diff options
8 files changed, 45 insertions, 19 deletions
diff --git a/content/renderer/media/crypto/content_decryption_module_factory.cc b/content/renderer/media/crypto/content_decryption_module_factory.cc index 4792e49..82d6b0f 100644 --- a/content/renderer/media/crypto/content_decryption_module_factory.cc +++ b/content/renderer/media/crypto/content_decryption_module_factory.cc @@ -52,6 +52,7 @@ scoped_ptr<media::MediaKeys> ContentDecryptionModuleFactory::Create( #if defined(ENABLE_PEPPER_CDMS) return scoped_ptr<media::MediaKeys>( PpapiDecryptor::Create(key_system, + security_origin, create_pepper_cdm_cb, session_created_cb, session_message_cb, diff --git a/content/renderer/media/crypto/pepper_cdm_wrapper.h b/content/renderer/media/crypto/pepper_cdm_wrapper.h index 01f0f0a..13ec9e98 100644 --- a/content/renderer/media/crypto/pepper_cdm_wrapper.h +++ b/content/renderer/media/crypto/pepper_cdm_wrapper.h @@ -13,6 +13,8 @@ #include "base/callback.h" +class GURL; + namespace content { class ContentDecryptorDelegate; @@ -34,7 +36,8 @@ class PepperCdmWrapper { // Callback used to create a PepperCdmWrapper. This may return null if the // Pepper CDM can not be created. typedef base::Callback<scoped_ptr<PepperCdmWrapper>( - const std::string& pluginType)> CreatePepperCdmCB; + const std::string& pluginType, + const GURL& security_origin)> CreatePepperCdmCB; } // namespace content diff --git a/content/renderer/media/crypto/pepper_cdm_wrapper_impl.cc b/content/renderer/media/crypto/pepper_cdm_wrapper_impl.cc index 73de599..c443e03 100644 --- a/content/renderer/media/crypto/pepper_cdm_wrapper_impl.cc +++ b/content/renderer/media/crypto/pepper_cdm_wrapper_impl.cc @@ -9,9 +9,11 @@ #include "content/renderer/pepper/pepper_webplugin_impl.h" #include "third_party/WebKit/public/platform/WebString.h" #include "third_party/WebKit/public/web/WebDocument.h" +#include "third_party/WebKit/public/web/WebElement.h" #include "third_party/WebKit/public/web/WebFrame.h" #include "third_party/WebKit/public/web/WebHelperPlugin.h" #include "third_party/WebKit/public/web/WebPlugin.h" +#include "third_party/WebKit/public/web/WebPluginContainer.h" #include "third_party/WebKit/public/web/WebView.h" namespace content { @@ -22,7 +24,8 @@ void WebHelperPluginDeleter::operator()(blink::WebHelperPlugin* plugin) const { scoped_ptr<PepperCdmWrapper> PepperCdmWrapperImpl::Create( blink::WebLocalFrame* frame, - const std::string& pluginType) { + const std::string& pluginType, + const GURL& security_origin) { DCHECK(frame); ScopedHelperPlugin helper_plugin(blink::WebHelperPlugin::create( blink::WebString::fromUTF8(pluginType), frame)); @@ -39,6 +42,10 @@ scoped_ptr<PepperCdmWrapper> PepperCdmWrapperImpl::Create( if (!plugin_instance) return scoped_ptr<PepperCdmWrapper>(); + GURL url(plugin_instance->container()->element().document().url()); + CHECK_EQ(security_origin.GetOrigin(), url.GetOrigin()) + << "Pepper instance has a different origin than the EME call."; + if (!plugin_instance->GetContentDecryptorDelegate()) return scoped_ptr<PepperCdmWrapper>(); diff --git a/content/renderer/media/crypto/pepper_cdm_wrapper_impl.h b/content/renderer/media/crypto/pepper_cdm_wrapper_impl.h index 75009a2c..50a3359 100644 --- a/content/renderer/media/crypto/pepper_cdm_wrapper_impl.h +++ b/content/renderer/media/crypto/pepper_cdm_wrapper_impl.h @@ -42,7 +42,8 @@ struct WebHelperPluginDeleter { class PepperCdmWrapperImpl : public PepperCdmWrapper { public: static scoped_ptr<PepperCdmWrapper> Create(blink::WebLocalFrame* frame, - const std::string& pluginType); + const std::string& pluginType, + const GURL& security_origin); virtual ~PepperCdmWrapperImpl(); diff --git a/content/renderer/media/crypto/ppapi_decryptor.cc b/content/renderer/media/crypto/ppapi_decryptor.cc index 4ac3cd8..76d0203 100644 --- a/content/renderer/media/crypto/ppapi_decryptor.cc +++ b/content/renderer/media/crypto/ppapi_decryptor.cc @@ -25,6 +25,7 @@ namespace content { scoped_ptr<PpapiDecryptor> PpapiDecryptor::Create( const