Add CdmFactoryDaemonProxy for communication with Chrome OS daemon

The CdmFactoryDaemonProxy is what will now be performing the
bootstrapping via D-Bus to the arc-oemcrypto daemon. The daemon serves
two purposes, for providing a CdmFactory interface to Chrome and also an
OemCrypto interface to Android. We can only bootstrap the connection
once, so it was moved to a common component and removed from ArcBridge.

ArcBridge now calls into this shared component for OemCrypto and
upcoming CLs will add usage of the CdmFactory.

This also removes the old D-Bus client used by arc-oemcrypto since it is
no longer needed.

BUG=b:153111783
TEST=ArcBridge OemCrypto connection still works

Change-Id: I54f9763e1694fd4c1b52018ebf27c396562f950a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2246864Reviewed-by: Yusuke Sato <yusukes@chromium.org>
Reviewed-by: Dominick Ng <dominickn@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Commit-Queue: J Kardatzke <jkardatzke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#779611}

chrome/browser/BUILD.gn

@@ -4044,6 +4044,7 @@ static_library("browser") {
       "//ash/public/cpp/external_arc",
       "//chrome/browser/chromeos",
       "//chromeos/components/account_manager",
+      "//chromeos/components/cdm_factory_daemon:cdm_factory_daemon_browser",
       "//chromeos/components/quick_answers",
       "//chromeos/components/sync_wifi",
       "//chromeos/services/assistant/public/cpp",

chrome/browser/chrome_content_browser_client_receiver_bindings.cc

@@ -42,6 +42,8 @@
 #elif defined(OS_WIN)
 #include "chrome/browser/win/conflicts/module_database.h"
 #include "chrome/browser/win/conflicts/module_event_sink_impl.h"
+#elif defined(OS_CHROMEOS)
+#include "chromeos/components/cdm_factory_daemon/cdm_factory_daemon_proxy.h"
 #endif
 
 #if BUILDFLAG(ENABLE_EXTENSIONS)
@@ -274,8 +276,15 @@ void ChromeContentBrowserClient::BindBadgeServiceReceiverFromServiceWorker(
 
 void ChromeContentBrowserClient::BindGpuHostReceiver(
     mojo::GenericPendingReceiver receiver) {
-  if (auto r = receiver.As<metrics::mojom::CallStackProfileCollector>())
+  if (auto r = receiver.As<metrics::mojom::CallStackProfileCollector>()) {
     metrics::CallStackProfileCollector::Create(std::move(r));
+    return;
+  }
+
+#if defined(OS_CHROMEOS)
+  if (auto r = receiver.As<chromeos::cdm::mojom::CdmFactoryDaemon>())
+    chromeos::CdmFactoryDaemonProxy::Create(std::move(r));
+#endif  // OS_CHROMEOS
 }
 
 void ChromeContentBrowserClient::BindUtilityHostReceiver(

chrome/browser/chromeos/BUILD.gn

@@ -102,6 +102,7 @@ source_set("chromeos") {
     "//chromeos/attestation",
     "//chromeos/audio",
     "//chromeos/components/account_manager",
+    "//chromeos/components/cdm_factory_daemon:cdm_factory_daemon_browser",
     "//chromeos/components/drivefs",
     "//chromeos/components/drivefs/mojom",
     "//chromeos/components/help_app_ui",

chrome/browser/chromeos/arc/oemcrypto/arc_oemcrypto_bridge.cc

@@ -10,8 +10,7 @@
 #include "base/memory/singleton.h"
 #include "base/task/post_task.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
-#include "chromeos/dbus/arc_oemcrypto_client.h"
-#include "chromeos/dbus/dbus_thread_manager.h"
+#include "chromeos/components/cdm_factory_daemon/cdm_factory_daemon_proxy.h"
 #include "components/arc/arc_browser_context_keyed_service_factory_base.h"
 #include "components/arc/mojom/protected_buffer_manager.mojom.h"
 #include "components/arc/session/arc_bridge_service.h"
@@ -19,8 +18,6 @@
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/gpu_service_registry.h"
 #include "mojo/public/cpp/bindings/pending_remote.h"
-#include "mojo/public/cpp/platform/platform_channel.h"
-#include "mojo/public/cpp/system/invitation.h"
 
 namespace arc {
 namespace {
@@ -47,7 +44,7 @@ class ArcOemCryptoBridgeFactory
 mojo::PendingRemote<mojom::ProtectedBufferManager>
 GetGpuBufferManagerOnIOThread() {
   // Get the Mojo interface from the GPU for dealing with secure buffers and
-  // pass that to the daemon as well in our Connect call.
+  // pass that to the daemon as well in our ConnectToDaemon call.
   mojo::PendingRemote<mojom::ProtectedBufferManager> gpu_buffer_manager;
   content::BindInterfaceInGpuProcess(
       gpu_buffer_manager.InitWithNewPipeAndPassReceiver());
@@ -72,21 +69,6 @@ ArcOemCryptoBridge::~ArcOemCryptoBridge() {
   arc_bridge_service_->oemcrypto()->SetHost(nullptr);
 }
 
-void ArcOemCryptoBridge::OnBootstrapMojoConnection(
-    mojo::PendingReceiver<mojom::OemCryptoService> receiver,
-    bool result) {
-  if (!result) {
-    // This can currently happen due to limited device support, so do not log
-    // it as an error.
-    DVLOG(1) << "ArcOemCryptoBridge had a failure in D-Bus with the daemon";
-    // Reset this so we don't think it is bound on future calls to Connect.
-    oemcrypto_host_daemon_remote_.reset();
-    return;
-  }
-  DVLOG(1) << "ArcOemCryptoBridge succeeded with Mojo bootstrapping.";
-  ConnectToDaemon(std::move(receiver));
-}
-
 void ArcOemCryptoBridge::Connect(
     mojo::PendingReceiver<mojom::OemCryptoService> receiver) {
   DVLOG(1) << "ArcOemCryptoBridge::Connect called";
@@ -108,72 +90,22 @@ void ArcOemCryptoBridge::Connect(
     return;
   }
 
