Plumb |use_secure_codecs| through to BrowserCdmFactoryAndroid.

This completes the path from the secure surface preference, through requestMediaKeySystemAccess() and finally to CDM creation on Android where secure codecs are enabled. With this change, configs requiring secure codes are rejected without the preference and the CDM is only configures to use hardware-secure codecs if the config requires it.

There is a separate bug (http://crbug.com/478185) for implementing similar plumbing for the use of secure surfaces.

BUG=467779

Committed: https://crrev.com/9ce0a551c7f1d79dea793b5691473ef9d5fb9326
Cr-Commit-Position: refs/heads/master@{#330008}

Review URL: https://codereview.chromium.org/1131753003

Cr-Commit-Position: refs/heads/master@{#330040}

22 files changed, 131 insertions, 105 deletions

diff --git a/media/base/android/browser_cdm_factory_android.cc b/media/base/android/browser_cdm_factory_android.cc
index 475af4c..82f11d1 100644
--- a/media/base/android/browser_cdm_factory_android.cc
+++ b/media/base/android/browser_cdm_factory_android.cc
@@ -15,7 +15,7 @@ namespace media {
 
 scoped_ptr<BrowserCdm> BrowserCdmFactoryAndroid::CreateBrowserCdm(
     const std::string& key_system,
-    bool use_secure_surface,
+    bool use_hw_secure_codecs,
     const SessionMessageCB& session_message_cb,
     const SessionClosedCB& session_closed_cb,
     const LegacySessionErrorCB& legacy_session_error_cb,
@@ -35,19 +35,18 @@ scoped_ptr<BrowserCdm> BrowserCdmFactoryAndroid::CreateBrowserCdm(
     return scoped_ptr<BrowserCdm>();
   }
 
-  // TODO(sandersd): Pass the security level from key system.
-  // http://crbug.com/467779
   if (key_system == kWidevineKeySystem) {
     MediaDrmBridge::SecurityLevel security_level =
-        use_secure_surface ? MediaDrmBridge::SECURITY_LEVEL_1
-                           : MediaDrmBridge::SECURITY_LEVEL_3;
+        use_hw_secure_codecs ? MediaDrmBridge::SECURITY_LEVEL_1
+                          : MediaDrmBridge::SECURITY_LEVEL_3;
     if (!cdm->SetSecurityLevel(security_level)) {
       DVLOG(1) << "failed to set security level " << security_level;
       return scoped_ptr<BrowserCdm>();
     }
   } else {
-    // Assume other key systems do not support full compositing.
-    if (!use_secure_surface) {
+    // Assume other key systems require hardware-secure codecs and thus do not
+    // support full compositing.
+    if (!use_hw_secure_codecs) {
       NOTREACHED()
           << key_system
           << " may require use_video_overlay_for_embedded_encrypted_video";
diff --git a/media/base/android/browser_cdm_factory_android.h b/media/base/android/browser_cdm_factory_android.h
index 4f83432..71b7970 100644
--- a/media/base/android/browser_cdm_factory_android.h
+++ b/media/base/android/browser_cdm_factory_android.h
@@ -18,7 +18,7 @@ class MEDIA_EXPORT BrowserCdmFactoryAndroid : public BrowserCdmFactory {
 
   scoped_ptr<BrowserCdm> CreateBrowserCdm(
       const std::string& key_system,
-      bool use_secure_surface,
+      bool use_hw_secure_codecs,
       const SessionMessageCB& session_message_cb,
       const SessionClosedCB& session_closed_cb,
       const LegacySessionErrorCB& legacy_session_error_cb,
diff --git a/media/base/browser_cdm_factory.cc b/media/base/browser_cdm_factory.cc
index ac0894f..88445d8 100644
--- a/media/base/browser_cdm_factory.cc
+++ b/media/base/browser_cdm_factory.cc
@@ -23,7 +23,7 @@ void SetBrowserCdmFactory(BrowserCdmFactory* factory) {
 
 scoped_ptr<BrowserCdm> CreateBrowserCdm(
     const std::string& key_system,
-    bool use_secure_surface,
+    bool use_hw_secure_codecs,
     const SessionMessageCB& session_message_cb,
     const SessionClosedCB& session_closed_cb,
     const LegacySessionErrorCB& legacy_session_error_cb,
@@ -39,7 +39,7 @@ scoped_ptr<BrowserCdm> CreateBrowserCdm(
   }
 
