| // Copyright 2020 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chromeos/components/cdm_factory_daemon/output_protection_impl.h" |
| |
| #include <utility> |
| |
| #include "ash/shell.h" |
| #include "base/functional/bind.h" |
| #include "base/functional/callback_helpers.h" |
| #include "base/memory/raw_ptr.h" |
| #include "base/metrics/histogram_functions.h" |
| #include "base/metrics/histogram_macros.h" |
| #include "content/public/browser/browser_task_traits.h" |
| #include "content/public/browser/browser_thread.h" |
| #include "mojo/public/cpp/bindings/self_owned_receiver.h" |
| #include "ui/display/manager/display_configurator.h" |
| #include "ui/display/manager/display_manager.h" |
| #include "ui/display/types/display_constants.h" |
| |
| namespace chromeos { |
| namespace { |
| // Make sure the mapping between the Mojo enums and the Chrome enums do not |
| // fall out of sync. |
| #define VALIDATE_ENUM(mojo_type, chrome_type, name) \ |
| static_assert( \ |
| static_cast<uint32_t>(cdm::mojom::OutputProtection::mojo_type::name) == \ |
| display::chrome_type##_##name, \ |
| #chrome_type "_" #name "value doesn't match") |
| |
| VALIDATE_ENUM(ProtectionType, CONTENT_PROTECTION_METHOD, NONE); |
| VALIDATE_ENUM(ProtectionType, CONTENT_PROTECTION_METHOD, HDCP_TYPE_0); |
| VALIDATE_ENUM(ProtectionType, CONTENT_PROTECTION_METHOD, HDCP_TYPE_1); |
| VALIDATE_ENUM(LinkType, DISPLAY_CONNECTION_TYPE, NONE); |
| VALIDATE_ENUM(LinkType, DISPLAY_CONNECTION_TYPE, UNKNOWN); |
| VALIDATE_ENUM(LinkType, DISPLAY_CONNECTION_TYPE, INTERNAL); |
| VALIDATE_ENUM(LinkType, DISPLAY_CONNECTION_TYPE, VGA); |
| VALIDATE_ENUM(LinkType, DISPLAY_CONNECTION_TYPE, HDMI); |
| VALIDATE_ENUM(LinkType, DISPLAY_CONNECTION_TYPE, DVI); |
| VALIDATE_ENUM(LinkType, DISPLAY_CONNECTION_TYPE, DISPLAYPORT); |
| VALIDATE_ENUM(LinkType, DISPLAY_CONNECTION_TYPE, NETWORK); |
| |
| static_assert(display::DISPLAY_CONNECTION_TYPE_LAST == |
| display::DISPLAY_CONNECTION_TYPE_NETWORK, |
| "DISPLAY_CONNECTION_TYPE_LAST value doesn't match"); |
| |
| constexpr uint32_t kUnprotectableConnectionTypes = |
| display::DISPLAY_CONNECTION_TYPE_UNKNOWN | |
| display::DISPLAY_CONNECTION_TYPE_VGA | |
| display::DISPLAY_CONNECTION_TYPE_NETWORK; |
| |
| constexpr uint32_t kProtectableConnectionTypes = |
| display::DISPLAY_CONNECTION_TYPE_HDMI | |
| display::DISPLAY_CONNECTION_TYPE_DVI | |
| display::DISPLAY_CONNECTION_TYPE_DISPLAYPORT; |
| |
| std::vector<int64_t> GetDisplayIdsFromSnapshots( |
| const std::vector<raw_ptr<display::DisplaySnapshot, VectorExperimental>>& |
| snapshots) { |
| std::vector<int64_t> display_ids; |
| for (display::DisplaySnapshot* ds : snapshots) { |
| display_ids.push_back(ds->display_id()); |
| } |
| return display_ids; |
| } |
| |
| cdm::mojom::OutputProtection::ProtectionType ConvertProtection( |
| uint32_t protection_mask) { |
| // Only return Type 1 if that is the only type active since we want to reflect |
| // the overall output security. |
| if ((protection_mask & display::kContentProtectionMethodHdcpAll) == |
| display::CONTENT_PROTECTION_METHOD_HDCP_TYPE_1) { |
| return cdm::mojom::OutputProtection::ProtectionType::HDCP_TYPE_1; |
| } else if (protection_mask & display::CONTENT_PROTECTION_METHOD_HDCP_TYPE_0) { |
| return cdm::mojom::OutputProtection::ProtectionType::HDCP_TYPE_0; |
| } else { |
| return cdm::mojom::OutputProtection::ProtectionType::NONE; |
| } |
| } |
| |
| class DisplaySystemDelegateImpl |
| : public OutputProtectionImpl::DisplaySystemDelegate { |
| public: |
| DisplaySystemDelegateImpl() { |
| display_configurator_ = |
