Changeset 207704 in webkit

Timestamp:

Oct 21, 2016, 8:35:04 PM (9 years ago)

Author:

eric.carlson@apple.com

Message:

[MediaStream] Dynamically generate media capture sandbox extensions
​https://bugs.webkit.org/show_bug.cgi?id=154861
<rdar://problem/24909411>

Reviewed by Tim Horton.

Source/WebCore:

No new tests, some of these changes are covered by existing tests and some can only be tested
with physical capture devices.

• platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: AVSampleBufferAudioRenderer and AVSampleBufferRenderSynchronizer are now declared in AVFoundationSPI.h.

• platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
• platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::MediaPlayerPrivateMediaStreamAVFObjC): Initialize

AVSampleBufferRenderSynchronizer.

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Fail if AVSampleBufferRenderSynchronizer

isn't available.

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Take a MediaSample&

instead of a PlatformSample&.

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Ditto.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Add the sample buffer display

later to the synchronizer.

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Remove the sample buffer display

later from the synchronizer.

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::play): Start the synchronizer.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::pause): Stash the current clock time in

m_pausedTime, but leave the clock running. Pause the synchronizer.

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentMediaTime): Return the clock time

when playing, m_pausedTime time when paused because we leave the clock running forever.

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated):

• platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm: AVSampleBufferAudioRenderer is now declared in AVFoundationSPI.h.

• platform/spi/mac/AVFoundationSPI.h: Add AVSampleBufferAudioRenderer and AVSampleBufferRenderSynchronizer.

Source/WebKit2:

• Shared/SandboxExtension.h:

(WebKit::SandboxExtension::createHandleForGenericExtension):

• Shared/mac/SandboxExtensionMac.mm:

(WebKit::wkSandboxExtensionType): Add case for generic handle.
(WebKit::SandboxExtension::createHandleForGenericExtension): New.

• UIProcess/UserMediaPermissionRequestManagerProxy.cpp:

(WebKit::UserMediaPermissionRequestManagerProxy::invalidateRequests): Clear the list of extensions granted.
(WebKit::UserMediaPermissionRequestManagerProxy::userMediaAccessWasGranted): Extend the web

process sandbox as necessary.

• UIProcess/UserMediaPermissionRequestManagerProxy.h:

• WebProcess/MediaStream/UserMediaPermissionRequestManager.cpp:

(WebKit::UserMediaPermissionRequestManager::~UserMediaPermissionRequestManager): Revoke all

sandbox extensions.

(WebKit::UserMediaPermissionRequestManager::grantUserMediaDevicesSandboxExtension): Consume

sandbox extensions.

• WebProcess/MediaStream/UserMediaPermissionRequestManager.h:

• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::grantUserMediaDevicesSandboxExtension): Pass-through to user media manager.

• WebProcess/WebPage/WebPage.h:

• WebProcess/WebPage/WebPage.messages.in: Add GrantUserMediaDevicesSandboxExtension.

• WebProcess/com.apple.WebProcess.sb.in: Add rules, defines, and a macro to allow dynamic extensions for media capture devices.

Location:

trunk/Source

Files:

• WebCore/ChangeLog (modified) (1 diff)
• WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm (modified) (1 diff)
• WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h (modified) (3 diffs)
• WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm (modified) (12 diffs)
• WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm (modified) (1 diff)
• WebCore/platform/spi/mac/AVFoundationSPI.h (modified) (1 diff)
• WebKit2/ChangeLog (modified) (1 diff)
• WebKit2/Shared/SandboxExtension.h (modified) (3 diffs)
• WebKit2/Shared/mac/SandboxExtensionMac.mm (modified) (2 diffs)
• WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp (modified) (3 diffs)
• WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.h (modified) (1 diff)
• WebKit2/WebProcess/MediaStream/UserMediaPermissionRequestManager.cpp (modified) (2 diffs)
• WebKit2/WebProcess/MediaStream/UserMediaPermissionRequestManager.h (modified) (3 diffs)
• WebKit2/WebProcess/WebPage/WebPage.cpp (modified) (1 diff)
• WebKit2/WebProcess/WebPage/WebPage.h (modified) (1 diff)
• WebKit2/WebProcess/WebPage/WebPage.messages.in (modified) (1 diff)
• WebKit2/WebProcess/com.apple.WebProcess.sb.in (modified) (1 diff)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2016-10-21  Eric Carlson  <eric.carlson@apple.com>
+
+        [MediaStream] Dynamically generate media capture sandbox extensions
+        https://bugs.webkit.org/show_bug.cgi?id=154861
+        <rdar://problem/24909411>
+
+        Reviewed by Tim Horton.
+
+        No new tests, some of these changes are covered by existing tests and some can only be tested
+        with physical capture devices.
+
+        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: AVSampleBufferAudioRenderer
+          and AVSampleBufferRenderSynchronizer are now declared in AVFoundationSPI.h.
+
+        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
+        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::MediaPlayerPrivateMediaStreamAVFObjC): Initialize 
+          AVSampleBufferRenderSynchronizer.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Fail if AVSampleBufferRenderSynchronizer
+          isn't available.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Take a MediaSample&
+          instead of a PlatformSample&.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Ditto.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Add the sample buffer display 
+          later to the synchronizer.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Remove the sample buffer display 
+          later from the synchronizer.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::play): Start the synchronizer.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::pause): Stash the current clock time in 
+          m_pausedTime, but leave the clock running. Pause the synchronizer.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentMediaTime): Return the clock time
+          when playing, m_pausedTime time when paused because we leave the clock running forever.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated):
+
+        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm: AVSampleBufferAudioRenderer
+          is now declared in AVFoundationSPI.h.
+
+        * platform/spi/mac/AVFoundationSPI.h: Add AVSampleBufferAudioRenderer and AVSampleBufferRenderSynchronizer.
+
 2016-10-21  Commit Queue  <commit-queue@webkit.org>
 

trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm

@@ -94 +94 @@
 
 #pragma mark -
-#pragma mark AVSampleBufferAudioRenderer
-
-@interface AVSampleBufferAudioRenderer : NSObject
-- (void)setVolume:(float)volume;
-- (void)setMuted:(BOOL)muted;
-@property (nonatomic, copy) NSString *audioTimePitchAlgorithm;
-@end
-
-#pragma mark -
-#pragma mark AVSampleBufferRenderSynchronizer
-
-@interface AVSampleBufferRenderSynchronizer : NSObject
-- (CMTimebaseRef)timebase;
-- (float)rate;
-- (void)setRate:(float)rate;
-- (void)setRate:(float)rate time:(CMTime)time;
-- (NSArray *)renderers;
-- (void)addRenderer:(id)renderer;
-- (void)removeRenderer:(id)renderer atTime:(CMTime)time withCompletionHandler:(void (^)(BOOL didRemoveRenderer))completionHandler;
-- (id)addPeriodicTimeObserverForInterval:(CMTime)interval queue:(dispatch_queue_t)queue usingBlock:(void (^)(CMTime time))block;
-- (id)addBoundaryTimeObserverForTimes:(NSArray *)times queue:(dispatch_queue_t)queue usingBlock:(void (^)(void))block;
-- (void)removeTimeObserver:(id)observer;
-@end
-
-#pragma mark - 
 #pragma mark AVStreamSession
 

trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h

@@ -38 +38 @@
 OBJC_CLASS AVSampleBufferAudioRenderer;
 OBJC_CLASS AVSampleBufferDisplayLayer;
+OBJC_CLASS AVSampleBufferRenderSynchronizer;
 OBJC_CLASS AVStreamSession;
 typedef struct opaqueCMSampleBuffer *CMSampleBufferRef;
@@ -122 +123 @@
     void setSize(const IntSize&) override { /* No-op */ }
 
-    void enqueueAudioSampleBufferFromTrack(MediaStreamTrackPrivate&, PlatformSample);
-    void enqueueVideoSampleBufferFromTrack(MediaStreamTrackPrivate&, PlatformSample);
+    void enqueueAudioSampleBufferFromTrack(MediaStreamTrackPrivate&, MediaSample&);
+    void enqueueVideoSampleBufferFromTrack(MediaStreamTrackPrivate&, MediaSample&);
     bool shouldEnqueueVideoSampleBuffer() const;
     void flushAndRemoveVideoSampleBuffers();
@@ -187 +188 @@
     RefPtr<MediaStreamPrivate> m_mediaStreamPrivate;
     RetainPtr<AVSampleBufferDisplayLayer> m_sampleBufferDisplayLayer;
+    RetainPtr<AVSampleBufferRenderSynchronizer> m_synchronizer;
     RetainPtr<CGImageRef> m_pausedImage;
+    double m_pausedTime { 0 };
     std::unique_ptr<Clock> m_clock;
 

trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm

@@ -30 +30 @@
 
 #import "AVAudioCaptureSource.h"
+#import "AVFoundationSPI.h"
 #import "AVVideoCaptureSource.h"
 #import "AudioTrackPrivateMediaStream.h"
@@ -36 +37 @@
 #import "Logging.h"
 #import "MediaStreamPrivate.h"
+#import "MediaTimeAVFoundation.h"
 #import "VideoTrackPrivateMediaStream.h"
 #import <AVFoundation/AVSampleBufferDisplayLayer.h>
@@ -55 +57 @@
 