-  if (oemcrypto_host_daemon_remote_.is_bound()) {
-    DVLOG(1) << "Re-using bootstrap connection for OemCryptoService Connect";
-    ConnectToDaemon(std::move(receiver));
-    return;
-  }
-  DVLOG(1) << "Bootstrapping the OemCrypto connection via D-Bus";
-  mojo::OutgoingInvitation invitation;
-  mojo::PlatformChannel channel;
-  mojo::ScopedMessagePipeHandle server_pipe =
-      invitation.AttachMessagePipe("arc-oemcrypto-pipe");
-  mojo::OutgoingInvitation::Send(std::move(invitation),
-                                 base::kNullProcessHandle,
-                                 channel.TakeLocalEndpoint());
-  base::ScopedFD fd =
-      channel.TakeRemoteEndpoint().TakePlatformHandle().TakeFD();
-
-  // Bind the Mojo pipe to the interface before we send the D-Bus message
-  // to avoid any kind of race condition with detecting it's been bound.
-  // It's safe to do this before the other end binds anyways.
-  oemcrypto_host_daemon_remote_.reset();
-  oemcrypto_host_daemon_remote_.Bind(
-      mojo::PendingRemote<arc_oemcrypto::mojom::OemCryptoHostDaemon>(
-          std::move(server_pipe), 0u));
-  DVLOG(1) << "Bound remote OemCryptoHostDaemon interface to pipe";
-
-  oemcrypto_host_daemon_remote_.set_disconnect_handler(base::BindOnce(
-      &ArcOemCryptoBridge::OnMojoConnectionError, weak_factory_.GetWeakPtr()));
-  chromeos::DBusThreadManager::Get()
-      ->GetArcOemCryptoClient()
-      ->BootstrapMojoConnection(
-          std::move(fd),
-          base::BindOnce(&ArcOemCryptoBridge::OnBootstrapMojoConnection,
-                         weak_factory_.GetWeakPtr(), std::move(receiver)));
-}
-
-void ArcOemCryptoBridge::ConnectToDaemon(
-    mojo::PendingReceiver<mojom::OemCryptoService> receiver) {
-  if (!oemcrypto_host_daemon_remote_) {
-    VLOG(1) << "Mojo connection is already lost.";
-    return;
-  }
-
   // We need to get the GPU interface on the IO thread, then after that is
-  // done it will run the Mojo call on our thread.
+  // done it will run the Mojo call on our thread. This call may have come back
+  // on our mojo thread or the proxy's mojo thread, either one is safe to invoke
+  // the OemCrypto call because the proxy will repost it to the proper thread.
   base::PostTaskAndReplyWithResult(
       content::GetIOThreadTaskRunner({}).get(), FROM_HERE,
       base::BindOnce(&GetGpuBufferManagerOnIOThread),
-      base::BindOnce(&ArcOemCryptoBridge::FinishConnectingToDaemon,
+      base::BindOnce(&ArcOemCryptoBridge::ConnectToDaemon,
                      weak_factory_.GetWeakPtr(), std::move(receiver)));
 }
 
-void ArcOemCryptoBridge::FinishConnectingToDaemon(
+void ArcOemCryptoBridge::ConnectToDaemon(
     mojo::PendingReceiver<mojom::OemCryptoService> receiver,
     mojo::PendingRemote<mojom::ProtectedBufferManager> gpu_buffer_manager) {
-  if (!oemcrypto_host_daemon_remote_) {
-    VLOG(1) << "Mojo connection is already lost.";
-    return;
-  }
-
-  oemcrypto_host_daemon_remote_->Connect(std::move(receiver),
-                                         std::move(gpu_buffer_manager));
-}
-
-void ArcOemCryptoBridge::OnMojoConnectionError() {
-  LOG(ERROR) << "ArcOemCryptoBridge Mojo connection lost.";
-  oemcrypto_host_daemon_remote_.reset();
+  chromeos::CdmFactoryDaemonProxy::GetInstance().ConnectOemCrypto(
+      std::move(receiver), std::move(gpu_buffer_manager));
 }
 
 }  // namespace arc

chrome/browser/chromeos/arc/oemcrypto/arc_oemcrypto_bridge.h

@@ -11,7 +11,7 @@
 
 #include "base/macros.h"
 #include "components/arc/mojom/oemcrypto.mojom.h"
-#include "components/arc/mojom/oemcrypto_daemon.mojom.h"
+#include "components/arc/mojom/protected_buffer_manager.mojom.h"
 #include "components/keyed_service/core/keyed_service.h"
 #include "mojo/public/cpp/bindings/pending_receiver.h"
 #include "mojo/public/cpp/bindings/pending_remote.h"
@@ -42,18 +42,11 @@ class ArcOemCryptoBridge : public KeyedService,
       mojo::PendingReceiver<mojom::OemCryptoService> receiver) override;
 
  private:
-  void OnBootstrapMojoConnection(
-      mojo::PendingReceiver<mojom::OemCryptoService> receiver,
-      bool result);
-  void ConnectToDaemon(mojo::PendingReceiver<mojom::OemCryptoService> receiver);
-  void FinishConnectingToDaemon(
+  void ConnectToDaemon(
       mojo::PendingReceiver<mojom::OemCryptoService> receiver,
       mojo::PendingRemote<mojom::ProtectedBufferManager> gpu_buffer_manager);
-  void OnMojoConnectionError();
 
