Service CreateNewWindow on the UI thread with a new mojo interface

chrome/browser/chrome_content_browser_client.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chrome_content_browser_client.h"
 
 #include <map>
 #include <set>
 #include <utility>
 #include <vector>
@@ skipping 2415 matching lines @@
 
 content::PlatformNotificationService*
 ChromeContentBrowserClient::GetPlatformNotificationService() {
   return PlatformNotificationServiceImpl::GetInstance();
 }
 
 bool ChromeContentBrowserClient::CanCreateWindow(
     int opener_render_process_id,
     int opener_render_frame_id,
     const GURL& opener_url,
     const GURL& opener_top_level_frame_url,

[alexmos, 2017/04/17 19:41:07]

Yay, doing this might allow us to fix this for OOPIFs, as we can just look up
the opener's top frame URL on the UI thread.  Currently, we fall back to setting
this to top frame's origin with OOPIFs, which breaks path matching for file
URLs. (This is from https://crbug.com/466297.)  I'll plan to do this cleanup as
a followup.

[Charlie Harrison, 2017/04/17 20:10:51]

w00t!

     const GURL& source_origin,
     content::mojom::WindowContainerType container_type,
     const GURL& target_url,
     const content::Referrer& referrer,
     const std::string& frame_name,
     WindowOpenDisposition disposition,
     const blink::mojom::WindowFeatures& features,
     bool user_gesture,
     bool opener_suppressed,
-    content::ResourceContext* context,
     bool* no_javascript_access) {
-  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+  DCHECK_CURRENTLY_ON(BrowserThread::UI);
 
+  content::RenderFrameHost* opener = content::RenderFrameHost::FromID(
+      opener_render_process_id, opener_render_frame_id);
+  content::WebContents* web_contents =
+      content::WebContents::FromRenderFrameHost(opener);
+  Profile* profile =
+      Profile::FromBrowserContext(web_contents->GetBrowserContext());
+  DCHECK(profile);
   *no_javascript_access = false;
 
   // If the opener is trying to create a background window but doesn't have
   // the appropriate permission, fail the attempt.
   if (container_type == content::mojom::WindowContainerType::BACKGROUND) {
 #if BUILDFLAG(ENABLE_EXTENSIONS)
-    ProfileIOData* io_data = ProfileIOData::FromResourceContext(context);
-    InfoMap* map = io_data->GetExtensionInfoMap();
-    if (!map->SecurityOriginHasAPIPermission(source_origin,
-                                             opener_render_process_id,
-                                             APIPermission::kBackground)) {
-      return false;
+    // TODO(csharrison): Consider moving this logic into a static method
+    // somewhere.
+    auto* process_map = extensions::ProcessMap::Get(profile);
+    auto* registry = extensions::ExtensionRegistry::Get(profile);
+    if (source_origin.SchemeIs(extensions::kExtensionScheme)) {
+      const std::string& id = source_origin.host();
+      const Extension* extension = registry->GetExtensionById(
+          id, extensions::ExtensionRegistry::ENABLED);
+      return extension &&
+             extension->permissions_data()->HasAPIPermission(

[alexmos, 2017/04/17 19:41:07]

This doesn't seem to quite match the old check.  The cases where
SecurityOriginHasAPIPermission returned true used to fall through to the 
AllowJSAccess check below, but now they return immediately.

[Charlie Harrison, 2017/04/17 20:10:51]

Yep, fixed.

+                 APIPermission::kBackground) &&
+             process_map->Contains(id, opener_render_process_id);
+    }
+    bool has_permission = false;
+    for (const auto& extension_id :
+         process_map->GetExtensionsInProcess(opener_render_process_id)) {
+      const Extension* extension = registry->GetExtensionById(
+          extension_id, extensions::ExtensionRegistry::ENABLED);
+      if (extension->web_extent().MatchesSecurityOrigin(source_origin) &&
+          extension->permissions_data()->HasAPIPermission(
+              APIPermission::kBackground)) {
+        has_permission = true;
+      }
+      if (!has_permission)

[alexmos, 2017/04/17 19:41:07]

Is this right?  Or should it be outside the loop (along with a break after
"has_permission = true")?

[Charlie Harrison, 2017/04/17 20:10:52]

Yep, fixed.

