Bug 1267453 - Amazon Widevine rejects HDCP on MacBook Pro with or without an external display. r=gcp a=ritu
authorHaik Aftandilian <haftandilian@mozilla.com>
Mon, 02 May 2016 19:33:08 +0200
changeset 332707 cb425f373a802dc57c8fefffad95487334467ec2
parent 332706 c1849128bc3dfa4b536b073340acb1283d8b8232
child 332708 e122f4f0fa72a2d4807daee2f210559833e21fa0
push id6048
push userkmoir@mozilla.com
push dateMon, 06 Jun 2016 19:02:08 +0000
treeherdermozilla-beta@46d72a56c57d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp, ritu
bugs1267453
milestone48.0a2
Bug 1267453 - Amazon Widevine rejects HDCP on MacBook Pro with or without an external display. r=gcp a=ritu
dom/media/gmp/GMPChild.cpp
dom/media/gmp/GMPChild.h
security/sandbox/mac/Sandbox.h
security/sandbox/mac/Sandbox.mm
--- a/dom/media/gmp/GMPChild.cpp
+++ b/dom/media/gmp/GMPChild.cpp
@@ -210,33 +210,33 @@ GetAppPaths(nsCString &aAppPath, nsCStri
   // soft links.
   aAppPath = GetNativeTarget(app);
   appBinaryPath = GetNativeTarget(appBinary);
 
   return true;
 }
 
 bool
-GMPChild::SetMacSandboxInfo()
+GMPChild::SetMacSandboxInfo(MacSandboxPluginType aPluginType)
 {
   if (!mGMPLoader) {
     return false;
   }
   nsAutoCString pluginDirectoryPath, pluginFilePath;
   if (!GetPluginPaths(mPluginPath, pluginDirectoryPath, pluginFilePath)) {
     return false;
   }
   nsAutoCString appPath, appBinaryPath;
   if (!GetAppPaths(appPath, appBinaryPath)) {
     return false;
   }
 
   MacSandboxInfo info;
   info.type = MacSandboxType_Plugin;
-  info.pluginInfo.type = MacSandboxPluginType_GMPlugin_Default;
+  info.pluginInfo.type = aPluginType;
   info.pluginInfo.pluginPath.assign(pluginDirectoryPath.get());
   info.pluginInfo.pluginBinaryPath.assign(pluginFilePath.get());
   info.appPath.assign(appPath.get());
   info.appBinaryPath.assign(appBinaryPath.get());
 
   mGMPLoader->SetSandboxInfo(&info);
   return true;
 }
@@ -370,27 +370,37 @@ GMPChild::AnswerStartPlugin(const nsStri
 
   mGMPLoader = GMPProcessChild::GetGMPLoader();
   if (!mGMPLoader) {
     NS_WARNING("Failed to get GMPLoader");
     delete platformAPI;
     return false;
   }
 
+#ifdef MOZ_WIDEVINE_EME
+  bool isWidevine = aAdapter.EqualsLiteral("widevine");
+#endif
+
 #if defined(MOZ_GMP_SANDBOX) && defined(XP_MACOSX)
-  if (!SetMacSandboxInfo()) {
+  MacSandboxPluginType pluginType = MacSandboxPluginType_GMPlugin_Default;
+#ifdef MOZ_WIDEVINE_EME
+  if (isWidevine) {
+      pluginType = MacSandboxPluginType_GMPlugin_EME_Widevine;
+  }
+#endif
+  if (!SetMacSandboxInfo(pluginType)) {
     NS_WARNING("Failed to set Mac GMP sandbox info");
     delete platformAPI;
     return false;
   }
 #endif
 
   GMPAdapter* adapter = nullptr;
 #ifdef MOZ_WIDEVINE_EME
-  if (aAdapter.EqualsLiteral("widevine")) {
+  if (isWidevine) {
     adapter = new WidevineAdapter();
   }
 #endif
   if (!mGMPLoader->Load(libPath.get(),
                         libPath.Length(),
                         mNodeId.BeginWriting(),
                         mNodeId.Length(),
                         platformAPI,
--- a/dom/media/gmp/GMPChild.h
+++ b/dom/media/gmp/GMPChild.h
@@ -36,17 +36,17 @@ public:
   // Main thread only.
   GMPTimerChild* GetGMPTimers();
   GMPStorageChild* GetGMPStorage();
 