 SOFT_LINK_CLASS_OPTIONAL(AVFoundation, AVSampleBufferDisplayLayer)
+SOFT_LINK_CLASS_OPTIONAL(AVFoundation, AVSampleBufferRenderSynchronizer)
 
 namespace WebCore {
@@ -64 +67 @@
     : m_player(player)
     , m_weakPtrFactory(this)
+    , m_synchronizer(adoptNS([allocAVSampleBufferRenderSynchronizerInstance() init]))
     , m_clock(Clock::create())
 #if PLATFORM(MAC) && ENABLE(VIDEO_PRESENTATION_MODE)
@@ -100 +104 @@
 bool MediaPlayerPrivateMediaStreamAVFObjC::isAvailable()
 {
-    return AVFoundationLibrary() && isCoreMediaFrameworkAvailable() && getAVSampleBufferDisplayLayerClass();
+    return AVFoundationLibrary() && isCoreMediaFrameworkAvailable() && getAVSampleBufferDisplayLayerClass() && getAVSampleBufferRenderSynchronizerClass();
 }
 
@@ -120 +124 @@
 #pragma mark AVSampleBuffer Methods
 
-void MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack(MediaStreamTrackPrivate&, PlatformSample)
+void MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack(MediaStreamTrackPrivate&, MediaSample&)
 {
     // FIXME: https://bugs.webkit.org/show_bug.cgi?id=159836
 }
 
-void MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack(MediaStreamTrackPrivate& track, PlatformSample platformSample)
-{
-    if (&track != m_mediaStreamPrivate->activeVideoTrack())
-        return;
-
-    if (shouldEnqueueVideoSampleBuffer()) {
-        [m_sampleBufferDisplayLayer enqueueSampleBuffer:platformSample.sample.cmSampleBuffer];
-        m_isFrameDisplayed = true;
-        
-        if (!m_hasEverEnqueuedVideoFrame) {
-            m_hasEverEnqueuedVideoFrame = true;
-            m_player->firstVideoFrameAvailable();
-
-            updatePausedImage();
-        }
+void MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack(MediaStreamTrackPrivate& track, MediaSample& sample)
+{
+    if (&track != m_mediaStreamPrivate->activeVideoTrack() || !shouldEnqueueVideoSampleBuffer())
+        return;
+
+    sample.setTimestamps(toMediaTime(CMTimebaseGetTime([m_synchronizer timebase])), MediaTime::invalidTime());
+    [m_sampleBufferDisplayLayer enqueueSampleBuffer:sample.platformSample().sample.cmSampleBuffer];
+    m_isFrameDisplayed = true;
+
+    if (!m_hasEverEnqueuedVideoFrame) {
+        m_hasEverEnqueuedVideoFrame = true;
+        m_player->firstVideoFrameAvailable();
+        updatePausedImage();
     }
 }
@@ -173 +175 @@
 #endif
     m_sampleBufferDisplayLayer.get().backgroundColor = cachedCGColor(Color::black);
-    
+
+    [m_synchronizer addRenderer:m_sampleBufferDisplayLayer.get()];
+
     renderingModeChanged();
     
@@ -187 +191 @@
     
     [m_sampleBufferDisplayLayer flush];
+    CMTime currentTime = CMTimebaseGetTime([m_synchronizer timebase]);
+    [m_synchronizer removeRenderer:m_sampleBufferDisplayLayer.get() atTime:currentTime withCompletionHandler:^(BOOL){
+        // No-op.
+    }];
     m_sampleBufferDisplayLayer = nullptr;
+
     renderingModeChanged();
     
@@ -311 +320 @@
     m_clock->start();
     m_playing = true;
+    [m_synchronizer setRate:1];
     m_haveEverPlayed = true;
     scheduleDeferredTask([this] {
@@ -325 +335 @@
         return;
 
