[Fuchsia] Isolate CDM storage per-origin

The Encrypted Media Extensions spec requires that persistent CDM user data is isolated per-origin. Previously, the Fuchsia CDM user data was shared for each key system. This CL creates data stores for each origin and provides them to the platform CDM service for storage of persistent user data. Bug: 991723 Change-Id: I45ff72410ae2f88311fcfe7f832707b72acdbb2c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2138259 Commit-Queue: RJ Ascani <rjascani@google.com> Reviewed-by: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#804254}

[Fuchsia] Isolate CDM storage per-origin
The Encrypted Media Extensions spec requires that persistent CDM user data is isolated per-origin. Previously, the Fuchsia CDM user data was shared for each key system. This CL creates data stores for each origin and provides them to the platform CDM service for storage of persistent user data. Bug: 991723 Change-Id: I45ff72410ae2f88311fcfe7f832707b72acdbb2c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2138259 Commit-Queue: RJ Ascani <rjascani@google.com> Reviewed-by: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#804254}
e53cc606 · RJ Ascani · Commit Bot · d0d96cf5 · e53cc606 · e53cc606
Commit e53cc606 authored Sep 03, 2020 by RJ Ascani Committed by Commit Bot Sep 03, 2020
3 changed files
--- a/media/fuchsia/cdm/service/fuchsia_cdm_manager.cc
+++ b/media/fuchsia/cdm/service/fuchsia_cdm_manager.cc
@@ -180,7 +180,7 @@ void FuchsiaCdmManager::CreateAndProvision(
    return;
  }
-  base::FilePath storage_path = GetStoragePath(key_system);
+  base::FilePath storage_path = GetStoragePath(key_system, origin);
  base::File::Error error;
  bool success = base::CreateDirectoryAndGetError(storage_path, &error);
  if (!success) {
@@ -235,12 +235,10 @@ FuchsiaCdmManager::KeySystemClient* FuchsiaCdmManager::CreateKeySystemClient(
  return key_system_client_ptr;
 }
-base::FilePath FuchsiaCdmManager::GetStoragePath(
+base::FilePath FuchsiaCdmManager::GetStoragePath(const std::string& key_system,
-    const std::string& key_system) {
+                                                 const url::Origin& origin) {
-  // TODO(crbug.com/991723): We should be using a data store for each origin to
+  return cdm_data_path_.Append(HexEncodeHash(origin.Serialize()))
-  // satisfy EME isolation requirements, but for now just use a single data
+      .Append(HexEncodeHash(key_system));
-  // store for the KeySystem.
-  return cdm_data_path_.Append(HexEncodeHash(key_system));
 }
 void FuchsiaCdmManager::OnKeySystemClientError(

--- a/media/fuchsia/cdm/service/fuchsia_cdm_manager.h
+++ b/media/fuchsia/cdm/service/fuchsia_cdm_manager.h
@@ -61,7 +61,8 @@ class FuchsiaCdmManager {
  KeySystemClient* GetOrCreateKeySystemClient(
      const std::string& key_system_name);
  KeySystemClient* CreateKeySystemClient(const std::string& key_system_name);
-  base::FilePath GetStoragePath(const std::string& key_system_name);
+  base::FilePath GetStoragePath(const std::string& key_system_name,
+                                const url::Origin& origin);
  void OnKeySystemClientError(const std::string& key_system_name);
  // A map of callbacks to create KeySystem channels indexed by their EME name.

--- a/media/fuchsia/cdm/service/fuchsia_cdm_manager_test.cc
+++ b/media/fuchsia/cdm/service/fuchsia_cdm_manager_test.cc
@@ -19,6 +19,7 @@
 #include "media/fuchsia/cdm/service/mock_provision_fetcher.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
+#include "url/gurl.h"
 #include "url/origin.h"
 namespace media {
@@ -203,5 +204,70 @@ TEST_F(FuchsiaCdmManagerTest, RecreateAfterDisconnect) {
  EXPECT_EQ(mock_key_system(kKeySystem).bindings().size(), 1u);
 }
+TEST_F(FuchsiaCdmManagerTest, SameOriginShareDataStore) {
+  constexpr char kKeySystem[] = "com.key_system.a";
+  std::unique_ptr<FuchsiaCdmManager> cdm_manager =
+      CreateFuchsiaCdmManager({kKeySystem});
+  base::RunLoop run_loop;
+  drm::ContentDecryptionModulePtr cdm1, cdm2;
+  cdm2.set_error_handler([&](zx_status_t) { run_loop.Quit(); });
+  EXPECT_CALL(mock_key_system(kKeySystem), AddDataStore(Eq(1u), _, _))
+      .WillOnce(
+          WithArgs<2>(Invoke([](drm::KeySystem::AddDataStoreCallback callback) {
+            callback(fit::ok());
+          })));
+  EXPECT_CALL(mock_key_system(kKeySystem),
+              CreateContentDecryptionModule2(Eq(1u), _))
+      .Times(2);
+  url::Origin origin = url::Origin::Create(GURL("http://origin_a.com"));
+  cdm_manager->CreateAndProvision(
+      kKeySystem, origin, base::BindRepeating(&CreateMockProvisionFetcher),
+      cdm1.NewRequest());
+  cdm_manager->CreateAndProvision(
+      kKeySystem, origin, base::BindRepeating(&CreateMockProvisionFetcher),
+      cdm2.NewRequest());
+  run_loop.Run();
+}
+TEST_F(FuchsiaCdmManagerTest, DifferentOriginDoNotShareDataStore) {
+  constexpr char kKeySystem[] = "com.key_system.a";
+  std::unique_ptr<FuchsiaCdmManager> cdm_manager =
+      CreateFuchsiaCdmManager({kKeySystem});
+  base::RunLoop run_loop;
+  drm::ContentDecryptionModulePtr cdm1, cdm2;
+  cdm2.set_error_handler([&](zx_status_t) { run_loop.Quit(); });
+  EXPECT_CALL(mock_key_system(kKeySystem), AddDataStore(Eq(1u), _, _))
+      .WillOnce(
+          WithArgs<2>(Invoke([](drm::KeySystem::AddDataStoreCallback callback) {
+            callback(fit::ok());
+          })));
+  EXPECT_CALL(mock_key_system(kKeySystem), AddDataStore(Eq(2u), _, _))
+      .WillOnce(
+          WithArgs<2>(Invoke([](drm::KeySystem::AddDataStoreCallback callback) {
+            callback(fit::ok());
+          })));
+  EXPECT_CALL(mock_key_system(kKeySystem),
+              CreateContentDecryptionModule2(Eq(1u), _))
+      .Times(1);
+  EXPECT_CALL(mock_key_system(kKeySystem),
+              CreateContentDecryptionModule2(Eq(2u), _))
+      .Times(1);
+  url::Origin origin_a = url::Origin::Create(GURL("http://origin_a.com"));
+  url::Origin origin_b = url::Origin::Create(GURL("http://origin_b.com"));
+  cdm_manager->CreateAndProvision(
+      kKeySystem, origin_a, base::BindRepeating(&CreateMockProvisionFetcher),
+      cdm1.NewRequest());
+  cdm_manager->CreateAndProvision(
+      kKeySystem, origin_b, base::BindRepeating(&CreateMockProvisionFetcher),
+      cdm2.NewRequest());
+  run_loop.Run();
+}
 }  // namespace
 }  // namespace media