| // Copyright 2019 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "content/browser/video_capture_service_impl.h" |
| |
| #include "base/no_destructor.h" |
| #include "base/task/thread_pool.h" |
| #include "base/threading/sequence_local_storage_slot.h" |
| #include "base/time/time.h" |
| #include "build/build_config.h" |
| #include "content/public/browser/browser_task_traits.h" |
| #include "content/public/browser/browser_thread.h" |
| #include "content/public/browser/child_process_host.h" |
| #include "content/public/browser/service_process_host.h" |
| #include "content/public/browser/service_process_host_passkeys.h" |
| #include "content/public/browser/video_capture_service.h" |
| #include "content/public/common/content_features.h" |
| #include "content/public/common/content_switches.h" |
| #include "mojo/public/cpp/bindings/receiver_set.h" |
| #include "mojo/public/cpp/bindings/remote.h" |
| #include "mojo/public/cpp/bindings/self_owned_receiver.h" |
| #include "services/video_capture/public/mojom/video_capture_service.mojom.h" |
| #include "services/video_capture/video_capture_service_impl.h" |
| |
| #if BUILDFLAG(IS_WIN) |
| #define CREATE_IN_PROCESS_TASK_RUNNER base::ThreadPool::CreateCOMSTATaskRunner |
| #else |
| #define CREATE_IN_PROCESS_TASK_RUNNER \ |
| base::ThreadPool::CreateSingleThreadTaskRunner |
| #endif |
| |
| namespace content { |
| |
| namespace { |
| |
| std::atomic<bool> g_use_safe_mode(false); |
| |
| } // namespace |
| |
| // Helper class to allow access to class-based passkeys. |
| class VideoCaptureServiceLauncher { |
| public: |
| static void Launch( |
| mojo::PendingReceiver<video_capture::mojom::VideoCaptureService> |
| receiver) { |
| ServiceProcessHost::Options options; |
| options.WithDisplayName("Video Capture"); |
| // TODO(crbug.com/328099369) Remove once gpu client is provided directly. |
| options.WithGpuClient(ServiceProcessHostGpuClient::GetPassKey()); |
| #if BUILDFLAG(IS_MAC) |
| // On Mac, the service requires a CFRunLoop which is provided by a |
| // UI message loop. See https://crbug.com/834581. |
| options.WithExtraCommandLineSwitches({switches::kMessageLoopTypeUi}); |
| if (g_use_safe_mode) { |
| // When safe-mode is enabled, we keep the original entitlements and the |
| // hardened runtime to only load safe DAL plugins and reduce crash risk |
| // from third-party DAL plugins. |
| // As this is not possible to do with unsigned developer builds, we use |
| // an undocumented environment variable that macOS CMIO module checks to |
| // prevent loading any plugins. |
| setenv("CMIO_DAL_Ignore_Standard_PlugIns", "", 1); |
| } else { |
| // On Mac, the service also needs to have a different set of |
| // entitlements, the reason being that some virtual cameras DAL plugins |
| // are not signed or are signed by a different Team ID. Hence, |
| // library validation has to be disabled (see |
| // http://crbug.com/990381#c21). |
| options.WithChildFlags(ChildProcessHost::CHILD_PLUGIN); |
| } |
| #endif |
| #if defined(WEBRTC_USE_PIPEWIRE) |
| // The PipeWire camera implementation in webrtc uses gdbus for portal |
| // handling, so the glib message loop must be used. |
| options.WithExtraCommandLineSwitches({switches::kMessageLoopTypeUi}); |
| #endif |
| |
| ServiceProcessHost::Launch(std::move(receiver), options.Pass()); |
| } |
| }; |
| |
| namespace { |
| |
| video_capture::mojom::VideoCaptureService* g_service_override = nullptr; |
| |
| void BindInProcessInstance( |
| mojo::PendingReceiver<video_capture::mojom::VideoCaptureService> receiver) { |
| static base::NoDestructor<video_capture::VideoCaptureServiceImpl> service( |
| std::move(receiver), GetUIThreadTaskRunner({}), |
| /*create_system_monitor=*/false); |
| } |
| |
