Bug 1334111 - Reject MediaKeys requests for persistent storage when in PB mode. r=gerald

We want requests for MediaKeySystemAccess with persistentState to be rejected if the window is in Private Browsing mode. This is primarily so that users in Private Browsing mode don't unknowningly use up their "device limits"; some DRM streamers have limits on the numbers of unique devices that can be provisioned/used in a given time period, and the device ID is persisted in the persistent state. So if we're flushing that state, the user will use up one of their device quota on every new session, and quickly hit their limit, and be unable to continue watching DRM video. MozReview-Commit-ID: JWNO1kcU2ST --HG-- extra : rebase_source : ad4e22629acfdd82aff8ead764949939726adbf4
2017-05-29 10:21:18 +12:00 · 2017-05-29 10:21:18 +12:00 · 7bcd5db48e
--- a/dom/media/eme/MediaKeySystemAccess.cpp
+++ b/dom/media/eme/MediaKeySystemAccess.cpp
@ -821,7 +821,8 @@ static bool
 GetSupportedConfig(const KeySystemConfig& aKeySystem,
                   const MediaKeySystemConfiguration& aCandidate,
                   MediaKeySystemConfiguration& aOutConfig,
-                   DecoderDoctorDiagnostics* aDiagnostics)
+                   DecoderDoctorDiagnostics* aDiagnostics,
+                   bool aInPrivateBrowsing)
 {
  // Let accumulated configuration be a new MediaKeySystemConfiguration dictionary.
  MediaKeySystemConfiguration config;
@ -874,6 +875,14 @@ GetSupportedConfig(const KeySystemConfig& aKeySystem,
    return false;
  }

+  if (config.mPersistentState == MediaKeysRequirement::Required &&
+      aInPrivateBrowsing) {
+    EME_LOG("MediaKeySystemConfiguration (label='%s') rejected; "
+            "persistentState requested in Private Browsing window.",
+            NS_ConvertUTF16toUTF8(aCandidate.mLabel).get());
+    return false;
+  }
+
  Sequence<nsString> sessionTypes(UnboxSessionTypes(aCandidate.mSessionTypes));
  if (sessionTypes.IsEmpty()) {
    // Malloc failure.
@ -1044,10 +1053,12 @@ GetSupportedConfig(const KeySystemConfig& aKeySystem,

 /* static */
 bool
-MediaKeySystemAccess::GetSupportedConfig(const nsAString& aKeySystem,
-                                         const Sequence<MediaKeySystemConfiguration>& aConfigs,
-                                         MediaKeySystemConfiguration& aOutConfig,
-                                         DecoderDoctorDiagnostics* aDiagnostics)
+MediaKeySystemAccess::GetSupportedConfig(
+  const nsAString& aKeySystem,
+  const Sequence<MediaKeySystemConfiguration>& aConfigs,
+  MediaKeySystemConfiguration& aOutConfig,
+  DecoderDoctorDiagnostics* aDiagnostics,
+  bool aIsPrivateBrowsing)
 {
  KeySystemConfig implementation;
  if (!GetKeySystemConfig(aKeySystem, implementation)) {
@ -1057,7 +1068,8 @@ MediaKeySystemAccess::GetSupportedConfig(const nsAString& aKeySystem,
    if (mozilla::dom::GetSupportedConfig(implementation,
                                         candidate,
                                         aOutConfig,
-                                         aDiagnostics)) {
+                                         aDiagnostics,
+                                         aIsPrivateBrowsing)) {
      return true;
    }
  }
--- a/dom/media/eme/MediaKeySystemAccess.h
+++ b/dom/media/eme/MediaKeySystemAccess.h
@ -61,10 +61,12 @@ public:
                              const nsAString& aKeySystem,
                              MediaKeySystemStatus aStatus);

-  static bool GetSupportedConfig(const nsAString& aKeySystem,
-                                 const Sequence<MediaKeySystemConfiguration>& aConfigs,
-                                 MediaKeySystemConfiguration& aOutConfig,
-                                 DecoderDoctorDiagnostics* aDiagnostics);
+  static bool GetSupportedConfig(
+    const nsAString& aKeySystem,
+    const Sequence<MediaKeySystemConfiguration>& aConfigs,
+    MediaKeySystemConfiguration& aOutConfig,
+    DecoderDoctorDiagnostics* aDiagnostics,
+    bool aIsPrivateBrowsing);

  static bool KeySystemSupportsInitDataType(const nsAString& aKeySystem,
                                            const nsAString& aInitDataType);
--- a/dom/media/eme/MediaKeySystemAccessManager.cpp
+++ b/dom/media/eme/MediaKeySystemAccessManager.cpp
@ -165,8 +165,12 @@ MediaKeySystemAccessManager::Request(DetailedPromise* aPromise,
    return;
  }

+  bool isPrivateBrowsing =
+    mWindow->GetExtantDoc() &&
+    mWindow->GetExtantDoc()->NodePrincipal()->GetPrivateBrowsingId() > 0;
  MediaKeySystemConfiguration config;
-  if (MediaKeySystemAccess::GetSupportedConfig(aKeySystem, aConfigs, config, &diagnostics)) {
+  if (MediaKeySystemAccess::GetSupportedConfig(
+        aKeySystem, aConfigs, config, &diagnostics, isPrivateBrowsing)) {
    RefPtr<MediaKeySystemAccess> access(
      new MediaKeySystemAccess(mWindow, aKeySystem, config));
    aPromise->MaybeResolve(access);