Pull ChildProcessSecurityPolicyImpl out to shared subfolder

content/browser/shared/child_process_security_policy_helper.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "content/browser/child_process_security_policy_impl.h"
+#include "content/browser/shared/child_process_security_policy_helper.h"
 
 #include <algorithm>
 #include <utility>
 
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/metrics/histogram.h"
 #include "base/stl_util.h"
@@ skipping 14 matching lines @@
 #include "storage/common/fileapi/file_system_util.h"
 #include "url/gurl.h"
 
 namespace content {
 
 namespace {
 
 // Used internally only. These bit positions have no relationship to any
 // underlying OS and can be changed to accommodate finer-grained permissions.
 enum ChildProcessSecurityPermissions {
-  READ_FILE_PERMISSION             = 1 << 0,
-  WRITE_FILE_PERMISSION            = 1 << 1,
-  CREATE_NEW_FILE_PERMISSION       = 1 << 2,
+  READ_FILE_PERMISSION = 1 << 0,
+  WRITE_FILE_PERMISSION = 1 << 1,
+  CREATE_NEW_FILE_PERMISSION = 1 << 2,
   CREATE_OVERWRITE_FILE_PERMISSION = 1 << 3,
-  DELETE_FILE_PERMISSION           = 1 << 4,
+  DELETE_FILE_PERMISSION = 1 << 4,
 
   // Used by Media Galleries API
-  COPY_INTO_FILE_PERMISSION        = 1 << 5,
+  COPY_INTO_FILE_PERMISSION = 1 << 5,
 };
 
 // Used internally only. Bitmasks that are actually used by the Grant* and Can*
 // methods. These contain one or more ChildProcessSecurityPermissions.
 enum ChildProcessSecurityGrants {
-  READ_FILE_GRANT              = READ_FILE_PERMISSION,
-  WRITE_FILE_GRANT             = WRITE_FILE_PERMISSION,
+  READ_FILE_GRANT = READ_FILE_PERMISSION,
+  WRITE_FILE_GRANT = WRITE_FILE_PERMISSION,
 
-  CREATE_NEW_FILE_GRANT        = CREATE_NEW_FILE_PERMISSION |
-                                 COPY_INTO_FILE_PERMISSION,
+  CREATE_NEW_FILE_GRANT =
+      CREATE_NEW_FILE_PERMISSION | COPY_INTO_FILE_PERMISSION,
 
   CREATE_READ_WRITE_FILE_GRANT = CREATE_NEW_FILE_PERMISSION |
                                  CREATE_OVERWRITE_FILE_PERMISSION |
                                  READ_FILE_PERMISSION |
                                  WRITE_FILE_PERMISSION |
                                  COPY_INTO_FILE_PERMISSION |
                                  DELETE_FILE_PERMISSION,
 
-  COPY_INTO_FILE_GRANT         = COPY_INTO_FILE_PERMISSION,
-  DELETE_FILE_GRANT            = DELETE_FILE_PERMISSION,
+  COPY_INTO_FILE_GRANT = COPY_INTO_FILE_PERMISSION,
+  DELETE_FILE_GRANT = DELETE_FILE_PERMISSION,
 };
 
 }  // namespace
 
 // The SecurityState class is used to maintain per-child process security state
 // information.
-class ChildProcessSecurityPolicyImpl::SecurityState {
+class ChildProcessSecurityPolicyHelper::SecurityState {
  public:
   SecurityState()
-    : enabled_bindings_(0),
-      can_read_raw_cookies_(false),
-      can_send_midi_sysex_(false) { }
+      : enabled_bindings_(0),
+        can_read_raw_cookies_(false),
+        can_send_midi_sysex_(false) {}
 
   ~SecurityState() {
     scheme_policy_.clear();
     storage::IsolatedContext* isolated_context =
         storage::IsolatedContext::GetInstance();
     for (FileSystemMap::iterator iter = filesystem_permissions_.begin();
-         iter != filesystem_permissions_.end();
-         ++iter) {
+         iter != filesystem_permissions_.end(); ++iter) {
       isolated_context->RemoveReference(iter->first);
     }
     UMA_HISTOGRAM_COUNTS("ChildProcessSecurityPolicy.PerChildFilePermissions",
                          file_permissions_.size());
   }
 
