Avoid using ContentBrowserClient::IsIllegalOrigin in ResourceDispatcherHost.

content/browser/loader/resource_dispatcher_host_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // See http://dev.chromium.org/developers/design-documents/multi-process-resource-loading
 
 #include "content/browser/loader/resource_dispatcher_host_impl.h"
 
 #include <stddef.h>
 
@@ skipping 277 matching lines @@
 
 // Consults the RendererSecurity policy to determine whether the
 // ResourceDispatcherHostImpl should service this request.  A request might be
 // disallowed if the renderer is not authorized to retrieve the request URL or
 // if the renderer is attempting to upload an unauthorized file.
 bool ShouldServiceRequest(int process_type,
                           int child_id,
                           const ResourceRequest& request_data,
                           const net::HttpRequestHeaders& headers,
                           ResourceMessageFilter* filter,
-                          ResourceContext* resource_context) {
+                          ResourceContext* resource_context,
+                          ResourceDispatcherHostImpl* host) {
   ChildProcessSecurityPolicyImpl* policy =
       ChildProcessSecurityPolicyImpl::GetInstance();
 
   // Check if the renderer is permitted to request the requested URL.
   if (!policy->CanRequestURL(child_id, request_data.url)) {
     VLOG(1) << "Denied unauthorized request for "
             << request_data.url.possibly_invalid_spec();
     return false;
   }
 
   // Check if the renderer is using an illegal Origin header.  If so, kill it.
   std::string origin_string;
   bool has_origin = headers.GetHeader("Origin", &origin_string) &&
                     origin_string != "null";
   if (has_origin) {
     GURL origin(origin_string);
     if (!policy->CanCommitURL(child_id, origin) ||
-        GetContentClient()->browser()->IsIllegalOrigin(resource_context,
-                                                       child_id, origin)) {
+        host->IsIllegalOrigin(resource_context, origin, child_id)) {
       VLOG(1) << "Killed renderer for illegal origin: " << origin_string;
       bad_message::ReceivedBadMessage(filter, bad_message::RDH_ILLEGAL_ORIGIN);
       return false;
     }
   }
 
   // Check if the renderer is permitted to upload the requested files.
   if (request_data.request_body.get()) {
     const std::vector<ResourceRequestBodyImpl::Element>* uploads =
         request_data.request_body->elements();
@@ skipping 158 matching lines @@
     if (pending_frame_host)
       routing_ids->insert(pending_frame_host->GetGlobalFrameRoutingId());
   }
   BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
                           base::Bind(&NotifyForRouteSetOnIO, frame_callback,
                                      base::Passed(std::move(routing_ids))));
 }
 
 }  // namespace
 
+ResourceDispatcherHostImpl::OriginAccessInfo::OriginAccessInfo() {
+}
+
+ResourceDispatcherHostImpl::OriginAccessInfo::~OriginAccessInfo() {
+}
+
+ResourceDispatcherHostImpl::OriginAccessInfo::OriginAccessInfo(
+    const OriginAccessInfo& other) {
+}
+
 // static
 ResourceDispatcherHost* ResourceDispatcherHost::Get() {
   return g_resource_dispatcher_host;
 }
 
 ResourceDispatcherHostImpl::ResourceDispatcherHostImpl()
     : save_file_manager_(new SaveFileManager()),
       request_id_(-1),
       is_shutdown_(false),
       num_in_flight_requests_(0),
@@ skipping 238 matching lines @@
 void ResourceDispatcherHostImpl::ClearLoginDelegateForRequest(
     net::URLRequest* request) {
   ResourceRequestInfoImpl* info = ResourceRequestInfoImpl::ForRequest(request);
   if (info) {
     ResourceLoader* loader = GetLoader(info->GetGlobalRequestID());
     if (loader)
       loader->ClearLoginDelegate();
   }
 }
 
