Create a content public browser API around the ChildProcessSecurityPolicy class. The implementati...

content/browser/renderer_host/render_view_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/renderer_host/render_view_host.h"
 
 #include <set>
 #include <string>
 #include <utility>
 #include <vector>
 
 #include "base/command_line.h"
 #include "base/i18n/rtl.h"
 #include "base/json/json_reader.h"
 #include "base/message_loop.h"
 #include "base/stl_util.h"
 #include "base/string_util.h"
 #include "base/time.h"
 #include "base/utf_string_conversions.h"
 #include "base/values.h"
-#include "content/browser/child_process_security_policy.h"
+#include "content/browser/child_process_security_policy_impl.h"
 #include "content/browser/cross_site_request_manager.h"
 #include "content/browser/gpu/gpu_surface_tracker.h"
 #include "content/browser/host_zoom_map_impl.h"
 #include "content/browser/in_process_webkit/session_storage_namespace.h"
 #include "content/browser/power_save_blocker.h"
 #include "content/browser/renderer_host/render_process_host_impl.h"
 #include "content/browser/renderer_host/render_widget_host.h"
 #include "content/browser/renderer_host/render_widget_host_view.h"
 #include "content/common/desktop_notification_messages.h"
 #include "content/common/drag_messages.h"
@@ skipping 187 matching lines @@
   return process()->HasConnection() && renderer_initialized_;
 }
 
 void RenderViewHost::SyncRendererPrefs() {
   Send(new ViewMsg_SetRendererPrefs(routing_id(),
                                     delegate_->GetRendererPrefs(
                                         process()->GetBrowserContext())));
 }
 
 void RenderViewHost::Navigate(const ViewMsg_Navigate_Params& params) {
-  ChildProcessSecurityPolicy::GetInstance()->GrantRequestURL(
+  ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
       process()->GetID(), params.url);
 
   ViewMsg_Navigate* nav_message = new ViewMsg_Navigate(routing_id(), params);
 
   // Only send the message if we aren't suspended at the start of a cross-site
   // request.
   if (navigations_suspended_) {
     // Shouldn't be possible to have a second navigation while suspended, since
     // navigations will only be suspended during a cross-site request.  If a
     // second navigation occurs, TabContents will cancel this pending RVH
@@ skipping 181 matching lines @@
 int RenderViewHost::GetPendingRequestId() {
   return pending_request_id_;
 }
 
 void RenderViewHost::DragTargetDragEnter(
     const WebDropData& drop_data,
     const gfx::Point& client_pt,
     const gfx::Point& screen_pt,
     WebDragOperationsMask operations_allowed) {
   const int renderer_id = process()->GetID();
-  ChildProcessSecurityPolicy* policy =
-      ChildProcessSecurityPolicy::GetInstance();
+  ChildProcessSecurityPolicyImpl* policy =
+      ChildProcessSecurityPolicyImpl::GetInstance();
 
   // The URL could have been cobbled together from any highlighted text string,
   // and can't be interpreted as a capability.
   WebDropData filtered_data(drop_data);
   FilterURL(policy, renderer_id, &filtered_data.url);
 
   // The filenames vector, on the other hand, does represent a capability to
   // access the given files.
   std::set<FilePath> filesets;
   for (std::vector<string16>::iterator iter(filtered_data.filenames.begin());
@@ skipping 156 matching lines @@
       gfx::Point(screen_x, screen_y),
       false, WebDragOperationNone));
 }
 
 void RenderViewHost::DragSourceSystemDragEnded() {
   Send(new DragMsg_SourceSystemDragEnded(routing_id()));
 }
 
 void RenderViewHost::AllowBindings(int bindings_flags) {
   if (bindings_flags & content::BINDINGS_POLICY_WEB_UI) {
-    ChildProcessSecurityPolicy::GetInstance()->GrantWebUIBindings(
+    ChildProcessSecurityPolicyImpl::GetInstance()->GrantWebUIBindings(
         process()->GetID());
   }
 
