| // Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "media/mojo/services/cdm_service.h" |
| |
| #include "base/logging.h" |
| #include "media/base/cdm_factory.h" |
| #include "media/cdm/cdm_module.h" |
| #include "media/media_buildflags.h" |
| #include "media/mojo/services/mojo_cdm_service.h" |
| #include "media/mojo/services/mojo_cdm_service_context.h" |
| #include "services/service_manager/public/cpp/connector.h" |
| #include "services/service_manager/public/cpp/service_context.h" |
| |
| #if defined(OS_MACOSX) |
| #include <vector> |
| #include "sandbox/mac/seatbelt_extension.h" |
| #endif // defined(OS_MACOSX) |
| |
| namespace media { |
| |
| namespace { |
| |
| using service_manager::ServiceContextRef; |
| |
| constexpr base::TimeDelta kServiceContextRefReleaseDelay = |
| base::TimeDelta::FromSeconds(5); |
| |
| void DeleteServiceContextRef(ServiceContextRef* ref) { |
| delete ref; |
| } |
| |
| // Starting a new process and loading the library CDM could be expensive. This |
| // class helps delay the release of ServiceContextRef by |
| // |kServiceContextRefReleaseDelay|, which will ultimately delay CdmService |
| // destruction by the same delay as well. This helps reduce the chance of |
| // destroying the CdmService and immediately creates it (in another process) in |
| // cases like navigation, which could cause long service connection delays. |
| class DelayedReleaseServiceContextRef : public ServiceContextRef { |
| public: |
| DelayedReleaseServiceContextRef(std::unique_ptr<ServiceContextRef> ref, |
| base::TimeDelta delay) |
| : ref_(std::move(ref)), |
| delay_(delay), |
| task_runner_(base::ThreadTaskRunnerHandle::Get()) { |
| DCHECK_GT(delay_, base::TimeDelta()); |
| } |
| |
| ~DelayedReleaseServiceContextRef() override { |
| service_manager::ServiceContextRef* ref_ptr = ref_.release(); |
| if (!task_runner_->PostNonNestableDelayedTask( |
| FROM_HERE, base::BindOnce(&DeleteServiceContextRef, ref_ptr), |
| delay_)) { |
| DeleteServiceContextRef(ref_ptr); |
| } |
| } |
| |
| // ServiceContextRef implementation. |
| std::unique_ptr<ServiceContextRef> Clone() override { |
| NOTIMPLEMENTED(); |
| return nullptr; |
| } |
| |
| private: |
| std::unique_ptr<ServiceContextRef> ref_; |
| base::TimeDelta delay_; |
| scoped_refptr<base::SingleThreadTaskRunner> task_runner_; |
| |
| DISALLOW_COPY_AND_ASSIGN(DelayedReleaseServiceContextRef); |
| }; |
| |
| // Implementation of mojom::CdmFactory that creates and hosts MojoCdmServices |
| // which then host CDMs created by the media::CdmFactory provided by the |
| // CdmService::Client. |
| // |
| // Lifetime Note: |
| // 1. CdmFactoryImpl instances are owned by a DeferredDestroyStrongBindingSet |
| // directly, which is owned by CdmService. |
| // 2. Note that CdmFactoryImpl also holds a ServiceContextRef to the CdmService. |
| // 3. CdmFactoryImpl is destroyed in any of the following two cases: |
| // - CdmService is destroyed. Because of (2) this should not happen except for |
| // during browser shutdown, when the ServiceContext could be destroyed |
| // directly which will then destroy CdmService, ignoring any outstanding |
| // ServiceContextRefs. |
| // - mojo::CdmFactory connection error happens, AND CdmFactoryImpl doesn't own |
