WIP: URL blacklisting by policy.

chrome/browser/policy/url_blacklist_manager.h

Index: chrome/browser/policy/url_blacklist_manager.h
diff --git a/chrome/browser/policy/url_blacklist_manager.h b/chrome/browser/policy/url_blacklist_manager.h
new file mode 100644
index 0000000000000000000000000000000000000000..9c20d0b5fa36e4af4fb90cf9879ffc0f50bbaf37
--- /dev/null
+++ b/chrome/browser/policy/url_blacklist_manager.h
@@ -0,0 +1,191 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_POLICY_URL_BLACKLIST_MANAGER_H_
+#define CHROME_BROWSER_POLICY_URL_BLACKLIST_MANAGER_H_
+#pragma once
+
+#include <string>
+#include <vector>
+
+#include "base/basictypes.h"
+#include "base/compiler_specific.h"
+#include "base/hash_tables.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/memory/weak_ptr.h"
+#include "base/task.h"
+#include "chrome/browser/prefs/pref_change_registrar.h"
+#include "content/common/notification_observer.h"
+
+class GURL;
+class NotificationDetails;
+class NotificationSource;
+class PrefService;
+class Profile;
+
+namespace base {
+class ListValue;
+}
+
+namespace policy {
+
+// Manages a table of blacklisted urls. Not a private implementation so that
+// it can be tested.
+class Blacklist {
+ public:
+  Blacklist();
+  virtual ~Blacklist();
+
+  // URLs matching |filter| will be blocked.
+  void Block(const std::string& filter);
+
+  // URLs matching |filter| will be allowed. If |filter| is both Blocked and
+  // Allowed, Allow takes precedence.
+  void Allow(const std::string& filter);
+
+  // Returns true if the URL is blocked.
+  bool IsURLBlocked(const GURL& url) const;
+
+  // A constant mapped to a scheme that can be filtered.
+  enum SchemeFlag {
+    SCHEME_HTTP   = 1 << 0,
+    SCHEME_HTTPS  = 1 << 1,
+    SCHEME_FTP    = 1 << 2,
+
+    SCHEME_ALL    = (1 << 3) - 1,
+  };
+
+  // Returns true if |scheme| is a scheme that can be filtered. Returns true
+  // and sets |flag| to SCHEME_ALL if |scheme| is empty.
+  static bool SchemeToFlag(const std::string& scheme, SchemeFlag* flag);
+
+  // Splits a URL filter into its components. A GURL isn't used because these
+  // aren't canonical URLs. Returns false if the URL couldn't be parsed.

[Mattias Nissler (ping if slow), 2011/08/31 14:58:09]

Actually, isn't the problem with GURL that it _does_ canonicalize the URL?

[Joao da Silva, 2011/09/01 12:47:36]

Indeed it does. The problem is that GURL doesn't accept invalid URLs, like
"google.com". The comments has been changed to clarify that.

+  // The optional username and password are ignored.
+  // |port| is 0 if none is explicitly defined.
+  // |path| does not include query parameters.
+  static bool FilterToComponents(const std::string& filter,
+                                 std::string* scheme,
+                                 std::string* host,
+                                 uint16* port,
+                                 std::string* path);
+ private:
+  void AddFilter(const std::string& filter, bool block);
+
+  struct PathFilter {
+    explicit PathFilter(const std::string& path, uint16 port, bool match)
+        : path_prefix(path),
+          port(port),
+          blocked_schemes(0),
+          allowed_schemes(0),
+          match_subdomains(match)  { }

[Mattias Nissler (ping if slow), 2011/08/31 14:58:09]

remove space after ) and between {}

[Joao da Silva, 2011/09/01 12:47:36]

Done.

