[EnumeratDevices] Do not report the device ID without permissions.

Recently, the spec has changed to guarantee better privacy protection in
enumerateDevices()[1]. The spec change prescribes that at most one device
per-type should be shown without ID information if the user did not grant
permissions.

This CL changes the behavior of enumerateDevice as prescribed but
keeping it behind a flag to better control the rollout of the change.

[1] https://github.com/w3c/mediacapture-main/commit/837ceeff14509ba1e5200c27b9bd190f91f9977c

Bug: 1019176
Change-Id: I5a15d15363c50e45d86ddb241eccd9a4bd8698b6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1964495Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Guido Urdaneta <guidou@chromium.org>
Commit-Queue: Armando Miraglia <armax@chromium.org>
Cr-Commit-Position: refs/heads/master@{#735462}

chrome/browser/media/webrtc/webrtc_getmediadevices_browsertest.cc

@@ -263,6 +263,9 @@ IN_PROC_BROWSER_TEST_F(WebRtcGetMediaDevicesBrowserTest,
   ui_test_utils::NavigateToURL(browser(), url);
   content::WebContents* tab =
       browser()->tab_strip_model()->GetActiveWebContents();
+
+  EXPECT_TRUE(GetUserMediaAndAccept(tab));
+
   std::vector<MediaDeviceInfo> devices;
   EnumerateDevices(tab, &devices);
 
@@ -292,6 +295,9 @@ IN_PROC_BROWSER_TEST_F(WebRtcGetMediaDevicesBrowserTest,
       ->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
   content::WebContents* tab1 =
       browser()->tab_strip_model()->GetActiveWebContents();
+
+  EXPECT_TRUE(GetUserMediaAndAccept(tab1));
+
   std::vector<MediaDeviceInfo> devices;
   EnumerateDevices(tab1, &devices);
 
@@ -316,6 +322,9 @@ IN_PROC_BROWSER_TEST_F(WebRtcGetMediaDevicesBrowserTest,
       ->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
   content::WebContents* tab =
       browser()->tab_strip_model()->GetActiveWebContents();
+
+  EXPECT_TRUE(GetUserMediaAndAccept(tab));
+
   std::vector<MediaDeviceInfo> devices;
   EnumerateDevices(tab, &devices);
 

content/browser/media/media_devices_util.cc

@@ -22,6 +22,7 @@
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/content_client.h"
+#include "content/public/common/content_features.h"
 #include "media/base/media_switches.h"
 #include "third_party/blink/public/common/mediastream/media_stream_request.h"
 
@@ -184,8 +185,12 @@ blink::WebMediaDeviceInfo TranslateMediaDeviceInfo(
     const MediaDeviceSaltAndOrigin& salt_and_origin,
     const blink::WebMediaDeviceInfo& device_info) {
   return blink::WebMediaDeviceInfo(
-      GetHMACForMediaDeviceID(salt_and_origin.device_id_salt,
-                              salt_and_origin.origin, device_info.device_id),
+      !base::FeatureList::IsEnabled(features::kEnumerateDevicesHideDeviceIDs) ||
+              has_permission
+          ? GetHMACForMediaDeviceID(salt_and_origin.device_id_salt,
+                                    salt_and_origin.origin,
+                                    device_info.device_id)
+          : std::string(),
       has_permission ? device_info.label : std::string(),
       device_info.group_id.empty()
           ? std::string()

content/browser/renderer_host/media/media_devices_dispatcher_host_unittest.cc

@@ -281,7 +281,8 @@ class MediaDevicesDispatcherHostTest
           enumerated_devices_[blink::MEDIA_DEVICE_TYPE_AUDIO_OUTPUT].empty());
 
     EXPECT_FALSE(DoesContainRawIds(enumerated_devices_));
-    EXPECT_TRUE(DoesEveryDeviceMapToRawId(enumerated_devices_, origin_));
+    EXPECT_EQ(DoesEveryDeviceMapToRawId(enumerated_devices_, origin_),
+              permission_override_value);
   }
 
   bool DoesContainRawIds(

content/browser/renderer_host/media/media_devices_manager.cc

@@ -709,6 +709,11 @@ void MediaDevicesManager::OnDevicesEnumerated(
       continue;
 
     for (const auto& device_info : enumeration[i]) {
+      if (base::FeatureList::IsEnabled(
+              features::kEnumerateDevicesHideDeviceIDs) &&
+          !has_permissions[i] && !translation[i].empty())
+        break;
+
       translation[i].push_back(TranslateMediaDeviceInfo(
           has_permissions[i], salt_and_origin, device_info));
     }

content/public/common/content_features.cc

@@ -159,6 +159,13 @@ const base::Feature kDesktopCaptureChangeSource{
 const base::Feature kDocumentPolicy{"DocumentPolicy",
                                     base::FEATURE_DISABLED_BY_DEFAULT};
 
+// If this feature is enabled and device permission is not granted by the user,
+// media-device enumeration will provide at most one device per type and the
+// device IDs will not be available.
+// TODO(crbug.com/1019176): remove the feature in M82.
+const base::Feature kEnumerateDevicesHideDeviceIDs{
+    "EnumerateDevicesHideDeviceIDs", base::FEATURE_ENABLED_BY_DEFAULT};
+
 // When a screen reader is detected, allow users the option of letting
 // Google provide descriptions for unlabeled images.
 const base::Feature kExperimentalAccessibilityLabels{

content/public/common/content_features.h

@@ -43,6 +43,7 @@ CONTENT_EXPORT extern const base::Feature kCrashReporting;
 CONTENT_EXPORT extern const base::Feature kDataSaverHoldback;
 CONTENT_EXPORT extern const base::Feature kDesktopCaptureChangeSource;
 CONTENT_EXPORT extern const base::Feature kDocumentPolicy;
+CONTENT_EXPORT extern const base::Feature kEnumerateDevicesHideDeviceIDs;
 CONTENT_EXPORT extern const base::Feature kExperimentalAccessibilityLabels;
 CONTENT_EXPORT extern const base::Feature kExperimentalProductivityFeatures;
 CONTENT_EXPORT extern const base::Feature kExpensiveBackgroundTimerThrottling;