Support widevine in linux by bundling

[simonhong]

In linux, WidevineCdm library is bundled instead of installing it
by component updating during the runtime. In linux, we can't load
cdm library during the runtime because processes except browser
process are forked from zygote process not created from brave.exe.
So, cdm should be loaded(not initialized) into zygote process space
before zygote enters the sandbox.

Chrome browser also uses bundling for linux.

This PR should be merged with brave/brave-browser#3037

Fix brave/brave-browser#413

Submitter Checklist:

• Submitted a ticket for my issue if one did not already exist.
• Used Github auto-closing keywords in the commit message.
• Added/updated tests for this change (for new code or code which already has tests).
• Verified that these changes build without errors on
  • Windows
  • macOS
  • Linux
• Verified that these changes pass automated tests (npm test brave_unit_tests && npm test brave_browser_tests) on
  • Windows
  • macOS
  • Linux
• Ran git rebase master (if needed).
• Ran git rebase -i to squash commits (if needed).
• Tagged reviewers and labelled the pull request as needed.
• Request a security/privacy review as needed.
• Add appropriate QA labels (QA/Yes or QA/No) to include the closed issue in milestone

Test Plan:

1. Start browser with clean profile
2. Load https://bitmovin.com/demos/drm
3. Check No drm
4. Install widevine via content settings bubble
5. Check widevine is enabled
6. Restart browser and check widevine is enabled

yarn test brave_unittest --filter=CdmRegistryImplTest.WidevineCdmExcludeTest

Reviewer Checklist:

• New files have MPL-2.0 license header.
• Request a security/privacy review as needed.
• Adequate test coverage exists to prevent regressions
• Verify test plan is specified in PR before merging to source

[simonhong]

When widevine cdm is bundled, widevine cdm library is loaded into zygote process and
it is registered to CdmRegistry at startup.
Because of this, widevine is initialized regardless of the value of kWidevineOptedIn.
So, need to find how prevent initializing widevine when user doesn't accept explicitly.

To handle this, I tried to get kWidevineOptedIn from CdmRegistry via ContentBrowserClient() when renderer asks whether widevine is enabled or not.
However, there are some difficulties - it is ambiguous which profile should be used and profile manager is only allowed to access by main thread.

If we also want to show content settings bubble in linux, I need to find how to prevent cdm initialization. Or if we can disable content bubble in linux, only first & second commits in this PR are needed.
@bbondy @iefremov Any advice would be welcome!

[iefremov]

@simonhong
Maybe we can ignore the fact that different profiles may have different values of kWidevineOptedIn during Widevine initialization? It's hard to skip loading the binary if the user has one profile that opted int and another that didn't.

This way, if any of user profiles has this preference enabled, we can somehow persist the fact that the binary should be loaded (e.g. create a marker file) and, for example, check it in ChromeContentClient::AddContentDecryptionModules.

[simonhong]

With bundling, cdm loading and initialization is in separated phase.
Loading is done during the startup by PreloadLibraryCdms().
And initialization is done by CdmModule::Initialize() when cdm service is launched.
This launching is triggered by renderer that tries to play contents.

@iefremov As you said, we can't avoid loading. But, I thought we can control cdm service launching.
For having same UX with mac/win, my initial idea was modifying CdmRegistryImpl::GetAllRegisteredCdms().
In this method, I tried to exclude widevine CdmInfo when kWidevineOptedIn is not set.
With this, I think we could make renderer think widevine is not available for now.

However, I met multi profile issue and accessing profile_manager from io thread.
If we must have same UX with other platforms, we should find the way and I think it's not impossible but would introduce many patches.

So, I also want to know we should have same UX. If not, it can be achieved with simple patch. Only first & second commits are needed as I said earlier.

IMO, current content setting bubble is not suitable because cdm library is already installed and loaded into process. It is just not initialized.

[simonhong]

With the 4th commit, widevine is only initialized after users allowed to use widevine via content settings bubble.
One remained issue is widevine isn't initialized by reloading. To use widevine after user accept, contents page should be loaded in the new tab or restart. I'm trying to find the reason now...

[simonhong]

I think this PR is ready to review.
With this PR, linux has same widevine UX with mac/win.

[simonhong]

@bbondy Due to the restriction of zygote in linux, I enabled widevine by bundling.
That means, widevine is loaded into zygote process by default but not initialized.
It is only initialized and cmd service is launched when user accepts via content settings bubble.
If we don't load it by default, we would need restart to use widevine after user accepts.
If loading by default is not allowed by our privacy policy, please let me know.

