Changeset 255668 in webkit

Timestamp:

Feb 4, 2020 2:57:44 AM (4 years ago)

Author:

youenn@apple.com

Message:

MediaDevices should handle changes of iframe allow attribute value
​https://bugs.webkit.org/show_bug.cgi?id=207112

Reviewed by Eric Carlson.

LayoutTests/imported/w3c:

• web-platform-tests/mediacapture-streams/MediaStream-default-feature-policy.https-expected.txt:
• web-platform-tests/mediacapture-streams/MediaStream-feature-policy-none.https-expected.txt:

Source/WebCore:

MediaDevices was computing whether it could access camera or microphone at creation time.
Since the iframe allow attribute can be modified, we cannot do that.
Instead, we get the feature policy everytime this is needed.

Refactor code to use the newly added routine to check for feature policy.
Update logging to give origin and allow attribute value of the frame that fail the feature policy check.

Test: http/tests/webrtc/enumerateDevicesInFrames.html

• Modules/mediastream/MediaDevices.cpp:

(WebCore::MediaDevices::MediaDevices):
(WebCore::MediaDevices::refreshDevices):
(WebCore::MediaDevices::enumerateDevices):
(WebCore::MediaDevices::listenForDeviceChanges):

• Modules/mediastream/MediaDevices.h:
• Modules/mediastream/UserMediaController.cpp:

(WebCore::UserMediaController::logGetUserMediaDenial):
(WebCore::UserMediaController::logGetDisplayMediaDenial):
(WebCore::UserMediaController::logEnumerateDevicesDenial):

• Modules/mediastream/UserMediaController.h:
• Modules/mediastream/UserMediaRequest.cpp:

(WebCore::UserMediaRequest::start):

• html/FeaturePolicy.cpp:

(WebCore::policyTypeName):
(WebCore::isFeaturePolicyAllowedByDocumentAndAllOwners):

• html/FeaturePolicy.h:
• page/DOMWindow.cpp:

(WebCore::DOMWindow::printErrorMessage const):

• page/DOMWindow.h:

LayoutTests:

• TestExpectations:
• fullscreen/full-screen-enabled-expected.txt:
• fullscreen/full-screen-enabled-prefixed-expected.txt:
• fullscreen/full-screen-iframe-not-allowed-expected.txt:
• fullscreen/full-screen-iframe-without-allow-attribute-allowed-from-parent-expected.txt:
• fullscreen/full-screen-restrictions-expected.txt:
• http/tests/fullscreen/fullscreen-feature-policy-expected.txt:
• http/tests/media/media-stream/enumerate-devices-iframe-allow-attribute-expected.txt:
• http/tests/media/media-stream/get-display-media-iframe-allow-attribute-expected.txt:
• http/tests/ssl/media-stream/get-user-media-different-host-expected.txt:
• http/tests/ssl/media-stream/get-user-media-nested-expected.txt:
• http/tests/webrtc/enumerateDevicesInFrames-expected.txt: Added.
• http/tests/webrtc/enumerateDevicesInFrames.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/TestExpectations (modified) (1 diff)
• LayoutTests/fullscreen/full-screen-enabled-expected.txt (modified) (1 diff)
• LayoutTests/fullscreen/full-screen-enabled-prefixed-expected.txt (modified) (1 diff)
• LayoutTests/fullscreen/full-screen-iframe-not-allowed-expected.txt (modified) (1 diff)
• LayoutTests/fullscreen/full-screen-iframe-without-allow-attribute-allowed-from-parent-expected.txt (modified) (1 diff)
• LayoutTests/fullscreen/full-screen-restrictions-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/fullscreen/fullscreen-feature-policy-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/media/media-stream/enumerate-devices-iframe-allow-attribute-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/media/media-stream/get-display-media-iframe-allow-attribute-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/media/media-stream/get-display-media-iframe-allow-attribute.html (modified) (1 diff)
• LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/ssl/media-stream/get-user-media-nested-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/webrtc/enumerateDevicesInFrames-expected.txt (added)
• LayoutTests/http/tests/webrtc/enumerateDevicesInFrames.html (added)
• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/mediacapture-streams/MediaStream-default-feature-policy.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/mediacapture-streams/MediaStream-feature-policy-none.https-expected.txt (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/mediastream/MediaDevices.cpp (modified) (4 diffs)
• Source/WebCore/Modules/mediastream/MediaDevices.h (modified) (1 diff)
• Source/WebCore/Modules/mediastream/UserMediaController.cpp (modified) (2 diffs)
• Source/WebCore/Modules/mediastream/UserMediaController.h (modified) (2 diffs)
• Source/WebCore/Modules/mediastream/UserMediaRequest.cpp (modified) (1 diff)
• Source/WebCore/html/FeaturePolicy.cpp (modified) (2 diffs)
• Source/WebCore/html/FeaturePolicy.h (modified) (1 diff)
• Source/WebCore/page/DOMWindow.cpp (modified) (1 diff)
• Source/WebCore/page/DOMWindow.h (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2020-02-04  youenn fablet  <youenn@apple.com>
+
+        MediaDevices should handle changes of iframe allow attribute value
+        https://bugs.webkit.org/show_bug.cgi?id=207112
+
+        Reviewed by Eric Carlson.
+
+        * TestExpectations:
+        * fullscreen/full-screen-enabled-expected.txt:
+        * fullscreen/full-screen-enabled-prefixed-expected.txt:
+        * fullscreen/full-screen-iframe-not-allowed-expected.txt:
+        * fullscreen/full-screen-iframe-without-allow-attribute-allowed-from-parent-expected.txt:
+        * fullscreen/full-screen-restrictions-expected.txt:
+        * http/tests/fullscreen/fullscreen-feature-policy-expected.txt:
+        * http/tests/media/media-stream/enumerate-devices-iframe-allow-attribute-expected.txt:
+        * http/tests/media/media-stream/get-display-media-iframe-allow-attribute-expected.txt:
+        * http/tests/ssl/media-stream/get-user-media-different-host-expected.txt:
+        * http/tests/ssl/media-stream/get-user-media-nested-expected.txt:
+        * http/tests/webrtc/enumerateDevicesInFrames-expected.txt: Added.
+        * http/tests/webrtc/enumerateDevicesInFrames.html: Added.
+
 2020-02-03  Antti Koivisto  <antti@apple.com>
 

