Rename RendererSecurityPolicy and move it to browser\. No code change.

chrome/browser/renderer_host/render_view_host.cc

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/renderer_host/render_view_host.h"
 
 #include <string>
 #include <vector>
 
 #include "app/resource_bundle.h"
 #include "base/command_line.h"
 #include "base/gfx/native_widget_types.h"
 #include "base/string_util.h"
 #include "base/time.h"
 #include "base/waitable_event.h"
 #include "chrome/browser/browser_process.h"
+#include "chrome/browser/child_process_security_policy.h"
 #include "chrome/browser/cross_site_request_manager.h"
 #include "chrome/browser/debugger/debugger_wrapper.h"
 #include "chrome/browser/debugger/devtools_manager.h"
 #include "chrome/browser/extensions/extension_message_service.h"
 #include "chrome/browser/metrics/user_metrics.h"
 #include "chrome/browser/profile.h"
-#include "chrome/browser/renderer_host/renderer_security_policy.h"
 #include "chrome/browser/renderer_host/render_process_host.h"
 #include "chrome/browser/renderer_host/render_view_host_delegate.h"
 #include "chrome/browser/renderer_host/render_widget_host.h"
 #include "chrome/browser/renderer_host/render_widget_host_view.h"
 #include "chrome/browser/tab_contents/navigation_entry.h"
 #include "chrome/browser/tab_contents/site_instance.h"
 #include "chrome/browser/tab_contents/tab_contents.h"
 #include "chrome/common/bindings_policy.h"
 #include "chrome/common/notification_service.h"
 #include "chrome/common/notification_type.h"
 #include "chrome/common/render_messages.h"
 #include "chrome/common/result_codes.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/thumbnail_score.h"
 #include "chrome/common/url_constants.h"
 #include "net/base/net_util.h"
 #include "third_party/skia/include/core/SkBitmap.h"
 #include "webkit/api/public/WebFindOptions.h"
 #include "webkit/glue/autofill_form.h"
 
 using base::TimeDelta;
 using WebKit::WebConsoleMessage;
 using WebKit::WebFindOptions;
 using WebKit::WebInputEvent;
 
 namespace {
 
-void FilterURL(RendererSecurityPolicy* policy, int renderer_id, GURL* url) {
+void FilterURL(ChildProcessSecurityPolicy* policy, int renderer_id, GURL* url) {
   if (!url->is_valid())
     return;  // We don't need to block invalid URLs.
 
   if (url->SchemeIs(chrome::kAboutScheme)) {
     // The renderer treats all URLs in the about: scheme as being about:blank.
     // Canonicalize about: URLs to about:blank.
     *url = GURL(chrome::kAboutBlankURL);
   }
 
   if (!policy->CanRequestURL(renderer_id, *url)) {
@@ skipping 71 matching lines @@
   // The process may (if we're sharing a process with another host that already
   // initialized it) or may not (we have our own process or the old process
   // crashed) have been initialized. Calling Init multiple times will be
   // ignored, so this is safe.
   if (!process()->Init())
     return false;
   DCHECK(process()->channel());
   DCHECK(process()->profile());
 
   if (enabled_bindings_ & BindingsPolicy::DOM_UI) {
-    RendererSecurityPolicy::GetInstance()->GrantDOMUIBindings(
+    ChildProcessSecurityPolicy::GetInstance()->GrantDOMUIBindings(
         process()->pid());
   }
 
   renderer_initialized_ = true;
 
 #if defined(OS_WIN)
   HANDLE modal_dialog_event_handle;
   HANDLE renderer_process_handle = process()->process().handle();
   if (renderer_process_handle == NULL)
     renderer_process_handle = GetCurrentProcess();
@@ skipping 35 matching lines @@
 
 bool RenderViewHost::IsRenderViewLive() const {
   return process()->channel() && renderer_initialized_;
 }
 
 void RenderViewHost::NavigateToEntry(const NavigationEntry& entry,
                                      bool is_reload) {
   ViewMsg_Navigate_Params params;
   MakeNavigateParams(entry, is_reload, &params);
 
-  RendererSecurityPolicy::GetInstance()->GrantRequestURL(
+  ChildProcessSecurityPolicy::GetInstance()->GrantRequestURL(
       process()->pid(), params.url);
 
   DoNavigate(entry.url(), new ViewMsg_Navigate(routing_id(), params));
 }
 
 void RenderViewHost::NavigateToURL(const GURL& url) {
   ViewMsg_Navigate_Params params;
   params.page_id = -1;
   params.url = url;
   params.transition = PageTransition::LINK;
   params.reload = false;
 
-  RendererSecurityPolicy::GetInstance()->GrantRequestURL(
+  ChildProcessSecurityPolicy::GetInstance()->GrantRequestURL(
       process()->pid(), params.url);
 