   return g_cdm_factory->CreateBrowserCdm(
-      key_system, use_secure_surface, session_message_cb, session_closed_cb,
+      key_system, use_hw_secure_codecs, session_message_cb, session_closed_cb,
       legacy_session_error_cb, session_keys_change_cb,
       session_expiration_update_cb);
 }
diff --git a/media/base/browser_cdm_factory.h b/media/base/browser_cdm_factory.h
index b2ff0c7..2ccf1b4 100644
--- a/media/base/browser_cdm_factory.h
+++ b/media/base/browser_cdm_factory.h
@@ -21,7 +21,7 @@ class MEDIA_EXPORT BrowserCdmFactory {
 
   virtual scoped_ptr<BrowserCdm> CreateBrowserCdm(
       const std::string& key_system,
-      bool use_secure_surface,
+      bool use_hw_secure_codecs,
       const SessionMessageCB& session_message_cb,
       const SessionClosedCB& session_closed_cb,
       const LegacySessionErrorCB& legacy_session_error_cb,
@@ -38,12 +38,12 @@ void SetBrowserCdmFactory(BrowserCdmFactory* factory);
 
 // Creates a BrowserCdm for |key_system|. Returns NULL if the CDM cannot be
 // created.
-// |use_secure_surface| indicates that the CDM should be configured to output
-// to a secure surface (for platforms that support it).
+// |use_hw_secure_codecs| indicates that the CDM should be configured to use
+// hardware-secure codecs (for platforms that support it).
 // TODO(xhwang): Add ifdef for IPC based CDM.
 scoped_ptr<BrowserCdm> MEDIA_EXPORT
 CreateBrowserCdm(const std::string& key_system,
-                 bool use_secure_surface,
+                 bool use_hw_secure_codecs,
                  const SessionMessageCB& session_message_cb,
                  const SessionClosedCB& session_closed_cb,
                  const LegacySessionErrorCB& legacy_session_error_cb,
diff --git a/media/base/cdm_config.h b/media/base/cdm_config.h
new file mode 100644
index 0000000..4b57ebb
--- /dev/null
+++ b/media/base/cdm_config.h
@@ -0,0 +1,29 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef MEDIA_BASE_CDM_CONFIG_H_
+#define MEDIA_BASE_CDM_CONFIG_H_
+
+#include "media/base/media_export.h"
+
+namespace media {
+
+// The runtime configuration for new CDM instances as computed by
+// |requestMediaKeySystemAccess|. This is in some sense the Chromium-side
+// counterpart of Blink's WebMediaKeySystemConfiguration.
+struct MEDIA_EXPORT CdmConfig {
+  // Allow access to a distinctive identifier.
+  bool allow_distinctive_identifier = false;
+
+  // Allow access to persistent state.
+  bool allow_persistent_state = false;
+
+  // Use hardware-secure codecs. This flag is only used on Android, it should
+  // always be false on other platforms.
+  bool use_hw_secure_codecs = false;
+};
+
+}  // namespace media
+
+#endif  // MEDIA_BASE_CDM_CONFIG_H_
diff --git a/media/base/cdm_factory.h b/media/base/cdm_factory.h
index 0c9145d..4a5cfb7 100644
--- a/media/base/cdm_factory.h
+++ b/media/base/cdm_factory.h
@@ -20,6 +20,8 @@ namespace media {
 using CdmCreatedCB = base::Callback<void(scoped_ptr<MediaKeys>,
                                          const std::string& error_message)>;
 
+struct CdmConfig;
+
 class MEDIA_EXPORT CdmFactory {
  public:
   CdmFactory();
@@ -29,9 +31,8 @@ class MEDIA_EXPORT CdmFactory {
   // asynchronously.
   virtual void Create(
       const std::string& key_system,
-      bool allow_distinctive_identifier,
-      bool allow_persistent_state,
       const GURL& security_origin,
+      const CdmConfig& cdm_config,
       const SessionMessageCB& session_message_cb,
       const SessionClosedCB& session_closed_cb,
       const LegacySessionErrorCB& legacy_session_error_cb,
diff --git a/media/base/eme_constants.h b/media/base/eme_constants.h
index 55ba254..ba49c7d 100644
--- a/media/base/eme_constants.h
+++ b/media/base/eme_constants.h
@@ -132,11 +132,11 @@ enum class EmeConfigRule {
   // The configuration option prevents use of hardware-secure codecs.
   // This rule only has meaning on platforms that distinguish hardware-secure
   // codecs (ie. Android).
-  SECURE_CODECS_NOT_ALLOWED,
+  HW_SECURE_CODECS_NOT_ALLOWED,
   // The configuration option is supported if hardware-secure codecs are used.
   // This rule only has meaning on platforms that distinguish hardware-secure
   // codecs (ie. Android).
-  SECURE_CODECS_REQUIRED,
+  HW_SECURE_CODECS_REQUIRED,
   // The configuration option is supported without conditions.
   SUPPORTED,
 };
diff --git a/media/base/key_systems.cc b/media/base/key_systems.cc
index f38fe7c..1cd202c 100644
--- a/media/base/key_systems.cc
+++ b/media/base/key_systems.cc
@@ -720,10 +720,10 @@ EmeConfigRule KeySystemsImpl::GetContentTypeConfigRule(
     //
     // Because the check for regular codec support is early-exit, we don't have
     // to consider codecs that are only supported in hardware-secure mode. We
-    // could do so, and make use of SECURE_CODECS_REQUIRED, if it turns out that
-    // hardware-secure-only codecs actually exist and are useful.
+    // could do so, and make use of HW_SECURE_CODECS_REQUIRED, if it turns out
+    // that hardware-secure-only codecs actually exist and are useful.
     if ((codec & key_system_secure_codec_mask) == 0)
-      support = EmeConfigRule::SECURE_CODECS_NOT_ALLOWED;
+      support = EmeConfigRule::HW_SECURE_CODECS_NOT_ALLOWED;
 #endif  // defined(OS_ANDROID)
   }
 