trunk/LayoutTests/TestExpectations

@@ -771 +771 @@
 webkit.org/b/189905 imported/w3c/web-platform-tests/resource-timing/resource_initiator_types.html [ Pass Failure ]
 webkit.org/b/190523 imported/w3c/web-platform-tests/resource-timing/resource_timing_cross_origin_redirect_chain.html [ Pass Failure ]
+
+imported/w3c/web-platform-tests/mediacapture-streams/MediaStream-default-feature-policy.https.html [ DumpJSConsoleLogInStdErr ]
 
 # These fetch tests are flaky or fail.

trunk/LayoutTests/fullscreen/full-screen-enabled-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: line 56: Feature policy 'Fullscreen' check failed for iframe with origin '' and allow attribute 'fullscreen 'none''.
 This tests the fullscreenEnabled property laid out in section 4 of the W3C Full Screen API
 EXPECTED (iframe.contentDocument.webkitFullscreenEnabled == 'true') OK

trunk/LayoutTests/fullscreen/full-screen-enabled-prefixed-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: line 56: Feature policy 'Fullscreen' check failed for iframe with origin '' and allow attribute 'fullscreen 'none''.
 This tests the fullscreenEnabled property laid out in section 4 of the W3C Full Screen API
 EXPECTED (iframe.contentDocument.webkitFullscreenEnabled == 'true') OK

trunk/LayoutTests/fullscreen/full-screen-iframe-not-allowed-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Feature policy 'Fullscreen' check failed for iframe with origin '' and allow attribute 'fullscreen 'none''.
 Test for bug 56264: Handle entering full screen security restrictions
 

trunk/LayoutTests/fullscreen/full-screen-iframe-without-allow-attribute-allowed-from-parent-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: line 1: Feature policy 'Fullscreen' check failed for iframe with origin 'null' and allow attribute ''.
 Test entering full screen security restrictions. An iframe without an allow attribute is still permitted to fullscreen if the request comes from the containing document.
 

trunk/LayoutTests/fullscreen/full-screen-restrictions-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Feature policy 'Fullscreen' check failed for iframe with origin '' and allow attribute 'fullscreen 'none''.
 This tests the restrictions to entering full screen mode laid out in section 4.1 of the W3C Full Screen API
 "The context object is not in a document."