   ArcBridgeService* const arc_bridge_service_;  // Owned by ArcServiceManager.
-  mojo::Remote<arc_oemcrypto::mojom::OemCryptoHostDaemon>
-      oemcrypto_host_daemon_remote_;
 
   // WeakPtrFactory to use for callbacks.
   base::WeakPtrFactory<ArcOemCryptoBridge> weak_factory_{this};

chromeos/components/cdm_factory_daemon/BUILD.gn

+# Copyright 2020 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+assert(is_chromeos, "Non-ChromeOS builds cannot depend on //chromeos")
+
+component("cdm_factory_daemon_browser") {
+  sources = [
+    "cdm_factory_daemon_proxy.cc",
+    "cdm_factory_daemon_proxy.h",
+  ]
+  public_deps = [ "//chromeos/components/cdm_factory_daemon/mojom" ]
+  deps = [
+    "//base",
+    "//chromeos/dbus/cdm_factory_daemon",
+    "//content/public/browser",
+    "//mojo/public/cpp/bindings",
+  ]
+  defines = [ "IS_CDM_FACTORY_DAEMON_IMPL" ]
+}

chromeos/components/cdm_factory_daemon/DEPS

+include_rules = [
+  "+components/arc/mojom",
+  "+content/public/browser",
+]
\ No newline at end of file

