Change allowed bindings to be per RenderFrame instead of per RenderView.

content/browser/frame_host/render_frame_host_impl.cc

Index: content/browser/frame_host/render_frame_host_impl.cc
diff --git a/content/browser/frame_host/render_frame_host_impl.cc b/content/browser/frame_host/render_frame_host_impl.cc
index c8d66dc67f8bb41762bb38acbeee63283063152a..3526b287364ff99185e15d0e19aae5f7a8f64ec5 100644
--- a/content/browser/frame_host/render_frame_host_impl.cc
+++ b/content/browser/frame_host/render_frame_host_impl.cc
@@ -81,6 +81,7 @@
 #include "content/public/browser/storage_partition.h"
 #include "content/public/browser/stream_handle.h"
 #include "content/public/browser/user_metrics.h"
+#include "content/public/common/bindings_policy.h"
 #include "content/public/common/browser_side_navigation_policy.h"
 #include "content/public/common/content_constants.h"
 #include "content/public/common/content_features.h"
@@ -1314,10 +1315,6 @@ GlobalFrameRoutingId RenderFrameHostImpl::GetGlobalFrameRoutingId() {
   return GlobalFrameRoutingId(GetProcess()->GetID(), GetRoutingID());
 }
 
-int RenderFrameHostImpl::GetEnabledBindings() {
-  return render_view_host_->GetEnabledBindings();
-}
-
 void RenderFrameHostImpl::SetNavigationHandle(
     std::unique_ptr<NavigationHandleImpl> navigation_handle) {
   navigation_handle_ = std::move(navigation_handle);
@@ -1709,6 +1706,43 @@ void RenderFrameHostImpl::RequestFocusedFormFieldData(
   Send(new FrameMsg_FocusedFormFieldDataRequest(GetRoutingID(), request_id));
 }
 
+void RenderFrameHostImpl::AllowBindings(int bindings_flags) {

[Charlie Reis, 2016/12/16 01:01:52]

Do we ever need frames to have different bindings than their parents?  That's
not possible today, so I'm curious if we can enforce that here.

[Sam McNally, 2017/01/12 09:27:08]

Done.

+  // Never grant any bindings to browser plugin guests.
+  if (GetProcess()->IsForGuestsOnly()) {
+    NOTREACHED() << "Never grant bindings to a guest process.";
+    return;
+  }
+
+  // Ensure we aren't granting WebUI bindings to a process that has already
+  // been used for non-privileged views.
+  if (bindings_flags & BINDINGS_POLICY_WEB_UI &&
+      GetProcess()->HasConnection() &&
+      !ChildProcessSecurityPolicyImpl::GetInstance()->HasWebUIBindings(
+          GetProcess()->GetID())) {
+    // This process has no bindings yet. Make sure it does not have more
+    // than this single active view.
+    // --single-process only has one renderer.
+    if (GetProcess()->GetActiveViewCount() > 1 &&
+        !base::CommandLine::ForCurrentProcess()->HasSwitch(
+            switches::kSingleProcess))
+      return;
+  }
+
+  if (bindings_flags & BINDINGS_POLICY_WEB_UI) {
+    ChildProcessSecurityPolicyImpl::GetInstance()->GrantWebUIBindings(
+        GetProcess()->GetID());
+  }
+
+  enabled_bindings_ |= bindings_flags;
+  // |frame_| may be disconnected in tests.
+  if (frame_)
+    frame_->AllowBindings(enabled_bindings_);
+}
+
+int RenderFrameHostImpl::GetEnabledBindings() const {
+  return enabled_bindings_;
+}
+
 void RenderFrameHostImpl::OnFocusedFormFieldDataResponse(
     int request_id,
     const FormFieldData& field_data) {
@@ -2662,6 +2696,8 @@ void RenderFrameHostImpl::SetUpMojoIfNeeded() {
   remote_interfaces_.reset(new service_manager::InterfaceProvider);
   remote_interfaces_->Bind(std::move(remote_interfaces));
   frame_->GetInterfaceProvider(std::move(remote_interfaces_request));
+  if (enabled_bindings_)
+    frame_->AllowBindings(enabled_bindings_);
 }
 
 void RenderFrameHostImpl::InvalidateMojoConnection() {
@@ -2738,9 +2774,8 @@ bool RenderFrameHostImpl::UpdatePendingWebUI(const GURL& dest_url,
     // If a WebUI was created for the URL and the RenderView is not in a guest
     // process, then enable missing bindings with the RenderViewHost.
     int new_bindings = pending_web_ui_->GetBindings();
-    if ((render_view_host_->GetEnabledBindings() & new_bindings) !=
-        new_bindings) {
-      render_view_host_->AllowBindings(new_bindings);
+    if ((GetEnabledBindings() & new_bindings) != new_bindings) {
+      AllowBindings(new_bindings);
     }
   } else if (render_view_host_->is_active()) {
     // If the ongoing navigation is not to a WebUI or the RenderView is in a