trunk/LayoutTests/http/tests/fullscreen/fullscreen-feature-policy-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: line 9: Feature policy 'Fullscreen' check failed for iframe with origin 'http://localhost:8000' and allow attribute ''.
+CONSOLE MESSAGE: line 9: Feature policy 'Fullscreen' check failed for iframe with origin 'http://localhost:8000' and allow attribute 'fullscreen 'none''.
+CONSOLE MESSAGE: line 9: Feature policy 'Fullscreen' check failed for iframe with origin 'http://127.0.0.1:8000' and allow attribute 'fullscreen 'none''.
+CONSOLE MESSAGE: line 9: Feature policy 'Fullscreen' check failed for iframe with origin 'http://localhost:8000' and allow attribute 'fullscreen 'self''.
+CONSOLE MESSAGE: line 9: Feature policy 'Fullscreen' check failed for iframe with origin 'http://127.0.0.1:8000' and allow attribute 'fullscreen http://localhost:8000'.
+CONSOLE MESSAGE: line 9: Feature policy 'Fullscreen' check failed for iframe with origin 'http://localhost:8000' and allow attribute 'fullscreen 'none''.
+CONSOLE MESSAGE: line 9: Feature policy 'Fullscreen' check failed for iframe with origin 'http://127.0.0.1:8000' and allow attribute 'fullscreen 'none''.
+CONSOLE MESSAGE: line 9: Feature policy 'Fullscreen' check failed for iframe with origin 'http://localhost:8000' and allow attribute 'fullscreen 'self''.
+CONSOLE MESSAGE: line 9: Feature policy 'Fullscreen' check failed for iframe with origin 'http://localhost:8000' and allow attribute 'fullscreen 'none''.
+CONSOLE MESSAGE: line 9: Feature policy 'Fullscreen' check failed for iframe with origin 'http://127.0.0.1:8000' and allow attribute 'fullscreen 'none''.
+CONSOLE MESSAGE: line 9: Feature policy 'Fullscreen' check failed for iframe with origin 'http://localhost:8000' and allow attribute 'fullscreen 'self''.
 PASS iframe with src="http://loc..." should have document.webkitFullscreenEnabled === false.
 PASS iframe with src="../resourc..." should have document.webkitFullscreenEnabled === true.

trunk/LayoutTests/http/tests/media/media-stream/enumerate-devices-iframe-allow-attribute-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: line 4: Trying to call enumerateDevices from a frame without correct 'allow' attribute.
+CONSOLE MESSAGE: line 4: Feature policy 'Camera' check failed for iframe with origin 'http://localhost:8000' and allow attribute ''.
+CONSOLE MESSAGE: line 4: Feature policy 'Microphone' check failed for iframe with origin 'http://localhost:8000' and allow attribute ''.
+CONSOLE MESSAGE: line 4: Not allowed to call enumerateDevices.
       
 PASS: "allow" attribute respected in all iframes

trunk/LayoutTests/http/tests/media/media-stream/get-display-media-iframe-allow-attribute-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: line 6: Trying to call getDisplayMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 6: Trying to call getDisplayMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 6: Trying to call getDisplayMedia from a frame without correct 'allow' attribute.
      
 

trunk/LayoutTests/http/tests/media/media-stream/get-display-media-iframe-allow-attribute.html

@@ -1 @@
-<!doctype html>
+<!doctype html><!-- webkit-test-runner [ dumpJSConsoleLogInStdErr=true ] -->
 <html>
 <script src="../../../../resources/js-test-pre.js"></script>

trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: line 52: Trying to call getUserMedia from a frame without correct 'allow' attribute.
+CONSOLE MESSAGE: line 52: Feature policy 'Microphone' check failed for iframe with origin 'https://localhost:8443' and allow attribute ''.
+CONSOLE MESSAGE: line 52: Not allowed to call getUserMedia.
 Tests that getUserMedia fails when the top level document and iframe do not have the same domain.
 

trunk/LayoutTests/http/tests/ssl/media-stream/get-user-media-nested-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: line 52: Trying to call getUserMedia from a frame without correct 'allow' attribute.
+CONSOLE MESSAGE: line 52: Feature policy 'Microphone' check failed for iframe with origin 'https://localhost:8443' and allow attribute ''.
+CONSOLE MESSAGE: line 52: Not allowed to call getUserMedia.
 Tests that getUserMedia fails when the top level document and iframe do not have the same domain.
 

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2020-02-04  youenn fablet  <youenn@apple.com>
+
+        MediaDevices should handle changes of iframe allow attribute value
+        https://bugs.webkit.org/show_bug.cgi?id=207112
+
+        Reviewed by Eric Carlson.
+
+        * web-platform-tests/mediacapture-streams/MediaStream-default-feature-policy.https-expected.txt:
+        * web-platform-tests/mediacapture-streams/MediaStream-feature-policy-none.https-expected.txt:
+
 2020-02-02  Rob Buis  <rbuis@igalia.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/mediacapture-streams/MediaStream-default-feature-policy.https-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: line 13: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 13: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 13: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 13: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 13: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 13: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 13: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 13: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 13: Trying to call getUserMedia from a frame without correct 'allow' attribute.
 