   DoNavigate(url, new ViewMsg_Navigate(routing_id(), params));
 }
 
 void RenderViewHost::DoNavigate(const GURL& url,
                                 ViewMsg_Navigate* nav_message) {
   // Only send the message if we aren't suspended at the start of a cross-site
   // request.
   if (navigations_suspended_) {
@@ skipping 166 matching lines @@
 void RenderViewHost::FillPasswordForm(
     const PasswordFormDomManager::FillData& form_data) {
   Send(new ViewMsg_FillPasswordForm(routing_id(), form_data));
 }
 
 void RenderViewHost::DragTargetDragEnter(
     const WebDropData& drop_data,
     const gfx::Point& client_pt,
     const gfx::Point& screen_pt) {
   // Grant the renderer the ability to load the drop_data.
-  RendererSecurityPolicy* policy = RendererSecurityPolicy::GetInstance();
+  ChildProcessSecurityPolicy* policy = ChildProcessSecurityPolicy::GetInstance();
   policy->GrantRequestURL(process()->pid(), drop_data.url);
   for (std::vector<string16>::const_iterator iter(drop_data.filenames.begin());
        iter != drop_data.filenames.end(); ++iter) {
     FilePath path = FilePath::FromWStringHack(UTF16ToWideHack(*iter));
     policy->GrantRequestURL(process()->pid(), net::FilePathToFileURL(path));
     policy->GrantUploadFile(process()->pid(), path);
   }
   Send(new ViewMsg_DragTargetDragEnter(routing_id(), drop_data, client_pt,
                                        screen_pt));
 }
@@ skipping 151 matching lines @@
 void RenderViewHost::CopyImageAt(int x, int y) {
   Send(new ViewMsg_CopyImageAt(routing_id(), x, y));
 }
 
 void RenderViewHost::InspectElementAt(int x, int y) {
   if (!CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kDisableOutOfProcessDevTools)) {
     DevToolsManager* manager = g_browser_process->devtools_manager();
     manager->InspectElement(this, x, y);
   } else {
-    RendererSecurityPolicy::GetInstance()->
+    ChildProcessSecurityPolicy::GetInstance()->
         GrantInspectElement(process()->pid());
     Send(new ViewMsg_InspectElement(routing_id(), x, y));
   }
 }
 
 void RenderViewHost::ShowJavaScriptConsole() {
   if (!CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kDisableOutOfProcessDevTools)) {
     DevToolsManager* manager = g_browser_process->devtools_manager();
     manager->OpenDevToolsWindow(this);
   } else {
-    RendererSecurityPolicy::GetInstance()->
+    ChildProcessSecurityPolicy::GetInstance()->
         GrantInspectElement(process()->pid());
     Send(new ViewMsg_ShowJavaScriptConsole(routing_id()));
   }
 }
 
 void RenderViewHost::DragSourceEndedAt(
     int client_x, int client_y, int screen_x, int screen_y) {
   Send(new ViewMsg_DragSourceEndedOrMoved(
       routing_id(),
       gfx::Point(client_x, client_y),
@@ skipping 67 matching lines @@
 
 void RenderViewHost::UpdateWebPreferences(const WebPreferences& prefs) {
   Send(new ViewMsg_UpdateWebPreferences(routing_id(), prefs));
 }
 
 void RenderViewHost::InstallMissingPlugin() {
   Send(new ViewMsg_InstallMissingPlugin(routing_id()));
 }
 
 void RenderViewHost::FileSelected(const FilePath& path) {
-  RendererSecurityPolicy::GetInstance()->GrantUploadFile(process()->pid(),
+  ChildProcessSecurityPolicy::GetInstance()->GrantUploadFile(process()->pid(),
                                                          path);
   std::vector<FilePath> files;
   files.push_back(path);
   Send(new ViewMsg_RunFileChooserResponse(routing_id(), files));
 }
 
 void RenderViewHost::MultiFilesSelected(
          const std::vector<FilePath>& files) {
   for (std::vector<FilePath>::const_iterator file = files.begin();
        file != files.end(); ++file) {
-    RendererSecurityPolicy::GetInstance()->GrantUploadFile(
+    ChildProcessSecurityPolicy::GetInstance()->GrantUploadFile(
       process()->pid(), *file);
   }
   Send(new ViewMsg_RunFileChooserResponse(routing_id(), files));
 }
 
 void RenderViewHost::LoadStateChanged(const GURL& url,
                                       net::LoadState load_state) {
   delegate_->LoadStateChanged(url, load_state);
 }
 
@@ skipping 206 matching lines @@
 void RenderViewHost::OnMsgNavigate(const IPC::Message& msg) {
   // Read the parameters out of the IPC message directly to avoid making another
   // copy when we filter the URLs.
   void* iter = NULL;
   ViewHostMsg_FrameNavigate_Params validated_params;
   if (!IPC::ParamTraits<ViewHostMsg_FrameNavigate_Params>::
       Read(&msg, &iter, &validated_params))
     return;
 