-    m_clock->stop();
+    m_pausedTime = m_clock->currentTime();
     m_playing = false;
+    [m_synchronizer setRate:0];
     updateDisplayMode();
     updatePausedImage();
@@ -387 +398 @@
 MediaTime MediaPlayerPrivateMediaStreamAVFObjC::currentMediaTime() const
 {
-    return MediaTime::createWithDouble(m_clock->currentTime());
+    return MediaTime::createWithDouble(m_playing ? m_clock->currentTime() : m_pausedTime);
 }
 
@@ -515 +526 @@
         break;
     case RealtimeMediaSource::Video:
-        enqueueVideoSampleBufferFromTrack(track, mediaSample.platformSample());
+        enqueueVideoSampleBufferFromTrack(track, mediaSample);
         m_hasReceivedMedia = true;
         scheduleDeferredTask([this] {

trunk/Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm

@@ -113 +113 @@
 
 #pragma mark -
-#pragma mark AVSampleBufferAudioRenderer
-
-@interface AVSampleBufferAudioRenderer : NSObject
-- (NSInteger)status;
-- (NSError*)error;
-- (void)enqueueSampleBuffer:(CMSampleBufferRef)sampleBuffer;
-- (void)flush;
-- (BOOL)isReadyForMoreMediaData;
-- (void)requestMediaDataWhenReadyOnQueue:(dispatch_queue_t)queue usingBlock:(void (^)(void))block;
-- (void)stopRequestingMediaData;
-@end
-
-#pragma mark -
 #pragma mark WebAVStreamDataParserListener
 

trunk/Source/WebCore/platform/spi/mac/AVFoundationSPI.h

@@ -163 +163 @@
 
 NS_ASSUME_NONNULL_END
+
+#import <CoreMedia/CMSampleBuffer.h>
+#import <CoreMedia/CMSync.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+@interface AVSampleBufferRenderSynchronizer : NSObject
+- (CMTimebaseRef)timebase;
+- (float)rate;
+- (void)setRate:(float)rate;
+- (void)setRate:(float)rate time:(CMTime)time;
+- (NSArray *)renderers;
+- (void)addRenderer:(id)renderer;
+- (void)removeRenderer:(id)renderer atTime:(CMTime)time withCompletionHandler:(void (^)(BOOL didRemoveRenderer))completionHandler;
+- (id)addPeriodicTimeObserverForInterval:(CMTime)interval queue:(dispatch_queue_t)queue usingBlock:(void (^)(CMTime time))block;
+- (id)addBoundaryTimeObserverForTimes:(NSArray *)times queue:(dispatch_queue_t)queue usingBlock:(void (^)(void))block;
+- (void)removeTimeObserver:(id)observer;
+@end
+
+NS_ASSUME_NONNULL_END
+
+NS_ASSUME_NONNULL_BEGIN
+
+@interface AVSampleBufferAudioRenderer : NSObject
+- (NSInteger)status;
+- (NSError*)error;
+- (void)enqueueSampleBuffer:(CMSampleBufferRef)sampleBuffer;
+- (void)flush;
+- (BOOL)isReadyForMoreMediaData;
+- (void)requestMediaDataWhenReadyOnQueue:(dispatch_queue_t)queue usingBlock:(void (^)(void))block;
+- (void)stopRequestingMediaData;
+- (void)setVolume:(float)volume;
+- (void)setMuted:(BOOL)muted;
+@property (nonatomic, copy) NSString *audioTimePitchAlgorithm;
+@end
+
+NS_ASSUME_NONNULL_END

