Functionality to allow blacklist and whitelist of custom schemes

chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.h"
 
 #include <stdint.h>
 #include <string>
 #include <utility>
 #include <vector>
@@ skipping 201 matching lines @@
       extension_id, web_contents, std::move(stream), view_id,
       expected_content_size, embedded, render_process_id, render_frame_id);
 }
 #endif  // !defined(ENABLE_EXTENSIONS)
 
 void LaunchURL(
     const GURL& url,
     int render_process_id,
     const content::ResourceRequestInfo::WebContentsGetter& web_contents_getter,
     ui::PageTransition page_transition,
-    bool has_user_gesture) {
+    bool has_user_gesture,
+    bool is_whitelisted) {
   // If there is no longer a WebContents, the request may have raced with tab
   // closing. Don't fire the external request. (It may have been a prerender.)
   content::WebContents* web_contents = web_contents_getter.Run();
   if (!web_contents)
     return;
 
   // Do not launch external requests attached to unswapped prerenders.
   prerender::PrerenderContents* prerender_contents =
       prerender::PrerenderContents::FromWebContents(web_contents);
   if (prerender_contents) {
     prerender_contents->Destroy(prerender::FINAL_STATUS_UNSUPPORTED_SCHEME);
     prerender::ReportPrerenderExternalURL();
     return;
   }
 
-  ExternalProtocolHandler::LaunchUrlWithDelegate(
-      url, render_process_id, web_contents->GetRoutingID(), page_transition,
-      has_user_gesture, g_external_protocol_handler_delegate);
+  // If the URL is in whitelist, we launch it without asking the user and
+  // without any additional security checks. Since the URL is whitelisted,
+  // we assume it can be executed.
+  if (is_whitelisted) {
+    ExternalProtocolHandler::LaunchUrlWithoutSecurityCheck(
+        url, render_process_id, web_contents->GetRoutingID());
+  } else {
+    ExternalProtocolHandler::LaunchUrlWithDelegate(
+        url, render_process_id, web_contents->GetRoutingID(), page_transition,
+        has_user_gesture, g_external_protocol_handler_delegate);
+  }
 }
 
 #if !defined(DISABLE_NACL)
 void AppendComponentUpdaterThrottles(
     net::URLRequest* request,
     content::ResourceContext* resource_context,
     ResourceType resource_type,
     ScopedVector<content::ResourceThrottle>* throttles) {
   const char* crx_id = NULL;
   component_updater::ComponentUpdateService* cus =
@@ skipping 255 matching lines @@
         net::AuthChallengeInfo* auth_info, net::URLRequest* request) {
   return CreateLoginPrompt(auth_info, request);
 }
 
 bool ChromeResourceDispatcherHostDelegate::HandleExternalProtocol(
     const GURL& url,
     int child_id,
     const content::ResourceRequestInfo::WebContentsGetter& web_contents_getter,
     bool is_main_frame,
     ui::PageTransition page_transition,
-    bool has_user_gesture) {
+    bool has_user_gesture,
+    content::ResourceContext* resource_context) {
+  // Get the state, if |url| is in blacklist, whitelist or in none of those.
+  ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context);
+  const policy::URLBlacklist::URLBlacklistState url_state =
+      io_data->GetURLBlacklistState(url);
+  if (url_state == policy::URLBlacklist::URLBlacklistState::URL_IN_BLACKLIST) {
+    // It's a link with custom scheme and it's blacklisted. We return false here
+    // and let it process as a normal URL. Eventually chrome_network_delegate
+    // will see it's in the blacklist and the user will be shown the blocked
+    // content page.
+    return false;
+  }
 #if defined(ENABLE_EXTENSIONS)
   // External protocols are disabled for guests. An exception is made for the
   // "mailto" protocol, so that pages that utilize it work properly in a
   // WebView.
   if (extensions::WebViewRendererState::GetInstance()->IsGuest(child_id) &&
       !url.SchemeIs(url::kMailToScheme)) {
     return false;
   }
 #endif  // defined(ENABLE_EXTENSIONS)
 
 #if defined(OS_ANDROID)
   // Main frame external protocols are handled by
   // InterceptNavigationResourceThrottle.
   if (is_main_frame)
     return false;
 #endif  // defined(ANDROID)
 
+  const bool is_whitelisted =
+      url_state == policy::URLBlacklist::URLBlacklistState::URL_IN_WHITELIST;
   BrowserThread::PostTask(
       BrowserThread::UI, FROM_HERE,
       base::Bind(&LaunchURL, url, child_id, web_contents_getter,
-                 page_transition, has_user_gesture));
+                 page_transition, has_user_gesture, is_whitelisted));
   return true;
 }
 
 void ChromeResourceDispatcherHostDelegate::AppendStandardResourceThrottles(
     net::URLRequest* request,
     content::ResourceContext* resource_context,
     ResourceType resource_type,
     ScopedVector<content::ResourceThrottle>* throttles) {
   ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context);
 
@@ skipping 266 matching lines @@
   data_reduction_proxy::DataReductionProxyData* data_reduction_proxy_data =
       data_reduction_proxy::DataReductionProxyData::GetData(*request);
   // DeepCopy the DataReductionProxyData from the URLRequest to prevent the
   // URLRequest and DataReductionProxyData from both having ownership of the
   // same object. This copy will be shortlived as it will be deep copied again
   // when content makes a clone of NavigationData for the UI thread.
   if (data_reduction_proxy_data)
     data->SetDataReductionProxyData(data_reduction_proxy_data->DeepCopy());
   return data;
 }