSIX_WITH_ZYGOTE)

--- a/content/ppapi_plugin/ppapi_thread.cc
+++ b/content/ppapi_plugin/ppapi_thread.cc
@@ -390,6 +390,20 @@ void PpapiThread::OnLoadPlugin(const base::FilePath& path,
  if (is_broker_ || !IsCdm(path))
    cdm_host_files.reset();  // Close all opened files.
 #endif  // defined(OS_WIN) || defined(OS_MACOSX)
+
+#if defined(OS_WIN)
+  // On Windows, initialize CDM host verification unsandboxed. On other
+  // platforms, this is called sandboxed below.
+  if (cdm_host_files) {
+    DCHECK(IsCdm(path));
+    if (!cdm_host_files->InitVerification(library.get(), path)) {
+      LOG(WARNING) << "CDM host verification failed.";
+      // TODO(xhwang): Add a new load result if needed.
+      ReportLoadResult(path, INIT_FAILED);
+      return;
+    }
+  }
+#endif  // defined(OS_WIN)
 #endif  // BUILDFLAG(ENABLE_CDM_HOST_VERIFICATION)

 #if defined(OS_WIN)
@@ -470,26 +484,26 @@ void PpapiThread::OnLoadPlugin(const base::FilePath& path,
    CHECK(InitializeSandbox());
 #endif

-    int32_t init_error = plugin_entry_points_.initialize_module(
-        local_pp_module_,
-        &ppapi::proxy::PluginDispatcher::GetBrowserInterface);
-    if (init_error != PP_OK) {
-      LOG(WARNING) << "InitModule failed with error " << init_error;
-      ReportLoadResult(path, INIT_FAILED);
-      return;
-    }
-#if BUILDFLAG(ENABLE_CDM_HOST_VERIFICATION)
-    // Now the process is sandboxed. Verify CDM host.
+#if BUILDFLAG(ENABLE_CDM_HOST_VERIFICATION) && !defined(OS_WIN)
+    // Now we are sandboxed, initialize CDM host verification.
    if (cdm_host_files) {
      DCHECK(IsCdm(path));
-      if (!cdm_host_files->VerifyFiles(library.get(), path)) {
+      if (!cdm_host_files->InitVerification(library.get(), path)) {
        LOG(WARNING) << "CDM host verification failed.";
        // TODO(xhwang): Add a new load result if needed.
        ReportLoadResult(path, INIT_FAILED);
        return;
      }
    }
-#endif  // BUILDFLAG(ENABLE_CDM_HOST_VERIFICATION)
+#endif  // BUILDFLAG(ENABLE_CDM_HOST_VERIFICATION) && !defined(OS_WIN)
+
+    int32_t init_error = plugin_entry_points_.initialize_module(
+        local_pp_module_, &ppapi::proxy::PluginDispatcher::GetBrowserInterface);
+    if (init_error != PP_OK) {
+      LOG(WARNING) << "InitModule failed with error " << init_error;
+      ReportLoadResult(path, INIT_FAILED);
+      return;
+    }
  }

  // Initialization succeeded, so keep the plugin DLL loaded.