 

trunk/LayoutTests/imported/w3c/web-platform-tests/mediacapture-streams/MediaStream-feature-policy-none.https-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: line 43: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 49: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 37: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 43: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 49: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 37: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 49: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 37: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 43: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 49: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 37: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 49: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 37: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 49: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 43: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 49: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 37: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 49: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 43: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 49: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 43: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 49: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 43: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 49: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 37: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 49: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 43: Trying to call getUserMedia from a frame without correct 'allow' attribute.
-CONSOLE MESSAGE: line 49: Trying to call getUserMedia from a frame without correct 'allow' attribute.
+CONSOLE MESSAGE: line 43: Feature policy 'Camera' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'camera 'none''.
+CONSOLE MESSAGE: line 43: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 49: Feature policy 'Camera' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'camera 'none''.
+CONSOLE MESSAGE: line 49: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 37: Feature policy 'Microphone' check failed for iframe with origin 'https://127.0.0.1:9443' and allow attribute 'camera 'none''.
+CONSOLE MESSAGE: line 37: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 43: Feature policy 'Camera' check failed for iframe with origin 'https://127.0.0.1:9443' and allow attribute 'camera 'none''.
+CONSOLE MESSAGE: line 43: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 49: Feature policy 'Microphone' check failed for iframe with origin 'https://127.0.0.1:9443' and allow attribute 'camera 'none''.
+CONSOLE MESSAGE: line 49: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 37: Feature policy 'Microphone' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'microphone 'none''.
+CONSOLE MESSAGE: line 37: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 49: Feature policy 'Microphone' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'microphone 'none''.
+CONSOLE MESSAGE: line 49: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 37: Feature policy 'Microphone' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'microphone 'none';camera 'none''.
+CONSOLE MESSAGE: line 37: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 43: Feature policy 'Camera' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'microphone 'none';camera 'none''.
+CONSOLE MESSAGE: line 43: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 49: Feature policy 'Microphone' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'microphone 'none';camera 'none''.
+CONSOLE MESSAGE: line 49: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 37: Feature policy 'Microphone' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'camera *;microphone 'none''.
+CONSOLE MESSAGE: line 37: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 49: Feature policy 'Microphone' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'camera *;microphone 'none''.
+CONSOLE MESSAGE: line 49: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 37: Feature policy 'Microphone' check failed for iframe with origin 'https://127.0.0.1:9443' and allow attribute 'camera *;microphone 'none''.
+CONSOLE MESSAGE: line 37: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 49: Feature policy 'Microphone' check failed for iframe with origin 'https://127.0.0.1:9443' and allow attribute 'camera *;microphone 'none''.
+CONSOLE MESSAGE: line 49: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 43: Feature policy 'Camera' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'camera 'none';microphone *'.
+CONSOLE MESSAGE: line 43: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 49: Feature policy 'Camera' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'camera 'none';microphone *'.
+CONSOLE MESSAGE: line 49: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 37: Feature policy 'Microphone' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'microphone *; microphone 'none''.
+CONSOLE MESSAGE: line 37: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 49: Feature policy 'Microphone' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'microphone *; microphone 'none''.
+CONSOLE MESSAGE: line 49: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 43: Feature policy 'Camera' check failed for iframe with origin 'https://127.0.0.1:9443' and allow attribute 'microphone *; camera 'self''.
+CONSOLE MESSAGE: line 43: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 49: Feature policy 'Camera' check failed for iframe with origin 'https://127.0.0.1:9443' and allow attribute 'microphone *; camera 'self''.
+CONSOLE MESSAGE: line 49: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 43: Feature policy 'Camera' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'microphone *; camera http:/example.org self'.
+CONSOLE MESSAGE: line 43: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 49: Feature policy 'Camera' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'microphone *; camera http:/example.org self'.
+CONSOLE MESSAGE: line 49: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 43: Feature policy 'Camera' check failed for iframe with origin 'https://127.0.0.1:9443' and allow attribute 'microphone *; camera http:/example.org 'self''.
+CONSOLE MESSAGE: line 43: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 49: Feature policy 'Camera' check failed for iframe with origin 'https://127.0.0.1:9443' and allow attribute 'microphone *; camera http:/example.org 'self''.
+CONSOLE MESSAGE: line 49: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 37: Feature policy 'Microphone' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'microphone https://127.0.0.1:9443'.
+CONSOLE MESSAGE: line 37: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 49: Feature policy 'Microphone' check failed for iframe with origin 'https://localhost:9443' and allow attribute 'microphone https://127.0.0.1:9443'.
+CONSOLE MESSAGE: line 49: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 43: Feature policy 'Camera' check failed for iframe with origin 'https://127.0.0.1:9443' and allow attribute 'microphone https://127.0.0.1:9443'.
+CONSOLE MESSAGE: line 43: Not allowed to call getUserMedia.
+CONSOLE MESSAGE: line 49: Feature policy 'Camera' check failed for iframe with origin 'https://127.0.0.1:9443' and allow attribute 'microphone https://127.0.0.1:9443'.
+CONSOLE MESSAGE: line 49: Not allowed to call getUserMedia.
 