| ash::Shell::Get()->display_manager()->configurator(); |
| DCHECK(display_configurator_); |
| content_protection_manager_ = |
| display_configurator_->content_protection_manager(); |
| DCHECK(content_protection_manager_); |
| } |
| ~DisplaySystemDelegateImpl() override = default; |
| |
| void ApplyContentProtection( |
| display::ContentProtectionManager::ClientId client_id, |
| int64_t display_id, |
| uint32_t protection_mask, |
| display::ContentProtectionManager::ApplyContentProtectionCallback |
| callback) override { |
| content_protection_manager_->ApplyContentProtection( |
| client_id, display_id, protection_mask, std::move(callback)); |
| } |
| void QueryContentProtection( |
| display::ContentProtectionManager::ClientId client_id, |
| int64_t display_id, |
| display::ContentProtectionManager::QueryContentProtectionCallback |
| callback) override { |
| content_protection_manager_->QueryContentProtection(client_id, display_id, |
| std::move(callback)); |
| } |
| display::ContentProtectionManager::ClientId RegisterClient() override { |
| return content_protection_manager_->RegisterClient(); |
| } |
| void UnregisterClient( |
| display::ContentProtectionManager::ClientId client_id) override { |
| content_protection_manager_->UnregisterClient(client_id); |
| } |
| const std::vector<raw_ptr<display::DisplaySnapshot, VectorExperimental>>& |
| cached_displays() const override { |
| return display_configurator_->cached_displays(); |
| } |
| |
| private: |
| raw_ptr<display::ContentProtectionManager> |
| content_protection_manager_; // Not owned. |
| raw_ptr<display::DisplayConfigurator> display_configurator_; // Not owned. |
| }; |
| |
| // These are reported to UMA server. Do not renumber or reuse values. |
| enum class OutputProtectionStatus { |
| kQueried = 0, |
| kNoExternalLink = 1, |
| kAllExternalLinksProtected = 2, |
| // Note: Only add new values immediately before this line. |
| kMaxValue = kAllExternalLinksProtected, |
| }; |
| |
| void ReportOutputProtectionUMA(OutputProtectionStatus status) { |
| UMA_HISTOGRAM_ENUMERATION("Media.EME.OutputProtection.PlatformCdm", status); |
| } |
| |
| } // namespace |
| |
| // static |
| void OutputProtectionImpl::Create( |
| mojo::PendingReceiver<cdm::mojom::OutputProtection> receiver, |
| std::unique_ptr<DisplaySystemDelegate> delegate) { |
| // This needs to run on the UI thread for its interactions with the display |
| // system. |
| if (!content::GetUIThreadTaskRunner({})->RunsTasksInCurrentSequence()) { |
| content::GetUIThreadTaskRunner({})->PostTask( |
| FROM_HERE, base::BindOnce(&OutputProtectionImpl::Create, |
| std::move(receiver), std::move(delegate))); |
| return; |
| } |
| // This object should destruct when the mojo connection is lost. |
| mojo::MakeSelfOwnedReceiver( |
| std::make_unique<OutputProtectionImpl>(std::move(delegate)), |
| std::move(receiver)); |
| } |
| |
| OutputProtectionImpl::OutputProtectionImpl( |
| std::unique_ptr<DisplaySystemDelegate> delegate) |
| : delegate_(std::move(delegate)) { |
| if (!delegate_) |
| delegate_ = std::make_unique<DisplaySystemDelegateImpl>(); |
| } |
| |
| OutputProtectionImpl::~OutputProtectionImpl() { |
| DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| if (client_id_) |
| delegate_->UnregisterClient(client_id_); |
| } |
| |
| void OutputProtectionImpl::QueryStatus(QueryStatusCallback callback) { |
| DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| if (!client_id_) |
| Initialize(); |
| if (display_id_list_.empty()) { |
| std::move(callback).Run(true, display::DISPLAY_CONNECTION_TYPE_NONE, |