+
+    std::string path_prefix;
+    uint16 port;
+    uint8 blocked_schemes;
+    uint8 allowed_schemes;
+    bool match_subdomains;
+  };
+
+  typedef std::vector<PathFilter> PathFilterList;
+  typedef base::hash_map<std::string, PathFilterList> HostFilterTable;
+
+  HostFilterTable host_filters_;
+
+  DISALLOW_COPY_AND_ASSIGN(Blacklist);
+};
+
+// Tracks the blacklist policies for a given profile, and updates it on changes.
+//
+// This class interacts with both the UI thread, where notifications of pref
+// changes are received from, and the IO thread, which owns it (in the
+// ProfileIOData) and checks for blacklisted URLs (from ChromeNetworkDelegate).
+//
+// It must be constructed on the UI thread first, to set up
+// |ui_method_factory_| and |initialize_on_ui_task_|. The task is used to
+// resume initialization on the UI thread, after initialization on the IO thread
+// is complete.
+//
+// InitializeOnIOThread sets up |io_weak_ptr_factory_| and |weak_ptr_|. These
+// allow creating WeakPtrs to self on the UI thread, which will be passed
+// around before being used on the IO thread, where they can be tested for
+// validity and invalidated. InitializeOnIOThread then posts
+// |initialize_on_ui_task_|, which resumes initialization on the UI thread.
+//
+// The task will invoke InitializeOnUIThread, which sets up preference
+// listeners. These can only start updating once it's safe to get weak ptrs for
+// the IO thread.
+//
+// Destruction must also pass through both threads. ShutdownOnUIThread must be
+// called first, and will invalidate any pending updates (and even a pending
+// initialize_on_ui_task_, if it hasn't executed yet). After that, no more
+// calls will be made from the UI thread. It is then safe to call the dtor
+// on the IO thread. Any updates will flight have a weak ptr to self, which
+// will be invalidated and the update is discarded.
+class URLBlacklistManager : public NotificationObserver {
+ public:
+  // Must be constructed on the UI thread.
+  explicit URLBlacklistManager(Profile* profile);
+  virtual ~URLBlacklistManager();
+
+  // Must be called on the IO thread.
+  void InitializeOnIOThread();
+
+  // Must be called on the UI thread, before destruction.
+  void ShutdownOnUIThread();
+
+  // Returns true if |url| is blocked by the current blacklist. Must be called
+  // from the IO thread.
+  bool IsURLBlocked(const GURL& url) const;
+
+  // Replaces the current blacklist. Must be called on the IO thread.
+  void SetBlacklist(Blacklist* blacklist);
+
+  // Registers the preferences related to blacklisting in the given PrefService.
+  static void RegisterPrefs(PrefService* pref_service);
+
+ protected:
+  // These are used to delay updating the blacklist while the preferences are
+  // changing, and execute only one update per simultaneous prefs changes.
+  void ScheduleUpdate();
+  virtual void PostUpdateTask(Task* task);  // Virtual for testing.
+  virtual void Update();  // Virtual for testing.
+
+ private:
+  virtual void Observe(int type,
+                       const NotificationSource& source,
+                       const NotificationDetails& details) OVERRIDE;
+
+  // Completes initialization on the UI thread.
+  void InitializeOnUIThread();
+
+  // Used to post update tasks to the UI thread.
+  ScopedRunnableMethodFactory<URLBlacklistManager> ui_method_factory_;
+
+  // Used to get weak ptrs to self that are valid on the IO thread.
+  base::WeakPtrFactory<URLBlacklistManager> io_weak_ptr_factory_;
+
+  // Holds a weak reference to self on the IO thread. This is used to enable
+  // creation on the UI thread of weak refs that are used on the IO thread.
+  // Existence of this ref prevents reattachment of new weak ptrs to the UI
+  // thread.
+  base::WeakPtr<URLBlacklistManager> weak_ptr_;
+
+  // A task that is created on the UI thread but posted from the IO thread to
+  // resume initialization on the UI thread.
+  Task* initialize_on_ui_task_;
+
+  // Used to track the policies and update the blacklist on changes.
+  PrefChangeRegistrar pref_change_registrar_;
+  PrefService* pref_service_;  // Weak.
+
+  // The current blacklist. Lives in the IO thread.
+  scoped_ptr<Blacklist> blacklist_;
+
+  DISALLOW_COPY_AND_ASSIGN(URLBlacklistManager);
+};
+
+}  // namespace policy
+
+#endif  // CHROME_BROWSER_POLICY_URL_BLACKLIST_MANAGER_H_