chromeos/components/cdm_factory_daemon/OWNERS

+jkardatzke@google.com
+xhwang@chromium.org
\ No newline at end of file

chromeos/components/cdm_factory_daemon/cdm_factory_daemon_proxy.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chromeos/components/cdm_factory_daemon/cdm_factory_daemon_proxy.h"
+
+#include "base/bind.h"
+#include "base/bind_helpers.h"
+#include "base/location.h"
+#include "base/logging.h"
+#include "base/no_destructor.h"
+#include "base/single_thread_task_runner.h"
+#include "base/threading/thread_task_runner_handle.h"
+#include "chromeos/dbus/cdm_factory_daemon/cdm_factory_daemon_client.h"
+#include "content/public/browser/browser_task_traits.h"
+#include "content/public/browser/browser_thread.h"
+#include "mojo/public/cpp/bindings/pending_remote.h"
+#include "mojo/public/cpp/platform/platform_channel.h"
+#include "mojo/public/cpp/system/invitation.h"
+
+namespace chromeos {
+namespace {
+constexpr char kCdmFactoryDaemonPipeName[] = "cdm-factory-daemon-pipe";
+}  // namespace
+
+CdmFactoryDaemonProxy::CdmFactoryDaemonProxy()
+    : receiver_(this),
+      mojo_task_runner_(base::SequencedTaskRunnerHandle::Get()) {}
+
+CdmFactoryDaemonProxy::~CdmFactoryDaemonProxy() = default;
+
+void CdmFactoryDaemonProxy::Create(
+    mojo::PendingReceiver<CdmFactoryDaemon> receiver) {
+  // We do not want to use a SelfOwnedReceiver here because if the GPU process
+  // goes down, we don't want to destruct and drop our connection to the daemon.
+  // It's not possible to reconnect to the daemon from the browser process w/out
+  // restarting both processes (which happens if the browser goes down).
+  GetInstance().BindReceiver(std::move(receiver));
+}
+
+void CdmFactoryDaemonProxy::CreateFactory(const std::string& key_system,
+                                          CreateFactoryCallback callback) {
+  DCHECK(mojo_task_runner_->RunsTasksInCurrentSequence());
+  DVLOG(1) << "CdmFactoryDaemonProxy::CreateFactory called";
+  if (daemon_remote_.is_bound()) {
+    DVLOG(1) << "CdmFactoryDaemon mojo connection already exists, re-use it";
+    GetFactoryInterface(key_system, std::move(callback));
+    return;
+  }
+
+  EstablishDaemonConnection(
+      base::BindOnce(&CdmFactoryDaemonProxy::GetFactoryInterface,
+                     base::Unretained(this), key_system, std::move(callback)));
+}
+
+void CdmFactoryDaemonProxy::ConnectOemCrypto(
+    arc::mojom::OemCryptoServiceRequest oemcryptor,
+    mojo::PendingRemote<arc::mojom::ProtectedBufferManager>
+        protected_buffer_manager) {
+  // This gets invoked from ArcBridge which uses a different thread.
+  if (!mojo_task_runner_->RunsTasksInCurrentSequence()) {
+    mojo_task_runner_->PostTask(
+        FROM_HERE, base::BindOnce(&CdmFactoryDaemonProxy::ConnectOemCrypto,
+                                  base::Unretained(this), std::move(oemcryptor),
+                                  std::move(protected_buffer_manager)));
+    return;
+  }
+
+  DVLOG(1) << "CdmFactoryDaemonProxy::ConnectOemCrypto called";
+  if (daemon_remote_.is_bound()) {
+    DVLOG(1) << "CdmFactoryDaemon mojo connection already exists, re-use it";
+    CompleteOemCryptoConnection(std::move(oemcryptor),
+                                std::move(protected_buffer_manager));
+    return;
+  }
+
+  EstablishDaemonConnection(
+      base::BindOnce(&CdmFactoryDaemonProxy::CompleteOemCryptoConnection,
+                     base::Unretained(this), std::move(oemcryptor),
+                     std::move(protected_buffer_manager)));
+}
+
+void CdmFactoryDaemonProxy::SendDBusRequest(base::ScopedFD fd,
+                                            base::OnceClosure callback) {
+  chromeos::CdmFactoryDaemonClient::Get()->BootstrapMojoConnection(
+      std::move(fd),
+      base::BindOnce(&CdmFactoryDaemonProxy::OnBootstrapMojoConnection,
+                     base::Unretained(this), std::move(callback)));
+}
+
+void CdmFactoryDaemonProxy::EstablishDaemonConnection(
+    base::OnceClosure callback) {
+  // This may have happened already.
+  if (daemon_remote_.is_bound()) {
+    std::move(callback).Run();
+    return;
+  }
+  // Bootstrap the Mojo connection to the daemon.
+  mojo::OutgoingInvitation invitation;
+  mojo::PlatformChannel channel;
+  mojo::ScopedMessagePipeHandle server_pipe =
+      invitation.AttachMessagePipe(kCdmFactoryDaemonPipeName);
+  mojo::OutgoingInvitation::Send(std::move(invitation),
+                                 base::kNullProcessHandle,
+                                 channel.TakeLocalEndpoint());
+  base::ScopedFD fd =
+      channel.TakeRemoteEndpoint().TakePlatformHandle().TakeFD();
+
+  // Bind the Mojo pipe to the interface before we send the D-Bus message
+  // to avoid any kind of race condition with detecting it's been bound.
+  // It's safe to do this before the other end binds anyways.
+  daemon_remote_.Bind(mojo::PendingRemote<cdm::mojom::CdmFactoryDaemon>(
+      std::move(server_pipe), 0u));
+  daemon_remote_.set_disconnect_handler(
+      base::BindOnce(&CdmFactoryDaemonProxy::OnDaemonMojoConnectionError,
+                     base::Unretained(this)));
+
+  // We need to invoke this call on the D-Bus (UI) thread.
+  content::GetUIThreadTaskRunner({})->PostTask(
+      FROM_HERE, base::BindOnce(&CdmFactoryDaemonProxy::SendDBusRequest,
+                                base::Unretained(this), std::move(fd),
+                                std::move(callback)));
+}
+
+void CdmFactoryDaemonProxy::OnBootstrapMojoConnection(
+    base::OnceClosure callback,
+    bool result) {
+  if (!mojo_task_runner_->RunsTasksInCurrentSequence()) {
+    mojo_task_runner_->PostTask(
+        FROM_HERE,
+        base::BindOnce(&CdmFactoryDaemonProxy::OnBootstrapMojoConnection,
+                       base::Unretained(this), std::move(callback), result));
+    return;
+  }
+  if (!result) {
+    LOG(ERROR) << "CdmFactoryDaemon had a failure in D-Bus with the daemon";
+    daemon_remote_.reset();
+  } else {
+    DVLOG(1) << "Succeeded with CdmFactoryDaemon bootstrapping";
+  }
+  std::move(callback).Run();
+}
+
+void CdmFactoryDaemonProxy::GetFactoryInterface(
+    const std::string& key_system,
+    CreateFactoryCallback callback) {
+  if (!daemon_remote_ || !daemon_remote_.is_bound()) {
+    LOG(ERROR) << "daemon_remote_ interface is not connected";
+    std::move(callback).Run(mojo::PendingRemote<cdm::mojom::CdmFactory>());
+    return;
+  }
+  daemon_remote_->CreateFactory(key_system, std::move(callback));
+}
+
+void CdmFactoryDaemonProxy::CompleteOemCryptoConnection(
+    arc::mojom::OemCryptoServiceRequest oemcryptor,
+    mojo::PendingRemote<arc::mojom::ProtectedBufferManager>
+        protected_buffer_manager) {
+  if (!daemon_remote_ || !daemon_remote_.is_bound()) {
+    LOG(ERROR) << "daemon_remote_ interface is not connected";
+    // Just let the mojo objects go out of scope and be destructed to signal
+    // failure.
+    return;
+  }
+  daemon_remote_->ConnectOemCrypto(std::move(oemcryptor),
+                                   std::move(protected_buffer_manager));
+}
+
+// static
+CdmFactoryDaemonProxy& CdmFactoryDaemonProxy::GetInstance() {
+  static base::NoDestructor<CdmFactoryDaemonProxy> instance;
+  return *instance;
+}
+
+void CdmFactoryDaemonProxy::OnGpuMojoConnectionError() {
+  DVLOG(1) << "CdmFactoryDaemon GPU Mojo connection lost.";
+  receiver_.reset();
+}
+
+void CdmFactoryDaemonProxy::OnDaemonMojoConnectionError() {
+  DVLOG(1) << "CdmFactoryDaemon daemon Mojo connection lost.";
+  daemon_remote_.reset();
+}
+
+void CdmFactoryDaemonProxy::BindReceiver(
+    mojo::PendingReceiver<CdmFactoryDaemon> receiver) {
+  receiver_.reset();
+  receiver_.Bind(std::move(receiver));
+  receiver_.set_disconnect_handler(
+      base::BindOnce(&CdmFactoryDaemonProxy::OnGpuMojoConnectionError,
+                     base::Unretained(this)));
+}
+
+}  // namespace chromeos