 PASS "camera 'none'" - same origin iframe 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2020-02-04  youenn fablet  <youenn@apple.com>
+
+        MediaDevices should handle changes of iframe allow attribute value
+        https://bugs.webkit.org/show_bug.cgi?id=207112
+
+        Reviewed by Eric Carlson.
+
+        MediaDevices was computing whether it could access camera or microphone at creation time.
+        Since the iframe allow attribute can be modified, we cannot do that.
+        Instead, we get the feature policy everytime this is needed.
+
+        Refactor code to use the newly added routine to check for feature policy.
+        Update logging to give origin and allow attribute value of the frame that fail the feature policy check.
+
+        Test: http/tests/webrtc/enumerateDevicesInFrames.html
+
+        * Modules/mediastream/MediaDevices.cpp:
+        (WebCore::MediaDevices::MediaDevices):
+        (WebCore::MediaDevices::refreshDevices):
+        (WebCore::MediaDevices::enumerateDevices):
+        (WebCore::MediaDevices::listenForDeviceChanges):
+        * Modules/mediastream/MediaDevices.h:
+        * Modules/mediastream/UserMediaController.cpp:
+        (WebCore::UserMediaController::logGetUserMediaDenial):
+        (WebCore::UserMediaController::logGetDisplayMediaDenial):
+        (WebCore::UserMediaController::logEnumerateDevicesDenial):
+        * Modules/mediastream/UserMediaController.h:
+        * Modules/mediastream/UserMediaRequest.cpp:
+        (WebCore::UserMediaRequest::start):
+        * html/FeaturePolicy.cpp:
+        (WebCore::policyTypeName):
+        (WebCore::isFeaturePolicyAllowedByDocumentAndAllOwners):
+        * html/FeaturePolicy.h:
+        * page/DOMWindow.cpp:
+        (WebCore::DOMWindow::printErrorMessage const):
+        * page/DOMWindow.h:
+
 2020-02-03  Fujii Hironori  <Hironori.Fujii@sony.com>
 

trunk/Source/WebCore/Modules/mediastream/MediaDevices.cpp

@@ -63 +63 @@
     static_assert(static_cast<size_t>(MediaDevices::DisplayCaptureSurfaceType::Application) == static_cast<size_t>(RealtimeMediaSourceSettings::DisplaySurfaceType::Application), "MediaDevices::DisplayCaptureSurfaceType::Application is not RealtimeMediaSourceSettings::DisplaySurfaceType::Application as expected");
     static_assert(static_cast<size_t>(MediaDevices::DisplayCaptureSurfaceType::Browser) == static_cast<size_t>(RealtimeMediaSourceSettings::DisplaySurfaceType::Browser), "MediaDevices::DisplayCaptureSurfaceType::Browser is not RealtimeMediaSourceSettings::DisplaySurfaceType::Browser as expected");
-
-    if (auto* controller = UserMediaController::from(document.page())) {
-        m_canAccessCamera = controller->canCallGetUserMedia(document, { UserMediaController::CaptureType::Camera }) == UserMediaController::GetUserMediaAccess::CanCall;
-        m_canAccessMicrophone = controller->canCallGetUserMedia(document, { UserMediaController::CaptureType::Microphone }) == UserMediaController::GetUserMediaAccess::CanCall;
-    }
 }
 
@@ -161 +156 @@
 }
 
+static inline bool checkCameraAccess(const Document& document)
+{
+    return isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::Camera, document, LogFeaturePolicyFailure::No);
+}
+
+static inline bool checkMicrophoneAccess(const Document& document)
+{
+    return isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::Microphone, document, LogFeaturePolicyFailure::No);
+}
+
 void MediaDevices::refreshDevices(const Vector<CaptureDevice>& newDevices)
 {
+    auto* document = this->document();
+    if (!document)
+        return;
+
+    bool canAccessCamera = checkCameraAccess(*document);
+    bool canAccessMicrophone = checkMicrophoneAccess(*document);
+
     Vector<Ref<MediaDeviceInfo>> devices;
     for (auto& newDevice : newDevices) {
-        if (!m_canAccessMicrophone && newDevice.type() == CaptureDevice::DeviceType::Microphone)
+        if (!canAccessMicrophone && newDevice.type() == CaptureDevice::DeviceType::Microphone)
             continue;
-        if (!m_canAccessCamera && newDevice.type() == CaptureDevice::DeviceType::Camera)
+        if (!canAccessCamera && newDevice.type() == CaptureDevice::DeviceType::Camera)
             continue;
 