   enabled_bindings_ |= bindings_flags;
   if (renderer_initialized_)
     Send(new ViewMsg_AllowBindings(routing_id(), enabled_bindings_));
 }
 
 void RenderViewHost::SetWebUIProperty(const std::string& name,
                                       const std::string& value) {
@@ skipping 22 matching lines @@
 void RenderViewHost::SetInitialFocus(bool reverse) {
   Send(new ViewMsg_SetInitialFocus(routing_id(), reverse));
 }
 
 void RenderViewHost::FilesSelectedInChooser(
     const std::vector<FilePath>& files,
     int permissions) {
   // Grant the security access requested to the given files.
   for (std::vector<FilePath>::const_iterator file = files.begin();
        file != files.end(); ++file) {
-    ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile(
+    ChildProcessSecurityPolicyImpl::GetInstance()->GrantPermissionsForFile(
         process()->GetID(), *file, permissions);
   }
   Send(new ViewMsg_RunFileChooserResponse(routing_id(), files));
 }
 
 void RenderViewHost::DirectoryEnumerationFinished(
     int request_id,
     const std::vector<FilePath>& files) {
   // Grant the security access requested to the given files.
   for (std::vector<FilePath>::const_iterator file = files.begin();
        file != files.end(); ++file) {
-    ChildProcessSecurityPolicy::GetInstance()->GrantReadFile(
+    ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
         process()->GetID(), *file);
   }
   Send(new ViewMsg_EnumerateDirectoryResponse(routing_id(),
                                               request_id,
                                               files));
 }
 
 void RenderViewHost::LoadStateChanged(const GURL& url,
                                       const net::LoadStateWithParam& load_state,
                                       uint64 upload_position,
@@ skipping 256 matching lines @@
 
   // If we're waiting for an unload ack from this renderer and we receive a
   // Navigate message, then the renderer was navigating before it received the
   // unload request.  It will either respond to the unload request soon or our
   // timer will expire.  Either way, we should ignore this message, because we
   // have already committed to closing this renderer.
   if (is_waiting_for_unload_ack_)
     return;
 
   const int renderer_id = process()->GetID();
-  ChildProcessSecurityPolicy* policy =
-      ChildProcessSecurityPolicy::GetInstance();
+  ChildProcessSecurityPolicyImpl* policy =
+      ChildProcessSecurityPolicyImpl::GetInstance();
   // Without this check, an evil renderer can trick the browser into creating
   // a navigation entry for a banned URL.  If the user clicks the back button
   // followed by the forward button (or clicks reload, or round-trips through
   // session restore, etc), we'll think that the browser commanded the
   // renderer to load the URL and grant the renderer the privileges to request
   // the URL.  To prevent this attack, we block the renderer from inserting
   // banned URLs into the navigation controller in the first place.
   FilterURL(policy, renderer_id, &validated_params.url);
   FilterURL(policy, renderer_id, &validated_params.referrer.url);
   for (std::vector<GURL>::iterator it(validated_params.redirects.begin());
@@ skipping 80 matching lines @@
 
 void RenderViewHost::OnMsgContextMenu(const ContextMenuParams& params) {
   RenderViewHostDelegate::View* view = delegate_->GetViewDelegate();
   if (!view)
     return;
 
   // Validate the URLs in |params|.  If the renderer can't request the URLs
   // directly, don't show them in the context menu.
   ContextMenuParams validated_params(params);
   int renderer_id = process()->GetID();
-  ChildProcessSecurityPolicy* policy =
-      ChildProcessSecurityPolicy::GetInstance();
+  ChildProcessSecurityPolicyImpl* policy =
+      ChildProcessSecurityPolicyImpl::GetInstance();
 
