Create a content public browser API around the ChildProcessSecurityPolicy class. The implementati...

content/browser/renderer_host/resource_dispatcher_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // See http://dev.chromium.org/developers/design-documents/multi-process-resource-loading
 
 #include "content/browser/renderer_host/resource_dispatcher_host.h"
 
 #include <set>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/command_line.h"
 #include "base/compiler_specific.h"
 #include "base/debug/alias.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/message_loop.h"
 #include "base/metrics/histogram.h"
 #include "base/shared_memory.h"
 #include "base/stl_util.h"
 #include "base/third_party/dynamic_annotations/dynamic_annotations.h"
 #include "content/browser/appcache/chrome_appcache_service.h"
 #include "content/browser/cert_store.h"
-#include "content/browser/child_process_security_policy.h"
+#include "content/browser/child_process_security_policy_impl.h"
 #include "content/browser/chrome_blob_storage_context.h"
 #include "content/browser/cross_site_request_manager.h"
 #include "content/browser/download/download_file_manager.h"
 #include "content/browser/download/download_resource_handler.h"
 #include "content/browser/download/save_file_manager.h"
 #include "content/browser/download/save_file_resource_handler.h"
 #include "content/browser/plugin_service_impl.h"
 #include "content/browser/renderer_host/async_resource_handler.h"
 #include "content/browser/renderer_host/buffered_resource_handler.h"
 #include "content/browser/renderer_host/cross_site_resource_handler.h"
@@ skipping 124 matching lines @@
 // Consults the RendererSecurity policy to determine whether the
 // ResourceDispatcherHost should service this request.  A request might be
 // disallowed if the renderer is not authorized to retrieve the request URL or
 // if the renderer is attempting to upload an unauthorized file.
 bool ShouldServiceRequest(content::ProcessType process_type,
                           int child_id,
                           const ResourceHostMsg_Request& request_data)  {
   if (process_type == content::PROCESS_TYPE_PLUGIN)
     return true;
 
-  ChildProcessSecurityPolicy* policy =
-      ChildProcessSecurityPolicy::GetInstance();
+  ChildProcessSecurityPolicyImpl* policy =
+      ChildProcessSecurityPolicyImpl::GetInstance();
 
   // Check if the renderer is permitted to request the requested URL.
   if (!policy->CanRequestURL(child_id, request_data.url)) {
     VLOG(1) << "Denied unauthorized request for "
             << request_data.url.possibly_invalid_spec();
     return false;
   }
 
   // Check if the renderer is permitted to upload the requested files.
   if (request_data.upload_data) {
@@ skipping 28 matching lines @@
   response->was_fetched_via_proxy = request->was_fetched_via_proxy();
   response->socket_address = request->GetSocketAddress();
   appcache::AppCacheInterceptor::GetExtraResponseInfo(
       request,
       &response->appcache_id,
       &response->appcache_manifest_url);
 }
 
 void RemoveDownloadFileFromChildSecurityPolicy(int child_id,
                                                const FilePath& path) {
-  ChildProcessSecurityPolicy::GetInstance()->RevokeAllPermissionsForFile(
+  ChildProcessSecurityPolicyImpl::GetInstance()->RevokeAllPermissionsForFile(
       child_id, path);
 }
 
 #if defined(OS_WIN)
 #pragma warning(disable: 4748)
 #pragma optimize("", off)
 #endif
 
 #if defined(OS_WIN)
 #pragma optimize("", on)
@@ skipping 381 matching lines @@
     load_flags |= net::LOAD_SUB_FRAME;
   } else if (request_data.resource_type == ResourceType::PREFETCH) {
     load_flags |= (net::LOAD_PREFETCH | net::LOAD_DO_NOT_PROMPT_FOR_LOGIN);
   } else if (request_data.resource_type == ResourceType::FAVICON) {
     load_flags |= net::LOAD_DO_NOT_PROMPT_FOR_LOGIN;
   }
 
   if (sync_result)
     load_flags |= net::LOAD_IGNORE_LIMITS;
 