chromeos/components/cdm_factory_daemon/cdm_factory_daemon_proxy.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROMEOS_COMPONENTS_CDM_FACTORY_DAEMON_CDM_FACTORY_DAEMON_PROXY_H_
+#define CHROMEOS_COMPONENTS_CDM_FACTORY_DAEMON_CDM_FACTORY_DAEMON_PROXY_H_
+
+#include "base/component_export.h"
+#include "chromeos/components/cdm_factory_daemon/mojom/cdm_factory_daemon.mojom.h"
+#include "mojo/public/cpp/bindings/pending_receiver.h"
+#include "mojo/public/cpp/bindings/pending_remote.h"
+#include "mojo/public/cpp/bindings/remote.h"
+
+namespace chromeos {
+
+// The class serves two purposes.
+// 1. Allow the GPU process to call into the browser process to get the Mojo CDM
+//    Factory interface on the daemon.
+// 2. Allow ArcBridge to get the OemCrypto Mojo interface from that same daemon.
+//
+// Since both of these mojo connections are to the same daemon, they need to be
+// bootstrapped together on one higher level interface. This is done by using
+// D-Bus to first bootstrap our connection to the daemon. Thenover that
+// interface we request the CdmFactory and pass it back via Mojo to
+// the GPU process, or we request the OemCrypto interface and pass that back to
+// ArcBridge. We implement the same Mojo interface here as on the daemon since
+// we are essentially just a proxy.
+class COMPONENT_EXPORT(CDM_FACTORY_DAEMON) CdmFactoryDaemonProxy
+    : public cdm::mojom::CdmFactoryDaemon {
+ public:
+  typedef base::OnceCallback<void(bool connected)> ValidateDaemonConnectionCB;
+
+  CdmFactoryDaemonProxy();
+  ~CdmFactoryDaemonProxy() override;
+
+  CdmFactoryDaemonProxy(const CdmFactoryDaemonProxy&) = delete;
+  CdmFactoryDaemonProxy& operator=(const CdmFactoryDaemonProxy&) = delete;
+
+  static void Create(mojo::PendingReceiver<CdmFactoryDaemon> receiver);
+
+  static CdmFactoryDaemonProxy& GetInstance();
+
+  // chromeos::cdm::mojom::CdmFactoryDaemon:
+  void CreateFactory(const std::string& key_system,
+                     CreateFactoryCallback callback) override;
+  void ConnectOemCrypto(arc::mojom::OemCryptoServiceRequest oemcryptor,
+                        mojo::PendingRemote<arc::mojom::ProtectedBufferManager>
+                            protected_buffer_manager) override;
+
+ private:
+  void SendDBusRequest(base::ScopedFD fd, base::OnceClosure callback);
+  void EstablishDaemonConnection(base::OnceClosure callback);
+  void OnBootstrapMojoConnection(base::OnceClosure callback, bool result);
+  void GetFactoryInterface(const std::string& key_system,
+                           CreateFactoryCallback callback);
+  void CompleteOemCryptoConnection(
+      arc::mojom::OemCryptoServiceRequest oemcryptor,
+      mojo::PendingRemote<arc::mojom::ProtectedBufferManager>
+          protected_buffer_manager);
+  void OnGpuMojoConnectionError();
+  void OnDaemonMojoConnectionError();
+  void BindReceiver(mojo::PendingReceiver<CdmFactoryDaemon> receiver);
+
+  mojo::Remote<CdmFactoryDaemon> daemon_remote_;
+  mojo::Receiver<CdmFactoryDaemon> receiver_;
+
+  scoped_refptr<base::SequencedTaskRunner> mojo_task_runner_;
+};
+
+}  // namespace chromeos
+
+#endif  // CHROMEOS_COMPONENTS_CDM_FACTORY_DAEMON_CDM_FACTORY_DAEMON_PROXY_H_

chromeos/components/cdm_factory_daemon/mojom/BUILD.gn

+# Copyright 2020 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+import("//mojo/public/tools/bindings/mojom.gni")
+
+mojom_component("mojom") {
+  sources = [ "cdm_factory_daemon.mojom" ]
+
+  public_deps = [
+    "//components/arc/mojom:media",
+    "//components/arc/mojom:oemcrypto",
+    "//mojo/public/mojom/base",
+  ]
+
+  output_prefix = "chromeos_cdm_mojom"
+  macro_prefix = "CHROMEOS_CDM_MOJOM"
+}

chromeos/components/cdm_factory_daemon/mojom/OWNERS

+per-file *.mojom=set noparent
+per-file *.mojom=file://ipc/SECURITY_OWNERS

chromeos/components/cdm_factory_daemon/mojom/cdm_factory_daemon.mojom

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// This defines the mojo interface used between Chrome and the Chrome OS for
+// remoting of the Widevine CE CDM and the underlying OEMCrypto implementation.
+// This CdmFactoryDaemon interface is bootstrapped over D-Bus and then methods
+// can be invoked on it to create a factory and then CDM instance, that same
+// interface can also be used to connect directly to the OEMCrypto
+// implementation for ARC.
+
+module chromeos.cdm.mojom;
+
+import "components/arc/mojom/oemcrypto.mojom";
+import "components/arc/mojom/protected_buffer_manager.mojom";
+
+// Next Method ID: 1
+interface CdmFactory {
+  // TODO(jkardatzke): Implement this interface.
+};
+
+// Next Method ID: 2
+// Used for bootstrapping the connection between Chrome and the daemon, then
+// methods can be invoked to obtain interfaces to perform CDM or OEMCrypto
+// operations.
+interface CdmFactoryDaemon {
+  // Used to create CdmFactory interfaces which are then used to create a CDM
+  // interface. |key_system| should specify what key system we are using,
+  // currently only com.widevine.alpha is supported. Returns null if we can't
+  // get the interface from the daemon.
+  CreateFactory@0(string key_system) => (pending_remote<CdmFactory>? factory);
+
+  // Used to establish a connection to the OEMCrypto implementation to provide
+  // that service to ARC.
+  ConnectOemCrypto@1(
+      arc.mojom.OemCryptoService& oemcryptor,
+      pending_remote<arc.mojom.ProtectedBufferManager>
+          protected_buffer_manager);
+};