| ProtectionType::NONE); |
| return; |
| } |
| |
| ReportOutputProtectionQuery(); |
| |
| // We want to copy this since we will manipulate it. |
| std::vector<int64_t> remaining_displays = display_id_list_; |
| int64_t curr_display_id = remaining_displays.back(); |
| remaining_displays.pop_back(); |
| delegate_->QueryContentProtection( |
| client_id_, curr_display_id, |
| base::BindOnce(&OutputProtectionImpl::QueryStatusCallbackAggregator, |
| weak_factory_.GetWeakPtr(), std::move(remaining_displays), |
| std::move(callback), true, |
| display::DISPLAY_CONNECTION_TYPE_NONE, |
| display::CONTENT_PROTECTION_METHOD_NONE, |
| display::CONTENT_PROTECTION_METHOD_NONE)); |
| } |
| |
| void OutputProtectionImpl::EnableProtection(ProtectionType desired_protection, |
| EnableProtectionCallback callback) { |
| DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| if (!client_id_) |
| Initialize(); |
| |
| if (display_id_list_.empty()) { |
| std::move(callback).Run(true); |
| return; |
| } |
| |
| // We just pass through what the client requests. |
| switch (desired_protection) { |
| case ProtectionType::HDCP_TYPE_0: |
| desired_protection_mask_ = display::CONTENT_PROTECTION_METHOD_HDCP_TYPE_0; |
| break; |
| case ProtectionType::HDCP_TYPE_1: |
| desired_protection_mask_ = display::CONTENT_PROTECTION_METHOD_HDCP_TYPE_1; |
| break; |
| case ProtectionType::NONE: |
| desired_protection_mask_ = display::CONTENT_PROTECTION_METHOD_NONE; |
| break; |
| } |
| |
| // We want to copy this since we will manipulate it. |
| std::vector<int64_t> remaining_displays = display_id_list_; |
| int64_t curr_display_id = remaining_displays.back(); |
| remaining_displays.pop_back(); |
| delegate_->ApplyContentProtection( |
| client_id_, curr_display_id, desired_protection_mask_, |
| base::BindOnce(&OutputProtectionImpl::EnableProtectionCallbackAggregator, |
| weak_factory_.GetWeakPtr(), std::move(remaining_displays), |
| std::move(callback), true)); |
| } |
| |
| void OutputProtectionImpl::Initialize() { |
| DCHECK(!client_id_); |
| // This needs to be setup on the browser thread, so wait to do it until we |
| // are on that thread (i.e. don't do it in the constructor). |
| client_id_ = delegate_->RegisterClient(); |
| DCHECK(client_id_); |
| display_observer_.emplace(this); |
| display_id_list_ = GetDisplayIdsFromSnapshots(delegate_->cached_displays()); |
| } |
| |
| void OutputProtectionImpl::EnableProtectionCallbackAggregator( |
| std::vector<int64_t> remaining_displays, |
| EnableProtectionCallback callback, |
| bool aggregate_success, |
| bool success) { |
| DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| aggregate_success &= success; |
| if (remaining_displays.empty()) { |
| std::move(callback).Run(aggregate_success); |
| return; |
| } |
| int64_t curr_display_id = remaining_displays.back(); |
| remaining_displays.pop_back(); |
| delegate_->ApplyContentProtection( |
| client_id_, curr_display_id, desired_protection_mask_, |
| base::BindOnce(&OutputProtectionImpl::EnableProtectionCallbackAggregator, |
| weak_factory_.GetWeakPtr(), std::move(remaining_displays), |
| std::move(callback), aggregate_success)); |
| } |
| |
| void OutputProtectionImpl::QueryStatusCallbackAggregator( |
| std::vector<int64_t> remaining_displays, |
| QueryStatusCallback callback, |
| bool aggregate_success, |
| uint32_t aggregate_link_mask, |
| uint32_t aggregate_protection_mask, |
| uint32_t aggregate_no_protection_mask, |
| bool success, |
| uint32_t link_mask, |
| uint32_t protection_mask) { |
| DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| aggregate_success &= success; |
| aggregate_link_mask |= link_mask; |
| if (link_mask & kUnprotectableConnectionTypes) { |
| aggregate_no_protection_mask |= display::kContentProtectionMethodHdcpAll; |
| } |
| if (link_mask & kProtectableConnectionTypes) { |
| aggregate_protection_mask |= protection_mask; |
| } |
| if (!remaining_displays.empty()) { |
| int64_t curr_display_id = remaining_displays.back(); |
| remaining_displays.pop_back(); |
| delegate_->QueryContentProtection( |
| client_id_, curr_display_id, |
| base::BindOnce( |
| &OutputProtectionImpl::QueryStatusCallbackAggregator, |
| weak_factory_.GetWeakPtr(), std::move(remaining_displays), |
| std::move(callback), aggregate_success, aggregate_link_mask, |
| aggregate_protection_mask, aggregate_no_protection_mask)); |
| return; |
| } |
| |
| if (aggregate_success) { |
| ReportOutputProtectionQueryResult(aggregate_link_mask, |
| aggregate_protection_mask); |
| } |
| |
| aggregate_protection_mask &= ~aggregate_no_protection_mask; |
| std::move(callback).Run(aggregate_success, aggregate_link_mask, |
| ConvertProtection(aggregate_protection_mask)); |
| } |
| |
| void OutputProtectionImpl::HandleDisplayChange() { |
| DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| display_id_list_ = GetDisplayIdsFromSnapshots(delegate_->cached_displays()); |
| if (desired_protection_mask_) { |
| // We always reapply content protection on display changes since we affect |
| // all displays. |
| EnableProtection(ConvertProtection(desired_protection_mask_), |
| base::DoNothing()); |
| } |
| } |
| |
| void OutputProtectionImpl::OnDisplayAdded(const display::Display& display) { |
| HandleDisplayChange(); |
| } |
| |
| void OutputProtectionImpl::OnDisplayMetricsChanged( |
| const display::Display& display, |
| uint32_t changed_metrics) { |
| HandleDisplayChange(); |
| } |
| |
| void OutputProtectionImpl::OnDisplaysRemoved( |
| const display::Displays& removed_displays) { |
| HandleDisplayChange(); |
| } |
| |
| void OutputProtectionImpl::ReportOutputProtectionQuery() { |
| if (uma_for_output_protection_query_reported_) |
| return; |
| |
| ReportOutputProtectionUMA(OutputProtectionStatus::kQueried); |
| uma_for_output_protection_query_reported_ = true; |
| } |
| |
| void OutputProtectionImpl::ReportOutputProtectionQueryResult( |
| uint32_t link_mask, |
| uint32_t protection_mask) { |
| DCHECK(uma_for_output_protection_query_reported_); |
| |
| if (uma_for_output_protection_positive_result_reported_) |
| return; |
| |
| // Report UMAs for output protection query result. |
| uint32_t external_links = |
| (link_mask & ~display::DISPLAY_CONNECTION_TYPE_INTERNAL); |
| |
| if (!external_links) { |
| ReportOutputProtectionUMA(OutputProtectionStatus::kNoExternalLink); |
| uma_for_output_protection_positive_result_reported_ = true; |
| return; |
| } |
| |
| bool is_unprotectable_link_connected = |
| (external_links & ~kProtectableConnectionTypes) != 0; |
| bool is_hdcp_enabled_on_all_protectable_links = |
| (protection_mask & desired_protection_mask_) != 0; |
| |
| if (!is_unprotectable_link_connected && |
| is_hdcp_enabled_on_all_protectable_links) { |
| ReportOutputProtectionUMA( |
| OutputProtectionStatus::kAllExternalLinksProtected); |
| uma_for_output_protection_positive_result_reported_ = true; |
| return; |
| } |
| |
| // Do not report a negative result because it could be a false negative. |
| // Instead, we will calculate number of negatives using the total number of |
| // queries and positive results. |
| } |
| |
| } // namespace chromeos |