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2016-10-21  Eric Carlson  <eric.carlson@apple.com>
+
+        [MediaStream] Dynamically generate media capture sandbox extensions
+        https://bugs.webkit.org/show_bug.cgi?id=154861
+        <rdar://problem/24909411>
+
+        Reviewed by Tim Horton.
+
+        * Shared/SandboxExtension.h:
+        (WebKit::SandboxExtension::createHandleForGenericExtension):
+        * Shared/mac/SandboxExtensionMac.mm:
+        (WebKit::wkSandboxExtensionType): Add case for generic handle.
+        (WebKit::SandboxExtension::createHandleForGenericExtension): New.
+
+        * UIProcess/UserMediaPermissionRequestManagerProxy.cpp:
+        (WebKit::UserMediaPermissionRequestManagerProxy::invalidateRequests): Clear the list of extensions granted.
+        (WebKit::UserMediaPermissionRequestManagerProxy::userMediaAccessWasGranted): Extend the web 
+          process sandbox as necessary.
+        * UIProcess/UserMediaPermissionRequestManagerProxy.h:
+
+        * WebProcess/MediaStream/UserMediaPermissionRequestManager.cpp:
+        (WebKit::UserMediaPermissionRequestManager::~UserMediaPermissionRequestManager): Revoke all
+          sandbox extensions.
+        (WebKit::UserMediaPermissionRequestManager::grantUserMediaDevicesSandboxExtension): Consume
+          sandbox extensions.
+        * WebProcess/MediaStream/UserMediaPermissionRequestManager.h:
+
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::WebPage::grantUserMediaDevicesSandboxExtension): Pass-through to user media manager.
+        * WebProcess/WebPage/WebPage.h:
+
+        * WebProcess/WebPage/WebPage.messages.in: Add GrantUserMediaDevicesSandboxExtension.
+
+        * WebProcess/com.apple.WebProcess.sb.in: Add rules, defines, and a macro to allow dynamic extensions
+          for media capture devices.
+
 2016-10-21  Gavin Barraclough  <barraclough@apple.com>
 

trunk/Source/WebKit2/Shared/SandboxExtension.h

@@ -48 +48 @@
     enum Type {
         ReadOnly,
-        ReadWrite
+        ReadWrite,
+        Generic,
     };
 
@@ -94 +95 @@
     static bool createHandleForReadWriteDirectory(const String& path, Handle&); // Will attempt to create the directory.
     static String createHandleForTemporaryFile(const String& prefix, Type type, Handle&);
+    static bool createHandleForGenericExtension(const String& extensionClass, Handle&);
     ~SandboxExtension();
 
@@ -128 +130 @@
 inline bool SandboxExtension::createHandleForReadWriteDirectory(const String&, Handle&) { return true; }
 inline String SandboxExtension::createHandleForTemporaryFile(const String& /*prefix*/, Type, Handle&) {return String();}
+inline bool SandboxExtension::createHandleForGenericExtension(const String& /*extensionClass*/, Handle&) { return true; }
 inline SandboxExtension::~SandboxExtension() { }
 inline bool SandboxExtension::revoke() { return true; }

trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm

@@ -160 +160 @@
     case SandboxExtension::ReadWrite:
         return WKSandboxExtensionTypeReadWrite;
+    case SandboxExtension::Generic:
+        return WKSandboxExtensionTypeGeneric;
+
     }
 
@@ -275 +278 @@
 }
 
+bool SandboxExtension::createHandleForGenericExtension(const String& extensionClass, Handle& handle)
+{
+    ASSERT(!handle.m_sandboxExtension);
+
+    handle.m_sandboxExtension = WKSandboxExtensionCreate(extensionClass.utf8().data(), wkSandboxExtensionType(Type::Generic));
+    if (!handle.m_sandboxExtension) {
+        WTFLogAlways("Could not create a '%s' sandbox extension", extensionClass.utf8().data());
+        return false;
+    }
+    
+    return true;
+}
+
 SandboxExtension::SandboxExtension(const Handle& handle)
     : m_sandboxExtension(handle.m_sandboxExtension)

trunk/Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp

@@ -48 +48 @@
         request->invalidate();
     m_pendingDeviceRequests.clear();
+
+    m_pageSandboxExtensionsGranted.clear();
 }
 
@@ -121 +123 @@
 void UserMediaPermissionRequestManagerProxy::userMediaAccessWasGranted(uint64_t userMediaID, const String& audioDeviceUID, const String& videoDeviceUID)
 {
+    ASSERT(!audioDeviceUID.isEmpty() || !videoDeviceUID.isEmpty());
+
     if (!m_page.isValid())
         return;
@@ -128 +132 @@
 