@@ -786,7 +786,7 @@ EmeConfigRule KeySystemsImpl::GetRobustnessConfigRule(
     }
 #elif defined(OS_ANDROID)
     if (robustness > EmeRobustness::SW_SECURE_CRYPTO)
-      return EmeConfigRule::SECURE_CODECS_REQUIRED;
+      return EmeConfigRule::HW_SECURE_CODECS_REQUIRED;
 #endif  // defined(OS_CHROMEOS)
   }
 
diff --git a/media/blink/cdm_session_adapter.cc b/media/blink/cdm_session_adapter.cc
index 2ffc4b5..4614769 100644
--- a/media/blink/cdm_session_adapter.cc
+++ b/media/blink/cdm_session_adapter.cc
@@ -28,17 +28,15 @@ CdmSessionAdapter::~CdmSessionAdapter() {}
 void CdmSessionAdapter::CreateCdm(
     CdmFactory* cdm_factory,
     const std::string& key_system,
-    bool allow_distinctive_identifier,
-    bool allow_persistent_state,
     const GURL& security_origin,
+    const CdmConfig& cdm_config,
     blink::WebContentDecryptionModuleResult result) {
   // Note: WebContentDecryptionModuleImpl::Create() calls this method without
   // holding a reference to the CdmSessionAdapter. Bind OnCdmCreated() with
   // |this| instead of |weak_this| to prevent |this| from being destructed.
   base::WeakPtr<CdmSessionAdapter> weak_this = weak_ptr_factory_.GetWeakPtr();
   cdm_factory->Create(
-      key_system, allow_distinctive_identifier, allow_persistent_state,
-      security_origin,
+      key_system, security_origin, cdm_config,
       base::Bind(&CdmSessionAdapter::OnSessionMessage, weak_this),
       base::Bind(&CdmSessionAdapter::OnSessionClosed, weak_this),
       base::Bind(&CdmSessionAdapter::OnLegacySessionError, weak_this),
diff --git a/media/blink/cdm_session_adapter.h b/media/blink/cdm_session_adapter.h
index 28d26bb..d70e801 100644
--- a/media/blink/cdm_session_adapter.h
+++ b/media/blink/cdm_session_adapter.h
@@ -21,6 +21,7 @@ class GURL;
 
 namespace media {
 
+struct CdmConfig;
 class CdmFactory;
 class WebContentDecryptionModuleSessionImpl;
 
@@ -36,9 +37,8 @@ class CdmSessionAdapter : public base::RefCounted<CdmSessionAdapter> {
   // via |result|.
   void CreateCdm(CdmFactory* cdm_factory,
                  const std::string& key_system,
-                 bool allow_distinctive_identifier,
-                 bool allow_persistent_state,
                  const GURL& security_origin,
+                 const CdmConfig& cdm_config,
                  blink::WebContentDecryptionModuleResult result);
 
   // Provides a server certificate to be used to encrypt messages to the
diff --git a/media/blink/key_system_config_selector.cc b/media/blink/key_system_config_selector.cc
index f34bd8f..24cbf9f 100644
--- a/media/blink/key_system_config_selector.cc
+++ b/media/blink/key_system_config_selector.cc
@@ -8,6 +8,7 @@
 #include "base/logging.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
+#include "media/base/cdm_config.h"
 #include "media/base/key_systems.h"
 #include "media/base/media_permission.h"
 #include "media/blink/webmediaplayer_util.h"
@@ -131,8 +132,8 @@ struct KeySystemConfigSelector::SelectionRequest {
   blink::WebVector<blink::WebMediaKeySystemConfiguration>
       candidate_configurations;
   blink::WebSecurityOrigin security_origin;
-  base::Callback<void(const blink::WebMediaKeySystemConfiguration&, bool)>
-      succeeded_cb;
+  base::Callback<void(const blink::WebMediaKeySystemConfiguration&,
+                      const CdmConfig&)> succeeded_cb;
   base::Callback<void(const blink::WebString&)> not_supported_cb;
   bool was_permission_requested = false;
   bool is_permission_granted = false;
@@ -158,8 +159,8 @@ class KeySystemConfigSelector::ConfigState {
 
