Chromecast: adds CastNetworkDelegate.

This provides an interface for special handling of "whitelisted" URLs
in internal code.

It also denies local file access for Chromecast, except on Android
(with a flag).

R=lcwu@chromium.org,byungchul@chromium.org
BUG=336640

Review URL: https://codereview.chromium.org/598303002

Cr-Commit-Position: refs/heads/master@{#297079}

12 files changed, 173 insertions, 7 deletions

diff --git a/chromecast/chromecast.gyp b/chromecast/chromecast.gyp
index 9ba706a..687d3e8 100644
--- a/chromecast/chromecast.gyp
+++ b/chromecast/chromecast.gyp
@@ -226,6 +226,8 @@
         'shell/browser/cast_download_manager_delegate.h',
         'shell/browser/cast_http_user_agent_settings.cc',
         'shell/browser/cast_http_user_agent_settings.h',
+        'shell/browser/cast_network_delegate.cc',
+        'shell/browser/cast_network_delegate.h',
         'shell/browser/devtools/cast_dev_tools_delegate.cc',
         'shell/browser/devtools/cast_dev_tools_delegate.h',
         'shell/browser/devtools/remote_debugging_server.cc',
@@ -249,6 +251,7 @@
           ],
         }, {
           'sources': [
+            'shell/browser/cast_network_delegate_simple.cc',
             'shell/browser/devtools/remote_debugging_server_simple.cc',
             'shell/browser/webui/webui_cast_simple.cc',
             'shell/renderer/key_systems_cast_simple.cc',
diff --git a/chromecast/common/chromecast_switches.cc b/chromecast/common/chromecast_switches.cc
index 90b524b..0ccbf7b 100644
--- a/chromecast/common/chromecast_switches.cc
+++ b/chromecast/common/chromecast_switches.cc
@@ -6,6 +6,11 @@
 
 namespace switches {
 
+#if defined(OS_ANDROID)
+// Enable file accesses for debug.
+const char kEnableLocalFileAccesses[] = "enable-local-file-accesses";
+#endif  // defined(OS_ANDROID)
+
 // Override the URL to which metrics logs are sent for debugging.
 const char kOverrideMetricsUploadUrl[] = "override-metrics-upload-url";
 
diff --git a/chromecast/common/chromecast_switches.h b/chromecast/common/chromecast_switches.h
index 73b8a67..4fc0e71 100644
--- a/chromecast/common/chromecast_switches.h
+++ b/chromecast/common/chromecast_switches.h
@@ -9,6 +9,11 @@
 
 namespace switches {
 
+#if defined(OS_ANDROID)
+// Content-implementation switches
+extern const char kEnableLocalFileAccesses[];
+#endif  // defined(OS_ANDROID)
+
 // Metrics switches
 extern const char kOverrideMetricsUploadUrl[];
 
diff --git a/chromecast/service/cast_service.h b/chromecast/service/cast_service.h
index bfc5d7a..2f94bc5 100644
--- a/chromecast/service/cast_service.h
+++ b/chromecast/service/cast_service.h
@@ -21,6 +21,9 @@ class URLRequestContextGetter;
 }
 
 namespace chromecast {
+namespace shell {
+class CastNetworkDelegate;
+}
 
 class CastService {
  public:
@@ -32,7 +35,8 @@ class CastService {
   // getter doesn't do.
   static CastService* Create(
       content::BrowserContext* browser_context,
-      net::URLRequestContextGetter* request_context_getter);
+      net::URLRequestContextGetter* request_context_getter,
+      shell::CastNetworkDelegate* network_delegate);
 
   virtual ~CastService();
 
diff --git a/chromecast/service/cast_service_android.cc b/chromecast/service/cast_service_android.cc
index 4c8f30a..4c936c3 100644
--- a/chromecast/service/cast_service_android.cc
+++ b/chromecast/service/cast_service_android.cc
@@ -11,7 +11,8 @@ namespace chromecast {
 // static
 CastService* CastService::Create(
     content::BrowserContext* browser_context,
-    net::URLRequestContextGetter* request_context_getter) {
+    net::URLRequestContextGetter* request_context_getter,
+    shell::CastNetworkDelegate* network_delegate) {
   return new CastServiceAndroid(browser_context);
 }
 
diff --git a/chromecast/service/cast_service_simple.cc b/chromecast/service/cast_service_simple.cc
index c278667..126596d 100644
--- a/chromecast/service/cast_service_simple.cc
+++ b/chromecast/service/cast_service_simple.cc
@@ -72,7 +72,8 @@ class FillLayout : public aura::LayoutManager {
 // static
 CastService* CastService::Create(
     content::BrowserContext* browser_context,
-    net::URLRequestContextGetter* request_context_getter) {
+    net::URLRequestContextGetter* request_context_getter,
+    shell::CastNetworkDelegate* network_delegate) {
   return new CastServiceSimple(browser_context);
 }
 
diff --git a/chromecast/shell/browser/cast_browser_main_parts.cc b/chromecast/shell/browser/cast_browser_main_parts.cc
index 0fe3a41..ea05ec8 100644
--- a/chromecast/shell/browser/cast_browser_main_parts.cc
+++ b/chromecast/shell/browser/cast_browser_main_parts.cc
@@ -103,9 +103,13 @@ void CastBrowserMainParts::PreMainMessageLoopRun() {
 
