Avoid using ContentBrowserClient::IsIllegalOrigin in ResourceDispatcherHost.

content/public/browser/resource_dispatcher_host.h

Index: content/public/browser/resource_dispatcher_host.h
diff --git a/content/public/browser/resource_dispatcher_host.h b/content/public/browser/resource_dispatcher_host.h
index 3bdd0cae132f4bb9dbd61c3066db169bf5e1bbf0..eafcb2df0bae8442bcbd18eb1571c991cda6b918 100644
--- a/content/public/browser/resource_dispatcher_host.h
+++ b/content/public/browser/resource_dispatcher_host.h
@@ -8,6 +8,7 @@
 #include <stdint.h>
 
 #include <memory>
+#include <string>
 
 #include "base/callback_forward.h"
 #include "content/common/content_export.h"
@@ -27,6 +28,16 @@ class RenderFrameHost;
 
 class CONTENT_EXPORT ResourceDispatcherHost {
  public:
+  // This enum indicates how access checks are made on registered URL origins.
+  // Please see the RegisterOriginForAccessChecks() method for more
+  // information.
+  enum OriginAccessCheckMask {
+    DENY_FOR_NON_OWNERS = 0x0, // Denied for non owner processes.

[Charlie Reis, 2016/08/09 02:07:48]

What's an owner process?  (We'll need to elaborate on that.)

+    ALLOW_EVERYTHING = 0x1,  // No access checks performed.
+    ALLOW_REGISTERED_ACCESS = 0x2, // Only registered processes allowed.
+    ACCESS_CHECK_MASK_LAST = ALLOW_REGISTERED_ACCESS,
+  };
+
   // Returns the singleton instance of the ResourceDispatcherHost.
   static ResourceDispatcherHost* Get();
 
@@ -51,6 +62,45 @@ class CONTENT_EXPORT ResourceDispatcherHost {
   // Clears the ResourceDispatcherHostLoginDelegate associated with the request.
   virtual void ClearLoginDelegateForRequest(net::URLRequest* request) = 0;
 
+  // Specifies a scheme to be access checked. By default all schemes are
+  // allowed. Access check here means that any process claiming to have
+  // committed a URL within the scheme has to be registered via the
+  // AddProcessForOrigin() method below.
+  virtual void AddSchemeForAccessCheck(const std::string& scheme) = 0;
+
+  // The following 4 methods add or remove access information for the url
+  // origin passed in. Please note that the scheme has to be registered for
+  // access check via a call to the AddSchemeForAccessCheck() method above.
+
+  // Sets up access information for the |origin| passed in. This is eventually
+  // used to grant or deny access to the origin. By default owner processes

[Charlie Reis, 2016/08/09 02:07:48]

It's not clear what an owner process is.

+  // can commit to the origin. The |access_check_mask| flag controls the
+  // access check behavior for other processes. Please see the definition of
+  // OriginAccessCheckMask for more information.
+  virtual void RegisterOriginForAccessChecks(
+      const ResourceContext* context,
+      const std::string& origin,
+      OriginAccessCheckMask access_check_mask) = 0;
+
+  // Removes access information for the url |origin| passed in.
+  virtual void UnregisterOriginForAccessChecks(const ResourceContext* context,
+                                               const std::string& origin) = 0;
+
+  // Adds |process_id| to the list of processes allowed to access the |origin|.
+  // The |owner_process| flag indicates whether the process owns the |origin|.

[Charlie Reis, 2016/08/09 02:07:48]

We'll need more guidance on what to pass for owner process, but maybe that'll be
clearer if it's explained more above.

+  virtual void AddProcessForOrigin(const ResourceContext* context,
+                                   const std::string& origin,
+                                   int process_id,
+                                   bool owner_process) = 0;
+
+  // Removes |process_id| from the list of processes allowed to access the
+  // |origin|. The |owner_process| flag indicates whether the process owns the
+  // |origin|.
+  virtual void RemoveProcessForOrigin(const ResourceContext* context,
+                                      const std::string& origin,
+                                      int process_id,
+                                      bool owner_proces) = 0;

[Charlie Reis, 2016/08/09 02:07:48]

Do we need the flag on removal as well?  What happens if it differs between Add
and Remove calls?

+
  protected:
   virtual ~ResourceDispatcherHost() {}
 };