| // any CDMs (|cdm_bindings_| is empty). This is to prevent destroying the |
| // CDMs too early (e.g. during page navigation) which could cause errors |
| // (session closed) on the client side. See https://crbug.com/821171 for |
| // details. |
| class CdmFactoryImpl : public DeferredDestroy<mojom::CdmFactory> { |
| public: |
| CdmFactoryImpl(CdmService::Client* client, |
| service_manager::mojom::InterfaceProviderPtr interfaces, |
| std::unique_ptr<ServiceContextRef> service_context_ref) |
| : client_(client), |
| interfaces_(std::move(interfaces)), |
| service_context_ref_(std::move(service_context_ref)) { |
| DVLOG(1) << __func__; |
| |
| // base::Unretained is safe because |cdm_bindings_| is owned by |this|. If |
| // |this| is destructed, |cdm_bindings_| will be destructed as well and the |
| // error handler should never be called. |
| cdm_bindings_.set_connection_error_handler(base::BindRepeating( |
| &CdmFactoryImpl::OnBindingConnectionError, base::Unretained(this))); |
| } |
| |
| ~CdmFactoryImpl() final { DVLOG(1) << __func__; } |
| |
| // mojom::CdmFactory implementation. |
| void CreateCdm(const std::string& key_system, |
| mojom::ContentDecryptionModuleRequest request) final { |
| DVLOG(2) << __func__; |
| |
| auto* cdm_factory = GetCdmFactory(); |
| if (!cdm_factory) |
| return; |
| |
| cdm_bindings_.AddBinding( |
| std::make_unique<MojoCdmService>(cdm_factory, &cdm_service_context_), |
| std::move(request)); |
| } |
| |
| // DeferredDestroy<mojom::CdmFactory> implemenation. |
| void OnDestroyPending(base::OnceClosure destroy_cb) final { |
| destroy_cb_ = std::move(destroy_cb); |
| if (cdm_bindings_.empty()) |
| std::move(destroy_cb_).Run(); |
| // else the callback will be called when |cdm_bindings_| become empty. |
| } |
| |
| private: |
| media::CdmFactory* GetCdmFactory() { |
| if (!cdm_factory_) { |
| cdm_factory_ = client_->CreateCdmFactory(interfaces_.get()); |
| DLOG_IF(ERROR, !cdm_factory_) << "CdmFactory not available."; |
| } |
| return cdm_factory_.get(); |
| } |
| |
| void OnBindingConnectionError() { |
| if (destroy_cb_ && cdm_bindings_.empty()) |
| std::move(destroy_cb_).Run(); |
| } |
| |
| // Must be declared before the bindings below because the bound objects might |
| // take a raw pointer of |cdm_service_context_| and assume it's always |
| // available. |
| MojoCdmServiceContext cdm_service_context_; |
| |
| CdmService::Client* client_; |
| service_manager::mojom::InterfaceProviderPtr interfaces_; |
| mojo::StrongBindingSet<mojom::ContentDecryptionModule> cdm_bindings_; |
| std::unique_ptr<ServiceContextRef> service_context_ref_; |
| std::unique_ptr<media::CdmFactory> cdm_factory_; |
| base::OnceClosure destroy_cb_; |
| |
| DISALLOW_COPY_AND_ASSIGN(CdmFactoryImpl); |
| }; |
| |
| } // namespace |
| |
| CdmService::CdmService(std::unique_ptr<Client> client) |
| : client_(std::move(client)), |
| service_release_delay_(kServiceContextRefReleaseDelay) { |
| DVLOG(1) << __func__; |
| DCHECK(client_); |
| registry_.AddInterface<mojom::CdmService>( |
| base::BindRepeating(&CdmService::Create, base::Unretained(this))); |
| } |
| |
| CdmService::~CdmService() { |
| DVLOG(1) << __func__; |
| } |
| |
| void CdmService::OnStart() { |
| DVLOG(1) << __func__; |
| |
| ref_factory_.reset(new service_manager::ServiceContextRefFactory( |
