Context Navigation

← Previous Changeset
Next Changeset →

Changeset 251639 in webkit

Timestamp:

Oct 26, 2019 1:50:40 PM (5 years ago)

Author:

youenn@apple.com

Message:

Enforce user gesture for getUserMedia in case a previous getUserMedia call was denied
https://bugs.webkit.org/show_bug.cgi?id=203362

Reviewed by Eric Carlson.

Source/WebCore:

Compute whether a media request is user priviledged or not.
It is priviledged if it is created as part of a user gesture and no request of the same type
has been previously created for the same user gesture.
If getDisplayMedia is called twice as part of a single user gesture, getDisplaMedia will reject for the second call.

Test: fast/mediastream/getUserMedia-deny-persistency5.html and updated test.

Modules/mediastream/MediaDevices.cpp:

(WebCore::MediaDevices::computeUserGesturePriviledge):
(WebCore::MediaDevices::getUserMedia):
(WebCore::MediaDevices::getDisplayMedia):
(WebCore::MediaDevices::getUserMedia const): Deleted.
(WebCore::MediaDevices::getDisplayMedia const): Deleted.

Modules/mediastream/MediaDevices.h:
platform/mediastream/MediaStreamRequest.h:

(WebCore::MediaStreamRequest::encode const):
(WebCore::MediaStreamRequest::decode):

Source/WebKit:

In case the request has user gesture priviledge, do not look at denied request history.

UIProcess/UserMediaPermissionRequestManagerProxy.cpp:

(WebKit::UserMediaPermissionRequestManagerProxy::getRequestAction):

UIProcess/UserMediaPermissionRequestProxy.h:

(WebKit::UserMediaPermissionRequestProxy::isUserGesturePriviledged const):

Tools:

Update test to take into account the ability to reask permission.

TestWebKitAPI/Tests/WebKitCocoa/GetDisplayMedia.mm:

(TestWebKitAPI::TEST_F):

LayoutTests:

fast/mediastream/getUserMedia-deny-persistency5-expected.txt:
fast/mediastream/getUserMedia-deny-persistency5.html:
fast/mediastream/screencapture-user-gesture-expected.txt:
fast/mediastream/screencapture-user-gesture.html:

Location:

trunk

Files:

: 2 added
: 12 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/fast/mediastream/getUserMedia-deny-persistency5-expected.txt (added)
LayoutTests/fast/mediastream/getUserMedia-deny-persistency5.html (added)
LayoutTests/fast/mediastream/screencapture-user-gesture-expected.txt (modified) (1 diff)
LayoutTests/fast/mediastream/screencapture-user-gesture.html (modified) (1 diff)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/Modules/mediastream/MediaDevices.cpp (modified) (4 diffs)
Source/WebCore/Modules/mediastream/MediaDevices.h (modified) (4 diffs)
Source/WebCore/platform/mediastream/MediaStreamRequest.h (modified) (3 diffs)
Source/WebKit/ChangeLog (modified) (1 diff)
Source/WebKit/UIProcess/UserMediaPermissionRequestManagerProxy.cpp (modified) (1 diff)
Source/WebKit/UIProcess/UserMediaPermissionRequestProxy.h (modified) (1 diff)
Tools/ChangeLog (modified) (1 diff)
Tools/TestWebKitAPI/Tests/WebKitCocoa/GetDisplayMedia.mm (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r251637
+                      r251639
+-10-26  youenn fablet  <youenn@apple.com>
+        Enforce user gesture for getUserMedia in case a previous getUserMedia call was denied
+        https://bugs.webkit.org/show_bug.cgi?id=203362
+        Reviewed by Eric Carlson.
+        * fast/mediastream/getUserMedia-deny-persistency5-expected.txt:
+        * fast/mediastream/getUserMedia-deny-persistency5.html:
+        * fast/mediastream/screencapture-user-gesture-expected.txt:
+        * fast/mediastream/screencapture-user-gesture.html:
 -10-26  Rob Buis  <rbuis@igalia.com>