   // We don't validate |unfiltered_link_url| so that this field can be used
   // when users want to copy the original link URL.
   FilterURL(policy, renderer_id, &validated_params.link_url);
   FilterURL(policy, renderer_id, &validated_params.src_url);
   FilterURL(policy, renderer_id, &validated_params.page_url);
   FilterURL(policy, renderer_id, &validated_params.frame_url);
 
   view->ShowContextMenu(validated_params);
 }
 
 void RenderViewHost::OnMsgToggleFullscreen(bool enter_fullscreen) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   delegate_->ToggleFullscreenMode(enter_fullscreen);
 }
 
 void RenderViewHost::OnMsgOpenURL(const GURL& url,
                                   const content::Referrer& referrer,
                                   WindowOpenDisposition disposition,
                                   int64 source_frame_id) {
   GURL validated_url(url);
-  FilterURL(ChildProcessSecurityPolicy::GetInstance(),
+  FilterURL(ChildProcessSecurityPolicyImpl::GetInstance(),
             process()->GetID(), &validated_url);
 
   delegate_->RequestOpenURL(
       validated_url, referrer, disposition, source_frame_id);
 }
 
 void RenderViewHost::OnMsgDidContentsPreferredSizeChange(
     const gfx::Size& new_size) {
   delegate_->UpdatePreferredSize(new_size);
 }
@@ skipping 59 matching lines @@
 void RenderViewHost::OnMsgStartDragging(
     const WebDropData& drop_data,
     WebDragOperationsMask drag_operations_mask,
     const SkBitmap& image,
     const gfx::Point& image_offset) {
   RenderViewHostDelegate::View* view = delegate_->GetViewDelegate();
   if (!view)
     return;
 
   WebDropData filtered_data(drop_data);
-  ChildProcessSecurityPolicy* policy =
-      ChildProcessSecurityPolicy::GetInstance();
+  ChildProcessSecurityPolicyImpl* policy =
+      ChildProcessSecurityPolicyImpl::GetInstance();
 
   // Allow drag of Javascript URLs to enable bookmarklet drag to bookmark bar.
   if (!filtered_data.url.SchemeIs(chrome::kJavaScriptScheme))
     FilterURL(policy, process()->GetID(), &filtered_data.url);
   FilterURL(policy, process()->GetID(), &filtered_data.html_base_url);
   view->StartDragging(filtered_data, drag_operations_mask, image, image_offset);
 }
 
 void RenderViewHost::OnUpdateDragCursor(WebDragOperation current_op) {
   RenderViewHostDelegate::View* view = delegate_->GetViewDelegate();
@@ skipping 161 matching lines @@
 
 void RenderViewHost::DidCancelPopupMenu() {
   Send(new ViewMsg_SelectPopupMenuItem(routing_id(), -1));
 }
 #endif
 
 void RenderViewHost::ToggleSpeechInput() {
   Send(new SpeechInputMsg_ToggleSpeechInput(routing_id()));
 }
 
-void RenderViewHost::FilterURL(ChildProcessSecurityPolicy* policy,
+void RenderViewHost::FilterURL(ChildProcessSecurityPolicyImpl* policy,
                                int renderer_id,
                                GURL* url) {
   if (!url->is_valid())
     return;  // We don't need to block invalid URLs.
 
   if (url->SchemeIs(chrome::kAboutScheme)) {
     // The renderer treats all URLs in the about: scheme as being about:blank.
     // Canonicalize about: URLs to about:blank.
     *url = GURL(chrome::kAboutBlankURL);
   }
@@ skipping 228 matching lines @@
   DomOperationNotificationDetails details(json_string, automation_id);
   content::NotificationService::current()->Notify(
       content::NOTIFICATION_DOM_OPERATION_RESPONSE,
       content::Source<RenderViewHost>(this),
       content::Details<DomOperationNotificationDetails>(&details));
 }
 
 void RenderViewHost::ClearPowerSaveBlockers() {
   STLDeleteValues(&power_save_blockers_);
 }