[iefremov]

rename -> MaybeRegister... ?

[iefremov]

And also skip ToCdmRegistry, sounds obvious :)

[simonhong]

Thanks. it's more clear 👍

[iefremov]

Not sure if the comment is relevant here, maybe move it to the widevine.gni patch?

[simonhong]

Yep, widevine.gni is better place for this comment.
Done.

[iefremov]

I'm not a native speaker, but probably it should be "on linux", "when users opt in", "if not" -> otherwise, "we tries" -> "we try"

[simonhong]

Done 👍

[iefremov]

ENABLE_WIDEVINE_CDM_COMPONENT instead of !OS_LINUX ?
nevermind

[iefremov]

I'm wondering whether we potentially block CDMs other than Widevine on Linux?

[simonhong]

good catch.
Actually, widevine alone is used for now but don't know in the future whether chrome registers more cdms.
So, fixed to exclude widevine only after getting cdms list.

[iefremov]

Generally LGTM with small nits

[simonhong]

Created f/u issue - brave/brave-browser#3172

[iefremov]

Was this change announced somewhere? A think, if it was then we should fix all sources at once, otherwise its better to fix the linter. @bbondy could you please clarify?

[bridiver]

@iefremov it is enforced by the linter. There was a discussion in #brave-core

[iefremov]

@bridiver maybe we can fix the whole codebase by a single PR then? I can do one

[iefremov]

Mind placing a follow-up issue number here?

[simonhong]

done.

[bridiver]

has this been vetted by @bbondy? We're specifically prohibited from bundling on other platforms

[simonhong]

Yes, I discussed in dm and he agreed to do it as a next step. (long term)

[iefremov]

in gtest macroses expected argument is the first, i.e. EXPECT_EQ(0u, cdms.size());

[simonhong]

done.

[iefremov]

This erasure happens only on Linux

[simonhong]

done.

[simonhong]

All done. PTAL.
Also this one - brave/brave-browser#3037

[simonhong]

done.

[simonhong]

done.

[simonhong]

done.

[bridiver]

please do not add comments to patches. We want to minimize the size of patches

[simonhong]

this patch file was deleted by overriding.

[bridiver]

I don't understand why we're patching this?

[simonhong]

W/o this patch in this file, reloading doesn't enable widevine after user accepts.

[bridiver]

I don't understand why we're doing this here, why wouldn't we do it in AddContentDecryptionModules where we don't have to patch anything?

[simonhong]

It seems my reply was deleted after force push.
There are some places where original cmd list is needed like PreloadLibraryCdms().
So, we can't override ChromeContentClient::AddContentDecryptionModules().
Also, this patch is removed by file overriding.

[bridiver]

this seems very fragile to me. Where did this list of codecs come from?

[simonhong]

Yes, I think so. I copied this logic from IsWidevineAvailable() in chrome_content_client.cc.

[simonhong]

Ah,, I think this can be improved by storing excluded cdminfo in CdmRegistry in at some place and can be reused again.

[simonhong]

All this log is deleted and used cached info from CdmRegistryImpl.

[simonhong]

All duplicated code is deleted by caching CdmInfo that created by upstream.
81ca1a1

[bridiver]

I think you're missing what I was trying to say here. It calls GetContentClient()->AddContentDecryptionModules and we can implement AddContentDecryptionModules in BraveContentClient

[simonhong]

I thought that first.
But, other places needs original list like PreloadLibraryCdms() in content_main_runner_impl.cc.

[bridiver]

I don't understand, the result would be identical because it passes a reference that can be modified

[simonhong]

ChromeContentClient::AddContentDecryptionModules() fills cdms to passed pointer.
Caller of above method will have different instance.
Of course, client of CdmRegistry will see same list.

[simonhong]

Oh, many comments were deleted..
Caller of AddContentDecryptionMoudles maintains it's own cmd list.
Clients of CdmRegistry see same list because CdmRegistry::GetAllRegisteredCdms() returns list reference.

[bridiver]

* is always preferable to & because it's more clear to the caller that you're passing something which might be modified when the method returns. If you're looking at a caller using ref, it's indistinguishable from passing by const ref or value unless you look at the method sig

[simonhong]

Yes, totally agree about that.

[iefremov]

basically, this rule is fixed in CC, so we don't even need to have comments like this in the codebase :)

[simonhong]

Right. using like this is natural in chromium project :) Removed.

[simonhong]

New PR (#1606) is opened for this.