IndexedDB: chrome-side changes for permission check from shared worker

https://bugs.webkit.org/show_bug.cgi?id=79954 is the webkit side.

BUG=116344
TEST=


Review URL: http://codereview.chromium.org/9557009

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@124618 0039d316-1c4b-4281-b951-d872f2087c98

12 files changed, 92 insertions, 2 deletions

diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index f360e58..9a05023 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -937,6 +937,28 @@ bool ChromeContentBrowserClient::AllowWorkerFileSystem(
   return allow;
 }
 
+bool ChromeContentBrowserClient::AllowWorkerIndexedDB(
+    const GURL& url,
+    const string16& name,
+    content::ResourceContext* context,
+    const std::vector<std::pair<int, int> >& render_views) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+  ProfileIOData* io_data = ProfileIOData::FromResourceContext(context);
+  CookieSettings* cookie_settings = io_data->GetCookieSettings();
+  bool allow = cookie_settings->IsSettingCookieAllowed(url, url);
+
+  // Record access to IndexedDB for potential display in UI.
+  std::vector<std::pair<int, int> >::const_iterator i;
+  for (i = render_views.begin(); i != render_views.end(); ++i) {
+    BrowserThread::PostTask(
+        BrowserThread::UI, FROM_HERE,
+        base::Bind(&TabSpecificContentSettings::IndexedDBAccessed,
+                   i->first, i->second, url, name, !allow));
+  }
+
+  return allow;
+}
+
 net::URLRequestContext*
 ChromeContentBrowserClient::OverrideRequestContextForURL(
     const GURL& url, content::ResourceContext* context) {
diff --git a/chrome/browser/chrome_content_browser_client.h b/chrome/browser/chrome_content_browser_client.h
index e1d4d84..401aeb3 100644
--- a/chrome/browser/chrome_content_browser_client.h
+++ b/chrome/browser/chrome_content_browser_client.h
@@ -78,6 +78,11 @@ class ChromeContentBrowserClient : public content::ContentBrowserClient {
       const GURL& url,
       content::ResourceContext* context,
       const std::vector<std::pair<int, int> >& render_views) OVERRIDE;
+  virtual bool AllowWorkerIndexedDB(
+      const GURL& url,
+      const string16& name,
+      content::ResourceContext* context,
+      const std::vector<std::pair<int, int> >& render_views) OVERRIDE;
   virtual net::URLRequestContext* OverrideRequestContextForURL(
       const GURL& url, content::ResourceContext* context) OVERRIDE;
   virtual QuotaPermissionContext* CreateQuotaPermissionContext() OVERRIDE;
diff --git a/content/browser/mock_content_browser_client.cc b/content/browser/mock_content_browser_client.cc
index 227a09a..783b160 100644
--- a/content/browser/mock_content_browser_client.cc
+++ b/content/browser/mock_content_browser_client.cc
@@ -154,6 +154,14 @@ bool MockContentBrowserClient::AllowWorkerFileSystem(
   return true;
 }
 