   InitializeWebUI();
 
-  cast_browser_process_->SetCastService(
-      CastService::Create(cast_browser_process_->browser_context(),
-                          url_request_context_factory_->GetSystemGetter()));
+  cast_browser_process_->SetCastService(CastService::Create(
+      cast_browser_process_->browser_context(),
+      url_request_context_factory_->GetSystemGetter(),
+      url_request_context_factory_->app_network_delegate()));
+
+  // Initializing network delegates must happen after Cast service is created.
+  url_request_context_factory_->InitializeNetworkDelegates();
   cast_browser_process_->cast_service()->Start();
 }
 
diff --git a/chromecast/shell/browser/cast_network_delegate.cc b/chromecast/shell/browser/cast_network_delegate.cc
new file mode 100644
index 0000000..1ee7e71
--- /dev/null
+++ b/chromecast/shell/browser/cast_network_delegate.cc
@@ -0,0 +1,37 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chromecast/shell/browser/cast_network_delegate.h"
+
+#include "base/command_line.h"
+#include "base/files/file_path.h"
+#include "chromecast/common/chromecast_switches.h"
+
+namespace chromecast {
+namespace shell {
+
+CastNetworkDelegate::CastNetworkDelegate() {
+  DetachFromThread();
+}
+
+CastNetworkDelegate::~CastNetworkDelegate() {
+}
+
+bool CastNetworkDelegate::OnCanAccessFile(const net::URLRequest& request,
+                                          const base::FilePath& path) const {
+#if defined(OS_ANDROID)
+  // On Chromecast, there's no reason to allow local file access.
+  if (base::CommandLine::ForCurrentProcess()->
+      HasSwitch(switches::kEnableLocalFileAccesses)) {
+    return true;
+  }
+#endif  // defined(OS_ANDROID)
+
+  LOG(WARNING) << "Could not access file " << path.value()
+               << ". All file accesses are forbidden.";
+  return false;
+}
+
+}  // namespace shell
+}  // namespace chromecast
diff --git a/chromecast/shell/browser/cast_network_delegate.h b/chromecast/shell/browser/cast_network_delegate.h
new file mode 100644
index 0000000..f057a84
--- /dev/null
+++ b/chromecast/shell/browser/cast_network_delegate.h
@@ -0,0 +1,40 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROMECAST_SHELL_BROWSER_CAST_NETWORK_DELEGATE_H_
+#define CHROMECAST_SHELL_BROWSER_CAST_NETWORK_DELEGATE_H_
+
+#include "net/base/network_delegate.h"
+
+namespace net {
+class X509Certificate;
+}
+
+namespace chromecast {
+namespace shell {
+
+class CastNetworkDelegate : public net::NetworkDelegate {
+ public:
+  static CastNetworkDelegate* Create();
+  static net::X509Certificate* DeviceCert();
+
+  CastNetworkDelegate();
+  virtual ~CastNetworkDelegate();
+
+  virtual void Initialize(bool use_sync_signing) = 0;
+
+  virtual bool IsWhitelisted(const GURL& gurl, bool for_device_auth) const = 0;
+
+ private:
+  // net::NetworkDelegate implementation:
+  virtual bool OnCanAccessFile(const net::URLRequest& request,
+                               const base::FilePath& path) const OVERRIDE;
+
+  DISALLOW_COPY_AND_ASSIGN(CastNetworkDelegate);
+};
+
+}  // namespace shell
+}  // namespace chromecast
+
+#endif  // CHROMECAST_SHELL_BROWSER_CAST_NETWORK_DELEGATE_H_
diff --git a/chromecast/shell/browser/cast_network_delegate_simple.cc b/chromecast/shell/browser/cast_network_delegate_simple.cc
new file mode 100644
index 0000000..7708b5a
--- /dev/null
+++ b/chromecast/shell/browser/cast_network_delegate_simple.cc
@@ -0,0 +1,43 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chromecast/shell/browser/cast_network_delegate.h"
+
+#include "base/macros.h"
+#include "url/gurl.h"
+
+namespace chromecast {
+namespace shell {
+
+namespace {
+
+class CastNetworkDelegateSimple : public CastNetworkDelegate {
+ public:
+  CastNetworkDelegateSimple() {}
+
+ private:
+  // CastNetworkDelegate implementation:
+  virtual void Initialize(bool use_sync_signing) OVERRIDE {}
+  virtual bool IsWhitelisted(const GURL& gurl,
+                             bool for_device_auth) const OVERRIDE {
+    return false;
+  }
+
+  DISALLOW_COPY_AND_ASSIGN(CastNetworkDelegateSimple);
+};
+
+}  // namespace
+
+// static
+CastNetworkDelegate* CastNetworkDelegate::Create() {
+  return new CastNetworkDelegateSimple();
+}
+
+// static
+net::X509Certificate* CastNetworkDelegate::DeviceCert() {
+  return NULL;
+}
+
+}  // namespace shell
+}  // namespace chromecast
diff --git a/chromecast/shell/browser/url_request_context_factory.cc b/chromecast/shell/browser/url_request_context_factory.cc
index e61bc6a..b7ff576 100644
--- a/chromecast/shell/browser/url_request_context_factory.cc
+++ b/chromecast/shell/browser/url_request_context_factory.cc
@@ -10,6 +10,7 @@
 #include "base/path_service.h"
 #include "base/threading/worker_pool.h"
 #include "chromecast/shell/browser/cast_http_user_agent_settings.h"
+#include "chromecast/shell/browser/cast_network_delegate.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/cookie_store_factory.h"
@@ -133,7 +134,9 @@ class URLRequestContextFactory::MainURLRequestContextGetter
 };
 