-  ChildProcessSecurityPolicy* policy =
-      ChildProcessSecurityPolicy::GetInstance();
+  ChildProcessSecurityPolicyImpl* policy =
+      ChildProcessSecurityPolicyImpl::GetInstance();
   if (!policy->CanUseCookiesForOrigin(child_id, request_data.url)) {
     load_flags |= (net::LOAD_DO_NOT_SEND_COOKIES |
                    net::LOAD_DO_NOT_SEND_AUTH_DATA |
                    net::LOAD_DO_NOT_SAVE_COOKIES);
   }
 
   // Raw headers are sensitive, as they include Cookie/Set-Cookie, so only
   // allow requesting them if requester has ReadRawCookies permission.
   if ((load_flags & net::LOAD_REPORT_RAW_HEADERS)
       && !policy->CanReadRawCookies(child_id)) {
@@ skipping 132 matching lines @@
   }
 }
 
 void ResourceDispatcherHost::OnDataDownloadedACK(int request_id) {
   // TODO(michaeln): maybe throttle DataDownloaded messages
 }
 
 void ResourceDispatcherHost::RegisterDownloadedTempFile(
     int child_id, int request_id, DeletableFileReference* reference) {
   registered_temp_files_[child_id][request_id] = reference;
-  ChildProcessSecurityPolicy::GetInstance()->GrantReadFile(
+  ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
       child_id, reference->path());
 
   // When the temp file is deleted, revoke permissions that the renderer has
   // to that file. This covers an edge case where the file is deleted and then
   // the same name is re-used for some other purpose, we don't want the old
   // renderer to still have access to it.
   //
   // We do this when the file is deleted because the renderer can take a blob
   // reference to the temp file that outlives the url loaded that it was
   // loaded with to keep the file (and permissions) alive.
@@ skipping 147 matching lines @@
     // validating the entry if present.
     if (request->get_upload() != NULL)
       extra_load_flags |= net::LOAD_ONLY_FROM_CACHE;
     else
       extra_load_flags |= net::LOAD_PREFERRING_CACHE;
   } else {
     extra_load_flags |= net::LOAD_DISABLE_CACHE;
   }
   request->set_load_flags(request->load_flags() | extra_load_flags);
   // Check if the renderer is permitted to request the requested URL.
-  if (!ChildProcessSecurityPolicy::GetInstance()->
+  if (!ChildProcessSecurityPolicyImpl::GetInstance()->
           CanRequestURL(child_id, url)) {
     VLOG(1) << "Denied unauthorized download request for "
             << url.possibly_invalid_spec();
     return net::ERR_ACCESS_DENIED;
   }
 
   request_id_--;
 
   scoped_refptr<ResourceHandler> handler(
       CreateResourceHandlerForDownload(request.get(), context, child_id,
@@ skipping 359 matching lines @@
 
 void ResourceDispatcherHost::OnReceivedRedirect(net::URLRequest* request,
                                                 const GURL& new_url,
                                                 bool* defer_redirect) {
   VLOG(1) << "OnReceivedRedirect: " << request->url().spec();
   ResourceDispatcherHostRequestInfo* info = InfoForRequest(request);
 
   DCHECK(request->status().is_success());
 
   if (info->process_type() != content::PROCESS_TYPE_PLUGIN &&
-      !ChildProcessSecurityPolicy::GetInstance()->
+      !ChildProcessSecurityPolicyImpl::GetInstance()->
           CanRequestURL(info->child_id(), new_url)) {
     VLOG(1) << "Denied unauthorized request for "
             << new_url.possibly_invalid_spec();
 
     // Tell the renderer that this request was disallowed.
     CancelRequestInternal(request, false);
     return;
   }
 
   NotifyReceivedRedirect(request, info->child_id(), new_url);
@@ skipping 964 matching lines @@
   scoped_refptr<ResourceHandler> transferred_resource_handler(
       new DoomedResourceHandler(info->resource_handler()));
   info->set_resource_handler(transferred_resource_handler.get());
 }
 
 bool ResourceDispatcherHost::IsTransferredNavigation(
     const content::GlobalRequestID& transferred_request_id) const {
   return transferred_navigations_.find(transferred_request_id) !=
       transferred_navigations_.end();
 }