   // GMPAsyncShutdownHost
   void ShutdownComplete() override;
 
 #if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
-  bool SetMacSandboxInfo();
+  bool SetMacSandboxInfo(MacSandboxPluginType aPluginType);
 #endif
 
 private:
   friend class GMPContentChild;
 
   bool PreLoadPluginVoucher();
   void PreLoadSandboxVoucher();
 
--- a/security/sandbox/mac/Sandbox.h
+++ b/security/sandbox/mac/Sandbox.h
@@ -12,19 +12,20 @@ enum MacSandboxType {
   MacSandboxType_Default = 0,
   MacSandboxType_Plugin,
   MacSandboxType_Content,
   MacSandboxType_Invalid
 };
 
 enum MacSandboxPluginType {
   MacSandboxPluginType_Default = 0,
-  MacSandboxPluginType_GMPlugin_Default,  // Any Gecko Media Plugin
-  MacSandboxPluginType_GMPlugin_OpenH264, // Gecko Media Plugin, OpenH264
-  MacSandboxPluginType_GMPlugin_EME,      // Gecko Media Plugin, EME
+  MacSandboxPluginType_GMPlugin_Default,      // Any Gecko Media Plugin
+  MacSandboxPluginType_GMPlugin_OpenH264,     // Gecko Media Plugin, OpenH264
+  MacSandboxPluginType_GMPlugin_EME,          // Gecko Media Plugin, EME
+  MacSandboxPluginType_GMPlugin_EME_Widevine, // Gecko Media Plugin, Widevine
   MacSandboxPluginType_Invalid
 };
 
 typedef struct _MacSandboxPluginInfo {
   _MacSandboxPluginInfo()
     : type(MacSandboxPluginType_Default) {}
   _MacSandboxPluginInfo(const struct _MacSandboxPluginInfo& other)
     : type(other.type), pluginPath(other.pluginPath),
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@@ -145,16 +145,19 @@ static const char pluginSandboxRules[] =
   "    (regex #\"^/(private/)?var($|/)\")\n"
   "    (literal \"/usr/share/icu/icudt51l.dat\")\n"
   "    (regex #\"^/System/Library/Displays/Overrides/*\")\n"
   "    (regex #\"^/System/Library/CoreServices/CoreTypes.bundle/*\")\n"
   "    (literal \"%s\")\n"
   "    (literal \"%s\")\n"
   "    (literal \"%s\"))\n";
 
+static const char widevinePluginSandboxRulesAddend[] =
+  "(allow mach-lookup (global-name \"com.apple.windowserver.active\"))\n";
+
 static const char contentSandboxRules[] =
   "(version 1)\n"
   "\n"
   "(define sandbox-level %d)\n"
   "(define macosMinorVersion %d)\n"
   "(define appPath \"%s\")\n"
   "(define appBinaryPath \"%s\")\n"
   "(define appDir \"%s\")\n"
@@ -443,16 +446,25 @@ bool StartMacSandbox(MacSandboxInfo aInf
                aInfo.appBinaryPath.c_str());
     } else {
       asprintf(&profile, pluginSandboxRules, ";", "",
                aInfo.pluginInfo.pluginPath.c_str(),
                aInfo.pluginInfo.pluginBinaryPath.c_str(),
                aInfo.appPath.c_str(),
                aInfo.appBinaryPath.c_str());
     }
+
+    if (profile &&
+      aInfo.pluginInfo.type == MacSandboxPluginType_GMPlugin_EME_Widevine) {
+      char *widevineProfile = NULL;
+      asprintf(&widevineProfile, "%s%s", profile,
+        widevinePluginSandboxRulesAddend);
+      free(profile);
+      profile = widevineProfile;
+    }
   }
   else if (aInfo.type == MacSandboxType_Content) {
     asprintf(&profile, contentSandboxRules, aInfo.level,
              OSXVersion::OSXVersionMinor(),
              aInfo.appPath.c_str(),
              aInfo.appBinaryPath.c_str(),
              aInfo.appDir.c_str(),
              aInfo.appTempDir.c_str(),