Add a cross-thread wrapper around Android Webview's CookieStore.

Android Webview needs to be able to call into its CookieStore on a
thread other than the IOThread. Since we're trying to make the
CookieStore non-threadsafe, that means we need a CookieStore wrapper
to be used by the network stack to access the real CookieStore on
another thread.

This CL also modifies CookieManager to lazily create the CookieStore
on the correct thread.  This both allows us to get rid of the
last GetCookieMonster call, and will make making the CookieStore
non-thread-safe easier.

BUG=579653, 579260

Review URL: https://codereview.chromium.org/1693903002

Cr-Commit-Position: refs/heads/master@{#377596}

6 files changed, 552 insertions, 6 deletions

diff --git a/android_webview/browser/net/aw_cookie_store_wrapper.cc b/android_webview/browser/net/aw_cookie_store_wrapper.cc
new file mode 100644
index 0000000..6b9b063
--- /dev/null
+++ b/android_webview/browser/net/aw_cookie_store_wrapper.cc
@@ -0,0 +1,357 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "android_webview/browser/net/aw_cookie_store_wrapper.h"
+
+#include <string>
+
+#include "android_webview/browser/net/init_native_callback.h"
+#include "base/memory/ref_counted_delete_on_message_loop.h"
+#include "base/thread_task_runner_handle.h"
+#include "url/gurl.h"
+
+namespace android_webview {
+
+namespace {
+
+// Posts |task| to the thread that the global CookieStore lives on.
+void PostTaskToCookieStoreTaskRunner(const base::Closure& task) {
+  GetCookieStoreTaskRunner()->PostTask(FROM_HERE, task);
+}
+
+// Wraps a subscription to cookie change notifications for the global
+// CookieStore for a consumer that lives on another thread. Handles passing
+// messages between thread, and destroys itself when the consumer unsubscribes.
+// Must be created on the consumer's thread. Each instance only supports a
+// single subscription.
+class SubscriptionWrapper {
+ public:
+  SubscriptionWrapper() : weak_factory_(this) {}
+
+  scoped_ptr<net::CookieStore::CookieChangedSubscription> Subscribe(
+      const GURL& url,
+      const std::string& name,
+      const net::CookieStore::CookieChangedCallback& callback) {
+    // This class is only intended to be used for a single subscription.
+    DCHECK(callback_list_.empty());
+
+    nested_subscription_ =
+        new NestedSubscription(url, name, weak_factory_.GetWeakPtr());
+    return callback_list_.Add(callback);
+  }
+
+ private:
+  // The NestedSubscription is responsible for creating and managing the
+  // underlying subscription to the real CookieStore, and posting notifications
+  // back to |callback_list_|.
+  class NestedSubscription
+      : public base::RefCountedDeleteOnMessageLoop<NestedSubscription> {
+   public:
+    NestedSubscription(const GURL& url,
+                       const std::string& name,
+                       base::WeakPtr<SubscriptionWrapper> subscription_wrapper)
+        : base::RefCountedDeleteOnMessageLoop<NestedSubscription>(
+              GetCookieStoreTaskRunner()),
+          subscription_wrapper_(subscription_wrapper),
+          client_task_runner_(base::ThreadTaskRunnerHandle::Get()) {
+      PostTaskToCookieStoreTaskRunner(
+          base::Bind(&NestedSubscription::Subscribe, this, url, name));
+    }
+
+   private:
+    friend class base::RefCountedDeleteOnMessageLoop<NestedSubscription>;
+    friend class base::DeleteHelper<NestedSubscription>;
+
+    ~NestedSubscription() {}
+
+    void Subscribe(const GURL& url, const std::string& name) {
+      GetCookieStore()->AddCallbackForCookie(
+          url, name, base::Bind(&NestedSubscription::OnChanged, this));
+    }
+
+    void OnChanged(const net::CanonicalCookie& cookie, bool removed) {
+      client_task_runner_->PostTask(
+          FROM_HERE, base::Bind(&SubscriptionWrapper::OnChanged,