| context()->CreateQuitClosure())); |
| } |
| |
| void CdmService::OnBindInterface( |
| const service_manager::BindSourceInfo& source_info, |
| const std::string& interface_name, |
| mojo::ScopedMessagePipeHandle interface_pipe) { |
| DVLOG(1) << __func__ << ": interface_name = " << interface_name; |
| |
| registry_.BindInterface(interface_name, std::move(interface_pipe)); |
| } |
| |
| bool CdmService::OnServiceManagerConnectionLost() { |
| cdm_factory_bindings_.CloseAllBindings(); |
| client_.reset(); |
| return true; |
| } |
| |
| void CdmService::Create(mojom::CdmServiceRequest request) { |
| bindings_.AddBinding(this, std::move(request)); |
| } |
| |
| #if defined(OS_MACOSX) |
| void CdmService::LoadCdm( |
| const base::FilePath& cdm_path, |
| mojom::SeatbeltExtensionTokenProviderPtr token_provider) { |
| #else |
| void CdmService::LoadCdm(const base::FilePath& cdm_path) { |
| #endif // defined(OS_MACOSX) |
| DVLOG(1) << __func__ << ": cdm_path = " << cdm_path.value(); |
| |
| // Ignore request if service has already stopped. |
| if (!client_) |
| return; |
| |
| CdmModule* instance = CdmModule::GetInstance(); |
| if (instance->was_initialize_called()) { |
| DCHECK_EQ(cdm_path, instance->GetCdmPath()); |
| return; |
| } |
| |
| #if defined(OS_MACOSX) |
| std::vector<std::unique_ptr<sandbox::SeatbeltExtension>> extensions; |
| |
| if (token_provider) { |
| std::vector<sandbox::SeatbeltExtensionToken> tokens; |
| CHECK(token_provider->GetTokens(&tokens)); |
| |
| for (auto&& token : tokens) { |
| DVLOG(3) << "token: " << token.token(); |
| auto extension = sandbox::SeatbeltExtension::FromToken(std::move(token)); |
| if (!extension->Consume()) { |
| DVLOG(1) << "Failed to consume sandbox seatbelt extension. This could " |
| "happen if --no-sandbox is specified."; |
| } |
| extensions.push_back(std::move(extension)); |
| } |
| } |
| #endif // defined(OS_MACOSX) |
| |
| #if BUILDFLAG(ENABLE_CDM_HOST_VERIFICATION) |
| std::vector<CdmHostFilePath> cdm_host_file_paths; |
| client_->AddCdmHostFilePaths(&cdm_host_file_paths); |
| bool success = instance->Initialize(cdm_path, cdm_host_file_paths); |
| #else |
| bool success = instance->Initialize(cdm_path); |
| #endif // BUILDFLAG(ENABLE_CDM_HOST_VERIFICATION) |
| |
| // This may trigger the sandbox to be sealed. |
| client_->EnsureSandboxed(); |
| |
| #if defined(OS_MACOSX) |
| for (auto&& extension : extensions) |
| extension->Revoke(); |
| #endif // defined(OS_MACOSX) |
| |
| // Always called within the sandbox. |
| if (success) |
| instance->InitializeCdmModule(); |
| } |
| |
| void CdmService::CreateCdmFactory( |
| mojom::CdmFactoryRequest request, |
| service_manager::mojom::InterfaceProviderPtr host_interfaces) { |
| // Ignore request if service has already stopped. |
| if (!client_) |
| return; |
| |
| std::unique_ptr<ServiceContextRef> service_context_ref = |
| service_release_delay_ > base::TimeDelta() |
| ? std::make_unique<DelayedReleaseServiceContextRef>( |
| ref_factory_->CreateRef(), service_release_delay_) |
| : ref_factory_->CreateRef(); |
| |
| cdm_factory_bindings_.AddBinding( |
| std::make_unique<CdmFactoryImpl>(client_.get(), |
| std::move(host_interfaces), |
| std::move(service_context_ref)), |
| std::move(request)); |
| } |
| |
| } // namespace media |
