This change is motivated by the need to implement the Android WebView.loadDataWithBaseURL API[1], which allows access to local file:// resources (depending on AwSettings.getAllowFileAccess) as long as the base URL provided is not "data:".

When AwSettings.getAllowFileAccess returns false, data URIs loaded with a non-data base URL should be able to access file:///android_asset and file:///android_res/, but not the wider filesystem.

We grant the WebView process access to file:// via ChildProcessSecurityPolicy (as WebView is single process we do this on process startup) and add a field to ViewMsg_NavigateParams that indicates if the URL being loaded should have access to local loads. This is bit is checked when the provisional load commits and if set, grants the SecurityOrigin access to local resources. The bit defaults to false and is only set in android_webview when AwContents loads a data URL with a non-data base URL, so there should be no behavior change outside of android_webview.

Once the SecurityOrigin allows local loads, code already present in android_webview controls whether the URL should be able to load either only android_asset and android_res or any file:// URL (see https://codereview.chromium.org/11090003/).

[1]
http://developer.android.com/reference/android/webkit/WebView.html#loadDataWithBaseURL(java.lang.String,
java.lang.String, java.lang.String, java.lang.String, java.lang.String)

BUG=152223

Review URL: https://codereview.chromium.org/10990056

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@161355 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 99 insertions, 22 deletions

diff --git a/android_webview/javatests/assets/asset_icon.png b/android_webview/javatests/assets/asset_icon.png
new file mode 100644
index 0000000..f381f86
--- /dev/null
+++ b/android_webview/javatests/assets/asset_icon.png
diff --git a/android_webview/javatests/res/raw/resource_icon.png b/android_webview/javatests/res/raw/resource_icon.png
new file mode 100644
index 0000000..f381f86
--- /dev/null
+++ b/android_webview/javatests/res/raw/resource_icon.png
diff --git a/android_webview/javatests/src/org/chromium/android_webview/test/LoadDataWithBaseUrlTest.java b/android_webview/javatests/src/org/chromium/android_webview/test/LoadDataWithBaseUrlTest.java
index 7f6e72d..c10b735 100644
--- a/android_webview/javatests/src/org/chromium/android_webview/test/LoadDataWithBaseUrlTest.java
+++ b/android_webview/javatests/src/org/chromium/android_webview/test/LoadDataWithBaseUrlTest.java
@@ -4,19 +4,25 @@
 
 package org.chromium.android_webview.test;
 
+import android.graphics.Bitmap;
 import android.test.suitebuilder.annotation.SmallTest;
 
+import org.chromium.android_webview.AndroidProtocolHandler;
 import org.chromium.android_webview.AwContents;
 import org.chromium.android_webview.test.util.CommonResources;
 import org.chromium.android_webview.test.util.TestWebServer;
 import org.chromium.base.test.util.Feature;
 import org.chromium.base.test.util.UrlUtils;
+import org.chromium.content.browser.test.util.Criteria;
+import org.chromium.content.browser.test.util.CriteriaHelper;
 import org.chromium.content.browser.ContentSettings;
 import org.chromium.content.browser.ContentViewCore;
 import org.chromium.content.browser.LoadUrlParams;
 import org.chromium.content.browser.test.util.HistoryUtils;
 import org.chromium.content.browser.test.util.TestCallbackHelperContainer;
 
+import java.io.File;
+import java.io.FileOutputStream;
 import java.util.concurrent.TimeUnit;
 
 public class LoadDataWithBaseUrlTest extends AndroidWebViewTestBase {
@@ -212,28 +218,6 @@ public class LoadDataWithBaseUrlTest extends AndroidWebViewTestBase {
 
