Changing the security model for "chrome" URLs

This patch changes the security model for "chrome" URLs to make implementing some features in DOMUI easier. Instead of registering "chrome" as a NoAccess and a Local scheme, we register it as a DisplayIsolated scheme. That should have the effects outlined in this email: http://groups.google.com/a/chromium.org/group/chromium-dev/browse_thread/thread/863700bf99b3f3ed See also https://bugs.webkit.org/show_bug.cgi?id=50182 which introduces the necessary API into WebKit. BUG=69140 Review URL: http://codereview.chromium.org/5268006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@71382 0039d316-1c4b-4281-b951-d872f2087c98
author: abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-01-13 23:42:28 +0000
committer: abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-01-13 23:42:28 +0000
commit: c8310d8c58b1b51d6565abd3792622237283c564 (patch)
tree: b837a6f4449c70b22d3a38d5fcea365507bf546e
parent: 2e610e9cd18750dc905a4f4feea8f5478256a28d (diff)
download: chromium_src-c8310d8c58b1b51d6565abd3792622237283c564.zip
chromium_src-c8310d8c58b1b51d6565abd3792622237283c564.tar.gz
chromium_src-c8310d8c58b1b51d6565abd3792622237283c564.tar.bz2
4 files changed, 13 insertions, 4 deletions
diff --git a/chrome/browser/renderer_host/browser_render_process_host.cc b/chrome/browser/renderer_host/browser_render_process_host.cc
index 7c047af..3750dd3 100644
--- a/chrome/browser/renderer_host/browser_render_process_host.cc
+++ b/chrome/browser/renderer_host/browser_render_process_host.cc
@@ -718,6 +718,7 @@ void BrowserRenderProcessHost::PropagateBrowserCommandLineToRenderer(
     switches::kRemoteShellPort,
     switches::kEnablePepperTesting,
     switches::kAllowOutdatedPlugins,
+    switches::kNewChromeUISecurityModel,
     switches::kEnableRemoting,
     switches::kEnableClickToPlay,
     switches::kEnableResourceContentSettings,
diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
index 9297740..0365ccc 100644
--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -827,6 +827,9 @@ const char kNaClLoaderProcess[]             = "nacl-loader";
 // Causes the Native Client process to display a dialog on launch.
 const char kNaClStartupDialog[]             = "nacl-startup-dialog";
 
+// Enables the new security model for "chrome" URLs.
+const char kNewChromeUISecurityModel[]      = "new-chrome-ui-security-model";
+
 // Disables the default browser check. Useful for UI/browser tests where we
 // want to avoid having the default browser info-bar displayed.
 const char kNoDefaultBrowserCheck[]         = "no-default-browser-check";
diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h
index 1c3e1ea..4b26622 100644
--- a/chrome/common/chrome_switches.h
+++ b/chrome/common/chrome_switches.h
@@ -237,6 +237,7 @@ extern const char kNaClDebugPorts[];
 extern const char kNaClBrokerProcess[];
 extern const char kNaClLoaderProcess[];
 extern const char kNaClStartupDialog[];
+extern const char kNewChromeUISecurityModel[];
 extern const char kNoDefaultBrowserCheck[];
 extern const char kNoEvents[];
 extern const char kNoExperiments[];
diff --git a/chrome/renderer/render_thread.cc b/chrome/renderer/render_thread.cc
index 2935304..67c3f7d 100644
--- a/chrome/renderer/render_thread.cc
+++ b/chrome/renderer/render_thread.cc
@@ -870,12 +870,18 @@ void RenderThread::EnsureWebKitInitialized() {
 
   WebScriptController::enableV8SingleThreadMode();
 
+  const CommandLine& command_line = *CommandLine::ForCurrentProcess();
+
   // chrome: pages should not be accessible by normal content, and should
   // also be unable to script anything but themselves (to help limit the damage
   // that a corrupt chrome: page could cause).
   WebString chrome_ui_scheme(ASCIIToUTF16(chrome::kChromeUIScheme));
-  WebSecurityPolicy::registerURLSchemeAsLocal(chrome_ui_scheme);
-  WebSecurityPolicy::registerURLSchemeAsNoAccess(chrome_ui_scheme);
+  if (command_line.HasSwitch(switches::kNewChromeUISecurityModel)) {
+    WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_ui_scheme);
+  } else {
+    WebSecurityPolicy::registerURLSchemeAsLocal(chrome_ui_scheme);
+    WebSecurityPolicy::registerURLSchemeAsNoAccess(chrome_ui_scheme);
+  }
 
   // chrome-extension: resources shouldn't trigger insecure content warnings.
   WebString extension_scheme(ASCIIToUTF16(chrome::kExtensionScheme));
@@ -894,8 +900,6 @@ void RenderThread::EnsureWebKitInitialized() {
   if (search_extension)
     RegisterExtension(search_extension, false);
 
-  const CommandLine& command_line = *CommandLine::ForCurrentProcess();
-
   if (command_line.HasSwitch(switches::kEnableBenchmarking))
     RegisterExtension(extensions_v8::BenchmarkingExtension::Get(), false);
author	abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-01-13 23:42:28 +0000
committer	abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-01-13 23:42:28 +0000
commit	c8310d8c58b1b51d6565abd3792622237283c564 (patch)
tree	b837a6f4449c70b22d3a38d5fcea365507bf546e
parent	2e610e9cd18750dc905a4f4feea8f5478256a28d (diff)
download	chromium_src-c8310d8c58b1b51d6565abd3792622237283c564.zip chromium_src-c8310d8c58b1b51d6565abd3792622237283c564.tar.gz chromium_src-c8310d8c58b1b51d6565abd3792622237283c564.tar.bz2