Whitelist Imprivata extensions to use HID devices via WebUSB

This CL modifies the protected interface class check in WebUSB to make
an exception for HID devices when the request is originating from the
first-party Imprivata extensions (login screen and in-session
extensions, both in dev/prod versions).

BUG: 995294
Change-Id: If436bb1b8d19a74c47cb060cbda8e0e3a061531f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1908544Reviewed-by: Reilly Grant <reillyg@chromium.org>
Commit-Queue: Alexander Hendrich <hendrich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#715226}

third_party/blink/renderer/modules/webusb/usb_device.cc

@@ -50,6 +50,15 @@ const char kInterfaceNotFound[] =
 const char kInterfaceStateChangeInProgress[] =
     "An operation that changes interface state is in progress.";
 const char kOpenRequired[] = "The device must be opened first.";
+const char kExtensionProtocol[] = "chrome-extension";
+const char kImprivataLoginScreenProdExtensionId[] =
+    "lpimkpkllnkdlcigdbgmabfplniahkgm";
+const char kImprivataLoginScreenDevExtensionId[] =
+    "cdgickkdpbekbnalbmpgochbninibkko";
+const char kImprivataInSessionProdExtensionId[] =
+    "cokoeepjbmmnhgdhlkpahohdaiedfjgn";
+const char kImprivataInSessionDevExtensionId[] =
+    "omificdfgpipkkpdhbjmefgfgbppehke";
 
 DOMException* ConvertFatalTransferStatus(const UsbTransferStatus& status) {
   switch (status) {
@@ -583,7 +592,7 @@ bool USBDevice::IsProtectedInterfaceClass(wtf_size_t interface_index) const {
   DCHECK_NE(interface_index, kNotFound);
 
   // USB Class Codes are defined by the USB-IF:
-  // http://www.usb.org/developers/defined_class
+  // https://www.usb.org/defined-class-codes
   const uint8_t kProtectedClasses[] = {
       0x01,  // Audio
       0x03,  // HID
@@ -604,13 +613,30 @@ bool USBDevice::IsProtectedInterfaceClass(wtf_size_t interface_index) const {
     if (std::binary_search(std::begin(kProtectedClasses),
                            std::end(kProtectedClasses),
                            alternate->class_code)) {
-      return true;
+      return !IsClassWhitelistedForExtension(alternate->class_code);
     }
   }
 
   return false;
 }
 
+bool USBDevice::IsClassWhitelistedForExtension(uint8_t class_code) const {
+  const KURL& url = GetExecutionContext()->Url();
+  if (url.Protocol() != kExtensionProtocol)
+    return false;
+
+  const String host = url.Host();
+  switch (class_code) {
+    case 0x03:  // HID
+      return host == kImprivataLoginScreenProdExtensionId ||
+             host == kImprivataLoginScreenDevExtensionId ||
+             host == kImprivataInSessionProdExtensionId ||
+             host == kImprivataInSessionDevExtensionId;
+    default:
+      return false;
+  }
+}
+
 bool USBDevice::EnsureNoDeviceChangeInProgress(
     ScriptPromiseResolver* resolver) const {
   if (!device_) {

third_party/blink/renderer/modules/webusb/usb_device.h

@@ -116,6 +116,7 @@ class USBDevice : public ScriptWrappable, public ContextLifecycleObserver {
   wtf_size_t FindAlternateIndex(wtf_size_t interface_index,
                                 uint8_t alternate_setting) const;
   bool IsProtectedInterfaceClass(wtf_size_t interface_index) const;
+  bool IsClassWhitelistedForExtension(uint8_t class_code) const;
   bool EnsureNoDeviceChangeInProgress(ScriptPromiseResolver*) const;
   bool EnsureNoDeviceOrInterfaceChangeInProgress(ScriptPromiseResolver*) const;
   bool EnsureDeviceConfigured(ScriptPromiseResolver*) const;