   // Grant permission to request URLs with the specified origin.
-  void GrantOrigin(const url::Origin& origin) {
-    origin_set_.insert(origin);
-  }
+  void GrantOrigin(const url::Origin& origin) { origin_set_.insert(origin); }
 
   // Grant permission to request URLs with the specified scheme.
-  void GrantScheme(const std::string& scheme) {
-    scheme_policy_[scheme] = true;
-  }
+  void GrantScheme(const std::string& scheme) { scheme_policy_[scheme] = true; }
 
   // Revoke permission to request URLs with the specified scheme.
   void RevokeScheme(const std::string& scheme) {
     scheme_policy_[scheme] = false;
   }
 
   // Grant certain permissions to a file.
   void GrantPermissionsForFile(const base::FilePath& file, int permissions) {
     base::FilePath stripped = file.StripTrailingSeparators();
     file_permissions_[stripped] |= permissions;
     UMA_HISTOGRAM_COUNTS("ChildProcessSecurityPolicy.FilePermissionPathLength",
                          stripped.value().size());
   }
 
   // Grant navigation to a file but not the file:// scheme in general.
-  void GrantRequestOfSpecificFile(const base::FilePath &file) {
+  void GrantRequestOfSpecificFile(const base::FilePath& file) {
     request_file_set_.insert(file.StripTrailingSeparators());
   }
 
   // Revokes all permissions granted to a file.
   void RevokeAllPermissionsForFile(const base::FilePath& file) {
     base::FilePath stripped = file.StripTrailingSeparators();
     file_permissions_.erase(stripped);
     request_file_set_.erase(stripped);
   }
 
@@ skipping 23 matching lines @@
     if (!permissions)
       return false;
     base::FilePath file_path = file.StripTrailingSeparators();
     FileMap::const_iterator it = file_permissions_.find(file_path);
     if (it != file_permissions_.end())
       return (it->second & permissions) == permissions;
     return false;
   }
 #endif
 
-  void GrantBindings(int bindings) {
-    enabled_bindings_ |= bindings;
-  }
+  void GrantBindings(int bindings) { enabled_bindings_ |= bindings; }
 
-  void GrantReadRawCookies() {
-    can_read_raw_cookies_ = true;
-  }
+  void GrantReadRawCookies() { can_read_raw_cookies_ = true; }
 
-  void RevokeReadRawCookies() {
-    can_read_raw_cookies_ = false;
-  }
+  void RevokeReadRawCookies() { can_read_raw_cookies_ = false; }
 
-  void GrantPermissionForMidiSysEx() {
-    can_send_midi_sysex_ = true;
-  }
+  void GrantPermissionForMidiSysEx() { can_send_midi_sysex_ = true; }
 
   // Determine whether permission has been granted to commit |url|.
   bool CanCommitURL(const GURL& url) {
     // Having permission to a scheme implies permission to all of its URLs.
     SchemeMap::const_iterator scheme_judgment(
         scheme_policy_.find(url.scheme()));
     if (scheme_judgment != scheme_policy_.end())
       return scheme_judgment->second;
 
     // Otherwise, check for permission for specific origin.
@@ skipping 44 matching lines @@
   bool CanAccessDataForOrigin(const GURL& gurl) {
     if (origin_lock_.is_empty())
       return true;
     // TODO(creis): We must pass the valid browser_context to convert hosted
     // apps URLs.  Currently, hosted apps cannot set cookies in this mode.
     // See http://crbug.com/160576.
     GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl);
     return origin_lock_ == site_gurl;
   }
 
-  void LockToOrigin(const GURL& gurl) {
-    origin_lock_ = gurl;
-  }
+  void LockToOrigin(const GURL& gurl) { origin_lock_ = gurl; }
 
   bool has_web_ui_bindings() const {
     return enabled_bindings_ & BINDINGS_POLICY_WEB_UI;
   }
 
-  bool can_read_raw_cookies() const {
-    return can_read_raw_cookies_;
-  }
+  bool can_read_raw_cookies() const { return can_read_raw_cookies_; }
 