 #if ENABLE(MEDIA_STREAM)
+    size_t extensionCount = 0;
+    unsigned requiredExtensions = SandboxExtensionsGranted::None;
+    if (!audioDeviceUID.isEmpty()) {
+        requiredExtensions |= SandboxExtensionsGranted::Audio;
+        extensionCount++;
+    }
+    if (!videoDeviceUID.isEmpty()) {
+        requiredExtensions |= SandboxExtensionsGranted::Video;
+        extensionCount++;
+    }
+
+    unsigned currentExtensions = m_pageSandboxExtensionsGranted.get(m_page.pageID());
+    if (!(requiredExtensions & currentExtensions)) {
+        ASSERT(extensionCount);
+        m_pageSandboxExtensionsGranted.set(m_page.pageID(), requiredExtensions | currentExtensions);
+        SandboxExtension::HandleArray handles;
+        handles.allocate(extensionCount);
+        if (!videoDeviceUID.isEmpty())
+            SandboxExtension::createHandleForGenericExtension("com.apple.webkit.camera", handles[--extensionCount]);
+        if (!audioDeviceUID.isEmpty())
+            SandboxExtension::createHandleForGenericExtension("com.apple.webkit.microphone", handles[--extensionCount]);
+        m_page.process().send(Messages::WebPage::GrantUserMediaDevicesSandboxExtension(handles), m_page.pageID());
+    }
+
     m_page.process().send(Messages::WebPage::UserMediaAccessWasGranted(userMediaID, audioDeviceUID, videoDeviceUID), m_page.pageID());
 #else

trunk/Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.h

@@ -60 +60 @@
     HashMap<uint64_t, RefPtr<UserMediaPermissionCheckProxy>> m_pendingDeviceRequests;
 
+    enum SandboxExtensionsGranted {
+        None = 0,
+        Video = 1 << 0,
+        Audio = 1 << 1
+    };
+    HashMap<uint64_t, unsigned> m_pageSandboxExtensionsGranted;
+
     WebPageProxy& m_page;
 };

trunk/Source/WebKit2/WebProcess/MediaStream/UserMediaPermissionRequestManager.cpp

@@ -51 +51 @@
 UserMediaPermissionRequestManager::~UserMediaPermissionRequestManager()
 {
+    for (auto& sandboxExtension : m_userMediaDeviceSandboxExtensions)
+        sandboxExtension->revoke();
 }
 
@@ -143 +145 @@
 }
 
+void UserMediaPermissionRequestManager::grantUserMediaDevicesSandboxExtension(const SandboxExtension::HandleArray& sandboxExtensionHandles)
+{
+    ASSERT(m_userMediaDeviceSandboxExtensions.size() <= 2);
+
+    for (size_t i = 0; i < sandboxExtensionHandles.size(); i++) {
+        if (RefPtr<SandboxExtension> extension = SandboxExtension::create(sandboxExtensionHandles[i])) {
+            extension->consume();
+            m_userMediaDeviceSandboxExtensions.append(extension.release());
+        }
+    }
+}
+
 } // namespace WebKit
 

trunk/Source/WebKit2/WebProcess/MediaStream/UserMediaPermissionRequestManager.h

@@ -23 +23 @@
 #if ENABLE(MEDIA_STREAM)
 
+#include "SandboxExtension.h"
 #include <WebCore/MediaConstraints.h>
 #include <WebCore/MediaDevicesEnumerationRequest.h>
@@ -49 +50 @@
     void didCompleteMediaDeviceEnumeration(uint64_t, const Vector<WebCore::CaptureDevice>& deviceList, const String& deviceIdentifierHashSalt, bool originHasPersistentAccess);
 
+    void grantUserMediaDevicesSandboxExtension(const SandboxExtension::HandleArray&);
+
 private:
     WebPage& m_page;
@@ -57 +60 @@
     HashMap<uint64_t, RefPtr<WebCore::MediaDevicesEnumerationRequest>> m_idToMediaDevicesEnumerationRequestMap;
     HashMap<RefPtr<WebCore::MediaDevicesEnumerationRequest>, uint64_t> m_mediaDevicesEnumerationRequestToIDMap;
+
+    Vector<RefPtr<SandboxExtension>> m_userMediaDeviceSandboxExtensions;
 };
 

trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp

@@ -3707 +3707 @@
     m_userMediaPermissionRequestManager.didCompleteMediaDeviceEnumeration(userMediaID, devices, deviceIdentifierHashSalt, originHasPersistentAccess);
 }
+
+void WebPage::grantUserMediaDevicesSandboxExtension(const SandboxExtension::HandleArray& handles)
+{
+    m_userMediaPermissionRequestManager.grantUserMediaDevicesSandboxExtension(handles);
+}
 #endif
 

trunk/Source/WebKit2/WebProcess/WebPage/WebPage.h

@@ -1172 +1172 @@
 
     void didCompleteMediaDeviceEnumeration(uint64_t userMediaID, const Vector<WebCore::CaptureDevice>& devices, const String& deviceIdentifierHashSalt, bool originHasPersistentAccess);
+    void grantUserMediaDevicesSandboxExtension(const SandboxExtension::HandleArray&);
 #endif
 

