Avoid using ContentBrowserClient::IsIllegalOrigin in ResourceDispatcherHost.

content/browser/loader/resource_dispatcher_host_impl.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This is the browser side of the resource dispatcher, it receives requests
 // from the child process (i.e. [Renderer, Plugin, Worker]ProcessHost), and
 // dispatches them to URLRequests. It then forwards the messages from the
 // URLRequests back to the correct process for handling.
 //
 // See http://dev.chromium.org/developers/design-documents/multi-process-resource-loading
@@ skipping 89 matching lines @@
       RenderFrameHost* root_frame_host);
 
   // Cancels any blocked request for the frame and its subframes.
   static void CancelBlockedRequestsForFrameFromUI(
       RenderFrameHostImpl* root_frame_host);
 
   // ResourceDispatcherHost implementation:
   void SetDelegate(ResourceDispatcherHostDelegate* delegate) override;
   void SetAllowCrossOriginAuthPrompt(bool value) override;
   void ClearLoginDelegateForRequest(net::URLRequest* request) override;
-
+  void AddSchemeForAccessCheck(const std::string& scheme) override;
+  void AddProcessForOrigin(const ResourceContext* context,
+                           const std::string& origin,
+                           int process_id) override;
+  void RemoveProcessForOrigin(const ResourceContext* context,
+                              const std::string& origin,
+                              int process_id) override;
   // Puts the resource dispatcher host in an inactive state (unable to begin
   // new requests).  Cancels all pending requests.
   void Shutdown();
 
   // Force cancels any pending requests for the given |context|. This is
   // necessary to ensure that before |context| goes away, all requests
   // for it are dead.
   void CancelRequestsForContext(ResourceContext* context);
 
   // Returns true if the message was a resource message that was processed.
@@ skipping 164 matching lines @@
   // Turns on stale-while-revalidate support, regardless of command-line flags
   // or experiment status. For unit tests only.
   void EnableStaleWhileRevalidateForTesting();
 
   // Sets the LoaderDelegate, which must outlive this object. Ownership is not
   // transferred. The LoaderDelegate should be interacted with on the IO thread.
   void SetLoaderDelegate(LoaderDelegate* loader_delegate);
 
   void OnRenderFrameDeleted(const GlobalFrameRoutingId& global_routing_id);
 
+  // Checks whether the child process identified by |child_process_id| is
+  // allowed to access the |origin| and returns true if not.
+  bool IsIllegalOrigin(ResourceContext* context,
+                       const GURL& origin,
+                       int child_process_id);
+
  private:
   friend class ResourceDispatcherHostTest;
 
   FRIEND_TEST_ALL_PREFIXES(ResourceDispatcherHostTest,
                            TestBlockedRequestsProcessDies);
   FRIEND_TEST_ALL_PREFIXES(ResourceDispatcherHostTest,
                            CalculateApproximateMemoryCost);
   FRIEND_TEST_ALL_PREFIXES(ResourceDispatcherHostTest,
                            DetachableResourceTimesOut);
   FRIEND_TEST_ALL_PREFIXES(ResourceDispatcherHostTest,
@@ skipping 13 matching lines @@
   struct LoadInfo {
     GURL url;
     net::LoadStateWithParam load_state;
     uint64_t upload_position;
     uint64_t upload_size;
   };
 
   // Map from ProcessID+RouteID pair to the "most interesting" LoadState.
   typedef std::map<GlobalRoutingID, LoadInfo> LoadInfoMap;
 
+  // Information about a web origin.
+  struct OriginAccessInfo {
+    // This structure is complicated enough for clang to require the ctors to
+    // be explicitly defined in the cc file.

[jam, 2016/08/02 17:01:46]

now that this is just one set, any reason to keep it around? i.e. why not make
ResourceContextOriginMap be a map from ResourceContext to a std::set<int>?

[ananta, 2016/08/02 22:28:28]

Done.

+    OriginAccessInfo();
+    ~OriginAccessInfo();
+    OriginAccessInfo(const OriginAccessInfo& other);
+
+    std::set<int> allowed_processes;
+  };
+
+  // Map from the origin host (std::string) to its information
+  // (OriginAccessInfo).
+  // This map is per ResourceContext.
+  typedef std::map<std::string, OriginAccessInfo> OriginAccessInfoMap;
+
+  typedef std::map<const ResourceContext*,
+                   std::unique_ptr<OriginAccessInfoMap>>
+      ResourceContextOriginMap;
+
   // ResourceLoaderDelegate implementation:
   ResourceDispatcherHostLoginDelegate* CreateLoginDelegate(
       ResourceLoader* loader,
       net::AuthChallengeInfo* auth_info) override;
   bool HandleExternalProtocol(ResourceLoader* loader, const GURL& url) override;
   void DidStartRequest(ResourceLoader* loader) override;
   void DidReceiveRedirect(ResourceLoader* loader, const GURL& new_url) override;
   void DidReceiveResponse(ResourceLoader* loader) override;
   void DidFinishLoading(ResourceLoader* loader) override;
   std::unique_ptr<net::ClientCertStore> CreateClientCertStore(
@@ skipping 192 matching lines @@
   // The certificate on a ResourceResponse is associated with a
   // particular renderer process. As a transfer to a new process
   // completes, the stored certificate has to be updated to reflect the
   // new renderer process.
   void UpdateResponseCertificateForTransfer(ResourceResponse* response,
                                             const net::SSLInfo& ssl_info,
                                             int child_id);
 
   CertStore* GetCertStore();
 
+  // Returns the OriginAccessInfoMap instance for the |context| passed in. This
+  // map is used to enforce access checks on web requests for some origins.
+  OriginAccessInfoMap* GetOriginAccessMapForResourceContext(
+      const ResourceContext* context);
+
   LoaderMap pending_loaders_;
 
   // Collection of temp files downloaded for child processes via
   // the download_to_file mechanism. We avoid deleting them until
   // the client no longer needs them.
   typedef std::map<int, scoped_refptr<storage::ShareableFileReference> >
       DeletableFilesMap;  // key is request id
   typedef std::map<int, DeletableFilesMap>
       RegisteredTempFiles;  // key is child process id
   RegisteredTempFiles registered_temp_files_;
@@ skipping 74 matching lines @@
   typedef std::map<GlobalRequestID,
                    base::ObserverList<ResourceMessageDelegate>*> DelegateMap;
   DelegateMap delegate_map_;
 
   std::unique_ptr<ResourceScheduler> scheduler_;
 
   // Allows tests to use a mock CertStore. If set, the CertStore must
   // outlive this ResourceDispatcherHostImpl.
   CertStore* cert_store_for_testing_;
 
+  // Used to check whether a request to retrieve an origin resource is allowed.
+  // This is only done for origins which are to be checked for access.
+  ResourceContextOriginMap context_origin_access_info_map_;
+
+  // This contains the set of origins we need to enforce access checks on. By
+  // default everything is allowed.
+  std::set<std::string> origins_for_access_check_;
+
   DISALLOW_COPY_AND_ASSIGN(ResourceDispatcherHostImpl);
 };
 
 }  // namespace content
 
 #endif  // CONTENT_BROWSER_LOADER_RESOURCE_DISPATCHER_HOST_IMPL_H_