trunk/LayoutTests/fast/mediastream/screencapture-user-gesture-expected.txt

r244749	r251639
1	1
2	2	PASS Allow getDisplayMedia call in case of user gesture
	3	PASS Disallow getDisplayMedia calls in case of user gesture if not the first call
3	4	PASS Deny getDisplayMedia call if no user gesture
4	5

trunk/LayoutTests/fast/mediastream/screencapture-user-gesture.html

-                      r244749
+                      r251639
 }, "Allow getDisplayMedia call in case of user gesture");
+promise_test(() => {
+    let promise;
+    internals.withUserGesture(() => {
+        const promise1 = navigator.mediaDevices.getDisplayMedia({video : true});
+        const promise2 = navigator.mediaDevices.getDisplayMedia({video : true}).then(() => {
+            return Promise.reject("Second promise should reject");
+        }, () => {
+            return "Second promise rejected";
+        });
+        promise = Promise.all([promise1, promise2]);
+    });
+    return promise;
+}, "Disallow getDisplayMedia calls in case of user gesture if not the first call");
 promise_test((test) => {
     return promise_rejects(test, "InvalidAccessError", navigator.mediaDevices.getDisplayMedia({video : true}));

trunk/Source/WebCore/ChangeLog

-                      r251638
+                      r251639
+-10-26  youenn fablet  <youenn@apple.com>
+        Enforce user gesture for getUserMedia in case a previous getUserMedia call was denied
+        https://bugs.webkit.org/show_bug.cgi?id=203362
+        Reviewed by Eric Carlson.
+        Compute whether a media request is user priviledged or not.
+        It is priviledged if it is created as part of a user gesture and no request of the same type
+        has been previously created for the same user gesture.
+        If getDisplayMedia is called twice as part of a single user gesture, getDisplaMedia will reject for the second call.
+        Test: fast/mediastream/getUserMedia-deny-persistency5.html and updated test.
+        * Modules/mediastream/MediaDevices.cpp:
+        (WebCore::MediaDevices::computeUserGesturePriviledge):
+        (WebCore::MediaDevices::getUserMedia):
+        (WebCore::MediaDevices::getDisplayMedia):
+        (WebCore::MediaDevices::getUserMedia const): Deleted.
+        (WebCore::MediaDevices::getDisplayMedia const): Deleted.
+        * Modules/mediastream/MediaDevices.h:
+        * platform/mediastream/MediaStreamRequest.h:
+        (WebCore::MediaStreamRequest::encode const):
+        (WebCore::MediaStreamRequest::decode):
 -10-26  Zalan Bujtas  <zalan@apple.com>