trunk/Source/WebKit2/WebProcess/WebPage/WebPage.messages.in

@@ -292 +292 @@
     UserMediaAccessWasDenied(uint64_t userMediaID, uint64_t reason, String invalidConstraint)
     DidCompleteMediaDeviceEnumeration(uint64_t userMediaID, Vector<WebCore::CaptureDevice> devices, String mediaDeviceIdentifierHashSalt, bool hasPersistentAccess)
+    GrantUserMediaDevicesSandboxExtension(WebKit::SandboxExtension::HandleArray sandboxExtensionHandle)
 #endif
 

trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in

@@ -319 +319 @@
 ;; Data Detectors
 (allow file-read* (subpath "/private/var/db/datadetectors/sys"))
+
+;; Media capture, utilities
+(if (not (defined? 'sbpl-filter?))
+  (define (sbpl-filter? x)
+      (and (list? x)
+           (eq? (car x) 'filter))))
+
+(macro (with-filter form)
+   (let* ((ps (cdr form))
+          (extra-filter (car ps))
+          (rules (cdr ps)))
+    `(letrec
+        ((collect
+             (lambda (l filters non-filters)
+                 (if (null? l)
+                     (list filters non-filters)
+                     (let* 
+                         ((x (car l))
+                          (rest (cdr l)))
+                         (if (sbpl-filter? x)
+                             (collect rest (cons x filters) non-filters)
+                             (collect rest filters (cons x non-filters)))))))
+         (inject-filter
+             (lambda args
+                 (let* ((collected (collect args '() '()))
+                        (filters (car collected))
+                        (non-filters (cadr collected)))
+                 (if (null? filters)
+                     (cons ,extra-filter non-filters)
+                     (cons (require-all (apply require-any filters) ,extra-filter) non-filters)))))
+         (orig-allow allow)
+         (orig-deny deny)
+         (wrapper
+             (lambda (action)
+                 (lambda args (apply action (apply inject-filter args))))))
+        (set! allow (wrapper orig-allow))
+        (set! deny (wrapper orig-deny))
+        ,@rules
+        (set! deny orig-deny)
+        (set! allow orig-allow))))
+
+(define (home-library-preferences-regex home-library-preferences-relative-regex)
+    (regex (string-append "^" (regex-quote (param "HOME_LIBRARY_PREFERENCES_DIR")) home-library-preferences-relative-regex)))
+
+(define (home-library-preferences-literal home-library-preferences-relative-literal)
+    (literal (string-append (param "HOME_LIBRARY_PREFERENCES_DIR") home-library-preferences-relative-literal)))
+
+(define (shared-preferences-read . domains)
+  (for-each (lambda (domain)
+              (begin
+                (if (defined? `user-preference-read)
+                    (allow user-preference-read (preference-domain domain)))
+                ; (Temporary) backward compatibility with non-CFPreferences readers.
+                (allow file-read*
+                       (literal (string-append "/Library/Preferences/" domain ".plist"))
+                       (home-library-preferences-literal (string-append "/" domain ".plist"))
+                       (home-library-preferences-regex (string-append #"/ByHost/" (regex-quote domain) #"\..*\.plist$")))))
+            domains))
+
+;; Media capture, microphone access
+(with-filter (extension "com.apple.webkit.microphone")
+    (allow device-microphone))
+
+;; Media capture, camera access
+(with-filter (extension "com.apple.webkit.camera")
+    (shared-preferences-read "com.apple.coremedia")
+    (allow mach-lookup (extension "com.apple.app-sandbox.mach"))
+    (allow mach-lookup
+        (global-name "com.apple.cmio.AppleCameraAssistant")
+        ;; Apple DAL assistants
+        (global-name "com.apple.cmio.VDCAssistant")
+        (global-name "com.apple.cmio.AVCAssistant")
+        (global-name "com.apple.cmio.IIDCVideoAssistant")
+        ;; QuickTimeIIDCDigitizer assistant
+        (global-name "com.apple.IIDCAssistant"))
+    (allow iokit-open
+        ;; QuickTimeUSBVDCDigitizer
+        (iokit-user-client-class "IOUSBDeviceUserClientV2")
+        (iokit-user-client-class "IOUSBInterfaceUserClientV2"))
+    (allow device-camera))