@@ -195 +207 @@
         return;
     }
-    if (!m_canAccessCamera && !m_canAccessMicrophone) {
-        controller->logGetUserMediaDenial(*document, UserMediaController::GetUserMediaAccess::BlockedByFeaturePolicy, UserMediaController::BlockedCaller::EnumerateDevices);
+
+    if (!checkCameraAccess(*document) && !checkMicrophoneAccess(*document)) {
+        controller->logEnumerateDevicesDenial(*document);
         promise.resolve({ });
         return;
@@ -248 +261 @@
 void MediaDevices::listenForDeviceChanges()
 {
-    if (m_listeningForDeviceChanges || (!m_canAccessCamera && !m_canAccessMicrophone))
-        return;
-
-    m_listeningForDeviceChanges = true;
-
     auto* document = this->document();
     auto* controller = document ? UserMediaController::from(document->page()) : nullptr;
     if (!controller)
         return;
+
+    bool canAccessCamera = isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::Camera, *document, LogFeaturePolicyFailure::No);
+    bool canAccessMicrophone = isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::Microphone, *document, LogFeaturePolicyFailure::No);
+
+    if (m_listeningForDeviceChanges || (!canAccessCamera && !canAccessMicrophone))
+        return;
+
+    m_listeningForDeviceChanges = true;
 
     m_deviceChangeToken = controller->addDeviceChangeObserver([weakThis = makeWeakPtr(*this), this]() {

trunk/Source/WebCore/Modules/mediastream/MediaDevices.h

@@ -122 +122 @@
 
     Vector<Ref<MediaDeviceInfo>> m_devices;
-    bool m_canAccessCamera { false };
-    bool m_canAccessMicrophone { false };
 
     OptionSet<GestureAllowedRequest> m_requestTypesForCurrentGesture;

trunk/Source/WebCore/Modules/mediastream/UserMediaController.cpp

@@ -29 +29 @@
 #if ENABLE(MEDIA_STREAM)
 
-#include "CustomHeaderFields.h"
 #include "DOMWindow.h"
 #include "Document.h"
-#include "DocumentLoader.h"
 #include "Frame.h"
 #include "HTMLIFrameElement.h"
-#include "HTMLParserIdioms.h"
-#include "LegacySchemeRegistry.h"
-#include "Settings.h"
 #include "UserMediaRequest.h"
 
@@ -62 +57 @@
 }
 
-static inline bool isAllowedByFeaturePolicy(const FeaturePolicy& featurePolicy, const SecurityOriginData& origin, OptionSet<UserMediaController::CaptureType> types)
+void UserMediaController::logGetUserMediaDenial(Document& document)
 {
-    if ((types & UserMediaController::CaptureType::Camera) && !featurePolicy.allows(FeaturePolicy::Type::Camera, origin))
-        return false;
-
-    if ((types & UserMediaController::CaptureType::Microphone) && !featurePolicy.allows(FeaturePolicy::Type::Microphone, origin))
-        return false;
-
-    if ((types & UserMediaController::CaptureType::Display) && !featurePolicy.allows(FeaturePolicy::Type::DisplayCapture, origin))
-        return false;
-
-    return true;
+    if (auto* window = document.domWindow())
+        window->printErrorMessage(makeString("Not allowed to call getUserMedia."));
 }
 
-static UserMediaController::GetUserMediaAccess isAllowedToUse(const Document& document, const Document& topDocument, OptionSet<UserMediaController::CaptureType> types)
+void UserMediaController::logGetDisplayMediaDenial(Document& document)
 {
-    if (&document == &topDocument)
-        return UserMediaController::GetUserMediaAccess::CanCall;
-
-    auto* parentDocument = document.parentDocument();
-    if (!parentDocument)
-        return UserMediaController::GetUserMediaAccess::BlockedByParent;
-
-    auto* element = document.ownerElement();
-    ASSERT(element);
-    if (!element || !is<HTMLIFrameElement>(*element))
-        return UserMediaController::GetUserMediaAccess::BlockedByParent;
-
-    auto& featurePolicy = downcast<HTMLIFrameElement>(*element).featurePolicy();
-    if (isAllowedByFeaturePolicy(featurePolicy, document.securityOrigin().data(), types))
-        return UserMediaController::GetUserMediaAccess::CanCall;
-
-    return UserMediaController::GetUserMediaAccess::BlockedByFeaturePolicy;
+    if (auto* window = document.domWindow())
+        window->printErrorMessage(makeString("Not allowed to call getDisplayMedia."));
 }
 