-  bool can_send_midi_sysex() const {
-    return can_send_midi_sysex_;
-  }
+  bool can_send_midi_sysex() const { return can_send_midi_sysex_; }
 
  private:
   typedef std::map<std::string, bool> SchemeMap;
   typedef std::set<url::Origin> OriginSet;
 
   typedef int FilePermissionFlags;  // bit-set of base::File::Flags
   typedef std::map<base::FilePath, FilePermissionFlags> FileMap;
   typedef std::map<std::string, FilePermissionFlags> FileSystemMap;
   typedef std::set<base::FilePath> FileSet;
 
@@ skipping 21 matching lines @@
   bool can_send_midi_sysex_;
 
   GURL origin_lock_;
 
   // The set of isolated filesystems the child process is permitted to access.
   FileSystemMap filesystem_permissions_;
 
   DISALLOW_COPY_AND_ASSIGN(SecurityState);
 };
 
-ChildProcessSecurityPolicyImpl::ChildProcessSecurityPolicyImpl() {
+ChildProcessSecurityPolicyHelper::ChildProcessSecurityPolicyHelper() {
   // We know about these schemes and believe them to be safe.
   RegisterWebSafeScheme(url::kHttpScheme);
   RegisterWebSafeScheme(url::kHttpsScheme);
   RegisterWebSafeScheme(url::kFtpScheme);
   RegisterWebSafeScheme(url::kDataScheme);
   RegisterWebSafeScheme("feed");
   RegisterWebSafeScheme(url::kBlobScheme);
   RegisterWebSafeScheme(url::kFileSystemScheme);
 
   // We know about the following pseudo schemes and treat them specially.
   RegisterPseudoScheme(url::kAboutScheme);
   RegisterPseudoScheme(url::kJavaScriptScheme);
   RegisterPseudoScheme(kViewSourceScheme);
 }
 
-ChildProcessSecurityPolicyImpl::~ChildProcessSecurityPolicyImpl() {
+ChildProcessSecurityPolicyHelper::~ChildProcessSecurityPolicyHelper() {
   web_safe_schemes_.clear();
   pseudo_schemes_.clear();
   STLDeleteContainerPairSecondPointers(security_state_.begin(),
                                        security_state_.end());
   security_state_.clear();
 }
 
 // static
 ChildProcessSecurityPolicy* ChildProcessSecurityPolicy::GetInstance() {
-  return ChildProcessSecurityPolicyImpl::GetInstance();
+  return ChildProcessSecurityPolicyHelper::GetInstance();
 }
 
-ChildProcessSecurityPolicyImpl* ChildProcessSecurityPolicyImpl::GetInstance() {
-  return base::Singleton<ChildProcessSecurityPolicyImpl>::get();
+ChildProcessSecurityPolicyHelper*
+ChildProcessSecurityPolicyHelper::GetInstance() {
+  return base::Singleton<ChildProcessSecurityPolicyHelper>::get();
 }
 
-void ChildProcessSecurityPolicyImpl::Add(int child_id) {
+void ChildProcessSecurityPolicyHelper::Add(int child_id) {
   base::AutoLock lock(lock_);
   AddChild(child_id);
 }
 
-void ChildProcessSecurityPolicyImpl::AddWorker(int child_id,
-                                               int main_render_process_id) {
+void ChildProcessSecurityPolicyHelper::AddWorker(int child_id,
+                                                 int main_render_process_id) {
   base::AutoLock lock(lock_);
   AddChild(child_id);
   worker_map_[child_id] = main_render_process_id;
 }
 
-void ChildProcessSecurityPolicyImpl::Remove(int child_id) {
+void ChildProcessSecurityPolicyHelper::Remove(int child_id) {
   base::AutoLock lock(lock_);
   SecurityStateMap::iterator it = security_state_.find(child_id);
   if (it == security_state_.end())
     return;  // May be called multiple times.
 
   delete it->second;
   security_state_.erase(it);
   worker_map_.erase(child_id);
 }
 
