CSP Suborigins

Source/platform/weborigin/SecurityOrigin.h

 /*
  * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 125 matching lines @@
     //
     // Note: This method exists only to support backwards compatibility
     //       with older versions of WebKit.
     void grantLoadLocalResources();
 
     // Explicitly grant the ability to access every other SecurityOrigin.
     //
     // WARNING: This is an extremely powerful ability. Use with caution!
     void grantUniversalAccess();
 
-    bool canAccessDatabase() const { return !isUnique(); };
-    bool canAccessLocalStorage() const { return !isUnique(); };
-    bool canAccessSharedWorkers() const { return !isUnique(); }
-    bool canAccessCookies() const { return !isUnique(); }
-    bool canAccessPasswordManager() const { return !isUnique(); }
-    bool canAccessFileSystem() const { return !isUnique(); }
+    bool canAccessDatabase() const { return !isUnique() && !hasSuborigin(); };
+    bool canAccessLocalStorage() const { return !isUnique() && !hasSuborigin(); };
+    bool canAccessSharedWorkers() const { return !isUnique() && !hasSuborigin(); }
+    bool canAccessCookies() const { return !isUnique() && !hasSuborigin(); }
+    bool canAccessPasswordManager() const { return !isUnique() && !hasSuborigin(); }
+    bool canAccessFileSystem() const { return !isUnique() && !hasSuborigin(); }
     Policy canShowNotifications() const;
 
     // Technically, we should always allow access to sessionStorage, but we
     // currently don't handle creating a sessionStorage area for unique
     // origins.
-    bool canAccessSessionStorage() const { return !isUnique(); }
+    bool canAccessSessionStorage() const { return !isUnique() && !hasSuborigin(); }
 
     // The local SecurityOrigin is the most privileged SecurityOrigin.
     // The local SecurityOrigin can script any document, navigate to local
     // resources, and can set arbitrary headers on XMLHttpRequests.
     bool isLocal() const;
 
     // Returns true if the host is one of 127.0.0.1/8, ::1/128, or "localhost".
     bool isLocalhost() const;
 
     // The origin is a globally unique identifier assigned when the Document is
     // created. http://www.whatwg.org/specs/web-apps/current-work/#sandboxOrigin
     //
     // There's a subtle difference between a unique origin and an origin that
     // has the SandboxOrigin flag set. The latter implies the former, and, in
     // addition, the SandboxOrigin flag is inherited by iframes.
     bool isUnique() const { return m_isUnique; }
 
+    // Assigns a suborigin namespace to the SecurityOrigin. addSuborigin() must
+    // only ever be called once per SecurityOrigin(). If it is called on a
+    // SecurityOrigin that has already had a suborigin assigned, it will hit a
+    // RELEASE_ASSERT().
+    void addSuborigin(const String&);
+    bool hasSuborigin() const { return !m_suboriginName.isNull(); }
+    const String& suboriginName() const { return m_suboriginName; }
+
     // Marks a file:// origin as being in a domain defined by its path.
     // FIXME 81578: The naming of this is confusing. Files with restricted access to other local files
     // still can have other privileges that can be remembered, thereby not making them unique.
     void enforceFilePathSeparation();
 
     // Convert this SecurityOrigin into a string. The string
     // representation of a SecurityOrigin is similar to a URL, except it
     // lacks a path component. The string representation does not encode
     // the value of the SecurityOrigin's domain property.
     //
@@ skipping 35 matching lines @@
     explicit SecurityOrigin(const SecurityOrigin*);
 
     // FIXME: Rename this function to something more semantic.
     bool passesFileCheck(const SecurityOrigin*) const;
     void buildRawString(StringBuilder&) const;
 
     String m_protocol;
     String m_host;
     String m_domain;
     String m_filePath;
+    String m_suboriginName;
     unsigned short m_port;
     bool m_isUnique;
     bool m_universalAccess;
     bool m_domainWasSetInDOM;
     bool m_canLoadLocalResources;
     bool m_enforceFilePathSeparation;
     bool m_needsDatabaseIdentifierQuirkForFiles;
 };
 
 } // namespace blink
 
 #endif // SecurityOrigin_h