   bool IsIdentifierRecommended() const { return is_identifier_recommended_; }
 
-  bool AreSecureCodecsRequired() const {
-    return are_secure_codecs_required_;
+  bool AreHwSecureCodecsRequired() const {
+    return are_hw_secure_codecs_required_;
   }
 
   // Checks whether a rule is compatible with all previously added rules.
@@ -182,10 +183,10 @@ class KeySystemConfigSelector::ConfigState {
       case EmeConfigRule::IDENTIFIER_AND_PERSISTENCE_REQUIRED:
         return (!is_identifier_not_allowed_ && IsPermissionPossible() &&
                 !is_persistence_not_allowed_);
-      case EmeConfigRule::SECURE_CODECS_NOT_ALLOWED:
-        return !are_secure_codecs_required_;
-      case EmeConfigRule::SECURE_CODECS_REQUIRED:
-        return !are_secure_codecs_not_allowed_;
+      case EmeConfigRule::HW_SECURE_CODECS_NOT_ALLOWED:
+        return !are_hw_secure_codecs_required_;
+      case EmeConfigRule::HW_SECURE_CODECS_REQUIRED:
+        return !are_hw_secure_codecs_not_allowed_;
       case EmeConfigRule::SUPPORTED:
         return true;
     }
@@ -219,11 +220,11 @@ class KeySystemConfigSelector::ConfigState {
         is_identifier_required_ = true;
         is_persistence_required_ = true;
         return;
-      case EmeConfigRule::SECURE_CODECS_NOT_ALLOWED:
-        are_secure_codecs_not_allowed_ = true;
+      case EmeConfigRule::HW_SECURE_CODECS_NOT_ALLOWED:
+        are_hw_secure_codecs_not_allowed_ = true;
         return;
-      case EmeConfigRule::SECURE_CODECS_REQUIRED:
-        are_secure_codecs_required_ = true;
+      case EmeConfigRule::HW_SECURE_CODECS_REQUIRED:
+        are_hw_secure_codecs_required_ = true;
         return;
       case EmeConfigRule::SUPPORTED:
         return;
@@ -255,8 +256,8 @@ class KeySystemConfigSelector::ConfigState {
 
   // Whether a rule has been added that requires or blocks hardware-secure
   // codecs.
-  bool are_secure_codecs_required_ = false;
-  bool are_secure_codecs_not_allowed_ = false;
+  bool are_hw_secure_codecs_required_ = false;
+  bool are_hw_secure_codecs_not_allowed_ = false;
 };
 
 KeySystemConfigSelector::KeySystemConfigSelector(
@@ -673,8 +674,8 @@ void KeySystemConfigSelector::SelectConfig(
         candidate_configurations,
     const blink::WebSecurityOrigin& security_origin,
     bool are_secure_codecs_supported,
-    base::Callback<void(const blink::WebMediaKeySystemConfiguration&, bool)>
-        succeeded_cb,
+    base::Callback<void(const blink::WebMediaKeySystemConfiguration&,
+                        const CdmConfig&)> succeeded_cb,
     base::Callback<void(const blink::WebString&)> not_supported_cb) {
   // Continued from requestMediaKeySystemAccess(), step 7, from
   // https://w3c.github.io/encrypted-media/#requestmediakeysystemaccess
@@ -723,10 +724,11 @@ void KeySystemConfigSelector::SelectConfigInternal(
     ConfigState config_state(request->was_permission_requested,
                              request->is_permission_granted);
     DCHECK(config_state.IsRuleSupported(
-        EmeConfigRule::SECURE_CODECS_NOT_ALLOWED));
+        EmeConfigRule::HW_SECURE_CODECS_NOT_ALLOWED));
     if (!request->are_secure_codecs_supported)
-      config_state.AddRule(EmeConfigRule::SECURE_CODECS_NOT_ALLOWED);
+      config_state.AddRule(EmeConfigRule::HW_SECURE_CODECS_NOT_ALLOWED);
     blink::WebMediaKeySystemConfiguration accumulated_configuration;
+    CdmConfig cdm_config;
     ConfigurationSupport support = GetSupportedConfiguration(
         request->key_system, request->candidate_configurations[i],
         &config_state, &accumulated_configuration);
@@ -746,8 +748,15 @@ void KeySystemConfigSelector::SelectConfigInternal(
                        weak_factory_.GetWeakPtr(), base::Passed(&request)));
         return;
       case CONFIGURATION_SUPPORTED:
-        request->succeeded_cb.Run(accumulated_configuration,
-                                  config_state.AreSecureCodecsRequired());
+        cdm_config.allow_distinctive_identifier =
+            (accumulated_configuration.distinctiveIdentifier ==
+             blink::WebMediaKeySystemConfiguration::Requirement::Required);
+        cdm_config.allow_persistent_state =
+            (accumulated_configuration.persistentState ==
+             blink::WebMediaKeySystemConfiguration::Requirement::Required);
+        cdm_config.use_hw_secure_codecs =
+            config_state.AreHwSecureCodecsRequired();
+        request->succeeded_cb.Run(accumulated_configuration, cdm_config);
         return;
     }
   }
diff --git a/media/blink/key_system_config_selector.h b/media/blink/key_system_config_selector.h
index 0d84fe3..7a8afbf 100644
--- a/media/blink/key_system_config_selector.h
+++ b/media/blink/key_system_config_selector.h
@@ -27,6 +27,7 @@ class WebString;
 