-void ChildProcessSecurityPolicyImpl::RegisterWebSafeScheme(
+void ChildProcessSecurityPolicyHelper::RegisterWebSafeScheme(
     const std::string& scheme) {
   base::AutoLock lock(lock_);
   DCHECK_EQ(0U, web_safe_schemes_.count(scheme)) << "Add schemes at most once.";
   DCHECK_EQ(0U, pseudo_schemes_.count(scheme))
       << "Web-safe implies not pseudo.";
 
   web_safe_schemes_.insert(scheme);
 }
 
-bool ChildProcessSecurityPolicyImpl::IsWebSafeScheme(
+bool ChildProcessSecurityPolicyHelper::IsWebSafeScheme(
     const std::string& scheme) {
   base::AutoLock lock(lock_);
 
   return ContainsKey(web_safe_schemes_, scheme);
 }
 
-void ChildProcessSecurityPolicyImpl::RegisterPseudoScheme(
+void ChildProcessSecurityPolicyHelper::RegisterPseudoScheme(
     const std::string& scheme) {
   base::AutoLock lock(lock_);
   DCHECK_EQ(0U, pseudo_schemes_.count(scheme)) << "Add schemes at most once.";
   DCHECK_EQ(0U, web_safe_schemes_.count(scheme))
       << "Pseudo implies not web-safe.";
 
   pseudo_schemes_.insert(scheme);
 }
 
-bool ChildProcessSecurityPolicyImpl::IsPseudoScheme(
+bool ChildProcessSecurityPolicyHelper::IsPseudoScheme(
     const std::string& scheme) {
   base::AutoLock lock(lock_);
 
   return ContainsKey(pseudo_schemes_, scheme);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantRequestURL(
-    int child_id, const GURL& url) {
-
+void ChildProcessSecurityPolicyHelper::GrantRequestURL(int child_id,
+                                                       const GURL& url) {
   if (!url.is_valid())
     return;  // Can't grant the capability to request invalid URLs.
 
   if (IsWebSafeScheme(url.scheme()))
     return;  // The scheme has already been whitelisted for every child process.
 
   if (IsPseudoScheme(url.scheme())) {
     return;  // Can't grant the capability to request pseudo schemes.
   }
 
   {
     base::AutoLock lock(lock_);
     SecurityStateMap::iterator state = security_state_.find(child_id);
     if (state == security_state_.end())
       return;
 
     // When the child process has been commanded to request this scheme,
     // we grant it the capability to request all URLs of that scheme.
     state->second->GrantScheme(url.scheme());
   }
 }
 
-void ChildProcessSecurityPolicyImpl::GrantRequestSpecificFileURL(
+void ChildProcessSecurityPolicyHelper::GrantRequestSpecificFileURL(
     int child_id,
     const GURL& url) {
   if (!url.SchemeIs(url::kFileScheme))
     return;
 
   {
     base::AutoLock lock(lock_);
     SecurityStateMap::iterator state = security_state_.find(child_id);
     if (state == security_state_.end())
       return;
 
     // When the child process has been commanded to request a file:// URL,
     // then we grant it the capability for that URL only.
     base::FilePath path;
     if (net::FileURLToFilePath(url, &path))
       state->second->GrantRequestOfSpecificFile(path);
   }
 }
 
-void ChildProcessSecurityPolicyImpl::GrantReadFile(int child_id,
-                                                   const base::FilePath& file) {
+void ChildProcessSecurityPolicyHelper::GrantReadFile(
+    int child_id,
+    const base::FilePath& file) {
   GrantPermissionsForFile(child_id, file, READ_FILE_GRANT);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantCreateReadWriteFile(
-    int child_id, const base::FilePath& file) {
+void ChildProcessSecurityPolicyHelper::GrantCreateReadWriteFile(
+    int child_id,
+    const base::FilePath& file) {
   GrantPermissionsForFile(child_id, file, CREATE_READ_WRITE_FILE_GRANT);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantCopyInto(int child_id,
-                                                   const base::FilePath& dir) {
+void ChildProcessSecurityPolicyHelper::GrantCopyInto(
+    int child_id,
+    const base::FilePath& dir) {
   GrantPermissionsForFile(child_id, dir, COPY_INTO_FILE_GRANT);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantDeleteFrom(
-    int child_id, const base::FilePath& dir) {
+void ChildProcessSecurityPolicyHelper::GrantDeleteFrom(
+    int child_id,
+    const base::FilePath& dir) {
   GrantPermissionsForFile(child_id, dir, DELETE_FILE_GRANT);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantPermissionsForFile(
-    int child_id, const base::FilePath& file, int permissions) {
+void ChildProcessSecurityPolicyHelper::GrantPermissionsForFile(
+    int child_id,
+    const base::FilePath& file,
+    int permissions) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
 