     @SmallTest
     @Feature({"Android-WebView"})
-    public void testAccessToLocalFile() throws Throwable {
-        getContentSettingsOnUiThread(mAwContents).setJavaScriptEnabled(true);
-        final String baseUrl = UrlUtils.getTestFileUrl("webview/");
-        final String scriptFile = baseUrl + "script.js";
-        final String pageHtml = getScriptFileTestPageHtml(scriptFile);
-        loadDataWithBaseUrlSync(pageHtml, "text/html", false, baseUrl, null);
-        assertEquals(SCRIPT_LOADED, getTitleOnUiThread(mAwContents));
-    }
-
-    @SmallTest
-    @Feature({"Android-WebView"})
-    public void testFailedAccessToLocalFile() throws Throwable {
-        getContentSettingsOnUiThread(mAwContents).setJavaScriptEnabled(true);
-        final String scriptFile = UrlUtils.getTestFileUrl("webview/script.js");
-        final String pageHtml = getScriptFileTestPageHtml(scriptFile);
-        final String baseUrl = "http://example.com";
-        loadDataWithBaseUrlSync(pageHtml, "text/html", false, baseUrl, null);
-        assertEquals(SCRIPT_NOT_LOADED, getTitleOnUiThread(mAwContents));
-    }
-
-    @SmallTest
-    @Feature({"Android-WebView"})
     public void testHistoryUrlNavigation() throws Throwable {
         TestWebServer webServer = null;
         try {
@@ -265,4 +249,97 @@ public class LoadDataWithBaseUrlTest extends AndroidWebViewTestBase {
             if (webServer != null) webServer.shutdown();
         }
     }
+
+    /**
+     * @return true if |fileUrl| was accessible from a data url with |baseUrl| as it's
+     * base URL.
+     */
+    private boolean canAccessFileFromData(String baseUrl, String fileUrl) throws Throwable {
+        final String IMAGE_LOADED = "LOADED";
+        final String IMAGE_NOT_LOADED = "NOT_LOADED";
+        String data = "<html><body>" +
+                "<img src=\"" + fileUrl + "\" " +
+                "onload=\"document.title=\'" + IMAGE_LOADED + "\';\" " +
+                "onerror=\"document.title=\'" + IMAGE_NOT_LOADED + "\';\" />" +
+                "</body></html>";
+
+        loadDataWithBaseUrlSync(data, "text/html", false, baseUrl, null);
+
+        CriteriaHelper.pollForCriteria(new Criteria() {
+            @Override
+            public boolean isSatisfied() {
+                try {
+                    String title = getTitleOnUiThread(mAwContents);
+                    return IMAGE_LOADED.equals(title) || IMAGE_NOT_LOADED.equals(title);
+                } catch (Throwable t) {
+                    return false;
+                }
+            }
+        });
+
+        return IMAGE_LOADED.equals(getTitleOnUiThread(mAwContents));
+    }
+
+    @SmallTest
+    @Feature({"Android-WebView"})
+    public void testLoadDataWithBaseUrlAccessingFile() throws Throwable {
+        // Create a temporary file on the filesystem we can try to read.
+        File cacheDir = getActivity().getCacheDir();
+        File tempImage = File.createTempFile("test_image", ".png", cacheDir);
+        Bitmap bitmap = Bitmap.createBitmap(1, 1, Bitmap.Config.RGB_565);
+        FileOutputStream fos = new FileOutputStream(tempImage);
+        bitmap.compress(Bitmap.CompressFormat.PNG, 100, fos);
+        String imagePath = tempImage.getAbsolutePath();
+
+        ContentSettings contentSettings = getContentSettingsOnUiThread(mAwContents);
+        contentSettings.setImagesEnabled(true);
+        contentSettings.setJavaScriptEnabled(true);
+
+        try {
+            final String DATA_BASE_URL = "data:";
+            final String NON_DATA_BASE_URL = "http://example.com";
+
+            AndroidProtocolHandler.setResourceContextForTesting(getInstrumentation().getContext());
+            mAwContents.getSettings().setAllowFileAccess(false);
+            String token = "" + System.currentTimeMillis();
+            // All access to file://, including android_asset and android_res is blocked
+            // with a data: base URL, regardless of AwSettings.getAllowFileAccess().
+            assertFalse(canAccessFileFromData(DATA_BASE_URL,
+                  "file:///android_asset/asset_icon.png?" + token));
+            assertFalse(canAccessFileFromData(DATA_BASE_URL,
+                  "file:///android_res/raw/resource_icon.png?" + token));
+            assertFalse(canAccessFileFromData(DATA_BASE_URL, "file://" + imagePath + "?" + token));
+
+            // WebView always has access to android_asset and android_res for non-data
+            // base URLs and can access other file:// URLs based on the value of
+            // AwSettings.getAllowFileAccess().
+            assertTrue(canAccessFileFromData(NON_DATA_BASE_URL,
+                  "file:///android_asset/asset_icon.png?" + token));
+            assertTrue(canAccessFileFromData(NON_DATA_BASE_URL,
+                  "file:///android_res/raw/resource_icon.png?" + token));
+            assertFalse(canAccessFileFromData(NON_DATA_BASE_URL,
+                  "file://" + imagePath + "?" + token));
+
+            token += "a";
+            mAwContents.getSettings().setAllowFileAccess(true);
+            // We should still be unable to access any file:// with when loading with a
+            // data: base URL, but we should now be able to access the wider file system
+            // (still restricted by OS-level permission checks) with a non-data base URL.
+            assertFalse(canAccessFileFromData(DATA_BASE_URL,
+                  "file:///android_asset/asset_icon.png?" + token));
+            assertFalse(canAccessFileFromData(DATA_BASE_URL,
+                  "file:///android_res/raw/resource_icon.png?" + token));
+            assertFalse(canAccessFileFromData(DATA_BASE_URL, "file://" + imagePath + "?" + token));
+
+            assertTrue(canAccessFileFromData(NON_DATA_BASE_URL,
+                  "file:///android_asset/asset_icon.png?" + token));
+            assertTrue(canAccessFileFromData(NON_DATA_BASE_URL,
+                  "file:///android_res/raw/resource_icon.png?" + token));
+            assertTrue(canAccessFileFromData(NON_DATA_BASE_URL,
+                  "file://" + imagePath + "?" + token));
+        } finally {
+          tempImage.delete();
+          AndroidProtocolHandler.setResourceContextForTesting(null);
+        }
+    }
 }