| mojo::Remote<video_capture::mojom::VideoCaptureService>& GetUIThreadRemote() { |
| // NOTE: This use of sequence-local storage is only to ensure that the Remote |
| // only lives as long as the UI-thread sequence, since the UI-thread sequence |
| // may be torn down and reinitialized e.g. between unit tests. |
| static base::SequenceLocalStorageSlot< |
| mojo::Remote<video_capture::mojom::VideoCaptureService>> |
| remote_slot; |
| return remote_slot.GetOrCreateValue(); |
| } |
| |
| // This is a custom traits type we use in conjunction with mojo::ReceiverSetBase |
| // so that all dispatched messages can be forwarded to the currently bound UI |
| // thread Remote. |
| struct ForwardingImplRefTraits { |
| using PointerType = void*; |
| static bool IsNull(PointerType) { return false; } |
| static video_capture::mojom::VideoCaptureService* GetRawPointer(PointerType) { |
| return &GetVideoCaptureService(); |
| } |
| }; |
| |
| // If |GetVideoCaptureService()| is called from off the UI thread, return a |
| // sequence-local Remote. Its corresponding receiver will be bound in this set, |
| // forwarding to the current UI-thread Remote. |
| void BindProxyRemoteOnUIThread( |
| mojo::PendingReceiver<video_capture::mojom::VideoCaptureService> receiver) { |
| static base::NoDestructor<mojo::ReceiverSetBase< |
| mojo::Receiver<video_capture::mojom::VideoCaptureService, |
| ForwardingImplRefTraits>, |
| void>> |
| receivers; |
| receivers->Add(nullptr, std::move(receiver)); |
| } |
| |
| } // namespace |
| |
| void EnableVideoCaptureServiceSafeMode() { |
| LOG(WARNING) << "Enabling safe mode VideoCaptureService"; |
| g_use_safe_mode = true; |
| } |
| |
| video_capture::mojom::VideoCaptureService& GetVideoCaptureService() { |
| if (!BrowserThread::CurrentlyOn(BrowserThread::UI)) { |
| static base::SequenceLocalStorageSlot< |
| mojo::Remote<video_capture::mojom::VideoCaptureService>> |
| storage; |
| auto& remote = storage.GetOrCreateValue(); |
| if (!remote.is_bound()) { |
| GetUIThreadTaskRunner({})->PostTask( |
| FROM_HERE, base::BindOnce(&BindProxyRemoteOnUIThread, |
| remote.BindNewPipeAndPassReceiver())); |
| } |
| return *remote.get(); |
| } |
| |
| if (g_service_override) { |
| return *g_service_override; |
| } |
| |
| auto& remote = GetUIThreadRemote(); |
| if (!remote.is_bound()) { |
| auto receiver = remote.BindNewPipeAndPassReceiver(); |
| if (features::IsVideoCaptureServiceEnabledForBrowserProcess()) { |
| auto dedicated_task_runner = CREATE_IN_PROCESS_TASK_RUNNER( |
| {base::MayBlock(), base::WithBaseSyncPrimitives(), |
| base::TaskPriority::BEST_EFFORT}, |
| base::SingleThreadTaskRunnerThreadMode::DEDICATED); |
| dedicated_task_runner->PostTask( |
| FROM_HERE, |
| base::BindOnce(&BindInProcessInstance, std::move(receiver))); |
| } else { |
| // Launch in a utility service. |
| VideoCaptureServiceLauncher::Launch(std::move(receiver)); |
| #if !BUILDFLAG(IS_ANDROID) |
| // On Android, we do not use automatic service shutdown, because when |
| // shutting down the service, we lose caching of the supported formats, |
| // and re-querying these can take several seconds on certain Android |
| // devices. |
| remote.set_idle_handler( |
| base::Seconds(5), |
| base::BindRepeating( |
| [](mojo::Remote<video_capture::mojom::VideoCaptureService>* |
| remote) { remote->reset(); }, |
| &remote)); |
| #endif // !BUILDFLAG(IS_ANDROID) |
| |
| // Make sure the Remote is also reset in case of e.g. service crash so we |
| // can restart it as needed. |
| remote.reset_on_disconnect(); |
| } |
| } |
| |
| return *remote.get(); |
| } |
| |
| void OverrideVideoCaptureServiceForTesting( // IN-TEST |
| video_capture::mojom::VideoCaptureService* service) { |
| g_service_override = service; |
| } |
| |
| } // namespace content |