   state->second->GrantPermissionsForFile(file, permissions);
 }
 
-void ChildProcessSecurityPolicyImpl::RevokeAllPermissionsForFile(
-    int child_id, const base::FilePath& file) {
+void ChildProcessSecurityPolicyHelper::RevokeAllPermissionsForFile(
+    int child_id,
+    const base::FilePath& file) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
 
   state->second->RevokeAllPermissionsForFile(file);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantReadFileSystem(
-    int child_id, const std::string& filesystem_id) {
+void ChildProcessSecurityPolicyHelper::GrantReadFileSystem(
+    int child_id,
+    const std::string& filesystem_id) {
   GrantPermissionsForFileSystem(child_id, filesystem_id, READ_FILE_GRANT);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantWriteFileSystem(
-    int child_id, const std::string& filesystem_id) {
+void ChildProcessSecurityPolicyHelper::GrantWriteFileSystem(
+    int child_id,
+    const std::string& filesystem_id) {
   GrantPermissionsForFileSystem(child_id, filesystem_id, WRITE_FILE_GRANT);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantCreateFileForFileSystem(
-    int child_id, const std::string& filesystem_id) {
+void ChildProcessSecurityPolicyHelper::GrantCreateFileForFileSystem(
+    int child_id,
+    const std::string& filesystem_id) {
   GrantPermissionsForFileSystem(child_id, filesystem_id, CREATE_NEW_FILE_GRANT);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantCreateReadWriteFileSystem(
-    int child_id, const std::string& filesystem_id) {
-  GrantPermissionsForFileSystem(
-      child_id, filesystem_id, CREATE_READ_WRITE_FILE_GRANT);
+void ChildProcessSecurityPolicyHelper::GrantCreateReadWriteFileSystem(
+    int child_id,
+    const std::string& filesystem_id) {
+  GrantPermissionsForFileSystem(child_id, filesystem_id,
+                                CREATE_READ_WRITE_FILE_GRANT);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantCopyIntoFileSystem(
-    int child_id, const std::string& filesystem_id) {
+void ChildProcessSecurityPolicyHelper::GrantCopyIntoFileSystem(
+    int child_id,
+    const std::string& filesystem_id) {
   GrantPermissionsForFileSystem(child_id, filesystem_id, COPY_INTO_FILE_GRANT);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantDeleteFromFileSystem(
-    int child_id, const std::string& filesystem_id) {
+void ChildProcessSecurityPolicyHelper::GrantDeleteFromFileSystem(
+    int child_id,
+    const std::string& filesystem_id) {
   GrantPermissionsForFileSystem(child_id, filesystem_id, DELETE_FILE_GRANT);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantSendMidiSysExMessage(int child_id) {
+void ChildProcessSecurityPolicyHelper::GrantSendMidiSysExMessage(int child_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
 
   state->second->GrantPermissionForMidiSysEx();
 }
 
-void ChildProcessSecurityPolicyImpl::GrantOrigin(int child_id,
-                                                 const url::Origin& origin) {
+void ChildProcessSecurityPolicyHelper::GrantOrigin(int child_id,
+                                                   const url::Origin& origin) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
 
   state->second->GrantOrigin(origin);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantScheme(int child_id,
-                                                 const std::string& scheme) {
+void ChildProcessSecurityPolicyHelper::GrantScheme(int child_id,
+                                                   const std::string& scheme) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
 
   state->second->GrantScheme(scheme);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantWebUIBindings(int child_id) {
+void ChildProcessSecurityPolicyHelper::GrantWebUIBindings(int child_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
 
   state->second->GrantBindings(BINDINGS_POLICY_WEB_UI);
 
   // Web UI bindings need the ability to request chrome: URLs.
   state->second->GrantScheme(kChromeUIScheme);
 