+bool MockContentBrowserClient::AllowWorkerIndexedDB(
+    const GURL& url,
+    const string16& name,
+    content::ResourceContext* context,
+    const std::vector<std::pair<int, int> >& render_views) {
+  return true;
+}
+
 QuotaPermissionContext*
     MockContentBrowserClient::CreateQuotaPermissionContext() {
   return NULL;
diff --git a/content/browser/mock_content_browser_client.h b/content/browser/mock_content_browser_client.h
index 62ee8b6..692dbac 100644
--- a/content/browser/mock_content_browser_client.h
+++ b/content/browser/mock_content_browser_client.h
@@ -80,6 +80,11 @@ class MockContentBrowserClient : public ContentBrowserClient {
       const GURL& url,
       content::ResourceContext* context,
       const std::vector<std::pair<int, int> >& render_views) OVERRIDE;
+  virtual bool AllowWorkerIndexedDB(
+      const GURL& url,
+      const string16& name,
+      content::ResourceContext* context,
+      const std::vector<std::pair<int, int> >& render_views) OVERRIDE;
   virtual net::URLRequestContext* OverrideRequestContextForURL(
       const GURL& url, content::ResourceContext* context) OVERRIDE;
   virtual QuotaPermissionContext* CreateQuotaPermissionContext() OVERRIDE;
diff --git a/content/browser/worker_host/worker_process_host.cc b/content/browser/worker_host/worker_process_host.cc
index 48c0f10..7907d9a 100644
--- a/content/browser/worker_host/worker_process_host.cc
+++ b/content/browser/worker_host/worker_process_host.cc
@@ -334,6 +334,7 @@ bool WorkerProcessHost::OnMessageReceived(const IPC::Message& message) {
                         OnWorkerContextClosed)
     IPC_MESSAGE_HANDLER(WorkerProcessHostMsg_AllowDatabase, OnAllowDatabase)
     IPC_MESSAGE_HANDLER(WorkerProcessHostMsg_AllowFileSystem, OnAllowFileSystem)
+    IPC_MESSAGE_HANDLER(WorkerProcessHostMsg_AllowIndexedDB, OnAllowIndexedDB)
     IPC_MESSAGE_UNHANDLED(handled = false)
     IPC_END_MESSAGE_MAP_EX()
 
@@ -397,6 +398,14 @@ void WorkerProcessHost::OnAllowFileSystem(int worker_route_id,
       url, resource_context_, GetRenderViewIDsForWorker(worker_route_id));
 }
 
+void WorkerProcessHost::OnAllowIndexedDB(int worker_route_id,
+                                         const GURL& url,
+                                         const string16& name,
+                                         bool* result) {
+  *result = content::GetContentClient()->browser()->AllowWorkerIndexedDB(
+      url, name, resource_context_, GetRenderViewIDsForWorker(worker_route_id));
+}
+
 void WorkerProcessHost::RelayMessage(
     const IPC::Message& message,
     WorkerMessageFilter* filter,
diff --git a/content/browser/worker_host/worker_process_host.h b/content/browser/worker_host/worker_process_host.h
index 850b761..95f94b1 100644
--- a/content/browser/worker_host/worker_process_host.h
+++ b/content/browser/worker_host/worker_process_host.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -173,6 +173,10 @@ class WorkerProcessHost : public content::BrowserChildProcessHostDelegate,
   void OnAllowFileSystem(int worker_route_id,
                          const GURL& url,
                          bool* result);
+  void OnAllowIndexedDB(int worker_route_id,
+                        const GURL& url,
+                        const string16& name,
+                        bool* result);
 
   // Relays a message to the given endpoint.  Takes care of parsing the message
   // if it contains a message port and sending it a valid route id.
diff --git a/content/common/worker_messages.h b/content/common/worker_messages.h
index 9b37b32..631965f 100644
--- a/content/common/worker_messages.h
+++ b/content/common/worker_messages.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -135,6 +135,13 @@ IPC_SYNC_MESSAGE_CONTROL2_1(WorkerProcessHostMsg_AllowFileSystem,
                             GURL /* origin url */,
                             bool /* result */)
 
+// Sent by the worker process to check whether access to IndexedDB is allowed.
+IPC_SYNC_MESSAGE_CONTROL3_1(WorkerProcessHostMsg_AllowIndexedDB,
+                            int /* worker_route_id */,
+                            GURL /* origin url */,
+                            string16 /* database name */,
+                            bool /* result */)
+
 //-----------------------------------------------------------------------------
 // Worker messages
 // These are messages sent from the renderer process to the worker process.
diff --git a/content/public/browser/content_browser_client.h b/content/public/browser/content_browser_client.h
index 9945812..c4f9f1d 100644
--- a/content/public/browser/content_browser_client.h
+++ b/content/public/browser/content_browser_client.h
@@ -207,6 +207,15 @@ class ContentBrowserClient {
       content::ResourceContext* context,
       const std::vector<std::pair<int, int> >& render_views) = 0;
 
