[Geolocation] Attach user gesture indicator to permission request call.

content/renderer/geolocation_dispatcher.cc

Index: content/renderer/geolocation_dispatcher.cc
diff --git a/content/renderer/geolocation_dispatcher.cc b/content/renderer/geolocation_dispatcher.cc
index a764b6107e2aa8fed1d33f4c8d5b016f62b6ccdf..7b48ca5da9b2e62196948385e7aa0f8ca55d4807 100644
--- a/content/renderer/geolocation_dispatcher.cc
+++ b/content/renderer/geolocation_dispatcher.cc
@@ -12,6 +12,7 @@
 #include "third_party/WebKit/public/web/WebGeolocationClient.h"
 #include "third_party/WebKit/public/web/WebGeolocationPosition.h"
 #include "third_party/WebKit/public/web/WebGeolocationError.h"
+#include "third_party/WebKit/public/web/WebUserGestureIndicator.h"
 
 using blink::WebGeolocationController;
 using blink::WebGeolocationError;
@@ -89,7 +90,8 @@ void GeolocationDispatcher::requestPermission(
   int bridge_id = pending_permissions_->add(permissionRequest);
   base::string16 origin = permissionRequest.securityOrigin().toString();
   Send(new GeolocationHostMsg_RequestPermission(
-      routing_id(), bridge_id, GURL(origin)));
+      routing_id(), bridge_id, GURL(origin),
+      blink::WebUserGestureIndicator::isProcessingUserGesture()));

[palmer, 2014/03/28 00:35:05]

The trouble is, we can't trust renderers to tell the truth about this. We need
for the browser process to do the check before sending geolocation (or other)
information to a renderer.

http://www.chromium.org/Home/chromium-security/education/security-tips-for-ip....

[Greg Billock, 2014/03/28 15:52:52]

I agree, but the failure mode here is "user shown permission prompt when they
otherwise wouldn't be." And as far as I know we'd be asking the
(possibly-compromised) renderer for user gesture anyway, since we don't
correlate this in the browser process. (i.e. see the RegisterProtocolHandler
msg)

 }
 
 // TODO(jknotten): Change the messages to use a security origin, so no