chromeos/dbus/BUILD.gn

@@ -57,8 +57,6 @@ component("dbus") {
     "arc_midis_client.h",
     "arc_obb_mounter_client.cc",
     "arc_obb_mounter_client.h",
-    "arc_oemcrypto_client.cc",
-    "arc_oemcrypto_client.h",
     "cec_service_client.cc",
     "cec_service_client.h",
     "chunneld_client.cc",
@@ -88,8 +86,6 @@ component("dbus") {
     "fake_arc_midis_client.h",
     "fake_arc_obb_mounter_client.cc",
     "fake_arc_obb_mounter_client.h",
-    "fake_arc_oemcrypto_client.cc",
-    "fake_arc_oemcrypto_client.h",
     "fake_cec_service_client.cc",
     "fake_cec_service_client.h",
     "fake_chunneld_client.cc",

chromeos/dbus/arc_oemcrypto_client.cc

-// Copyright 2017 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "chromeos/dbus/arc_oemcrypto_client.h"
-
-#include <utility>
-
-#include "base/bind.h"
-#include "base/bind_helpers.h"
-#include "base/callback.h"
-#include "base/logging.h"
-#include "dbus/bus.h"
-#include "dbus/message.h"
-#include "dbus/object_proxy.h"
-#include "third_party/cros_system_api/dbus/service_constants.h"
-
-namespace chromeos {
-
-namespace {
-
-class ArcOemCryptoClientImpl : public ArcOemCryptoClient {
- public:
-  ArcOemCryptoClientImpl() {}
-  ~ArcOemCryptoClientImpl() override = default;
-
-  // ArcOemCryptoClient override:
-  void BootstrapMojoConnection(base::ScopedFD fd,
-                               VoidDBusMethodCallback callback) override {
-    if (!service_available_) {
-      DVLOG(1) << "ArcOemCrypto D-Bus service not available";
-      std::move(callback).Run(false);
-      return;
-    }
-    dbus::MethodCall method_call(arc_oemcrypto::kArcOemCryptoServiceInterface,
-                                 arc_oemcrypto::kBootstrapMojoConnection);
-    dbus::MessageWriter writer(&method_call);
-    writer.AppendFileDescriptor(fd.get());
-    proxy_->CallMethod(
-        &method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT,
-        base::BindOnce(&ArcOemCryptoClientImpl::OnVoidDBusMethod,
-                       weak_ptr_factory_.GetWeakPtr(), std::move(callback)));
-  }
-
- protected:
-  // DBusClient override.
-  void Init(dbus::Bus* bus) override {
-    proxy_ = bus->GetObjectProxy(
-        arc_oemcrypto::kArcOemCryptoServiceName,
-        dbus::ObjectPath(arc_oemcrypto::kArcOemCryptoServicePath));
-    proxy_->WaitForServiceToBeAvailable(
-        base::BindOnce(&ArcOemCryptoClientImpl::OnServiceAvailable,
-                       weak_ptr_factory_.GetWeakPtr()));
-  }
-
- private:
-  // Runs the callback with the method call result.
-  void OnVoidDBusMethod(VoidDBusMethodCallback callback,
-                        dbus::Response* response) {
-    std::move(callback).Run(response != nullptr);
-  }
-
-  void OnServiceAvailable(bool service_is_available) {
-    service_available_ = service_is_available;
-  }
-
-  dbus::ObjectProxy* proxy_ = nullptr;
-  bool service_available_ = false;
-
-  base::WeakPtrFactory<ArcOemCryptoClientImpl> weak_ptr_factory_{this};
-
-  DISALLOW_COPY_AND_ASSIGN(ArcOemCryptoClientImpl);
-};
-
-}  // namespace
-
-ArcOemCryptoClient::ArcOemCryptoClient() = default;
-
-ArcOemCryptoClient::~ArcOemCryptoClient() = default;
-
-// static
-std::unique_ptr<ArcOemCryptoClient> ArcOemCryptoClient::Create() {
-  return std::make_unique<ArcOemCryptoClientImpl>();
-}
-
-}  // namespace chromeos

chromeos/dbus/arc_oemcrypto_client.h

-// Copyright 2017 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CHROMEOS_DBUS_ARC_OEMCRYPTO_CLIENT_H_
-#define CHROMEOS_DBUS_ARC_OEMCRYPTO_CLIENT_H_
-
-#include <stdint.h>
-
-#include <memory>
-#include <string>
-
-#include "base/callback_forward.h"
-#include "base/component_export.h"
-#include "base/files/scoped_file.h"
-#include "base/macros.h"
-#include "chromeos/dbus/dbus_client.h"
-#include "chromeos/dbus/dbus_method_call_status.h"
-
-namespace chromeos {
-
-// ArcOemCryptoClient is used to communicate with the ArcOemCrypto service
-// which performs Widevine L1 DRM operations for ARC. The only purpose of
-// the D-Bus service is to bootstrap a Mojo IPC connection.
-// All methods should be called from the origin thread (UI thread) which
-// initializes the DBusThreadManager instance.
-class COMPONENT_EXPORT(CHROMEOS_DBUS) ArcOemCryptoClient : public DBusClient {
- public:
-  ArcOemCryptoClient();
-  ~ArcOemCryptoClient() override;
-
-  // Factory function, creates a new instance and returns ownership.
-  // For normal usage, access the singleton via DBusThreadManager::Get().
-  static std::unique_ptr<ArcOemCryptoClient> Create();
-
-  // Bootstraps the Mojo IPC connection between Chrome and the service daemon.
-  // This should pass in the child end of a Mojo pipe.
-  virtual void BootstrapMojoConnection(base::ScopedFD fd,
-                                       VoidDBusMethodCallback callback) = 0;
-};
-}  // namespace chromeos
-
-#endif  // CHROMEOS_DBUS_ARC_OEMCRYPTO_CLIENT_H_