+                                subscription_wrapper_, cookie, removed));
+    }
+
+    base::WeakPtr<SubscriptionWrapper> subscription_wrapper_;
+    scoped_refptr<base::TaskRunner> client_task_runner_;
+
+    scoped_ptr<net::CookieStore::CookieChangedSubscription> subscription_;
+
+    DISALLOW_COPY_AND_ASSIGN(NestedSubscription);
+  };
+
+  void OnChanged(const net::CanonicalCookie& cookie, bool removed) {
+    callback_list_.Notify(cookie, removed);
+  }
+
+  // The "list" only had one entry, so can just clean up now.
+  void OnUnsubscribe() { delete this; }
+
+  scoped_refptr<NestedSubscription> nested_subscription_;
+  net::CookieStore::CookieChangedCallbackList callback_list_;
+  base::WeakPtrFactory<SubscriptionWrapper> weak_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(SubscriptionWrapper);
+};
+
+void SetCookieWithOptionsAsyncOnCookieThread(
+    const GURL& url,
+    const std::string& cookie_line,
+    const net::CookieOptions& options,
+    const net::CookieStore::SetCookiesCallback& callback) {
+  GetCookieStore()->SetCookieWithOptionsAsync(url, cookie_line, options,
+                                              callback);
+}
+
+void SetCookieWithDetailsAsyncOnCookieThread(
+    const GURL& url,
+    const std::string& name,
+    const std::string& value,
+    const std::string& domain,
+    const std::string& path,
+    base::Time creation_time,
+    base::Time expiration_time,
+    base::Time last_access_time,
+    bool secure,
+    bool http_only,
+    bool same_site,
+    bool enforce_strict_secure,
+    net::CookiePriority priority,
+    const net::CookieStore::SetCookiesCallback& callback) {
+  GetCookieStore()->SetCookieWithDetailsAsync(
+      url, name, value, domain, path, creation_time, expiration_time,
+      last_access_time, secure, http_only, same_site, enforce_strict_secure,
+      priority, callback);
+}
+
+void GetCookiesWithOptionsAsyncOnCookieThread(
+    const GURL& url,
+    const net::CookieOptions& options,
+    const net::CookieStore::GetCookiesCallback& callback) {
+  GetCookieStore()->GetCookiesWithOptionsAsync(url, options, callback);
+}
+
+void GetCookieListWithOptionsAsyncOnCookieThread(
+    const GURL& url,
+    const net::CookieOptions& options,
+    const net::CookieStore::GetCookieListCallback& callback) {
+  GetCookieStore()->GetCookieListWithOptionsAsync(url, options, callback);
+}
+
+void GetAllCookiesAsyncOnCookieThread(
+    const net::CookieStore::GetCookieListCallback& callback) {
+  GetCookieStore()->GetAllCookiesAsync(callback);
+}
+
+void DeleteCookieAsyncOnCookieThread(const GURL& url,
+                                     const std::string& cookie_name,
+                                     const base::Closure& callback) {
+  GetCookieStore()->DeleteCookieAsync(url, cookie_name, callback);
+}
+
+void DeleteCanonicalCookieAsyncOnCookieThread(
+    const net::CanonicalCookie& cookie,
+    const net::CookieStore::DeleteCallback& callback) {
+  GetCookieStore()->DeleteCanonicalCookieAsync(cookie, callback);
+}
+
+void DeleteAllCreatedBetweenAsyncOnCookieThread(
+    const base::Time& delete_begin,
+    const base::Time& delete_end,
+    const net::CookieStore::DeleteCallback& callback) {
+  GetCookieStore()->DeleteAllCreatedBetweenAsync(delete_begin, delete_end,
+                                                 callback);
+}
+
+void DeleteAllCreatedBetweenForHostAsyncOnCookieThread(
+    const base::Time delete_begin,
+    const base::Time delete_end,
+    const GURL& url,
+    const net::CookieStore::DeleteCallback& callback) {
+  GetCookieStore()->DeleteAllCreatedBetweenForHostAsync(
+      delete_begin, delete_end, url, callback);
+}
+
+void DeleteSessionCookiesAsyncOnCookieThread(
+    const net::CookieStore::DeleteCallback& callback) {
+  GetCookieStore()->DeleteSessionCookiesAsync(callback);