 namespace media {
 
+struct CdmConfig;
 class KeySystems;
 class MediaPermission;
 
@@ -44,9 +45,8 @@ class MEDIA_EXPORT KeySystemConfigSelector {
           candidate_configurations,
       const blink::WebSecurityOrigin& security_origin,
       bool are_secure_codecs_supported,
-      // The second argument is |are_secure_codecs_required|.
       base::Callback<void(const blink::WebMediaKeySystemConfiguration&,
-                          bool)> succeeded_cb,
+                          const CdmConfig&)> succeeded_cb,
       base::Callback<void(const blink::WebString&)> not_supported_cb);
 
  private:
diff --git a/media/blink/key_system_config_selector_unittest.cc b/media/blink/key_system_config_selector_unittest.cc
index e4da217..70b890d 100644
--- a/media/blink/key_system_config_selector_unittest.cc
+++ b/media/blink/key_system_config_selector_unittest.cc
@@ -210,7 +210,7 @@ class KeySystemConfigSelectorTest : public testing::Test {
   }
 
   void OnSucceeded(const blink::WebMediaKeySystemConfiguration& result,
-                   bool are_secure_codecs_required) {
+                   const CdmConfig& cdm_config) {
     succeeded_count_++;
     config_ = result;
   }
diff --git a/media/blink/webcontentdecryptionmodule_impl.cc b/media/blink/webcontentdecryptionmodule_impl.cc
index 6284602..cc2d50a 100644
--- a/media/blink/webcontentdecryptionmodule_impl.cc
+++ b/media/blink/webcontentdecryptionmodule_impl.cc
@@ -25,9 +25,8 @@ namespace media {
 void WebContentDecryptionModuleImpl::Create(
     media::CdmFactory* cdm_factory,
     const base::string16& key_system,
-    bool allow_distinctive_identifier,
-    bool allow_persistent_state,
     const blink::WebSecurityOrigin& security_origin,
+    const CdmConfig& cdm_config,
     blink::WebContentDecryptionModuleResult result) {
   DCHECK(!security_origin.isNull());
   DCHECK(!key_system.empty());
@@ -68,9 +67,8 @@ void WebContentDecryptionModuleImpl::Create(
   // |result|), it will keep a reference to |adapter|. Otherwise, |adapter| will
   // be destructed.
   scoped_refptr<CdmSessionAdapter> adapter(new CdmSessionAdapter());
-  adapter->CreateCdm(cdm_factory, key_system_ascii,
-                     allow_distinctive_identifier, allow_persistent_state,
-                     security_origin_as_gurl, result);
+  adapter->CreateCdm(cdm_factory, key_system_ascii, security_origin_as_gurl,
+                     cdm_config, result);
 }
 
 WebContentDecryptionModuleImpl::WebContentDecryptionModuleImpl(
diff --git a/media/blink/webcontentdecryptionmodule_impl.h b/media/blink/webcontentdecryptionmodule_impl.h
index aa7fa16..fefc1db 100644
--- a/media/blink/webcontentdecryptionmodule_impl.h
+++ b/media/blink/webcontentdecryptionmodule_impl.h
@@ -21,6 +21,7 @@ class WebSecurityOrigin;
 