trunk/Source/WebCore/Modules/mediastream/MediaDevices.cpp

-                      r251244
+                      r251639
 #include "MediaTrackSupportedConstraints.h"
 #include "RealtimeMediaSourceSettings.h"
+#include "UserGestureIndicator.h"
 #include "UserMediaController.h"
 #include "UserMediaRequest.h"
 …
+}
+void MediaDevices::getUserMedia(const StreamConstraints& constraints, Promise&& promise) const
+bool MediaDevices::computeUserGesturePriviledge(GestureAllowedRequest requestType)
+{
+    auto* currentGestureToken = UserGestureIndicator::currentUserGesture().get();
+    if (m_currentGestureToken != currentGestureToken) {
+        m_currentGestureToken = currentGestureToken;
+        m_requestTypesForCurrentGesture = { };
+    }
+    bool isUserGesturePriviledged = m_currentGestureToken && !m_requestTypesForCurrentGesture.contains(requestType);
+    m_requestTypesForCurrentGesture.add(requestType);
+    return isUserGesturePriviledged;
+}
+void MediaDevices::getUserMedia(const StreamConstraints& constraints, Promise&& promise)
+{
     auto* document = this->document();
 …
     auto audioConstraints = createMediaConstraints(constraints.audio);
     auto videoConstraints = createMediaConstraints(constraints.video);
+    if (videoConstraints.isValid)
+    bool isUserGesturePriviledged = false;
+    if (audioConstraints.isValid)
+        isUserGesturePriviledged |= computeUserGesturePriviledge(GestureAllowedRequest::Microphone);
+    if (videoConstraints.isValid) {
+        isUserGesturePriviledged |= computeUserGesturePriviledge(GestureAllowedRequest::Camera);
         videoConstraints.setDefaultVideoConstraints();
+    auto request = UserMediaRequest::create(*document, { MediaStreamRequest::Type::UserMedia, WTFMove(audioConstraints), WTFMove(videoConstraints) }, WTFMove(promise));
+    }
+    auto request = UserMediaRequest::create(*document, { MediaStreamRequest::Type::UserMedia, WTFMove(audioConstraints), WTFMove(videoConstraints), isUserGesturePriviledged }, WTFMove(promise));
     request->start();
+}
 void MediaDevices::getDisplayMedia(const StreamConstraints& constraints, Promise&& promise) const
+void MediaDevices::getDisplayMedia(const StreamConstraints& constraints, Promise&& promise)
+{
     auto* document = this->document();
 …
         return;
+    if (!m_disableGetDisplayMediaUserGestureConstraint && !UserGestureIndicator::processingUserGesture()) {
+    bool isUserGesturePriviledged = computeUserGesturePriviledge(GestureAllowedRequest::Display);
+    if (!m_disableGetDisplayMediaUserGestureConstraint && !isUserGesturePriviledged) {
         promise.reject(Exception { InvalidAccessError, "getDisplayMedia must be called from a user gesture handler."_s });
         return;
+    }
     auto request = UserMediaRequest::create(*document, { MediaStreamRequest::Type::DisplayMedia, { }, createMediaConstraints(constraints.video) }, WTFMove(promise));
+    auto request = UserMediaRequest::create(*document, { MediaStreamRequest::Type::DisplayMedia, { }, createMediaConstraints(constraints.video), isUserGesturePriviledged }, WTFMove(promise));
     request->start();
+}

trunk/Source/WebCore/Modules/mediastream/MediaDevices.h

-                      r251244
+                      r251639
 class MediaDeviceInfo;
 class MediaStream;
+class UserGestureToken;
 struct MediaTrackSupportedConstraints;
 …
         Variant<bool, MediaTrackConstraints> audio;
     };
     void getUserMedia(const StreamConstraints&, Promise&&) const;
     void getDisplayMedia(const StreamConstraints&, Promise&&) const;
+    void getUserMedia(const StreamConstraints&, Promise&&);
+    void getDisplayMedia(const StreamConstraints&, Promise&&);
     void enumerateDevices(EnumerateDevicesPromise&&);
     MediaTrackSupportedConstraints getSupportedConstraints();
 …
     void derefEventTarget() final { deref(); }
+    enum class GestureAllowedRequest {
+        Microphone = 1 << 0,
+        Camera = 1 << 1,
+        Display = 1 << 2,
+    };
+    bool computeUserGesturePriviledge(GestureAllowedRequest);
     Timer m_scheduledEventTimer;
     UserMediaClient::DeviceChangeObserverToken m_deviceChangeToken;
 …
     bool m_canAccessCamera { false };
     bool m_canAccessMicrophone { false };
+    OptionSet<GestureAllowedRequest> m_requestTypesForCurrentGesture;
+    UserGestureToken* m_currentGestureToken { nullptr };
 };

trunk/Source/WebCore/platform/mediastream/MediaStreamRequest.h

-                      r243163
+                      r251639
 struct MediaStreamRequest {
     enum class Type { UserMedia, DisplayMedia };
     Type type;
+    Type type { Type::UserMedia };
     MediaConstraints audioConstraints;
     MediaConstraints videoConstraints;
+    bool isUserGesturePriviledged { false };
     template<class Encoder>
 …
         encoder << audioConstraints;
         encoder << videoConstraints;
+        encoder << isUserGesturePriviledged;
+    }
 …
+    {
         MediaStreamRequest request;
         if (decoder.decodeEnum(request.type) && decoder.decode(request.audioConstraints) && decoder.decode(request.videoConstraints))
+        if (decoder.decodeEnum(request.type) && decoder.decode(request.audioConstraints) && decoder.decode(request.videoConstraints) && decoder.decode(request.isUserGesturePriviledged))
             return request;

