Move implementation of ChildProcessSecurityPolicyImpl to c/b/shared, and wrap in c/b

content/browser/loader/resource_dispatcher_host_impl.cc

Index: content/browser/loader/resource_dispatcher_host_impl.cc
diff --git a/content/browser/loader/resource_dispatcher_host_impl.cc b/content/browser/loader/resource_dispatcher_host_impl.cc
index e3d759daf105eb09c0b52f61250e18d4cb76887a..2867f28a5ece077069d40fa3f40ce3d84a296ba5 100644
--- a/content/browser/loader/resource_dispatcher_host_impl.cc
+++ b/content/browser/loader/resource_dispatcher_host_impl.cc
@@ -38,7 +38,6 @@
 #include "content/browser/bad_message.h"
 #include "content/browser/blob_storage/chrome_blob_storage_context.h"
 #include "content/browser/cert_store_impl.h"
-#include "content/browser/child_process_security_policy_impl.h"
 #include "content/browser/download/download_resource_handler.h"
 #include "content/browser/download/save_file_manager.h"
 #include "content/browser/download/save_file_resource_handler.h"
@@ -66,6 +65,7 @@
 #include "content/browser/service_worker/foreign_fetch_request_handler.h"
 #include "content/browser/service_worker/link_header_support.h"
 #include "content/browser/service_worker/service_worker_request_handler.h"
+#include "content/browser/shared/child_process_security_policy_helper.h"
 #include "content/browser/streams/stream.h"
 #include "content/browser/streams/stream_context.h"
 #include "content/browser/streams/stream_registry.h"
@@ -298,8 +298,8 @@ bool ShouldServiceRequest(int process_type,
                           const net::HttpRequestHeaders& headers,
                           ResourceMessageFilter* filter,
                           ResourceContext* resource_context) {
-  ChildProcessSecurityPolicyImpl* policy =
-      ChildProcessSecurityPolicyImpl::GetInstance();
+  ChildProcessSecurityPolicyHelper* policy =
+      ChildProcessSecurityPolicyHelper::GetInstance();
 
   // Check if the renderer is permitted to request the requested URL.
   if (!policy->CanRequestURL(child_id, request_data.url)) {
@@ -353,7 +353,7 @@ bool ShouldServiceRequest(int process_type,
 
 void RemoveDownloadFileFromChildSecurityPolicy(int child_id,
                                                const base::FilePath& path) {
-  ChildProcessSecurityPolicyImpl::GetInstance()->RevokeAllPermissionsForFile(
+  ChildProcessSecurityPolicyHelper::GetInstance()->RevokeAllPermissionsForFile(
       child_id, path);
 }
 
@@ -739,8 +739,8 @@ DownloadInterruptReason ResourceDispatcherHostImpl::BeginDownload(
       net::URLRequest::UPDATE_FIRST_PARTY_URL_ON_REDIRECT);
 
   // Check if the renderer is permitted to request the requested URL.
-  if (!ChildProcessSecurityPolicyImpl::GetInstance()->
-          CanRequestURL(render_process_id, url)) {
+  if (!ChildProcessSecurityPolicyHelper::GetInstance()->CanRequestURL(
+          render_process_id, url)) {
     DVLOG(1) << "Denied unauthorized download request for "
              << url.possibly_invalid_spec();
     return DOWNLOAD_INTERRUPT_REASON_NETWORK_INVALID_REQUEST;
@@ -1486,8 +1486,8 @@ void ResourceDispatcherHostImpl::BeginRequest(
 
   // Raw headers are sensitive, as they include Cookie/Set-Cookie, so only
   // allow requesting them if requester has ReadRawCookies permission.
-  ChildProcessSecurityPolicyImpl* policy =
-      ChildProcessSecurityPolicyImpl::GetInstance();
+  ChildProcessSecurityPolicyHelper* policy =
+      ChildProcessSecurityPolicyHelper::GetInstance();
   bool report_raw_headers = request_data.report_raw_headers;
   if (report_raw_headers && !policy->CanReadRawCookies(child_id)) {
     // TODO: crbug.com/523063 can we call bad_message::ReceivedBadMessage here?
@@ -1762,7 +1762,7 @@ void ResourceDispatcherHostImpl::RegisterDownloadedTempFile(
   DCHECK(reference.get());
 
   registered_temp_files_[child_id][request_id] = reference;
-  ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
+  ChildProcessSecurityPolicyHelper::GetInstance()->GrantReadFile(
       child_id, reference->path());
 
   // When the temp file is deleted, revoke permissions that the renderer has