 namespace media {
 
+struct CdmConfig;
 class CdmContext;
 class CdmFactory;
 class CdmSessionAdapter;
@@ -31,9 +32,8 @@ class MEDIA_EXPORT WebContentDecryptionModuleImpl
  public:
   static void Create(CdmFactory* cdm_factory,
                      const base::string16& key_system,
-                     bool allow_distinctive_identifier,
-                     bool allow_persistent_state,
                      const blink::WebSecurityOrigin& security_origin,
+                     const CdmConfig& cdm_config,
                      blink::WebContentDecryptionModuleResult result);
 
   virtual ~WebContentDecryptionModuleImpl();
diff --git a/media/blink/webcontentdecryptionmoduleaccess_impl.cc b/media/blink/webcontentdecryptionmoduleaccess_impl.cc
index a72cbff..01f14ed 100644
--- a/media/blink/webcontentdecryptionmoduleaccess_impl.cc
+++ b/media/blink/webcontentdecryptionmoduleaccess_impl.cc
@@ -15,9 +15,8 @@ namespace media {
 // The caller owns the created cdm (passed back using |result|).
 static void CreateCdm(const base::WeakPtr<WebEncryptedMediaClientImpl>& client,
                       const blink::WebString& key_system,
-                      bool allow_distinctive_identifier,
-                      bool allow_persistent_state,
                       const blink::WebSecurityOrigin& security_origin,
+                      const CdmConfig& cdm_config,
                       blink::WebContentDecryptionModuleResult result) {
   // If |client| is gone (due to the frame getting destroyed), it is
   // impossible to create the CDM, so fail.
@@ -28,28 +27,30 @@ static void CreateCdm(const base::WeakPtr<WebEncryptedMediaClientImpl>& client,
     return;
   }
 
-  client->CreateCdm(key_system, allow_distinctive_identifier,
-                    allow_persistent_state, security_origin, result);
+  client->CreateCdm(key_system, security_origin, cdm_config, result);
 }
 
 WebContentDecryptionModuleAccessImpl*
 WebContentDecryptionModuleAccessImpl::Create(
     const blink::WebString& key_system,
-    const blink::WebMediaKeySystemConfiguration& configuration,
     const blink::WebSecurityOrigin& security_origin,
+    const blink::WebMediaKeySystemConfiguration& configuration,
+    const CdmConfig& cdm_config,
     const base::WeakPtr<WebEncryptedMediaClientImpl>& client) {
-  return new WebContentDecryptionModuleAccessImpl(key_system, configuration,
-                                                  security_origin, client);
+  return new WebContentDecryptionModuleAccessImpl(
+      key_system, security_origin, configuration, cdm_config, client);
 }
 
 WebContentDecryptionModuleAccessImpl::WebContentDecryptionModuleAccessImpl(
     const blink::WebString& key_system,
-    const blink::WebMediaKeySystemConfiguration& configuration,
     const blink::WebSecurityOrigin& security_origin,
+    const blink::WebMediaKeySystemConfiguration& configuration,
+    const CdmConfig& cdm_config,
     const base::WeakPtr<WebEncryptedMediaClientImpl>& client)
     : key_system_(key_system),
-      configuration_(configuration),
       security_origin_(security_origin),
+      configuration_(configuration),
+      cdm_config_(cdm_config),
       client_(client) {
 }
 
@@ -63,27 +64,14 @@ WebContentDecryptionModuleAccessImpl::getConfiguration() {
 
 void WebContentDecryptionModuleAccessImpl::createContentDecryptionModule(
     blink::WebContentDecryptionModuleResult result) {
-  // Convert the accumulated configuration requirements to bools. Accumulated
-  // configurations never have optional requirements.
-  DCHECK(configuration_.distinctiveIdentifier !=
-         blink::WebMediaKeySystemConfiguration::Requirement::Optional);
-  DCHECK(configuration_.persistentState !=
-         blink::WebMediaKeySystemConfiguration::Requirement::Optional);
-  bool allow_distinctive_identifier =
-      (configuration_.distinctiveIdentifier ==
-       blink::WebMediaKeySystemConfiguration::Requirement::Required);
-  bool allow_persistent_state =
-      (configuration_.persistentState ==
-       blink::WebMediaKeySystemConfiguration::Requirement::Required);
-
   // This method needs to run asynchronously, as it may need to load the CDM.
   // As this object's lifetime is controlled by MediaKeySystemAccess on the
   // blink side, copy all values needed by CreateCdm() in case the blink object
   // gets garbage-collected.
   base::ThreadTaskRunnerHandle::Get()->PostTask(
       FROM_HERE,
-      base::Bind(&CreateCdm, client_, key_system_, allow_distinctive_identifier,
-                 allow_persistent_state, security_origin_, result));
+      base::Bind(&CreateCdm, client_, key_system_, security_origin_,
+                 cdm_config_, result));
 }
 
