Avoid using ContentBrowserClient::IsIllegalOrigin in ResourceDispatcherHost.

chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc

Index: chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc
diff --git a/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc b/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc
index 8adeb96f87829a4b0395e697e12325fb4b7ac245..fac066b894363813889d41da1202be60bdc53209 100644
--- a/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc
+++ b/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc
@@ -27,6 +27,7 @@
 #include "content/public/browser/browser_url_handler.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
+#include "content/public/browser/resource_dispatcher_host.h"
 #include "content/public/browser/site_instance.h"
 #include "content/public/browser/vpn_service_proxy.h"
 #include "content/public/browser/web_contents.h"
@@ -125,6 +126,55 @@ RenderProcessHostPrivilege GetProcessPrivilege(
   return PRIV_EXTENSION;
 }
 
+// Helper functions to register and unregister an extension process. Invoked
+// on the IO thread.
+void RegisterExtensionProcessHelper(InfoMap* info_map,
+                                    const Extension* extension,
+                                    int process_id,
+                                    int site_instance_id,
+                                    const content::ResourceContext* context) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+
+  info_map->RegisterExtensionProcess(extension->id(), process_id,
+      site_instance_id);
+
+  // Please refer to the ResourceDispatcherHostImpl::IsIllegalOrigin() function
+  // for more information on how we decide whether an extension URL being
+  // committed is allowed or not.
+  // In general we want to achieve this.
+  // 1. If there is no extension installed for the URL, it should not be
+  //    committed
+  // 2. Extension owner processes are always allowed.
+  // 3. Guest processes are allowed only for platform apps which have resources
+  //    accessible to WebViews.
+  if (content::ResourceDispatcherHost::Get()) {
+    content::ResourceDispatcherHost::Get()->AddProcessForOrigin(
+        context,
+        Extension::GetBaseURLFromExtensionId(extension->id()).spec(),
+        process_id,
+        true);
+  }
+}
+
+void UnregisterExtensionProcessHelper(InfoMap* info_map,
+                                      const Extension* extension,
+                                      int process_id,
+                                      int site_instance_id,
+                                      const content::ResourceContext* context) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+
+  info_map->UnregisterExtensionProcess(extension->id(), process_id,
+      site_instance_id);
+
+  if (content::ResourceDispatcherHost::Get()) {
+    content::ResourceDispatcherHost::Get()->RemoveProcessForOrigin(
+        context,
+        Extension::GetBaseURLFromExtensionId(extension->id()).spec(),
+        process_id,
+        true);
+  }
+}
+
 }  // namespace
 
 ChromeContentBrowserClientExtensionsPart::
@@ -272,52 +322,6 @@ bool ChromeContentBrowserClientExtensionsPart::CanCommitURL(
   return true;
 }
 
-bool ChromeContentBrowserClientExtensionsPart::IsIllegalOrigin(
-    content::ResourceContext* resource_context,
-    int child_process_id,
-    const GURL& origin) {
-  DCHECK_CURRENTLY_ON(BrowserThread::IO);
-
-  // Consider non-extension URLs safe; they will be checked elsewhere.
-  if (!origin.SchemeIs(kExtensionScheme))
-    return false;
-
-  // If there is no extension installed for the URL, it couldn't have committed.
-  // (If the extension was recently uninstalled, the tab would have closed.)
-  ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context);
-  InfoMap* extension_info_map = io_data->GetExtensionInfoMap();
-  const Extension* extension =
-      extension_info_map->extensions().GetExtensionOrAppByURL(origin);
-  if (!extension)
-    return true;
-
-  // Check for platform app origins.  These can only be committed by the app
-  // itself, or by one if its guests if there are accessible_resources.
-  const ProcessMap& process_map = extension_info_map->process_map();
-  if (extension->is_platform_app() &&
-      !process_map.Contains(extension->id(), child_process_id)) {
-    // This is a platform app origin not in the app's own process.  If there are
-    // no accessible resources, this is illegal.
-    if (!extension->GetManifestData(manifest_keys::kWebviewAccessibleResources))
-      return true;
-
-    // If there are accessible resources, the origin is only legal if the given
-    // process is a guest of the app.
-    std::string owner_extension_id;
-    int owner_process_id;
-    WebViewRendererState::GetInstance()->GetOwnerInfo(
-        child_process_id, &owner_process_id, &owner_extension_id);
-    const Extension* owner_extension =
-        extension_info_map->extensions().GetByID(owner_extension_id);
-    return !owner_extension || owner_extension != extension;
-  }
-
-  // With only the origin and not the full URL, we don't have enough information
-  // to validate hosted apps or web_accessible_resources in normal extensions.
-  // Assume they're legal.
-  return false;
-}
-
 // static
 bool ChromeContentBrowserClientExtensionsPart::IsSuitableHost(
     Profile* profile,
@@ -553,9 +557,11 @@ void ChromeContentBrowserClientExtensionsPart::SiteInstanceGotProcess(
 
   BrowserThread::PostTask(
       BrowserThread::IO, FROM_HERE,
-      base::Bind(&InfoMap::RegisterExtensionProcess,
-                 ExtensionSystem::Get(context)->info_map(), extension->id(),
-                 site_instance->GetProcess()->GetID(), site_instance->GetId()));
+      base::Bind(&RegisterExtensionProcessHelper,
+                 base::RetainedRef(ExtensionSystem::Get(context)->info_map()),
+                 base::RetainedRef(extension),
+                 site_instance->GetProcess()->GetID(), site_instance->GetId(),
+                 context->GetResourceContext()));
 }
 
 void ChromeContentBrowserClientExtensionsPart::SiteInstanceDeleting(
@@ -577,9 +583,11 @@ void ChromeContentBrowserClientExtensionsPart::SiteInstanceDeleting(
 
   BrowserThread::PostTask(
       BrowserThread::IO, FROM_HERE,
-      base::Bind(&InfoMap::UnregisterExtensionProcess,
-                 ExtensionSystem::Get(context)->info_map(), extension->id(),
-                 site_instance->GetProcess()->GetID(), site_instance->GetId()));
+      base::Bind(&UnregisterExtensionProcessHelper,
+                 base::RetainedRef(ExtensionSystem::Get(context)->info_map()),
+                 base::RetainedRef(extension),
+                 site_instance->GetProcess()->GetID(), site_instance->GetId(),
+                 context->GetResourceContext()));
 }
 
 void ChromeContentBrowserClientExtensionsPart::OverrideWebkitPrefs(