+        return false;
     }
 
     // Note: this use of GetExtensionOrAppByURL is safe but imperfect.  It may
     // return a recently installed Extension even if this CanCreateWindow call
     // was made by an old copy of the page in a normal web process.  That's ok,
     // because the permission check above would have caused an early return
     // already. We must use the full URL to find hosted apps, though, and not
     // just the origin.
     const Extension* extension =
-        map->extensions().GetExtensionOrAppByURL(opener_url);
+        registry->enabled_extensions().GetExtensionOrAppByURL(opener_url);
     if (extension && !extensions::BackgroundInfo::AllowJSAccess(extension))
       *no_javascript_access = true;
 #endif
 
     return true;
   }
 
 #if BUILDFLAG(ENABLE_EXTENSIONS)
   if (extensions::WebViewRendererState::GetInstance()->IsGuest(
           opener_render_process_id)) {
     return true;
   }
 
   if (target_url.SchemeIs(extensions::kExtensionScheme)) {
     // Intentionally duplicating |io_data| and |map| code from above because we
     // want to reduce calls to retrieve them as this function is a SYNC IPC
     // handler.
-    ProfileIOData* io_data = ProfileIOData::FromResourceContext(context);
-    InfoMap* map = io_data->GetExtensionInfoMap();
+    auto* registry = extensions::ExtensionRegistry::Get(profile);
     const Extension* extension =
-        map->extensions().GetExtensionOrAppByURL(opener_url);
+        registry->enabled_extensions().GetExtensionOrAppByURL(opener_url);
     if (extension && extension->is_platform_app()) {
       AppLoadedInTabSource source =
           opener_top_level_frame_url ==
                   extensions::BackgroundInfo::GetBackgroundURL(extension)
               ? APP_LOADED_IN_TAB_SOURCE_BACKGROUND_PAGE
               : APP_LOADED_IN_TAB_SOURCE_APP;
       // TODO(lazyboy): Remove this UMA once the change below to disallow apps
       // in tabs has settled in stable branch.
       UMA_HISTOGRAM_ENUMERATION("Extensions.AppLoadedInTab", source,
                                 APP_LOADED_IN_TAB_SOURCE_MAX);
       // Platform apps and their background pages should not be able to call
       // window.open() to load v2 apps in regular tab.
       // Simply disallow window.open() calls in this case.
       return false;
     }
   }
 #endif
 
   HostContentSettingsMap* content_settings =
-      ProfileIOData::FromResourceContext(context)->GetHostContentSettingsMap();
+      HostContentSettingsMapFactory::GetForProfile(profile);
 
 #if BUILDFLAG(ENABLE_PLUGINS)
   if (FlashDownloadInterception::ShouldStopFlashDownloadAction(
           content_settings, opener_top_level_frame_url, target_url,
           user_gesture)) {
-    BrowserThread::PostTask(
-        BrowserThread::UI, FROM_HERE,
-        base::Bind(&HandleFlashDownloadActionOnUIThread,
-                   opener_render_process_id, opener_render_frame_id,
-                   opener_top_level_frame_url));
+    HandleFlashDownloadActionOnUIThread(opener_render_process_id,
+                                        opener_render_frame_id,
+                                        opener_top_level_frame_url);
     return false;
   }
 #endif
 
   BlockedWindowParams blocked_params(
       target_url, referrer, frame_name, disposition, features, user_gesture,
       opener_suppressed, opener_render_process_id, opener_render_frame_id);
 
   if (!user_gesture &&
       !base::CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kDisablePopupBlocking)) {
-    if (content_settings->GetContentSetting(opener_top_level_frame_url,
-                                            opener_top_level_frame_url,
-                                            CONTENT_SETTINGS_TYPE_POPUPS,
-                                            std::string()) !=
-        CONTENT_SETTING_ALLOW) {
-      BrowserThread::PostTask(BrowserThread::UI,
-                              FROM_HERE,
-                              base::Bind(&HandleBlockedPopupOnUIThread,
-                                         blocked_params));
+    if (content_settings->GetContentSetting(
+            opener_top_level_frame_url, opener_top_level_frame_url,
+            CONTENT_SETTINGS_TYPE_POPUPS,
+            std::string()) != CONTENT_SETTING_ALLOW) {
+      HandleBlockedPopupOnUIThread(blocked_params);
       return false;
     }
   }
 
 #if defined(OS_ANDROID)
   if (SingleTabModeTabHelper::IsRegistered(opener_render_process_id,
                                            opener_render_frame_id)) {
     BrowserThread::PostTask(BrowserThread::UI,
                             FROM_HERE,
                             base::Bind(&HandleSingleTabModeBlockOnUIThread,
@@ skipping 1066 matching lines @@
     RedirectNonUINonIOBrowserThreadsToTaskScheduler() {
   return variations::GetVariationParamValue(
              "BrowserScheduler", "RedirectNonUINonIOBrowserThreads") == "true";
 }
 
 // static
 void ChromeContentBrowserClient::SetDefaultQuotaSettingsForTesting(
     const storage::QuotaSettings* settings) {
   g_default_quota_settings = settings;
 }