   // Web UI pages can contain links to file:// URLs.
   state->second->GrantScheme(url::kFileScheme);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantReadRawCookies(int child_id) {
+void ChildProcessSecurityPolicyHelper::GrantReadRawCookies(int child_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
 
   state->second->GrantReadRawCookies();
 }
 
-void ChildProcessSecurityPolicyImpl::RevokeReadRawCookies(int child_id) {
+void ChildProcessSecurityPolicyHelper::RevokeReadRawCookies(int child_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
 
   state->second->RevokeReadRawCookies();
 }
 
-bool ChildProcessSecurityPolicyImpl::CanRequestURL(
-    int child_id, const GURL& url) {
+bool ChildProcessSecurityPolicyHelper::CanRequestURL(int child_id,
+                                                     const GURL& url) {
   if (!url.is_valid())
     return false;  // Can't request invalid URLs.
 
   if (IsPseudoScheme(url.scheme())) {
     // Every child process can request <about:blank>.
     if (base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL))
       return true;
     // URLs like <about:version>, <about:crash>, <view-source:...> shouldn't be
     // requestable by any child process.  Also, this case covers
     // <javascript:...>, which should be handled internally by the process and
     // not kicked up to the browser.
     return false;
   }
 
   // If the process can commit the URL, it can request it.
   if (CanCommitURL(child_id, url))
     return true;
 
   // Also allow URLs destined for ShellExecute and not the browser itself.
   return !GetContentClient()->browser()->IsHandledURL(url) &&
          !net::URLRequest::IsHandledURL(url);
 }
 
-bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id,
-                                                  const GURL& url) {
+bool ChildProcessSecurityPolicyHelper::CanCommitURL(int child_id,
+                                                    const GURL& url) {
   if (!url.is_valid())
     return false;  // Can't commit invalid URLs.
 
   // Of all the pseudo schemes, only about:blank is allowed to commit.
   if (IsPseudoScheme(url.scheme()))
     return base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL);
 
   // TODO(creis): Tighten this for Site Isolation, so that a URL from a site
   // that is isolated can only be committed in a process dedicated to that site.
   // CanRequestURL should still allow all web-safe schemes. See
   // https://crbug.com/515309.
   if (IsWebSafeScheme(url.scheme()))
     return true;  // The scheme has been white-listed for every child process.
 
   {
     base::AutoLock lock(lock_);
 
     SecurityStateMap::iterator state = security_state_.find(child_id);
     if (state == security_state_.end())
       return false;
 
     // Otherwise, we consult the child process's security state to see if it is
     // allowed to commit the URL.
     return state->second->CanCommitURL(url);
   }
 }
 
-bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id,
-                                                 const base::FilePath& file) {
+bool ChildProcessSecurityPolicyHelper::CanReadFile(int child_id,
+                                                   const base::FilePath& file) {
   return HasPermissionsForFile(child_id, file, READ_FILE_GRANT);
 }
 
-bool ChildProcessSecurityPolicyImpl::CanReadAllFiles(
+bool ChildProcessSecurityPolicyHelper::CanReadAllFiles(
     int child_id,
     const std::vector<base::FilePath>& files) {
   return std::all_of(files.begin(), files.end(),
                      [this, child_id](const base::FilePath& file) {
                        return CanReadFile(child_id, file);
                      });
 }
 
-bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFile(
+bool ChildProcessSecurityPolicyHelper::CanCreateReadWriteFile(
     int child_id,
     const base::FilePath& file) {
   return HasPermissionsForFile(child_id, file, CREATE_READ_WRITE_FILE_GRANT);
 }
 
-bool ChildProcessSecurityPolicyImpl::CanReadFileSystem(
-    int child_id, const std::string& filesystem_id) {
+bool ChildProcessSecurityPolicyHelper::CanReadFileSystem(
+    int child_id,
+    const std::string& filesystem_id) {
   return HasPermissionsForFileSystem(child_id, filesystem_id, READ_FILE_GRANT);
 }
 
-bool ChildProcessSecurityPolicyImpl::CanReadWriteFileSystem(
-    int child_id, const std::string& filesystem_id) {
+bool ChildProcessSecurityPolicyHelper::CanReadWriteFileSystem(
+    int child_id,
+    const std::string& filesystem_id) {
   return HasPermissionsForFileSystem(child_id, filesystem_id,
                                      READ_FILE_GRANT | WRITE_FILE_GRANT);
 }
 
-bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystem(
-    int child_id, const std::string& filesystem_id) {
+bool ChildProcessSecurityPolicyHelper::CanCopyIntoFileSystem(
+    int child_id,
+    const std::string& filesystem_id) {
   return HasPermissionsForFileSystem(child_id, filesystem_id,
                                      COPY_INTO_FILE_GRANT);
 }
 