   const int renderer_id = process()->pid();
-  RendererSecurityPolicy* policy = RendererSecurityPolicy::GetInstance();
+  ChildProcessSecurityPolicy* policy = ChildProcessSecurityPolicy::GetInstance();
   // Without this check, an evil renderer can trick the browser into creating
   // a navigation entry for a banned URL.  If the user clicks the back button
   // followed by the forward button (or clicks reload, or round-trips through
   // session restore, etc), we'll think that the browser commanded the
   // renderer to load the URL and grant the renderer the privileges to request
   // the URL.  To prevent this attack, we block the renderer from inserting
   // banned URLs into the navigation controller in the first place.
   FilterURL(policy, renderer_id, &validated_params.url);
   FilterURL(policy, renderer_id, &validated_params.referrer);
   for (std::vector<GURL>::iterator it(validated_params.redirects.begin());
@@ skipping 75 matching lines @@
     const std::string& frame_origin,
     const std::string& main_frame_origin,
     const std::string& security_info) {
   delegate_->DidLoadResourceFromMemoryCache(
       url, frame_origin, main_frame_origin, security_info);
 }
 
 void RenderViewHost::OnMsgDidStartProvisionalLoadForFrame(bool is_main_frame,
                                                           const GURL& url) {
   GURL validated_url(url);
-  FilterURL(RendererSecurityPolicy::GetInstance(),
+  FilterURL(ChildProcessSecurityPolicy::GetInstance(),
             process()->pid(), &validated_url);
 
   delegate_->DidStartProvisionalLoadForFrame(this, is_main_frame,
                                              validated_url);
 }
 
 void RenderViewHost::OnMsgDidFailProvisionalLoadWithError(
     bool is_main_frame,
     int error_code,
     const GURL& url,
     bool showing_repost_interstitial) {
   GURL validated_url(url);
-  FilterURL(RendererSecurityPolicy::GetInstance(),
+  FilterURL(ChildProcessSecurityPolicy::GetInstance(),
             process()->pid(), &validated_url);
 
   delegate_->DidFailProvisionalLoadWithError(this, is_main_frame,
                                              error_code, validated_url,
                                              showing_repost_interstitial);
 }
 
 void RenderViewHost::OnMsgFindReply(int request_id,
                                     int number_of_matches,
                                     const gfx::Rect& selection_rect,
@@ skipping 26 matching lines @@
 
 void RenderViewHost::OnMsgContextMenu(const ContextMenuParams& params) {
   RenderViewHostDelegate::View* view = delegate_->GetViewDelegate();
   if (!view)
     return;
 
   // Validate the URLs in |params|.  If the renderer can't request the URLs
   // directly, don't show them in the context menu.
   ContextMenuParams validated_params(params);
   const int renderer_id = process()->pid();
-  RendererSecurityPolicy* policy = RendererSecurityPolicy::GetInstance();
+  ChildProcessSecurityPolicy* policy = ChildProcessSecurityPolicy::GetInstance();
 
   // We don't validate |unfiltered_link_url| so that this field can be used
   // when users want to copy the original link URL.
   FilterURL(policy, renderer_id, &validated_params.link_url);
   FilterURL(policy, renderer_id, &validated_params.image_url);
   FilterURL(policy, renderer_id, &validated_params.page_url);
   FilterURL(policy, renderer_id, &validated_params.frame_url);
 
   view->ShowContextMenu(validated_params);
 }
 
 void RenderViewHost::OnMsgOpenURL(const GURL& url,
                                   const GURL& referrer,
                                   WindowOpenDisposition disposition) {
   GURL validated_url(url);
-  FilterURL(RendererSecurityPolicy::GetInstance(),
+  FilterURL(ChildProcessSecurityPolicy::GetInstance(),
             process()->pid(), &validated_url);
 
   delegate_->RequestOpenURL(validated_url, referrer, disposition);
 }
 
 void RenderViewHost::OnMsgDidContentsPreferredWidthChange(int pref_width) {
   RenderViewHostDelegate::View* view = delegate_->GetViewDelegate();
   if (!view)
     return;
   view->UpdatePreferredWidth(pref_width);
 }
 
 void RenderViewHost::OnMsgDomOperationResponse(
     const std::string& json_string, int automation_id) {
   delegate_->DomOperationResponse(json_string, automation_id);
 }
 
 void RenderViewHost::OnMsgDOMUISend(
     const std::string& message, const std::string& content) {
-  if (!RendererSecurityPolicy::GetInstance()->
+  if (!ChildProcessSecurityPolicy::GetInstance()->
           HasDOMUIBindings(process()->pid())) {
     NOTREACHED() << "Blocked unauthorized use of DOMUIBindings.";
     return;
   }
   delegate_->ProcessDOMUIMessage(message, content);
 }
 
 void RenderViewHost::OnMsgForwardMessageToExternalHost(
     const std::string& message, const std::string& origin,
     const std::string& target) {
@@ skipping 293 matching lines @@
   Send(new ViewMsg_ExtensionResponse(routing_id(), request_id, success,
       response, error));
 }
 
 void RenderViewHost::OnExtensionPostMessage(
     int port_id, const std::string& message) {
   URLRequestContext* context = process()->profile()->GetRequestContext();
   ExtensionMessageService::GetInstance(context)->
       PostMessageFromRenderer(port_id, message);
 }