+  // Allow the embedder to control if access to IndexedDB by a shared worker
+  // is allowed.
+  // This is called on the IO thread.
+  virtual bool AllowWorkerIndexedDB(
+      const GURL& url,
+      const string16& name,
+      content::ResourceContext* context,
+      const std::vector<std::pair<int, int> >& render_views) = 0;
+
   // Allows the embedder to override the request context based on the URL for
   // certain operations, like cookie access. Returns NULL to indicate the
   // regular request context should be used.
diff --git a/content/shell/shell_content_browser_client.cc b/content/shell/shell_content_browser_client.cc
index af4b44e..d6cb87b 100644
--- a/content/shell/shell_content_browser_client.cc
+++ b/content/shell/shell_content_browser_client.cc
@@ -179,6 +179,14 @@ bool ShellContentBrowserClient::AllowWorkerFileSystem(
   return true;
 }
 
+bool ShellContentBrowserClient::AllowWorkerIndexedDB(
+    const GURL& url,
+    const string16& name,
+    content::ResourceContext* context,
+    const std::vector<std::pair<int, int> >& render_views) {
+  return true;
+}
+
 QuotaPermissionContext*
     ShellContentBrowserClient::CreateQuotaPermissionContext() {
   return NULL;
diff --git a/content/shell/shell_content_browser_client.h b/content/shell/shell_content_browser_client.h
index 88324ee..5db6929 100644
--- a/content/shell/shell_content_browser_client.h
+++ b/content/shell/shell_content_browser_client.h
@@ -85,6 +85,11 @@ class ShellContentBrowserClient : public ContentBrowserClient {
       const GURL& url,
       content::ResourceContext* context,
       const std::vector<std::pair<int, int> >& render_views) OVERRIDE;
+  virtual bool AllowWorkerIndexedDB(
+      const GURL& url,
+      const string16& name,
+      content::ResourceContext* context,
+      const std::vector<std::pair<int, int> >& render_views) OVERRIDE;
   virtual net::URLRequestContext* OverrideRequestContextForURL(
       const GURL& url, content::ResourceContext* context) OVERRIDE;
   virtual QuotaPermissionContext* CreateQuotaPermissionContext() OVERRIDE;
diff --git a/content/worker/websharedworkerclient_proxy.cc b/content/worker/websharedworkerclient_proxy.cc
index a1ee4b4..dbb8bef 100644
--- a/content/worker/websharedworkerclient_proxy.cc
+++ b/content/worker/websharedworkerclient_proxy.cc
@@ -168,6 +168,13 @@ void WebSharedWorkerClientProxy::openFileSystem(
       size, create, new WebFileSystemCallbackDispatcher(callbacks));
 }
 
+bool WebSharedWorkerClientProxy::allowIndexedDB(const WebKit::WebString& name) {
+  bool result = false;
+  Send(new WorkerProcessHostMsg_AllowIndexedDB(
+      route_id_, stub_->url().GetOrigin(), name, &result));
+  return result;
+}
+
 void WebSharedWorkerClientProxy::dispatchDevToolsMessage(
     const WebString& message) {
   if (devtools_agent_)
diff --git a/content/worker/websharedworkerclient_proxy.h b/content/worker/websharedworkerclient_proxy.h
index 6b085c5..8a444ce 100644
--- a/content/worker/websharedworkerclient_proxy.h
+++ b/content/worker/websharedworkerclient_proxy.h
@@ -77,6 +77,7 @@ class WebSharedWorkerClientProxy : public WebKit::WebSharedWorkerClient {
                               long long size,
                               bool create,
                               WebKit::WebFileSystemCallbacks* callbacks);
+  virtual bool allowIndexedDB(const WebKit::WebString&);
   virtual void dispatchDevToolsMessage(const WebKit::WebString&);
   virtual void saveDevToolsAgentState(const WebKit::WebString&);