Index: content/browser/loader/resource_dispatcher_host_impl.h |
diff --git a/content/browser/loader/resource_dispatcher_host_impl.h b/content/browser/loader/resource_dispatcher_host_impl.h |
index a7242ff35e9530a2c3c322f0542f5c90445bf794..96104fce27c83a9d66996e18d4ca7baf3873596a 100644 |
--- a/content/browser/loader/resource_dispatcher_host_impl.h |
+++ b/content/browser/loader/resource_dispatcher_host_impl.h |
@@ -124,7 +124,23 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl |
void SetDelegate(ResourceDispatcherHostDelegate* delegate) override; |
void SetAllowCrossOriginAuthPrompt(bool value) override; |
void ClearLoginDelegateForRequest(net::URLRequest* request) override; |
- |
+ void AddSchemeForAccessCheck(const std::string& scheme) override; |
+ void AddOriginAccessInformation(const ResourceContext* context, |
+ const std::string& origin) override; |
+ void RemoveOriginAccessInformation(const ResourceContext* context, |
+ const std::string& origin) override; |
+ void AddOwnerForOrigin(const ResourceContext* context, |
+ const std::string& origin, |
+ int owner_process_id) override; |
+ void RemoveOwnerForOrigin(const ResourceContext* context, |
+ const std::string& origin, |
+ int owner_process_id) override; |
+ void AddGuestForOrigin(const ResourceContext* context, |
+ const std::string& origin, |
+ int guest_process_id) override; |
+ void RemoveGuestForOrigin(const ResourceContext* context, |
+ const std::string& origin, |
+ int guest_process_id) override; |
// Puts the resource dispatcher host in an inactive state (unable to begin |
// new requests). Cancels all pending requests. |
void Shutdown(); |
@@ -307,6 +323,12 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl |
// transferred. The LoaderDelegate should be interacted with on the IO thread. |
void SetLoaderDelegate(LoaderDelegate* loader_delegate); |
+ // Checks whether the child process identified by |child_process_id| is |
+ // allowed to access the |origin| and returns true if not. |
+ bool IsIllegalOrigin(ResourceContext* context, |
+ const GURL& origin, |
+ int child_process_id); |
+ |
private: |
friend class LoaderIOThreadNotifier; |
friend class ResourceDispatcherHostTest; |
@@ -341,6 +363,27 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl |
// Map from ProcessID+RouteID pair to the "most interesting" LoadState. |
typedef std::map<GlobalRoutingID, LoadInfo> LoadInfoMap; |
+ // Information about an origin. This includes whether it has accessible |
+ // resources, which processes own it, which are its guests, etc. |
jam
2016/08/01 20:06:01
nit: this comment discusses chrome apps concepts,
ananta
2016/08/02 00:40:49
Done.
|
+ struct OriginAccessInfo { |
+ // This structure is complicated enough for clang to require the ctors to |
+ // be explicitly defined in the cc file. |
+ OriginAccessInfo(); |
+ ~OriginAccessInfo(); |
+ OriginAccessInfo(const OriginAccessInfo& other); |
+ |
+ std::set<int> origin_owner_processes; |
+ std::set<int> origin_guest_processes; |
+ }; |
+ |
+ // Map from the origin host (std::string) to its information |
+ // (OriginAccessInfo). |
+ // This map is per ResourceContext. |
+ typedef std::map<std::string, OriginAccessInfo> OriginAccessInfoMap; |
+ |
+ typedef std::map<const ResourceContext*, OriginAccessInfoMap*> |
jam
2016/08/01 20:06:01
unique_ptr?
ananta
2016/08/02 00:40:50
Done.
|
+ ResourceContextOriginMap; |
+ |
// ResourceLoaderDelegate implementation: |
ResourceDispatcherHostLoginDelegate* CreateLoginDelegate( |
ResourceLoader* loader, |
@@ -554,6 +597,11 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl |
CertStore* GetCertStore(); |
+ // Returns the OriginAccessInfoMap instance for the |context| passed in. This |
+ // map is used to enforce access checks on web requests for some origins. |
+ OriginAccessInfoMap* GetOriginAccessMapForResourceContext( |
+ const ResourceContext* context); |
+ |
LoaderMap pending_loaders_; |
// Collection of temp files downloaded for child processes via |
@@ -648,6 +696,14 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl |
// outlive this ResourceDispatcherHostImpl. |
CertStore* cert_store_for_testing_; |
+ // Used to check whether a request to retrieve an origin resource is allowed. |
+ // This is only done for origins which are to be checked for access. |
+ ResourceContextOriginMap context_origin_access_info_map_; |
+ |
+ // This contains the set of origins we need to enforce access checks on. By |
+ // default everything is allowed. |
+ std::set<std::string> origins_for_access_check_; |
+ |
DISALLOW_COPY_AND_ASSIGN(ResourceDispatcherHostImpl); |
}; |