+void ResourceDispatcherHostImpl::AddSchemeForAccessCheck(
+    const std::string& scheme) {
+  origins_for_access_check_.insert(scheme);
+}
+
+void ResourceDispatcherHostImpl::RegisterOriginForAccessChecks(
+    const ResourceContext* context,
+    const std::string& origin,
+    OriginAccessCheckMask access_check_mask) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+
+  GURL url(origin);
+  // The following conditions need to apply before we can add access
+  // information for an origin.
+  // 1. The URL has to be valid.
+  // 2. It has to have a valid host.
+  // 3. The scheme has to be registered in the list of schemes being access
+  //    checked.
+  if (!url.is_valid() || !url.has_host() ||
+      origins_for_access_check_.find(url.scheme()) ==
+          origins_for_access_check_.end()) {
+    NOTREACHED() << "Invalid URL or unregistered scheme.";
+    return;
+  }
+
+  OriginAccessInfoMap* origin_access_info_map =
+      GetOriginAccessMapForResourceContext(context);
+  DCHECK(origin_access_info_map->find(url.host()) ==
+         origin_access_info_map->end());
+
+  OriginAccessInfo access_info;
+  access_info.access_check_mask = access_check_mask;
+
+  (*origin_access_info_map)[url.host()] = access_info;
+}
+
+void ResourceDispatcherHostImpl::UnregisterOriginForAccessChecks(
+    const ResourceContext* context,
+    const std::string& origin) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+
+  GURL url(origin);
+  // The scheme has to be registered in the list of schemes being access
+  // checked.
+  if (origins_for_access_check_.find(url.scheme()) ==
+          origins_for_access_check_.end()) {
+    NOTREACHED() << "Unregistered scheme for access check";
+    return;
+  }
+  OriginAccessInfoMap* origin_access_info_map =
+      GetOriginAccessMapForResourceContext(context);
+  OriginAccessInfoMap::iterator index = origin_access_info_map->find(
+      url.host());
+  if (index != origin_access_info_map->end())
+      origin_access_info_map->erase(index);
+}
+
+void ResourceDispatcherHostImpl::AddProcessForOrigin(
+    const ResourceContext* context,
+    const std::string& origin,
+    int process_id,
+    bool owner_process) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+
+  GURL url(origin);
+  // The following conditions need to apply before we can add the process to
+  // the list of allowed processes for an origin.
+  // 1. The URL has to be valid.
+  // 2. It has to have a valid host.
+  // 3. The scheme has to be registered in the list of schemes being access
+  //    checked.
+  if (!url.is_valid() || !url.has_host() ||
+      origins_for_access_check_.find(url.scheme()) ==
+          origins_for_access_check_.end()) {
+    NOTREACHED() << "Invalid URL or unregistered scheme.";
+    return;
+  }
+
+  OriginAccessInfoMap* origin_access_info_map =
+      GetOriginAccessMapForResourceContext(context);
+  DCHECK(origin_access_info_map);
+
+  OriginAccessInfoMap::iterator index = origin_access_info_map->find(
+      url.host());
+  // No need to add access information for an unregistered host.
+  if (index == origin_access_info_map->end())
+    return;
+
+  OriginAccessInfo& access_info = index->second;
+  if (owner_process) {
+    access_info.owner_processes[process_id]++;
+  } else {
+    access_info.other_processes[process_id]++;
+  }
+}
+
+void ResourceDispatcherHostImpl::RemoveProcessForOrigin(
+    const ResourceContext* context,
+    const std::string& origin,
+    int process_id,
+    bool owner_process) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+
+  GURL url(origin);
+  // The scheme has to be registered in the list of schemes being access
+  // checked.
+  if (origins_for_access_check_.find(url.scheme()) ==
+      origins_for_access_check_.end()) {
+    DCHECK(false);
+    return;
+  }
+
+  OriginAccessInfoMap* origin_access_info_map =
+      GetOriginAccessMapForResourceContext(context);
+  DCHECK(origin_access_info_map);
+
+  OriginAccessInfoMap::iterator index = origin_access_info_map->find(
+      url.host());
+  // No need to add access information for an unregistered host.
+  if (index == origin_access_info_map->end())
+    return;
+
+  OriginAccessInfo& access_info = index->second;
+
+  std::map<int, int>::iterator process_index;
+  std::map<int, int>* process_map = nullptr;
+  if (owner_process) {
+    process_map = &access_info.owner_processes;
+  } else {
+    process_map = &access_info.other_processes;
+  }
+  process_index = process_map->find(process_id);
+  // The process has to be there in the list.
+  DCHECK(process_index != process_map->end());
+  process_index->second--;
+  if (process_index->second == 0)
+    process_map->erase(process_index);
+}
+
 void ResourceDispatcherHostImpl::Shutdown() {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
   BrowserThread::PostTask(BrowserThread::IO,
                           FROM_HERE,
                           base::Bind(&ResourceDispatcherHostImpl::OnShutdown,
                                      base::Unretained(this)));
 }
 