+}
+
+void FlushStoreOnCookieThread(const base::Closure& callback) {
+  GetCookieStore()->FlushStore(callback);
+}
+
+void SetForceKeepSessionStateOnCookieThread() {
+  GetCookieStore()->SetForceKeepSessionState();
+}
+
+}  // namespace
+
+AwCookieStoreWrapper::AwCookieStoreWrapper()
+    : client_task_runner_(base::ThreadTaskRunnerHandle::Get()),
+      weak_factory_(this) {}
+
+void AwCookieStoreWrapper::SetCookieWithOptionsAsync(
+    const GURL& url,
+    const std::string& cookie_line,
+    const net::CookieOptions& options,
+    const net::CookieStore::SetCookiesCallback& callback) {
+  DCHECK(client_task_runner_->RunsTasksOnCurrentThread());
+  PostTaskToCookieStoreTaskRunner(
+      base::Bind(&SetCookieWithOptionsAsyncOnCookieThread, url, cookie_line,
+                 options, CreateWrappedCallback<bool>(callback)));
+}
+
+void AwCookieStoreWrapper::SetCookieWithDetailsAsync(
+    const GURL& url,
+    const std::string& name,
+    const std::string& value,
+    const std::string& domain,
+    const std::string& path,
+    base::Time creation_time,
+    base::Time expiration_time,
+    base::Time last_access_time,
+    bool secure,
+    bool http_only,
+    bool same_site,
+    bool enforce_strict_secure,
+    net::CookiePriority priority,
+    const SetCookiesCallback& callback) {
+  DCHECK(client_task_runner_->RunsTasksOnCurrentThread());
+  PostTaskToCookieStoreTaskRunner(
+      base::Bind(&SetCookieWithDetailsAsyncOnCookieThread, url, name, value,
+                 domain, path, creation_time, expiration_time, last_access_time,
+                 secure, http_only, same_site, enforce_strict_secure, priority,
+                 CreateWrappedCallback<bool>(callback)));
+}
+
+void AwCookieStoreWrapper::GetCookiesWithOptionsAsync(
+    const GURL& url,
+    const net::CookieOptions& options,
+    const GetCookiesCallback& callback) {
+  DCHECK(client_task_runner_->RunsTasksOnCurrentThread());
+  PostTaskToCookieStoreTaskRunner(
+      base::Bind(&GetCookiesWithOptionsAsyncOnCookieThread, url, options,
+                 CreateWrappedCallback<const std::string&>(callback)));
+}
+
+void AwCookieStoreWrapper::GetCookieListWithOptionsAsync(
+    const GURL& url,
+    const net::CookieOptions& options,
+    const GetCookieListCallback& callback) {
+  DCHECK(client_task_runner_->RunsTasksOnCurrentThread());
+  PostTaskToCookieStoreTaskRunner(
+      base::Bind(&GetCookieListWithOptionsAsyncOnCookieThread, url, options,
+                 CreateWrappedCallback<const net::CookieList&>(callback)));
+}
+
+void AwCookieStoreWrapper::GetAllCookiesAsync(
+    const GetCookieListCallback& callback) {
+  DCHECK(client_task_runner_->RunsTasksOnCurrentThread());
+  PostTaskToCookieStoreTaskRunner(
+      base::Bind(&GetAllCookiesAsyncOnCookieThread,
+                 CreateWrappedCallback<const net::CookieList&>(callback)));
+}
+
+void AwCookieStoreWrapper::DeleteCookieAsync(const GURL& url,
+                                             const std::string& cookie_name,
+                                             const base::Closure& callback) {
+  DCHECK(client_task_runner_->RunsTasksOnCurrentThread());
+  PostTaskToCookieStoreTaskRunner(
+      base::Bind(&DeleteCookieAsyncOnCookieThread, url, cookie_name,
+                 CreateWrappedClosureCallback(callback)));
+}
+
+void AwCookieStoreWrapper::DeleteCanonicalCookieAsync(
+    const net::CanonicalCookie& cookie,
+    const DeleteCallback& callback) {
+  DCHECK(client_task_runner_->RunsTasksOnCurrentThread());
+  PostTaskToCookieStoreTaskRunner(
+      base::Bind(&DeleteCanonicalCookieAsyncOnCookieThread, cookie,
+                 CreateWrappedCallback<int>(callback)));
+}
+
+void AwCookieStoreWrapper::DeleteAllCreatedBetweenAsync(
+    const base::Time& delete_begin,
+    const base::Time& delete_end,
+    const DeleteCallback& callback) {
+  DCHECK(client_task_runner_->RunsTasksOnCurrentThread());
+  PostTaskToCookieStoreTaskRunner(
+      base::Bind(&DeleteAllCreatedBetweenAsyncOnCookieThread, delete_begin,
+                 delete_end, CreateWrappedCallback<int>(callback)));
+}
+
+void AwCookieStoreWrapper::DeleteAllCreatedBetweenForHostAsync(
+    const base::Time delete_begin,
+    const base::Time delete_end,
+    const GURL& url,
+    const DeleteCallback& callback) {
+  DCHECK(client_task_runner_->RunsTasksOnCurrentThread());
+  PostTaskToCookieStoreTaskRunner(base::Bind(
+      &DeleteAllCreatedBetweenForHostAsyncOnCookieThread, delete_begin,
+      delete_end, url, CreateWrappedCallback<int>(callback)));
+}
+
+void AwCookieStoreWrapper::DeleteSessionCookiesAsync(
+    const DeleteCallback& callback) {
+  DCHECK(client_task_runner_->RunsTasksOnCurrentThread());
+  PostTaskToCookieStoreTaskRunner(
+      base::Bind(&DeleteSessionCookiesAsyncOnCookieThread,
+                 CreateWrappedCallback<int>(callback)));
+}
+
+void AwCookieStoreWrapper::FlushStore(const base::Closure& callback) {
+  DCHECK(client_task_runner_->RunsTasksOnCurrentThread());
+  PostTaskToCookieStoreTaskRunner(base::Bind(
+      &FlushStoreOnCookieThread, CreateWrappedClosureCallback(callback)));
+}
+
+void AwCookieStoreWrapper::SetForceKeepSessionState() {
+  DCHECK(client_task_runner_->RunsTasksOnCurrentThread());
+  PostTaskToCookieStoreTaskRunner(
+      base::Bind(&SetForceKeepSessionStateOnCookieThread));
+}
+
+net::CookieMonster* AwCookieStoreWrapper::GetCookieMonster() {
+  return nullptr;
+}
+
+scoped_ptr<net::CookieStore::CookieChangedSubscription>
+AwCookieStoreWrapper::AddCallbackForCookie(
+    const GURL& url,
+    const std::string& name,
+    const CookieChangedCallback& callback) {
+  DCHECK(client_task_runner_->RunsTasksOnCurrentThread());
+
+  // The SubscriptionWrapper is owned by the subscription itself, and has no
+  // connection to the AwCookieStoreWrapper after creation. Other CookieStore
+  // implementations DCHECK if a subscription outlasts the cookie store,
+  // unfortunately, this design makes DCHECKing if there's an outstanding
+  // subscription when the AwCookieStoreWrapper is destroyed a bit ugly.
+  // TODO(mmenke):  Still worth adding a DCHECK?
+  SubscriptionWrapper* subscription = new SubscriptionWrapper();
+  return subscription->Subscribe(url, name, callback);
+}
+
+AwCookieStoreWrapper::~AwCookieStoreWrapper() {}
+
+base::Closure AwCookieStoreWrapper::CreateWrappedClosureCallback(
+    const base::Closure& callback) {
+  if (callback.is_null())
+    return callback;
+  return base::Bind(base::IgnoreResult(&base::TaskRunner::PostTask),
+                    client_task_runner_, FROM_HERE,
+                    base::Bind(&AwCookieStoreWrapper::RunClosureCallback,
+                               weak_factory_.GetWeakPtr(), callback));
+}
+
+void AwCookieStoreWrapper::RunClosureCallback(const base::Closure& callback) {
+  DCHECK(client_task_runner_->RunsTasksOnCurrentThread());
+  callback.Run();
+}
+
+}  // namespace android_webview
diff --git a/android_webview/browser/net/aw_cookie_store_wrapper.h b/android_webview/browser/net/aw_cookie_store_wrapper.h
new file mode 100644
index 0000000..e308fb1
--- /dev/null
+++ b/android_webview/browser/net/aw_cookie_store_wrapper.h
@@ -0,0 +1,132 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <string>
+
+#include "base/bind.h"
+#include "base/location.h"
+#include "base/macros.h"
+#include "base/memory/ref_counted.h"
+#include "base/memory/weak_ptr.h"
+#include "base/single_thread_task_runner.h"
+#include "base/task_runner.h"
+#include "base/time/time.h"
+#include "net/cookies/canonical_cookie.h"
+#include "net/cookies/cookie_constants.h"
+#include "net/cookies/cookie_store.h"
+
+namespace android_webview {
+
+// A cross-threaded cookie store implementation that wraps the CookieManager's
+// CookieStore. It posts tasks to the CookieStore's thread, and invokes
+// callbacks on the originating thread. Deleting it cancels pending callbacks.
+// This is needed to allow Webview to run the CookieStore on its own thread, to
+// enable synchronous calls into the store on the IO Thread from Java.
+//
+// AwCookieStoreWrapper will only grab the CookieStore pointer from the
+// CookieManager when it's needed, allowing for lazy creation of the
+// CookieStore.
+//
+// AwCookieStoreWrapper may only be called from the thread on which it's
+// created.
+//
+// The CookieManager must outlive the AwCookieStoreWrapper.
+class AwCookieStoreWrapper : public net::CookieStore {
+ public:
+  AwCookieStoreWrapper();
+
+  // CookieStore implementation:
+  void SetCookieWithOptionsAsync(const GURL& url,
+                                 const std::string& cookie_line,
+                                 const net::CookieOptions& options,
+                                 const SetCookiesCallback& callback) override;
+  void SetCookieWithDetailsAsync(const GURL& url,
+                                 const std::string& name,
+                                 const std::string& value,
+                                 const std::string& domain,
+                                 const std::string& path,
+                                 base::Time creation_time,
+                                 base::Time expiration_time,
+                                 base::Time last_access_time,
+                                 bool secure,
+                                 bool http_only,
+                                 bool same_site,
+                                 bool enforce_strict_secure,
+                                 net::CookiePriority priority,
+                                 const SetCookiesCallback& callback) override;
+  void GetCookiesWithOptionsAsync(const GURL& url,
+                                  const net::CookieOptions& options,
+                                  const GetCookiesCallback& callback) override;
+  void GetCookieListWithOptionsAsync(
+      const GURL& url,
+      const net::CookieOptions& options,
+      const GetCookieListCallback& callback) override;
+  void GetAllCookiesAsync(const GetCookieListCallback& callback) override;
+  void DeleteCookieAsync(const GURL& url,
+                         const std::string& cookie_name,
+                         const base::Closure& callback) override;
+  void DeleteCanonicalCookieAsync(const net::CanonicalCookie& cookie,
+                                  const DeleteCallback& callback) override;
+  void DeleteAllCreatedBetweenAsync(const base::Time& delete_begin,
+                                    const base::Time& delete_end,
+                                    const DeleteCallback& callback) override;
+  void DeleteAllCreatedBetweenForHostAsync(
+      const base::Time delete_begin,
+      const base::Time delete_end,
+      const GURL& url,
+      const DeleteCallback& callback) override;
+  void DeleteSessionCookiesAsync(const DeleteCallback& callback) override;
+  void FlushStore(const base::Closure& callback) override;
+  void SetForceKeepSessionState() override;
+  net::CookieMonster* GetCookieMonster() override;
+  scoped_ptr<CookieChangedSubscription> AddCallbackForCookie(
+      const GURL& url,
+      const std::string& name,
+      const CookieChangedCallback& callback) override;
+
+ private:
+  ~AwCookieStoreWrapper() override;
+
+  // Used by CreateWrappedCallback below. Takes an arugment of Type and posts
+  // a task to |task_runner| to invoke |callback| with that argument. If
+  // |weak_cookie_store| is deleted before the task is run, the task will not
+  // be run.
+  template <class Type>
+  static void RunCallbackOnClientThread(
+      base::TaskRunner* task_runner,
+      base::WeakPtr<AwCookieStoreWrapper> weak_cookie_store,
+      base::Callback<void(Type)> callback,
+      Type argument) {
+    task_runner->PostTask(
+        FROM_HERE,
+        base::Bind(&AwCookieStoreWrapper::RunClosureCallback, weak_cookie_store,
+                   base::Bind(callback, argument)));
+  }
+
+  // Returns a base::Callback that takes an argument of Type and posts a task to
+  // the |client_task_runner_| to invoke |callback| with that argument.
+  template <class Type>
+  base::Callback<void(Type)> CreateWrappedCallback(
+      base::Callback<void(Type)> callback) {
+    if (callback.is_null())
+      return callback;
+    return base::Bind(&AwCookieStoreWrapper::RunCallbackOnClientThread<Type>,
+                      client_task_runner_, weak_factory_.GetWeakPtr(),
+                      callback);
+  }
+
+  // Returns a base::Closure that posts a task to the |client_task_runner_| to
+  // invoke |callback|.
+  base::Closure CreateWrappedClosureCallback(const base::Closure& callback);
+
+  // Runs |callback|. Used to prevent callbacks from being invoked after the
+  // AwCookieStoreWrapper has been destroyed.
+  void RunClosureCallback(const base::Closure& callback);
+
+  scoped_refptr<base::SingleThreadTaskRunner> client_task_runner_;
+
+  base::WeakPtrFactory<AwCookieStoreWrapper> weak_factory_;
+};
+
+}  // namesspace android_webview
diff --git a/android_webview/browser/net/aw_cookie_store_wrapper_unittest.cc b/android_webview/browser/net/aw_cookie_store_wrapper_unittest.cc
new file mode 100644
index 0000000..3567afc
--- /dev/null
+++ b/android_webview/browser/net/aw_cookie_store_wrapper_unittest.cc
@@ -0,0 +1,49 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "android_webview/browser/net/aw_cookie_store_wrapper.h"
+
+#include "base/memory/ref_counted.h"
+#include "net/cookies/cookie_store.h"
+#include "net/cookies/cookie_store_test_callbacks.h"
+#include "net/cookies/cookie_store_unittest.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace android_webview {
+
+struct AwCookieStoreWrapperTestTraits {
+  static scoped_refptr<net::CookieStore> Create() {
+    scoped_refptr<net::CookieStore> cookie_store(new AwCookieStoreWrapper());
+
+    // Android Webview can run multiple tests without restarting the binary,
+    // so have to delete any cookies the global store may have from an earlier
+    // test.
+    net::ResultSavingCookieCallback<int> callback;
+    cookie_store->DeleteAllAsync(
+        base::Bind(&net::ResultSavingCookieCallback<int>::Run,
+                   base::Unretained(&callback)));
+    callback.WaitUntilDone();
+
+    return cookie_store;
+  }
+
+  static const bool is_cookie_monster = false;
+  static const bool supports_http_only = true;
+  static const bool supports_non_dotted_domains = true;
+  static const bool preserves_trailing_dots = true;
+  static const bool filters_schemes = true;
+  static const bool has_path_prefix_bug = false;
+  static const int creation_time_granularity_in_ms = 0;
+  static const bool enforce_strict_secure = false;
+};
+
+}  // namespace android_webview
+
+// Run the standard cookie tests with AwCookieStoreWrapper. Macro must be in
+// net namespace.
+namespace net {
+INSTANTIATE_TYPED_TEST_CASE_P(AwCookieStoreWrapper,
+                              CookieStoreTest,
+                              android_webview::AwCookieStoreWrapperTestTraits);
+}  // namespace net
diff --git a/android_webview/browser/net/aw_url_request_context_getter.cc b/android_webview/browser/net/aw_url_request_context_getter.cc
index 7b54fa9..600ea17 100644
--- a/android_webview/browser/net/aw_url_request_context_getter.cc
+++ b/android_webview/browser/net/aw_url_request_context_getter.cc
@@ -9,6 +9,7 @@
 
 #include "android_webview/browser/aw_browser_context.h"
 #include "android_webview/browser/aw_content_browser_client.h"
+#include "android_webview/browser/net/aw_cookie_store_wrapper.h"
 #include "android_webview/browser/net/aw_http_user_agent_settings.h"
 #include "android_webview/browser/net/aw_network_delegate.h"
 #include "android_webview/browser/net/aw_request_interceptor.h"
@@ -166,13 +167,11 @@ scoped_ptr<net::URLRequestJobFactory> CreateJobFactory(
 
 AwURLRequestContextGetter::AwURLRequestContextGetter(
     const base::FilePath& cache_path,
-    net::CookieStore* cookie_store,
     scoped_ptr<net::ProxyConfigService> config_service,
     PrefService* user_pref_service)
     : cache_path_(cache_path),
       net_log_(new net::NetLog()),
       proxy_config_service_(std::move(config_service)),
-      cookie_store_(cookie_store),
       http_user_agent_settings_(new AwHttpUserAgentSettings()) {
   // CreateSystemProxyConfigService for Android must be called on main thread.
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
@@ -201,6 +200,8 @@ void AwURLRequestContextGetter::InitializeURLRequestContext() {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   DCHECK(!url_request_context_);
 
+  cookie_store_ = new AwCookieStoreWrapper();
+
   net::URLRequestContextBuilder builder;
   scoped_ptr<AwNetworkDelegate> aw_network_delegate(new AwNetworkDelegate());
 
diff --git a/android_webview/browser/net/aw_url_request_context_getter.h b/android_webview/browser/net/aw_url_request_context_getter.h
index 46c2146..763a45c 100644
--- a/android_webview/browser/net/aw_url_request_context_getter.h
+++ b/android_webview/browser/net/aw_url_request_context_getter.h
@@ -36,7 +36,6 @@ class AwURLRequestContextGetter : public net::URLRequestContextGetter {
  public:
   AwURLRequestContextGetter(
       const base::FilePath& cache_path,
-      net::CookieStore* cookie_store,
       scoped_ptr<net::ProxyConfigService> config_service,
       PrefService* pref_service);
 
diff --git a/android_webview/browser/net/init_native_callback.h b/android_webview/browser/net/init_native_callback.h
index d98867c..34a65c6 100644
--- a/android_webview/browser/net/init_native_callback.h
+++ b/android_webview/browser/net/init_native_callback.h
@@ -8,6 +8,10 @@
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 
+namespace base {
+class SingleThreadTaskRunner;
+}
+
 namespace net {
 class CookieStore;
 class URLRequestInterceptor;
@@ -16,9 +20,13 @@ class URLRequestInterceptor;
 namespace android_webview {
 class AwBrowserContext;
 
-// Called when the CookieMonster needs to be created.
-scoped_refptr<net::CookieStore> CreateCookieStore(
-    AwBrowserContext* browser_context);
+// Gets the TaskRunner that the CookieStore must be called on.
+scoped_refptr<base::SingleThreadTaskRunner> GetCookieStoreTaskRunner();
+
+// Gets a pointer to the CookieStore managed by the CookieManager.
+// The CookieStore is never deleted. May only be called on the
+// CookieStore's TaskRunner.
+net::CookieStore* GetCookieStore();
 
 // Called lazily when the job factory is being constructed.
 scoped_ptr<net::URLRequestInterceptor>