 }  // namespace media
diff --git a/media/blink/webcontentdecryptionmoduleaccess_impl.h b/media/blink/webcontentdecryptionmoduleaccess_impl.h
index a70fca2..5f15698 100644
--- a/media/blink/webcontentdecryptionmoduleaccess_impl.h
+++ b/media/blink/webcontentdecryptionmoduleaccess_impl.h
@@ -6,6 +6,7 @@
 #define MEDIA_BLINK_WEBCONTENTDECRYPTIONMODULEACCESS_IMPL_H_
 
 #include "base/memory/weak_ptr.h"
+#include "media/base/cdm_config.h"
 #include "third_party/WebKit/public/platform/WebContentDecryptionModuleAccess.h"
 #include "third_party/WebKit/public/platform/WebContentDecryptionModuleResult.h"
 #include "third_party/WebKit/public/platform/WebMediaKeySystemConfiguration.h"
@@ -21,8 +22,9 @@ class WebContentDecryptionModuleAccessImpl
  public:
   static WebContentDecryptionModuleAccessImpl* Create(
       const blink::WebString& key_system,
-      const blink::WebMediaKeySystemConfiguration& configuration,
       const blink::WebSecurityOrigin& security_origin,
+      const blink::WebMediaKeySystemConfiguration& configuration,
+      const CdmConfig& cdm_config,
       const base::WeakPtr<WebEncryptedMediaClientImpl>& client);
   virtual ~WebContentDecryptionModuleAccessImpl();
 
@@ -34,13 +36,15 @@ class WebContentDecryptionModuleAccessImpl
  private:
   WebContentDecryptionModuleAccessImpl(
       const blink::WebString& key_system,
-      const blink::WebMediaKeySystemConfiguration& configuration,
       const blink::WebSecurityOrigin& security_origin,
+      const blink::WebMediaKeySystemConfiguration& configuration,
+      const CdmConfig& cdm_config,
       const base::WeakPtr<WebEncryptedMediaClientImpl>& client);
 
-  blink::WebString key_system_;
-  blink::WebMediaKeySystemConfiguration configuration_;
-  blink::WebSecurityOrigin security_origin_;
+  const blink::WebString key_system_;
+  const blink::WebSecurityOrigin security_origin_;
+  const blink::WebMediaKeySystemConfiguration configuration_;
+  const CdmConfig cdm_config_;
 
   // Keep a WeakPtr as client is owned by render_frame_impl.
   base::WeakPtr<WebEncryptedMediaClientImpl> client_;
diff --git a/media/blink/webencryptedmediaclient_impl.cc b/media/blink/webencryptedmediaclient_impl.cc
index 3ce96ed..1ef61af 100644
--- a/media/blink/webencryptedmediaclient_impl.cc
+++ b/media/blink/webencryptedmediaclient_impl.cc
@@ -105,25 +105,23 @@ void WebEncryptedMediaClientImpl::requestMediaKeySystemAccess(
 
 void WebEncryptedMediaClientImpl::CreateCdm(
     const blink::WebString& key_system,
-    bool allow_distinctive_identifier,
-    bool allow_persistent_state,
     const blink::WebSecurityOrigin& security_origin,
+    const CdmConfig& cdm_config,
     blink::WebContentDecryptionModuleResult result) {
   WebContentDecryptionModuleImpl::Create(
-      cdm_factory_, key_system, allow_distinctive_identifier,
-      allow_persistent_state, security_origin, result);
+      cdm_factory_, key_system, security_origin, cdm_config, result);
 }
 
 void WebEncryptedMediaClientImpl::OnRequestSucceeded(
     blink::WebEncryptedMediaRequest request,
     const blink::WebMediaKeySystemConfiguration& accumulated_configuration,
-    bool are_secure_codecs_required) {
+    const CdmConfig& cdm_config) {
   GetReporter(request.keySystem())->ReportSupported();
   // TODO(sandersd): Pass |are_secure_codecs_required| along and use it to
   // configure the CDM security level and use of secure surfaces on Android.
   request.requestSucceeded(WebContentDecryptionModuleAccessImpl::Create(
-      request.keySystem(), accumulated_configuration, request.securityOrigin(),
-      weak_factory_.GetWeakPtr()));
+      request.keySystem(), request.securityOrigin(), accumulated_configuration,
+      cdm_config, weak_factory_.GetWeakPtr()));
 }
 
 void WebEncryptedMediaClientImpl::OnRequestNotSupported(
diff --git a/media/blink/webencryptedmediaclient_impl.h b/media/blink/webencryptedmediaclient_impl.h
index ba8f9bd..d34f272 100644
--- a/media/blink/webencryptedmediaclient_impl.h
+++ b/media/blink/webencryptedmediaclient_impl.h
@@ -25,6 +25,7 @@ class WebSecurityOrigin;
 