std::string& key_system, + const GURL& security_origin, const CreatePepperCdmCB& create_pepper_cdm_cb, const media::SessionCreatedCB& session_created_cb, const media::SessionMessageCB& session_message_cb, @@ -34,7 +35,7 @@ scoped_ptr<PpapiDecryptor> PpapiDecryptor::Create( std::string plugin_type = GetPepperType(key_system); DCHECK(!plugin_type.empty()); scoped_ptr<PepperCdmWrapper> pepper_cdm_wrapper = - create_pepper_cdm_cb.Run(plugin_type); + create_pepper_cdm_cb.Run(plugin_type, security_origin); if (!pepper_cdm_wrapper) { DLOG(ERROR) << "Plugin instance creation failed."; return scoped_ptr<PpapiDecryptor>(); diff --git a/content/renderer/media/crypto/ppapi_decryptor.h b/content/renderer/media/crypto/ppapi_decryptor.h index 12ef4fe..430c361 100644 --- a/content/renderer/media/crypto/ppapi_decryptor.h +++ b/content/renderer/media/crypto/ppapi_decryptor.h @@ -16,6 +16,8 @@ #include "media/base/media_keys.h" #include "media/base/video_decoder_config.h" +class GURL; + namespace base { class MessageLoopProxy; } @@ -31,6 +33,7 @@ class PpapiDecryptor : public media::MediaKeys, public media::Decryptor { public: static scoped_ptr<PpapiDecryptor> Create( const std::string& key_system, + const GURL& security_origin, const CreatePepperCdmCB& create_pepper_cdm_cb, const media::SessionCreatedCB& session_created_cb, const media::SessionMessageCB& session_message_cb, diff --git a/content/renderer/media/webcontentdecryptionmodule_impl.cc b/content/renderer/media/webcontentdecryptionmodule_impl.cc index e99859f..38fe7a0 100644 --- a/content/renderer/media/webcontentdecryptionmodule_impl.cc +++ b/content/renderer/media/webcontentdecryptionmodule_impl.cc @@ -49,6 +49,12 @@ WebContentDecryptionModuleImpl* WebContentDecryptionModuleImpl::Create( if (!IsConcreteSupportedKeySystem(key_system_ascii)) return NULL; + // If unique security origin, don't try to create the CDM. + if (security_origin.isUnique() || security_origin.toString() == "null") { + DLOG(ERROR) << "CDM use not allowed for unique security origin."; + return NULL; + } + scoped_refptr<CdmSessionAdapter> adapter(new CdmSessionAdapter()); GURL security_origin_as_gurl(security_origin.toString()); diff --git a/media/cdm/ppapi/cdm_adapter.cc b/media/cdm/ppapi/cdm_adapter.cc index 7e58176..4d8f038 100644 --- a/media/cdm/ppapi/cdm_adapter.cc +++ b/media/cdm/ppapi/cdm_adapter.cc @@ -261,6 +261,25 @@ void CdmAdapter::Initialize(const std::string& key_system) { PP_DCHECK(!key_system.empty()); PP_DCHECK(key_system_.empty() || (key_system_ == key_system && cdm_)); +#if defined(CHECK_DOCUMENT_URL) + PP_URLComponents_Dev url_components = {}; + const pp::URLUtil_Dev* url_util = pp::URLUtil_Dev::Get(); + if (!url_util) + return; + pp::Var href = url_util->GetDocumentURL(pp::InstanceHandle(pp_instance()), + &url_components); + PP_DCHECK(href.is_string()); + std::string url = href.AsString(); + PP_DCHECK(!url.empty()); + std::string url_scheme = + url.substr(url_components.scheme.begin, url_components.scheme.len); + if (url_scheme != "file") { + // Skip this check for file:// URLs as they don't have a host component. + PP_DCHECK(url_components.host.begin); + PP_DCHECK(0 < url_components.host.len); + } +#endif // defined(CHECK_DOCUMENT_URL) + if (!cdm_ && !CreateCdmInstance(key_system)) return; @@ -278,21 +297,6 @@ void CdmAdapter::CreateSession(uint32_t session_id, return; } -#if defined(CHECK_DOCUMENT_URL) - PP_URLComponents_Dev url_components = {}; - const pp::URLUtil_Dev* url_util = pp::URLUtil_Dev::Get(); - if (!url_util) { - OnSessionError(session_id, cdm::kUnknownError, 0); - return; - } - pp::Var href = url_util->GetDocumentURL( - pp::InstanceHandle(pp_instance()), &url_components); - PP_DCHECK(href.is_string()); - PP_DCHECK(!href.AsString().empty()); - PP_DCHECK(url_components.host.begin); - PP_DCHECK(0 < url_components.host.len); -#endif // defined(CHECK_DOCUMENT_URL) - cdm_->CreateSession(session_id, content_type.data(), content_type.size(), |