 URLRequestContextFactory::URLRequestContextFactory()
-    : system_dependencies_initialized_(false),
+    : app_network_delegate_(CastNetworkDelegate::Create()),
+      system_network_delegate_(CastNetworkDelegate::Create()),
+      system_dependencies_initialized_(false),
       main_dependencies_initialized_(false),
       media_dependencies_initialized_(false) {
 }
@@ -324,6 +327,7 @@ net::URLRequestContext* URLRequestContextFactory::CreateSystemRequestContext() {
   system_context->set_job_factory(system_job_factory_.get());
   system_context->set_cookie_store(
       content::CreateCookieStore(content::CookieStoreConfig()));
+  system_context->set_network_delegate(system_network_delegate_.get());
   return system_context;
 }
 
@@ -396,8 +400,16 @@ net::URLRequestContext* URLRequestContextFactory::CreateMainRequestContext(
   main_context->set_http_transaction_factory(
       main_transaction_factory_.get());
   main_context->set_job_factory(main_job_factory_.get());
+  main_context->set_network_delegate(app_network_delegate_.get());
   return main_context;
 }
 
+void URLRequestContextFactory::InitializeNetworkDelegates() {
+  app_network_delegate_->Initialize(false);
+  LOG(INFO) << "Initialized app network delegate.";
+  system_network_delegate_->Initialize(false);
+  LOG(INFO) << "Initialized system network delegate.";
+}
+
 }  // namespace shell
 }  // namespace chromecast
diff --git a/chromecast/shell/browser/url_request_context_factory.h b/chromecast/shell/browser/url_request_context_factory.h
index 8de7437..439a56c 100644
--- a/chromecast/shell/browser/url_request_context_factory.h
+++ b/chromecast/shell/browser/url_request_context_factory.h
@@ -17,6 +17,7 @@ class URLRequestJobFactory;
 
 namespace chromecast {
 namespace shell {
+class CastNetworkDelegate;
 
 class URLRequestContextFactory {
  public:
@@ -43,6 +44,14 @@ class URLRequestContextFactory {
   net::URLRequestContextGetter* GetMainGetter();
   net::URLRequestContextGetter* GetMediaGetter();
 
+  CastNetworkDelegate* app_network_delegate() const {
+    return app_network_delegate_.get();
+  }
+
+  // Initialize the CastNetworkDelegate objects. This needs to be done
+  // after the CastService is created, but before any URL requests are made.
+  void InitializeNetworkDelegates();
+
  private:
   class URLRequestContextGetter;
   class MainURLRequestContextGetter;
@@ -72,6 +81,8 @@ class URLRequestContextFactory {
   scoped_refptr<net::URLRequestContextGetter> system_getter_;
   scoped_refptr<net::URLRequestContextGetter> media_getter_;
   scoped_refptr<net::URLRequestContextGetter> main_getter_;
+  scoped_ptr<CastNetworkDelegate> app_network_delegate_;
+  scoped_ptr<CastNetworkDelegate> system_network_delegate_;
 
   // Shared objects for all contexts.
   // The URLRequestContextStorage class is not used as owner to these objects