-UserMediaController::GetUserMediaAccess UserMediaController::canCallGetUserMedia(const Document& document, OptionSet<UserMediaController::CaptureType> types) const
+void UserMediaController::logEnumerateDevicesDenial(Document& document)
 {
-    ASSERT(!types.isEmpty());
-
-    auto& topDocument = document.topDocument();
-    if (&document != &topDocument) {
-        for (auto* ancestorDocument = &document; ancestorDocument != &topDocument; ancestorDocument = ancestorDocument->parentDocument()) {
-            auto status = isAllowedToUse(*ancestorDocument, topDocument, types);
-            if (status != GetUserMediaAccess::CanCall)
-                return status;
-        }
-    }
-
-    return GetUserMediaAccess::CanCall;
-}
-
-void UserMediaController::logGetUserMediaDenial(Document& document, GetUserMediaAccess access, BlockedCaller caller)
-{
-    auto& domWindow = *document.domWindow();
-    const char* callerName;
-
-    switch (caller) {
-    case BlockedCaller::GetUserMedia:
-        callerName = "getUserMedia";
-        break;
-    case BlockedCaller::GetDisplayMedia:
-        callerName = "getDisplayMedia";
-        break;
-    case BlockedCaller::EnumerateDevices:
-        callerName = "enumerateDevices";
-        break;
-    }
-
-    switch (access) {
-    case UserMediaController::GetUserMediaAccess::BlockedByParent:
-        domWindow.printErrorMessage(makeString("The top-level frame has prevented a document with a different security origin from calling ", callerName, "."));
-        break;
-    case GetUserMediaAccess::BlockedByFeaturePolicy:
-        domWindow.printErrorMessage(makeString("Trying to call ", callerName, " from a frame without correct 'allow' attribute."));
-        break;
-    case UserMediaController::GetUserMediaAccess::CanCall:
-        break;
-    }
+    // We redo the check to print to the console log.
+    isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::Camera, document, LogFeaturePolicyFailure::Yes);
+    isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::Microphone, document, LogFeaturePolicyFailure::Yes);
+    if (auto* window = document.domWindow())
+        window->printErrorMessage(makeString("Not allowed to call enumerateDevices."));
 }
 

trunk/Source/WebCore/Modules/mediastream/UserMediaController.h

@@ -28 +28 @@
 #if ENABLE(MEDIA_STREAM)
 
+#include "FeaturePolicy.h"
 #include "Page.h"
 #include "UserMediaClient.h"
@@ -52 +53 @@
     void removeDeviceChangeObserver(UserMediaClient::DeviceChangeObserverToken);
 
-    enum class GetUserMediaAccess {
-        CanCall,
-        BlockedByParent,
-        BlockedByFeaturePolicy,
-    };
-    enum class CaptureType {
-        Microphone = 1 << 0,
-        Camera = 1 << 1,
-        Display = 1 << 3
-    };
-    GetUserMediaAccess canCallGetUserMedia(const Document&, OptionSet<CaptureType>) const;
-
-    enum class BlockedCaller {
-        GetUserMedia,
-        GetDisplayMedia,
-        EnumerateDevices,
-    };
-    void logGetUserMediaDenial(Document&, GetUserMediaAccess, BlockedCaller);
+    void logGetUserMediaDenial(Document&);
+    void logGetDisplayMediaDenial(Document&);
+    void logEnumerateDevicesDenial(Document&);
 
     WEBCORE_EXPORT static const char* supplementName();

trunk/Source/WebCore/Modules/mediastream/UserMediaRequest.cpp

@@ -199 +199 @@
     //      the value NotAllowedError.
 