-bool ChildProcessSecurityPolicyImpl::CanDeleteFromFileSystem(
-    int child_id, const std::string& filesystem_id) {
+bool ChildProcessSecurityPolicyHelper::CanDeleteFromFileSystem(
+    int child_id,
+    const std::string& filesystem_id) {
   return HasPermissionsForFileSystem(child_id, filesystem_id,
                                      DELETE_FILE_GRANT);
 }
 
-bool ChildProcessSecurityPolicyImpl::HasPermissionsForFile(
-    int child_id, const base::FilePath& file, int permissions) {
+bool ChildProcessSecurityPolicyHelper::HasPermissionsForFile(
+    int child_id,
+    const base::FilePath& file,
+    int permissions) {
   base::AutoLock lock(lock_);
   bool result = ChildProcessHasPermissionsForFile(child_id, file, permissions);
   if (!result) {
     // If this is a worker thread that has no access to a given file,
     // let's check that its renderer process has access to that file instead.
     WorkerToMainProcessMap::iterator iter = worker_map_.find(child_id);
     if (iter != worker_map_.end() && iter->second != 0) {
-      result = ChildProcessHasPermissionsForFile(iter->second,
-                                                 file,
-                                                 permissions);
+      result =
+          ChildProcessHasPermissionsForFile(iter->second, file, permissions);
     }
   }
   return result;
 }
 
-bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile(
+bool ChildProcessSecurityPolicyHelper::HasPermissionsForFileSystemFile(
     int child_id,
     const storage::FileSystemURL& url,
     int permissions) {
   if (!url.is_valid())
     return false;
 
   if (url.path().ReferencesParent())
     return false;
 
   // Any write access is disallowed on the root path.
   if (storage::VirtualPath::IsRootPath(url.path()) &&
       (permissions & ~READ_FILE_GRANT)) {
     return false;
   }
 
   if (url.mount_type() == storage::kFileSystemTypeIsolated) {
     // When Isolated filesystems is overlayed on top of another filesystem,
     // its per-filesystem permission overrides the underlying filesystem
     // permissions).
-    return HasPermissionsForFileSystem(
-        child_id, url.mount_filesystem_id(), permissions);
+    return HasPermissionsForFileSystem(child_id, url.mount_filesystem_id(),
+                                       permissions);
   }
 
   FileSystemPermissionPolicyMap::iterator found =
       file_system_policy_map_.find(url.type());
   if (found == file_system_policy_map_.end())
     return false;
 
   if ((found->second & storage::FILE_PERMISSION_READ_ONLY) &&
       permissions & ~READ_FILE_GRANT) {
     return false;
   }
 
   if (found->second & storage::FILE_PERMISSION_USE_FILE_PERMISSION)
     return HasPermissionsForFile(child_id, url.path(), permissions);
 
   if (found->second & storage::FILE_PERMISSION_SANDBOX)
     return true;
 
   return false;
 }
 
-bool ChildProcessSecurityPolicyImpl::CanReadFileSystemFile(
+bool ChildProcessSecurityPolicyHelper::CanReadFileSystemFile(
     int child_id,
     const storage::FileSystemURL& url) {
   return HasPermissionsForFileSystemFile(child_id, url, READ_FILE_GRANT);
 }
 
-bool ChildProcessSecurityPolicyImpl::CanWriteFileSystemFile(
+bool ChildProcessSecurityPolicyHelper::CanWriteFileSystemFile(
     int child_id,
     const storage::FileSystemURL& url) {
   return HasPermissionsForFileSystemFile(child_id, url, WRITE_FILE_GRANT);
 }
 
-bool ChildProcessSecurityPolicyImpl::CanCreateFileSystemFile(
+bool ChildProcessSecurityPolicyHelper::CanCreateFileSystemFile(
     int child_id,
     const storage::FileSystemURL& url) {
   return HasPermissionsForFileSystemFile(child_id, url, CREATE_NEW_FILE_GRANT);
 }
 
-bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFileSystemFile(
+bool ChildProcessSecurityPolicyHelper::CanCreateReadWriteFileSystemFile(
     int child_id,
     const storage::FileSystemURL& url) {
   return HasPermissionsForFileSystemFile(child_id, url,
                                          CREATE_READ_WRITE_FILE_GRANT);
 }
 
-bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystemFile(
+bool ChildProcessSecurityPolicyHelper::CanCopyIntoFileSystemFile(
     int child_id,
     const storage::FileSystemURL& url) {
   return HasPermissionsForFileSystemFile(child_id, url, COPY_INTO_FILE_GRANT);
 }
 
-bool ChildProcessSecurityPolicyImpl::CanDeleteFileSystemFile(
+bool ChildProcessSecurityPolicyHelper::CanDeleteFileSystemFile(
     int child_id,
     const storage::FileSystemURL& url) {
   return HasPermissionsForFileSystemFile(child_id, url, DELETE_FILE_GRANT);
 }
 
-bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) {
+bool ChildProcessSecurityPolicyHelper::HasWebUIBindings(int child_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
 
   return state->second->has_web_ui_bindings();
 }
 
-bool ChildProcessSecurityPolicyImpl::CanReadRawCookies(int child_id) {
+bool ChildProcessSecurityPolicyHelper::CanReadRawCookies(int child_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
 
   return state->second->can_read_raw_cookies();
 }
 
-void ChildProcessSecurityPolicyImpl::AddChild(int child_id) {
+void ChildProcessSecurityPolicyHelper::AddChild(int child_id) {
   if (security_state_.count(child_id) != 0) {
     NOTREACHED() << "Add child process at most once.";
     return;
   }
 
   security_state_[child_id] = new SecurityState();
 }
 
-bool ChildProcessSecurityPolicyImpl::ChildProcessHasPermissionsForFile(
-    int child_id, const base::FilePath& file, int permissions) {
+bool ChildProcessSecurityPolicyHelper::ChildProcessHasPermissionsForFile(
+    int child_id,
+    const base::FilePath& file,
+    int permissions) {
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
   return state->second->HasPermissionsForFile(file, permissions);
 }
 
-bool ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin(int child_id,
-                                                            const GURL& gurl) {
+bool ChildProcessSecurityPolicyHelper::CanAccessDataForOrigin(
+    int child_id,
+    const GURL& gurl) {
   base::AutoLock lock(lock_);
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end()) {
     // TODO(nick): Returning true instead of false here is a temporary
     // workaround for https://crbug.com/600441
     return true;
   }
   return state->second->CanAccessDataForOrigin(gurl);
 }
 
-void ChildProcessSecurityPolicyImpl::LockToOrigin(int child_id,
-                                                  const GURL& gurl) {
+void ChildProcessSecurityPolicyHelper::LockToOrigin(int child_id,
+                                                    const GURL& gurl) {
   // "gurl" can be currently empty in some cases, such as file://blah.
   DCHECK(SiteInstanceImpl::GetSiteForURL(NULL, gurl) == gurl);
   base::AutoLock lock(lock_);
   SecurityStateMap::iterator state = security_state_.find(child_id);
   DCHECK(state != security_state_.end());
   state->second->LockToOrigin(gurl);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantPermissionsForFileSystem(
+void ChildProcessSecurityPolicyHelper::GrantPermissionsForFileSystem(
     int child_id,
     const std::string& filesystem_id,
     int permission) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
   state->second->GrantPermissionsForFileSystem(filesystem_id, permission);
 }
 
-bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystem(
+bool ChildProcessSecurityPolicyHelper::HasPermissionsForFileSystem(
     int child_id,
     const std::string& filesystem_id,
     int permission) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
   return state->second->HasPermissionsForFileSystem(filesystem_id, permission);
 }
 
-void ChildProcessSecurityPolicyImpl::RegisterFileSystemPermissionPolicy(
+void ChildProcessSecurityPolicyHelper::RegisterFileSystemPermissionPolicy(
     storage::FileSystemType type,
     int policy) {
   base::AutoLock lock(lock_);
   file_system_policy_map_[type] = policy;
 }
 
-bool ChildProcessSecurityPolicyImpl::CanSendMidiSysExMessage(int child_id) {
+bool ChildProcessSecurityPolicyHelper::CanSendMidiSysExMessage(int child_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
 
   return state->second->can_send_midi_sysex();
 }
 
 }  // namespace content