 std::unique_ptr<ResourceHandler>
 ResourceDispatcherHostImpl::CreateResourceHandlerForDownload(
@@ skipping 590 matching lines @@
   filter_->GetContexts(request_data.resource_type, &resource_context,
                        &request_context);
 
   // Parse the headers before calling ShouldServiceRequest, so that they are
   // available to be validated.
   net::HttpRequestHeaders headers;
   headers.AddHeadersFromString(request_data.headers);
 
   if (is_shutdown_ ||
       !ShouldServiceRequest(process_type, child_id, request_data, headers,
-                            filter_, resource_context)) {
+                            filter_, resource_context, this)) {
     AbortRequestBeforeItStarts(filter_, sync_result, request_id);
     return;
   }
 
   // Allow the observer to block/handle the request.
   if (delegate_ && !delegate_->ShouldBeginRequest(request_data.method,
                                                   request_data.url,
                                                   request_data.resource_type,
                                                   resource_context)) {
     AbortRequestBeforeItStarts(filter_, sync_result, request_id);
@@ skipping 1225 matching lines @@
   DCHECK(deserialized);
   ssl.cert_id = GetCertStore()->StoreCert(ssl_info.cert.get(), child_id);
   response->head.security_info = SerializeSecurityInfo(ssl);
 }
 
 CertStore* ResourceDispatcherHostImpl::GetCertStore() {
   return cert_store_for_testing_ ? cert_store_for_testing_
                                  : CertStore::GetInstance();
 }
 
+ResourceDispatcherHostImpl::OriginAccessInfoMap*
+ResourceDispatcherHostImpl::GetOriginAccessMapForResourceContext(
+    const ResourceContext* context) {
+  ResourceContextOriginMap::iterator context_index =
+      context_origin_access_info_map_.find(context);
+  if (context_index != context_origin_access_info_map_.end())
+    return context_index->second.get();
+
+  context_origin_access_info_map_[context].reset(new OriginAccessInfoMap);
+  return context_origin_access_info_map_[context].get();
+}
+
+bool ResourceDispatcherHostImpl::IsIllegalOrigin(ResourceContext* context,
+                                                 const GURL& origin,
+                                                 int child_process_id) {
+  if (origins_for_access_check_.find(origin.scheme()) ==
+      origins_for_access_check_.end()) {
+    return false;
+  }
+
+  OriginAccessInfoMap* origin_access_info_map =
+      GetOriginAccessMapForResourceContext(
+          const_cast<const ResourceContext*>(context));
+  DCHECK(origin_access_info_map);
+
+  // If the origin is not found then this URL cannot be committed.
+  OriginAccessInfoMap::iterator index =
+      origin_access_info_map->find(origin.host());
+  if (index == origin_access_info_map->end())
+    return false;
+
+  OriginAccessInfo& access_info = index->second;
+  // Owner processes are allowed access by default.
+  if (access_info.owner_processes.find(child_process_id) !=
+      access_info.owner_processes.end()) {
+    return false;
+  }
+
+  DCHECK(access_info.access_check_mask >= DENY_FOR_NON_OWNERS &&
+         access_info.access_check_mask <= ACCESS_CHECK_MASK_LAST);
+
+  if (access_info.access_check_mask == DENY_FOR_NON_OWNERS)
+    return true;
+
+  // No need to check for other processes here.
+  if (access_info.access_check_mask == ALLOW_EVERYTHING)
+    return false;
+
+  // Processes in the other_processes list are allowed.
+  if (access_info.other_processes.find(child_process_id) !=
+      access_info.other_processes.end()) {
+    return false;
+  }
+  // The origin being accessed is not allowed for the |child_process_id|.
+  return true;
+}
+
 }  // namespace content