Tighten IO thread blob/filesystem URL checks for apps with webview permission.

chrome/browser/net/chrome_extensions_network_delegate.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/net/chrome_extensions_network_delegate.h"
 
 #include <stdint.h>
 
 #include "base/macros.h"
 #include "net/base/net_errors.h"
 
 #if defined(ENABLE_EXTENSIONS)
+#include "base/debug/alias.h"
+#include "base/debug/dump_without_crashing.h"
+#include "base/strings/string_util.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/extensions/api/proxy/proxy_api.h"
 #include "chrome/browser/extensions/event_router_forwarder.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/renderer_host/chrome_navigation_ui_data.h"
 #include "content/public/browser/browser_thread.h"
+#include "content/public/browser/child_process_security_policy.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/resource_request_info.h"
 #include "content/public/common/browser_side_navigation_policy.h"
 #include "extensions/browser/api/web_request/web_request_api.h"
 #include "extensions/browser/extension_navigation_ui_data.h"
 #include "extensions/browser/info_map.h"
 #include "extensions/browser/process_manager.h"
 #include "extensions/common/permissions/api_permission.h"
 #include "net/url_request/url_request.h"
 
@@ skipping 173 matching lines @@
       !extension_info_map_->process_map().Contains(info->GetChildID()) &&
       !content::IsBrowserSideNavigationEnabled()) {
     // Relax this restriction for apps that use <webview>.  See
     // https://crbug.com/652077.
     const extensions::Extension* extension =
         extension_info_map_->extensions().GetByID(origin.host());
     bool has_webview_permission =
         extension &&
         extension->permissions_data()->HasAPIPermission(
             extensions::APIPermission::kWebView);
-    if (!has_webview_permission)
+    // Check whether the request is coming from a <webview> guest process via
+    // ChildProcessSecurityPolicy.  A guest process should have already been
+    // granted permission to request |origin| when its WebContents was created.
+    // See https://crbug.com/656752.
+    auto* policy = content::ChildProcessSecurityPolicy::GetInstance();
+    bool from_guest =
+        policy->HasSpecificPermissionForOrigin(info->GetChildID(), origin);
+    if (!has_webview_permission || !from_guest) {
+      // TODO(alexmos): Temporary instrumentation to find any regressions for
+      // this blocking.  Remove after verifying that this is not breaking any
+      // legitimate use cases.
+      char origin_copy[256];
+      base::strlcpy(origin_copy, origin.Serialize().c_str(),
+                    sizeof(origin_copy));

[mmenke, 2016/10/21 15:44:21]

Know it doesn't really matter, but would this be better as arraysize?  If this
were the UTF16 equivalent of the same method, that would be the one to use.

[alexmos, 2016/10/21 16:16:40]

Done.  Thanks!

+      base::debug::Alias(&origin_copy);
+      base::debug::Alias(&from_guest);
+      base::debug::DumpWithoutCrashing();
       return net::ERR_ABORTED;
+    }
   }
 
   return ExtensionWebRequestEventRouter::GetInstance()->OnBeforeRequest(
       profile_, extension_info_map_.get(),
       GetExtensionNavigationUIData(request), request, callback, new_url);
 }
 
 int ChromeExtensionsNetworkDelegateImpl::OnBeforeStartTransaction(
     net::URLRequest* request,
     const net::CompletionCallback& callback,
@@ skipping 177 matching lines @@
 }
 
 net::NetworkDelegate::AuthRequiredResponse
 ChromeExtensionsNetworkDelegate::OnAuthRequired(
     net::URLRequest* request,
     const net::AuthChallengeInfo& auth_info,
     const AuthCallback& callback,
     net::AuthCredentials* credentials) {
   return net::NetworkDelegate::AUTH_REQUIRED_RESPONSE_NO_ACTION;
 }