 namespace media {
 
+struct CdmConfig;
 class CdmFactory;
 class KeySystems;
 class MediaPermission;
@@ -45,9 +46,8 @@ class MEDIA_EXPORT WebEncryptedMediaClientImpl
   // Create the CDM for |key_system| and |security_origin|. The caller owns
   // the created cdm (passed back using |result|).
   void CreateCdm(const blink::WebString& key_system,
-                 bool allow_distinctive_identifier,
-                 bool allow_persistent_state,
                  const blink::WebSecurityOrigin& security_origin,
+                 const CdmConfig& cdm_config,
                  blink::WebContentDecryptionModuleResult result);
 
  private:
@@ -62,7 +62,7 @@ class MEDIA_EXPORT WebEncryptedMediaClientImpl
   void OnRequestSucceeded(
       blink::WebEncryptedMediaRequest request,
       const blink::WebMediaKeySystemConfiguration& accumulated_configuration,
-      bool are_secure_codecs_required);
+      const CdmConfig& cdm_config);
 
   // Complete a requestMediaKeySystemAccess() request with an error message.
   void OnRequestNotSupported(blink::WebEncryptedMediaRequest request,
diff --git a/media/cdm/default_cdm_factory.cc b/media/cdm/default_cdm_factory.cc
index 6b9714a..c025fe9 100644
--- a/media/cdm/default_cdm_factory.cc
+++ b/media/cdm/default_cdm_factory.cc
@@ -23,9 +23,8 @@ DefaultCdmFactory::~DefaultCdmFactory() {
 
 void DefaultCdmFactory::Create(
     const std::string& key_system,
-    bool allow_distinctive_identifier,
-    bool allow_persistent_state,
     const GURL& security_origin,
+    const CdmConfig& cdm_config,
     const SessionMessageCB& session_message_cb,
     const SessionClosedCB& session_closed_cb,
     const LegacySessionErrorCB& legacy_session_error_cb,
diff --git a/media/cdm/default_cdm_factory.h b/media/cdm/default_cdm_factory.h
index 7060c7c..78d4f2f 100644
--- a/media/cdm/default_cdm_factory.h
+++ b/media/cdm/default_cdm_factory.h
@@ -10,6 +10,8 @@
 
 namespace media {
 
+struct CdmConfig;
+
 class DefaultCdmFactory : public CdmFactory {
  public:
   DefaultCdmFactory();
@@ -17,9 +19,8 @@ class DefaultCdmFactory : public CdmFactory {
 
   // CdmFactory implementation.
   void Create(const std::string& key_system,
-              bool allow_distinctive_identifier,
-              bool allow_persistent_state,
               const GURL& security_origin,
+              const CdmConfig& cdm_config,
               const SessionMessageCB& session_message_cb,
               const SessionClosedCB& session_closed_cb,
               const LegacySessionErrorCB& legacy_session_error_cb,
diff --git a/media/cdm/proxy_decryptor.cc b/media/cdm/proxy_decryptor.cc
index d8dcd5a..4cbddaa 100644
--- a/media/cdm/proxy_decryptor.cc
+++ b/media/cdm/proxy_decryptor.cc
@@ -12,6 +12,7 @@
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
 #include "media/base/cdm_callback_promise.h"
+#include "media/base/cdm_config.h"
 #include "media/base/cdm_factory.h"
 #include "media/base/cdm_key_information.h"
 #include "media/base/key_systems.h"
@@ -69,15 +70,16 @@ void ProxyDecryptor::CreateCdm(CdmFactory* cdm_factory,
   // TODO(sandersd): Trigger permissions check here and use it to determine
   // distinctive identifier support, instead of always requiring the
   // permission. http://crbug.com/455271
-  bool allow_distinctive_identifier = true;
-  bool allow_persistent_state = true;
+  CdmConfig cdm_config;
+  cdm_config.allow_distinctive_identifier = true;
+  cdm_config.allow_persistent_state = true;
 
   is_creating_cdm_ = true;
 
   base::WeakPtr<ProxyDecryptor> weak_this = weak_ptr_factory_.GetWeakPtr();
   cdm_factory->Create(
-      key_system, allow_distinctive_identifier, allow_persistent_state,
-      security_origin, base::Bind(&ProxyDecryptor::OnSessionMessage, weak_this),
+      key_system, security_origin, cdm_config,
+      base::Bind(&ProxyDecryptor::OnSessionMessage, weak_this),
       base::Bind(&ProxyDecryptor::OnSessionClosed, weak_this),
       base::Bind(&ProxyDecryptor::OnLegacySessionError, weak_this),
       base::Bind(&ProxyDecryptor::OnSessionKeysChange, weak_this),