trunk/Source/WebKit/ChangeLog

-                      r251630
+                      r251639
+-10-26  youenn fablet  <youenn@apple.com>
+        Enforce user gesture for getUserMedia in case a previous getUserMedia call was denied
+        https://bugs.webkit.org/show_bug.cgi?id=203362
+        Reviewed by Eric Carlson.
+        In case the request has user gesture priviledge, do not look at denied request history.
+        * UIProcess/UserMediaPermissionRequestManagerProxy.cpp:
+        (WebKit::UserMediaPermissionRequestManagerProxy::getRequestAction):
+        * UIProcess/UserMediaPermissionRequestProxy.h:
+        (WebKit::UserMediaPermissionRequestProxy::isUserGesturePriviledged const):
 -10-26  Chris Lord  <clord@igalia.com>

trunk/Source/WebKit/UIProcess/UserMediaPermissionRequestManagerProxy.cpp

r250552	r251639
346	346	ASSERT(!(requestingScreenCapture && requestingMicrophone));
347	347
348		if (wasRequestDenied(request.frameID(), request.userMediaDocumentSecurityOrigin(), request.topLevelDocumentSecurityOrigin(), requestingMicrophone, requestingCamera, requestingScreenCapture))
	348	if (!request.isUserGesturePriviledged() && wasRequestDenied(request.frameID(), request.userMediaDocumentSecurityOrigin(), request.topLevelDocumentSecurityOrigin(), requestingMicrophone, requestingCamera, requestingScreenCapture))
349	349	return RequestAction::Deny;
350	350

trunk/Source/WebKit/UIProcess/UserMediaPermissionRequestProxy.h

r248713	r251639
85	85	WebCore::CaptureDevice videoDevice() const { return m_eligibleVideoDevices.isEmpty() ? WebCore::CaptureDevice { } : m_eligibleVideoDevices[0]; }
86	86
	87	bool isUserGesturePriviledged() const { return m_request.isUserGesturePriviledged; }
	88
87	89	private:
88	90	UserMediaPermissionRequestProxy(UserMediaPermissionRequestManagerProxy&, uint64_t userMediaID, WebCore::FrameIdentifier mainFrameID, WebCore::FrameIdentifier, Ref<WebCore::SecurityOrigin>&& userMediaDocumentOrigin, Ref<WebCore::SecurityOrigin>&& topLevelDocumentOrigin, Vector<WebCore::CaptureDevice>&& audioDevices, Vector<WebCore::CaptureDevice>&& videoDevices, WebCore::MediaStreamRequest&&);

trunk/Tools/ChangeLog

-                      r251630
+                      r251639
+-10-26  youenn fablet  <youenn@apple.com>
+        Enforce user gesture for getUserMedia in case a previous getUserMedia call was denied
+        https://bugs.webkit.org/show_bug.cgi?id=203362
+        Reviewed by Eric Carlson.
+        Update test to take into account the ability to reask permission.
+        * TestWebKitAPI/Tests/WebKitCocoa/GetDisplayMedia.mm:
+        (TestWebKitAPI::TEST_F):
 -10-26  Chris Lord  <clord@igalia.com>

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/GetDisplayMedia.mm

-                      r244749
+                      r251639
     promptForCapture(@"{ video: true }", false);
     shouldDeny = false;
+    promptForCapture(@"{ video: true }", false);
+    promptForCapture(@"{ video: true }", false);
+    promptForCapture(@"{ video: true }", true);
+}

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 251639 in webkit

Legend:

Download in other formats: