Avoid using ContentBrowserClient::IsIllegalOrigin in ResourceDispatcherHost.

content/browser/loader/resource_dispatcher_host_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // See http://dev.chromium.org/developers/design-documents/multi-process-resource-loading
 
 #include "content/browser/loader/resource_dispatcher_host_impl.h"
 
 #include <stddef.h>
 
@@ skipping 277 matching lines @@
 
 // Consults the RendererSecurity policy to determine whether the
 // ResourceDispatcherHostImpl should service this request.  A request might be
 // disallowed if the renderer is not authorized to retrieve the request URL or
 // if the renderer is attempting to upload an unauthorized file.
 bool ShouldServiceRequest(int process_type,
                           int child_id,
                           const ResourceRequest& request_data,
                           const net::HttpRequestHeaders& headers,
                           ResourceMessageFilter* filter,
-                          ResourceContext* resource_context) {
+                          ResourceContext* resource_context,
+                          ResourceDispatcherHostImpl* host) {
   ChildProcessSecurityPolicyImpl* policy =
       ChildProcessSecurityPolicyImpl::GetInstance();
 
   // Check if the renderer is permitted to request the requested URL.
   if (!policy->CanRequestURL(child_id, request_data.url)) {
     VLOG(1) << "Denied unauthorized request for "
             << request_data.url.possibly_invalid_spec();
     return false;
   }
 
   // Check if the renderer is using an illegal Origin header.  If so, kill it.
   std::string origin_string;
   bool has_origin = headers.GetHeader("Origin", &origin_string) &&
                     origin_string != "null";
   if (has_origin) {
     GURL origin(origin_string);
     if (!policy->CanCommitURL(child_id, origin) ||
-        GetContentClient()->browser()->IsIllegalOrigin(resource_context,
-                                                       child_id, origin)) {
+        host->IsIllegalOrigin(resource_context, origin, child_id)) {
       VLOG(1) << "Killed renderer for illegal origin: " << origin_string;
       bad_message::ReceivedBadMessage(filter, bad_message::RDH_ILLEGAL_ORIGIN);
       return false;
     }
   }
 
   // Check if the renderer is permitted to upload the requested files.
   if (request_data.request_body.get()) {
     const std::vector<ResourceRequestBodyImpl::Element>* uploads =
         request_data.request_body->elements();
@@ skipping 158 matching lines @@
     if (pending_frame_host)
       routing_ids->insert(pending_frame_host->GetGlobalFrameRoutingId());
   }
   BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
                           base::Bind(&NotifyForRouteSetOnIO, frame_callback,
                                      base::Passed(std::move(routing_ids))));
 }
 
 }  // namespace
 
+ResourceDispatcherHostImpl::OriginAccessInfo::OriginAccessInfo() {
+}
+
+ResourceDispatcherHostImpl::OriginAccessInfo::~OriginAccessInfo() {
+}
+
+ResourceDispatcherHostImpl::OriginAccessInfo::OriginAccessInfo(
+    const OriginAccessInfo& other) {
+}
+
 // static
 ResourceDispatcherHost* ResourceDispatcherHost::Get() {
   return g_resource_dispatcher_host;
 }
 
 ResourceDispatcherHostImpl::ResourceDispatcherHostImpl()
     : save_file_manager_(new SaveFileManager()),
       request_id_(-1),
       is_shutdown_(false),
       num_in_flight_requests_(0),
@@ skipping 238 matching lines @@
 void ResourceDispatcherHostImpl::ClearLoginDelegateForRequest(
     net::URLRequest* request) {
   ResourceRequestInfoImpl* info = ResourceRequestInfoImpl::ForRequest(request);
   if (info) {
     ResourceLoader* loader = GetLoader(info->GetGlobalRequestID());
     if (loader)
       loader->ClearLoginDelegate();
   }
 }
 
+void ResourceDispatcherHostImpl::AddSchemeForAccessCheck(
+    const std::string& scheme) {
+  origins_for_access_check_.insert(scheme);
+}
+
+void ResourceDispatcherHostImpl::AddProcessForOrigin(
+    const ResourceContext* context,
+    const std::string& origin,
+    int process_id) {
+  GURL url(origin);

[jam, 2016/08/02 17:01:46]

nit: in these three new methods, add a DCHECK_CURRENTLY_ON(BrowserThread::IO);
at the top.

since these are public methods and the caller is outside content, it's generally
good to have defensive checks in case calling code is changed. (and then no need
for the thread DCHECK in the methods that call these)

[ananta, 2016/08/02 22:28:28]

Added the DCHECK for the following methods:
1. RegisterSchemeForAccessCheck
2. UnregisterSchemeForAccessCheck
1. AddProcessForOrigin
2. RemoveProcessForOrigin

The AddSchemeForAccessCheck gets called on the main thread.

+  // The following conditions need to apply before we can add the process to
+  // the list of allowed processes for an origin.
+  // 1. The URL has to be valid.
+  // 2. It has to have a valid host.
+  // 3. The scheme has to be registered in the list of schemes being access
+  //    checked.
+  if (!url.is_valid() || !url.has_host() ||
+      origins_for_access_check_.find(url.scheme()) ==
+          origins_for_access_check_.end()) {
+    NOTREACHED() << "Invalid URL or unregistered scheme.";
+    return;
+  }
+
+  OriginAccessInfoMap* origin_access_info_map =
+      GetOriginAccessMapForResourceContext(context);
+  DCHECK(origin_access_info_map);
+
+  OriginAccessInfoMap::iterator index = origin_access_info_map->find(
+      url.host());
+  // If the host is not found in the map, then don't add the owner.
+  if (index == origin_access_info_map->end())
+    return;
+
+  OriginAccessInfo& access_info = index->second;
+  // The process should not be there in the list.
+  DCHECK(access_info.allowed_processes.find(process_id) ==
+         access_info.allowed_processes.end());
+  access_info.allowed_processes.insert(process_id);
+}
+
+void ResourceDispatcherHostImpl::RemoveProcessForOrigin(
+    const ResourceContext* context,
+    const std::string& origin,
+    int process_id) {
+  GURL url(origin);
+  // The scheme has to be registered in the list of schemes being access
+  // checked.
+  if (origins_for_access_check_.find(url.scheme()) ==
+      origins_for_access_check_.end()) {
+    DCHECK(false);
+    return;
+  }
+
+  OriginAccessInfoMap* origin_access_info_map =
+      GetOriginAccessMapForResourceContext(context);
+  DCHECK(origin_access_info_map);
+
+  OriginAccessInfoMap::iterator index = origin_access_info_map->find(
+      url.host());
+  // If the host is not found in the map, then don't remove the owner.
+  if (index == origin_access_info_map->end())
+    return;
+
+  OriginAccessInfo& access_info = index->second;
+
+  std::set<int>::iterator process_index =
+      access_info.allowed_processes.find(process_id);
+  // The process has to be there in the list.
+  DCHECK(process_index != access_info.allowed_processes.end());
+  access_info.allowed_processes.erase(process_index);
+  if (access_info.allowed_processes.empty())
+    origin_access_info_map->erase(index);
+}
+
 void ResourceDispatcherHostImpl::Shutdown() {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
   BrowserThread::PostTask(BrowserThread::IO,
                           FROM_HERE,
                           base::Bind(&ResourceDispatcherHostImpl::OnShutdown,
                                      base::Unretained(this)));
 }
 
 std::unique_ptr<ResourceHandler>
 ResourceDispatcherHostImpl::CreateResourceHandlerForDownload(
@@ skipping 590 matching lines @@
   filter_->GetContexts(request_data.resource_type, &resource_context,
                        &request_context);
 
   // Parse the headers before calling ShouldServiceRequest, so that they are
   // available to be validated.
   net::HttpRequestHeaders headers;
   headers.AddHeadersFromString(request_data.headers);
 
   if (is_shutdown_ ||
       !ShouldServiceRequest(process_type, child_id, request_data, headers,
-                            filter_, resource_context)) {
+                            filter_, resource_context, this)) {
     AbortRequestBeforeItStarts(filter_, sync_result, request_id);
     return;
   }
 
   // Allow the observer to block/handle the request.
   if (delegate_ && !delegate_->ShouldBeginRequest(request_data.method,
                                                   request_data.url,
                                                   request_data.resource_type,
                                                   resource_context)) {
     AbortRequestBeforeItStarts(filter_, sync_result, request_id);
@@ skipping 1225 matching lines @@
   DCHECK(deserialized);
   ssl.cert_id = GetCertStore()->StoreCert(ssl_info.cert.get(), child_id);
   response->head.security_info = SerializeSecurityInfo(ssl);
 }
 
 CertStore* ResourceDispatcherHostImpl::GetCertStore() {
   return cert_store_for_testing_ ? cert_store_for_testing_
                                  : CertStore::GetInstance();
 }
 
+ResourceDispatcherHostImpl::OriginAccessInfoMap*
+ResourceDispatcherHostImpl::GetOriginAccessMapForResourceContext(
+    const ResourceContext* context) {
+  ResourceContextOriginMap::iterator context_index =
+      context_origin_access_info_map_.find(context);
+  if (context_index != context_origin_access_info_map_.end())
+    return context_index->second.get();
+
+  context_origin_access_info_map_[context].reset(new OriginAccessInfoMap);
+  return context_origin_access_info_map_[context].get();
+}
+
+bool ResourceDispatcherHostImpl::IsIllegalOrigin(ResourceContext* context,
+                                                 const GURL& origin,
+                                                 int child_process_id) {
+  if (origins_for_access_check_.find(origin.scheme()) ==
+      origins_for_access_check_.end()) {
+    return false;
+  }
+
+  OriginAccessInfoMap* origin_access_info_map =
+      GetOriginAccessMapForResourceContext(
+          const_cast<const ResourceContext*>(context));
+  DCHECK(origin_access_info_map);
+
+  OriginAccessInfoMap::iterator index =
+      origin_access_info_map->find(origin.host());
+  if (index == origin_access_info_map->end())
+    return false;
+
+  OriginAccessInfo& access_info = index->second;
+  // Processes in the list for this origin are allowed.
+  if (access_info.allowed_processes.find(child_process_id) !=
+      access_info.allowed_processes.end()) {
+    return false;
+  }
+  // The origin being accessed is not allowed for the |child_process_id|.
+  return true;
+}
+
 }  // namespace content