chromeos/dbus/dbus_clients_browser.cc

@@ -10,7 +10,6 @@
 #include "chromeos/dbus/arc_keymaster_client.h"
 #include "chromeos/dbus/arc_midis_client.h"
 #include "chromeos/dbus/arc_obb_mounter_client.h"
-#include "chromeos/dbus/arc_oemcrypto_client.h"
 #include "chromeos/dbus/cec_service_client.h"
 #include "chromeos/dbus/chunneld_client.h"
 #include "chromeos/dbus/cicerone_client.h"
@@ -26,7 +25,6 @@
 #include "chromeos/dbus/fake_arc_keymaster_client.h"
 #include "chromeos/dbus/fake_arc_midis_client.h"
 #include "chromeos/dbus/fake_arc_obb_mounter_client.h"
-#include "chromeos/dbus/fake_arc_oemcrypto_client.h"
 #include "chromeos/dbus/fake_cec_service_client.h"
 #include "chromeos/dbus/fake_chunneld_client.h"
 #include "chromeos/dbus/fake_cicerone_client.h"
@@ -86,8 +84,6 @@ DBusClientsBrowser::DBusClientsBrowser(bool use_real_clients) {
   arc_midis_client_ = CREATE_DBUS_CLIENT(ArcMidisClient, use_real_clients);
   arc_obb_mounter_client_ =
       CREATE_DBUS_CLIENT(ArcObbMounterClient, use_real_clients);
-  arc_oemcrypto_client_ =
-      CREATE_DBUS_CLIENT(ArcOemCryptoClient, use_real_clients);
   cec_service_client_ = CREATE_DBUS_CLIENT(CecServiceClient, use_real_clients);
   cros_disks_client_ = CREATE_DBUS_CLIENT(CrosDisksClient, use_real_clients);
   chunneld_client_ = CREATE_DBUS_CLIENT(ChunneldClient, use_real_clients);
@@ -127,7 +123,6 @@ void DBusClientsBrowser::Initialize(dbus::Bus* system_bus) {
   arc_keymaster_client_->Init(system_bus);
   arc_midis_client_->Init(system_bus);
   arc_obb_mounter_client_->Init(system_bus);
-  arc_oemcrypto_client_->Init(system_bus);
   cec_service_client_->Init(system_bus);
   chunneld_client_->Init(system_bus);
   cicerone_client_->Init(system_bus);

chromeos/dbus/dbus_clients_browser.h

@@ -21,7 +21,6 @@ class ArcAppfuseProviderClient;
 class ArcKeymasterClient;
 class ArcMidisClient;
 class ArcObbMounterClient;
-class ArcOemCryptoClient;
 class CecServiceClient;
 class ChunneldClient;
 class CiceroneClient;
@@ -61,7 +60,6 @@ class COMPONENT_EXPORT(CHROMEOS_DBUS) DBusClientsBrowser {
   std::unique_ptr<ArcKeymasterClient> arc_keymaster_client_;
   std::unique_ptr<ArcMidisClient> arc_midis_client_;
   std::unique_ptr<ArcObbMounterClient> arc_obb_mounter_client_;
-  std::unique_ptr<ArcOemCryptoClient> arc_oemcrypto_client_;
   std::unique_ptr<CecServiceClient> cec_service_client_;
   std::unique_ptr<ChunneldClient> chunneld_client_;
   std::unique_ptr<CiceroneClient> cicerone_client_;

chromeos/dbus/dbus_thread_manager.cc

@@ -16,7 +16,6 @@
 #include "chromeos/dbus/arc_keymaster_client.h"
 #include "chromeos/dbus/arc_midis_client.h"
 #include "chromeos/dbus/arc_obb_mounter_client.h"
-#include "chromeos/dbus/arc_oemcrypto_client.h"
 #include "chromeos/dbus/cec_service_client.h"
 #include "chromeos/dbus/chunneld_client.h"
 #include "chromeos/dbus/cicerone_client.h"
@@ -134,11 +133,6 @@ ArcObbMounterClient* DBusThreadManager::GetArcObbMounterClient() {
                           : nullptr;
 }
 
-ArcOemCryptoClient* DBusThreadManager::GetArcOemCryptoClient() {
-  return clients_browser_ ? clients_browser_->arc_oemcrypto_client_.get()
-                          : nullptr;
-}
-
 CecServiceClient* DBusThreadManager::GetCecServiceClient() {
   return clients_browser_ ? clients_browser_->cec_service_client_.get()
                           : nullptr;

chromeos/dbus/dbus_thread_manager.h

@@ -29,7 +29,6 @@ class ArcAppfuseProviderClient;
 class ArcKeymasterClient;
 class ArcMidisClient;
 class ArcObbMounterClient;
-class ArcOemCryptoClient;
 class CecServiceClient;
 class ChunneldClient;
 class CiceroneClient;
@@ -122,7 +121,6 @@ class COMPONENT_EXPORT(CHROMEOS_DBUS) DBusThreadManager {
   ArcKeymasterClient* GetArcKeymasterClient();
   ArcMidisClient* GetArcMidisClient();
   ArcObbMounterClient* GetArcObbMounterClient();
-  ArcOemCryptoClient* GetArcOemCryptoClient();
   CecServiceClient* GetCecServiceClient();
   ChunneldClient* GetChunneldClient();
   CiceroneClient* GetCiceroneClient();

