Avoid using ContentBrowserClient::IsIllegalOrigin in ResourceDispatcherHost.

content/browser/loader/resource_dispatcher_host_impl.h

Index: content/browser/loader/resource_dispatcher_host_impl.h
diff --git a/content/browser/loader/resource_dispatcher_host_impl.h b/content/browser/loader/resource_dispatcher_host_impl.h
index a7242ff35e9530a2c3c322f0542f5c90445bf794..96104fce27c83a9d66996e18d4ca7baf3873596a 100644
--- a/content/browser/loader/resource_dispatcher_host_impl.h
+++ b/content/browser/loader/resource_dispatcher_host_impl.h
@@ -124,7 +124,23 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl
   void SetDelegate(ResourceDispatcherHostDelegate* delegate) override;
   void SetAllowCrossOriginAuthPrompt(bool value) override;
   void ClearLoginDelegateForRequest(net::URLRequest* request) override;
-
+  void AddSchemeForAccessCheck(const std::string& scheme) override;
+  void AddOriginAccessInformation(const ResourceContext* context,
+                                  const std::string& origin) override;
+  void RemoveOriginAccessInformation(const ResourceContext* context,
+                                     const std::string& origin) override;
+  void AddOwnerForOrigin(const ResourceContext* context,
+                         const std::string& origin,
+                         int owner_process_id) override;
+  void RemoveOwnerForOrigin(const ResourceContext* context,
+                            const std::string& origin,
+                            int owner_process_id) override;
+  void AddGuestForOrigin(const ResourceContext* context,
+                         const std::string& origin,
+                         int guest_process_id) override;
+  void RemoveGuestForOrigin(const ResourceContext* context,
+                            const std::string& origin,
+                            int guest_process_id) override;
   // Puts the resource dispatcher host in an inactive state (unable to begin
   // new requests).  Cancels all pending requests.
   void Shutdown();
@@ -307,6 +323,12 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl
   // transferred. The LoaderDelegate should be interacted with on the IO thread.
   void SetLoaderDelegate(LoaderDelegate* loader_delegate);
 
+  // Checks whether the child process identified by |child_process_id| is
+  // allowed to access the |origin| and returns true if not.
+  bool IsIllegalOrigin(ResourceContext* context,
+                       const GURL& origin,
+                       int child_process_id);
+
  private:
   friend class LoaderIOThreadNotifier;
   friend class ResourceDispatcherHostTest;
@@ -341,6 +363,27 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl
   // Map from ProcessID+RouteID pair to the "most interesting" LoadState.
   typedef std::map<GlobalRoutingID, LoadInfo> LoadInfoMap;
 
+  // Information about an origin. This includes whether it has accessible
+  // resources, which processes own it, which are its guests, etc.

[jam, 2016/08/01 20:06:01]

nit: this comment discusses chrome apps concepts, which are a layering violation
in this networking code.

[ananta, 2016/08/02 00:40:49]

Done.

+  struct OriginAccessInfo {
+    // This structure is complicated enough for clang to require the ctors to
+    // be explicitly defined in the cc file.
+    OriginAccessInfo();
+    ~OriginAccessInfo();
+    OriginAccessInfo(const OriginAccessInfo& other);
+
+    std::set<int> origin_owner_processes;
+    std::set<int> origin_guest_processes;
+  };
+
+  // Map from the origin host (std::string) to its information
+  // (OriginAccessInfo).
+  // This map is per ResourceContext.
+  typedef std::map<std::string, OriginAccessInfo> OriginAccessInfoMap;
+
+  typedef std::map<const ResourceContext*, OriginAccessInfoMap*>

[jam, 2016/08/01 20:06:01]

unique_ptr?

[ananta, 2016/08/02 00:40:50]

Done.

+      ResourceContextOriginMap;
+
   // ResourceLoaderDelegate implementation:
   ResourceDispatcherHostLoginDelegate* CreateLoginDelegate(
       ResourceLoader* loader,
@@ -554,6 +597,11 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl
 
   CertStore* GetCertStore();
 
+  // Returns the OriginAccessInfoMap instance for the |context| passed in. This
+  // map is used to enforce access checks on web requests for some origins.
+  OriginAccessInfoMap* GetOriginAccessMapForResourceContext(
+      const ResourceContext* context);
+
   LoaderMap pending_loaders_;
 
   // Collection of temp files downloaded for child processes via
@@ -648,6 +696,14 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl
   // outlive this ResourceDispatcherHostImpl.
   CertStore* cert_store_for_testing_;
 
+  // Used to check whether a request to retrieve an origin resource is allowed.
+  // This is only done for origins which are to be checked for access.
+  ResourceContextOriginMap context_origin_access_info_map_;
+
+  // This contains the set of origins we need to enforce access checks on. By
+  // default everything is allowed.
+  std::set<std::string> origins_for_access_check_;
+
   DISALLOW_COPY_AND_ASSIGN(ResourceDispatcherHostImpl);
 };