-    OptionSet<UserMediaController::CaptureType> types;
-    UserMediaController::BlockedCaller caller;
-    if (m_request.type == MediaStreamRequest::Type::DisplayMedia) {
-        types.add(UserMediaController::CaptureType::Display);
-        caller = UserMediaController::BlockedCaller::GetDisplayMedia;
-    } else {
-        if (m_request.audioConstraints.isValid)
-            types.add(UserMediaController::CaptureType::Microphone);
-        if (m_request.videoConstraints.isValid)
-            types.add(UserMediaController::CaptureType::Camera);
-        caller = UserMediaController::BlockedCaller::GetUserMedia;
-    }
-    auto access = controller->canCallGetUserMedia(document, types);
-    if (access != UserMediaController::GetUserMediaAccess::CanCall) {
-        deny(MediaAccessDenialReason::PermissionDenied);
-        controller->logGetUserMediaDenial(document, access, caller);
-        return;
+    switch (m_request.type) {
+    case MediaStreamRequest::Type::DisplayMedia:
+        if (!isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::DisplayCapture, document)) {
+            deny(MediaAccessDenialReason::PermissionDenied);
+            controller->logGetDisplayMediaDenial(document);
+            return;
+        }
+        break;
+    case MediaStreamRequest::Type::UserMedia:
+        if (m_request.audioConstraints.isValid && !isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::Microphone, document)) {
+            deny(MediaAccessDenialReason::PermissionDenied);
+            controller->logGetUserMediaDenial(document);
+            return;
+        }
+        if (m_request.videoConstraints.isValid && !isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::Camera, document)) {
+            deny(MediaAccessDenialReason::PermissionDenied);
+            controller->logGetUserMediaDenial(document);
+            return;
+        }
+        break;
     }
 

trunk/Source/WebCore/html/FeaturePolicy.cpp

@@ -27 +27 @@
 #include "FeaturePolicy.h"
 
+#include "DOMWindow.h"
 #include "Document.h"
 #include "HTMLIFrameElement.h"
@@ -37 +38 @@
 using namespace HTMLNames;
 
-bool isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type type, const Document& document)
+static const char* policyTypeName(FeaturePolicy::Type type)
+{
+    switch (type) {
+    case FeaturePolicy::Type::Camera:
+        return "Camera";
+    case FeaturePolicy::Type::Microphone:
+        return "Microphone";
+    case FeaturePolicy::Type::DisplayCapture:
+        return "DisplayCapture";
+    case FeaturePolicy::Type::SyncXHR:
+        return "SyncXHR";
+    case FeaturePolicy::Type::Fullscreen:
+        return "Fullscreen";
+    }
+    ASSERT_NOT_REACHED();
+    return "";
+}
+
+bool isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type type, const Document& document, LogFeaturePolicyFailure logFailure)
 {
     auto& topDocument = document.topDocument();
     auto* ancestorDocument = &document;
     while (ancestorDocument != &topDocument) {
-        if (!ancestorDocument)
+        if (!ancestorDocument) {
+            if (logFailure == LogFeaturePolicyFailure::Yes && document.domWindow())
+                document.domWindow()->printErrorMessage(makeString("Feature policy '", policyTypeName(type), "' check failed."));
             return false;
+        }
 
         auto* ownerElement = ancestorDocument->ownerElement();
         if (is<HTMLIFrameElement>(ownerElement)) {
             const auto& featurePolicy = downcast<HTMLIFrameElement>(ownerElement)->featurePolicy();
-            if (!featurePolicy.allows(type, ancestorDocument->securityOrigin().data()))
+            if (!featurePolicy.allows(type, ancestorDocument->securityOrigin().data())) {
+                if (logFailure == LogFeaturePolicyFailure::Yes && document.domWindow()) {
+                    auto& allowValue = downcast<HTMLIFrameElement>(ownerElement)->attributeWithoutSynchronization(HTMLNames::allowAttr);
+                    document.domWindow()->printErrorMessage(makeString("Feature policy '", policyTypeName(type), "' check failed for iframe with origin '", document.securityOrigin().toString(), "' and allow attribute '", allowValue, "'."));
+                }
                 return false;
+            }
         }
 

trunk/Source/WebCore/html/FeaturePolicy.h

@@ -56 +56 @@
 };
 
-extern bool isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type, const Document&);
+enum class LogFeaturePolicyFailure { No, Yes };
+extern bool isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type, const Document&, LogFeaturePolicyFailure = LogFeaturePolicyFailure::Yes);
 
 } // namespace WebCore

trunk/Source/WebCore/page/DOMWindow.cpp

@@ -2369 +2369 @@
 }
 
-void DOMWindow::printErrorMessage(const String& message)
+void DOMWindow::printErrorMessage(const String& message) const
 {
     if (message.isEmpty())

trunk/Source/WebCore/page/DOMWindow.h

@@ -267 +267 @@
     PageConsoleClient* console() const;
 
-    void printErrorMessage(const String&);
+    void printErrorMessage(const String&) const;
 
     String crossDomainAccessErrorMessage(const DOMWindow& activeWindow, IncludeTargetOrigin);