chromeos/dbus/dbus_thread_manager_unittest.cc

@@ -23,7 +23,6 @@ TEST(DBusThreadManagerTest, Initialize) {
   EXPECT_TRUE(manager->GetAnomalyDetectorClient());
   EXPECT_TRUE(manager->GetArcMidisClient());
   EXPECT_TRUE(manager->GetArcObbMounterClient());
-  EXPECT_TRUE(manager->GetArcOemCryptoClient());
   EXPECT_TRUE(manager->GetCiceroneClient());
   EXPECT_TRUE(manager->GetConciergeClient());
   EXPECT_TRUE(manager->GetCrosDisksClient());
@@ -67,7 +66,6 @@ TEST(DBusThreadManagerTest, InitializeForBrowser) {
   EXPECT_TRUE(manager->GetAnomalyDetectorClient());
   EXPECT_TRUE(manager->GetArcMidisClient());
   EXPECT_TRUE(manager->GetArcObbMounterClient());
-  EXPECT_TRUE(manager->GetArcOemCryptoClient());
   EXPECT_TRUE(manager->GetCiceroneClient());
   EXPECT_TRUE(manager->GetConciergeClient());
   EXPECT_TRUE(manager->GetCrosDisksClient());
@@ -100,7 +98,6 @@ TEST(DBusThreadManagerTest, InitializeForAsh) {
   EXPECT_FALSE(manager->GetAnomalyDetectorClient());
   EXPECT_FALSE(manager->GetArcMidisClient());
   EXPECT_FALSE(manager->GetArcObbMounterClient());
-  EXPECT_FALSE(manager->GetArcOemCryptoClient());
   EXPECT_FALSE(manager->GetCiceroneClient());
   EXPECT_FALSE(manager->GetConciergeClient());
   EXPECT_FALSE(manager->GetCrosDisksClient());

chromeos/dbus/fake_arc_oemcrypto_client.cc

-// Copyright 2017 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "chromeos/dbus/fake_arc_oemcrypto_client.h"
-
-#include <utility>
-
-#include "base/bind.h"
-#include "base/callback.h"
-#include "base/threading/thread_task_runner_handle.h"
-
-namespace chromeos {
-
-FakeArcOemCryptoClient::FakeArcOemCryptoClient() = default;
-
-FakeArcOemCryptoClient::~FakeArcOemCryptoClient() = default;
-
-void FakeArcOemCryptoClient::Init(dbus::Bus* bus) {}
-
-void FakeArcOemCryptoClient::BootstrapMojoConnection(
-    base::ScopedFD fd,
-    VoidDBusMethodCallback callback) {
-  base::ThreadTaskRunnerHandle::Get()->PostTask(
-      FROM_HERE, base::BindOnce(std::move(callback), false));
-}
-
-}  // namespace chromeos

chromeos/dbus/fake_arc_oemcrypto_client.h

-// Copyright 2017 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CHROMEOS_DBUS_FAKE_ARC_OEMCRYPTO_CLIENT_H_
-#define CHROMEOS_DBUS_FAKE_ARC_OEMCRYPTO_CLIENT_H_
-
-#include "chromeos/dbus/arc_oemcrypto_client.h"
-
-namespace chromeos {
-
-// A fake implementation of ArcOemCryptoClient.
-class COMPONENT_EXPORT(CHROMEOS_DBUS) FakeArcOemCryptoClient
-    : public ArcOemCryptoClient {
- public:
-  FakeArcOemCryptoClient();
-  ~FakeArcOemCryptoClient() override;
-
-  // DBusClient override:
-  void Init(dbus::Bus* bus) override;
-
-  // ArcOemCryptoClient override:
-  void BootstrapMojoConnection(base::ScopedFD fd,
-                               VoidDBusMethodCallback callback) override;
-
- private:
-  DISALLOW_COPY_AND_ASSIGN(FakeArcOemCryptoClient);
-};
-
-}  // namespace chromeos
-
-#endif  // CHROMEOS_DBUS_FAKE_ARC_OEMCRYPTO_CLIENT_H_

components/arc/mojom/BUILD.gn

@@ -41,8 +41,6 @@ if (is_chromeos) {
       "midis.mojom",
       "net.mojom",
       "obb_mounter.mojom",
-      "oemcrypto.mojom",
-      "oemcrypto_daemon.mojom",
       "pip.mojom",
       "policy.mojom",
       "power.mojom",
@@ -69,6 +67,7 @@ if (is_chromeos) {
       ":camera_intent",
       ":media",
       ":notifications",
+      ":oemcrypto",
       "//media/capture/video/chromeos/mojom:cros_camera",
       "//mojo/public/mojom/base",
       "//printing/mojom",
@@ -111,6 +110,10 @@ if (is_chromeos) {
     public_deps = [ "//ui/gfx/geometry/mojom" ]
   }
 
+  mojom("oemcrypto") {
+    sources = [ "oemcrypto.mojom" ]
+  }
+
   source_set("mojom_traits") {
     sources = [
       "ime_mojom_traits.cc",

components/arc/mojom/oemcrypto_daemon.mojom

-// Copyright 2017 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// The original version of this file lives in the Chromium repository at:
-// src/components/arc/mojom/oemcrypto_daemon.mojom
-
-// This file defines the mojo interface used between Chrome and the Chrome OS
-// daemon for establishing the connection from Android to the Chrome OS
-// daemon. This is used so Chrome can proxy the OemCryptoService implementation
-// over to the daemon and then also hand the daemon a Mojo connection to the
-// GPU process for dealing with secure buffers.
-
-module arc_oemcrypto.mojom;
-
-import "components/arc/mojom/oemcrypto.mojom";
-import "components/arc/mojom/protected_buffer_manager.mojom";
-
-// OemCryptoHostDaemon is implemented by the OemCrypto daemon running in
-// Chrome OS and has Connect called from the Browser process in Chrome.
-// Next Method ID: 1
-interface OemCryptoHostDaemon {
-  Connect@0(
-    arc.mojom.OemCryptoService& oemcryptor,
-    pending_remote<arc.mojom.ProtectedBufferManager> protected_buffer_manager);
-};