This change is motivated by the need to implement the Android WebView.loadDataWithBaseURL API[1], which allows access to local file:// resources (depending on AwSettings.getAllowFileAccess) as long as the base URL provided is not "data:".

When AwSettings.getAllowFileAccess returns false, data URIs loaded with a non-data base URL should be able to access file:///android_asset and file:///android_res/, but not the wider filesystem.

We grant the WebView process access to file:// via ChildProcessSecurityPolicy (as WebView is single process we do this on process startup) and add a field to ViewMsg_NavigateParams that indicates if the URL being loaded should have access to local loads. This is bit is checked when the provisional load commits and if set, grants the SecurityOrigin access to local resources. The bit defaults to false and is only set in android_webview when AwContents loads a data URL with a non-data base URL, so there should be no behavior change outside of android_webview.

Once the SecurityOrigin allows local loads, code already present in android_webview controls whether the URL should be able to load either only android_asset and android_res or any file:// URL (see https://codereview.chromium.org/11090003/).

[1]
http://developer.android.com/reference/android/webkit/WebView.html#loadDataWithBaseURL(java.lang.String,
java.lang.String, java.lang.String, java.lang.String, java.lang.String)

BUG=152223

Review URL: https://codereview.chromium.org/10990056

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@161355 0039d316-1c4b-4281-b951-d872f2087c98

7 files changed, 51 insertions, 4 deletions

diff --git a/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java b/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java
index 0ad997d..12888be 100644
--- a/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java
+++ b/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java
@@ -662,7 +662,8 @@ public class ContentViewCore implements MotionEventDelegate {
                 params.getExtraHeadersString(),
                 params.mPostData,
                 params.mBaseUrlForDataUrl,
-                params.mVirtualUrlForDataUrl);
+                params.mVirtualUrlForDataUrl,
+                params.mCanLoadLocalResources);
     }
 
     void setAllUserAgentOverridesInHistory() {
@@ -2112,7 +2113,8 @@ public class ContentViewCore implements MotionEventDelegate {
             String extraHeaders,
             byte[] postData,
             String baseUrlForDataUrl,
-            String virtualUrlForDataUrl);
+            String virtualUrlForDataUrl,
+            boolean canLoadLocalResources);
 
     private native void nativeSetAllUserAgentOverridesInHistory(int nativeContentViewCoreImpl,
             String userAgentOverride);
diff --git a/content/public/android/java/src/org/chromium/content/browser/LoadUrlParams.java b/content/public/android/java/src/org/chromium/content/browser/LoadUrlParams.java
index 88d6200..72a2fb1 100644
--- a/content/public/android/java/src/org/chromium/content/browser/LoadUrlParams.java
+++ b/content/public/android/java/src/org/chromium/content/browser/LoadUrlParams.java
@@ -41,6 +41,7 @@ public class LoadUrlParams {
     byte[] mPostData;
     String mBaseUrlForDataUrl;
     String mVirtualUrlForDataUrl;
+    boolean mCanLoadLocalResources;
 
     public LoadUrlParams(String url) {
         // Check initializeConstants was called.
@@ -200,6 +201,27 @@ public class LoadUrlParams {
         mVirtualUrlForDataUrl = virtualUrl;
     }
 
+    /**
+     * Set whether the load should be able to access local resources. This
+     * defaults to false.
+     */
+    public void setCanLoadLocalResources(boolean canLoad) {
+        mCanLoadLocalResources = canLoad;
+    }
+
+    public int getLoadUrlType() {
+        return mLoadUrlType;
+    }
+
+    public boolean isBaseUrlDataScheme() {
+        // If there's no base url set, but this is a data load then
+        // treat the scheme as data:.
+        if (mBaseUrlForDataUrl == null && mLoadUrlType == LOAD_TYPE_DATA) {
+            return true;
+        }
+        return nativeIsDataScheme(mBaseUrlForDataUrl);
+    }
+
     @SuppressWarnings("unused")
     @CalledByNative
     private static void initializeConstants(
@@ -216,4 +238,10 @@ public class LoadUrlParams {
         UA_OVERRIDE_FALSE = ua_override_false;
         UA_OVERRIDE_TRUE = ua_override_true;
     }
+
+    /**
+     * Parses |url| as a GURL on the native side, and
+     * returns true if it's scheme is data:.
+     */
+    private static native boolean nativeIsDataScheme(String url);
 }
diff --git a/content/public/browser/navigation_controller.cc b/content/public/browser/navigation_controller.cc
index a7f7bf6..4c9ba58 100644
--- a/content/public/browser/navigation_controller.cc
+++ b/content/public/browser/navigation_controller.cc
@@ -14,7 +14,8 @@ NavigationController::LoadURLParams::LoadURLParams(const GURL& url)
       transition_type(PAGE_TRANSITION_LINK),
       is_renderer_initiated(false),
       override_user_agent(UA_OVERRIDE_INHERIT),
-      browser_initiated_post_data(NULL) {
+      browser_initiated_post_data(NULL),
+      can_load_local_resources(false) {
 }
 
 NavigationController::LoadURLParams::~LoadURLParams() {
diff --git a/content/public/browser/navigation_controller.h b/content/public/browser/navigation_controller.h
index 893887c..8a64d48 100644
--- a/content/public/browser/navigation_controller.h
+++ b/content/public/browser/navigation_controller.h
@@ -148,6 +148,9 @@ class NavigationController {
     // after LoadURLWithParams call.
     scoped_refptr<base::RefCountedMemory> browser_initiated_post_data;
 
+    // True if this URL should be able to access local resources.
+    bool can_load_local_resources;
+
     explicit LoadURLParams(const GURL& url);
     ~LoadURLParams();
 
diff --git a/content/public/browser/navigation_entry.h b/content/public/browser/navigation_entry.h
index c907045..63af687 100644
--- a/content/public/browser/navigation_entry.h
+++ b/content/public/browser/navigation_entry.h
@@ -177,6 +177,11 @@ class NavigationEntry {
   //   - or this navigation was copied from a foreign session.
   virtual void SetTimestamp(base::Time timestamp) = 0;
   virtual base::Time GetTimestamp() const = 0;
+
+  // Used to specify if this entry should be able to access local file://
+  // resources.
+  virtual void SetCanLoadLocalResources(bool allow) = 0;
+  virtual bool GetCanLoadLocalResources() const = 0;
 };
 
 }  // namespace content
diff --git a/content/public/renderer/document_state.cc b/content/public/renderer/document_state.cc
index 2aa9ffb..231c9d6 100644
--- a/content/public/renderer/document_state.cc
+++ b/content/public/renderer/document_state.cc
@@ -27,7 +27,8 @@ DocumentState::DocumentState()
       cache_policy_override_set_(false),
       cache_policy_override_(WebKit::WebURLRequest::UseProtocolCachePolicy),
       referrer_policy_set_(false),
-      referrer_policy_(WebKit::WebReferrerPolicyDefault) {
+      referrer_policy_(WebKit::WebReferrerPolicyDefault),
+      can_load_local_resources_(false) {
 }
 
 DocumentState::~DocumentState() {}
diff --git a/content/public/renderer/document_state.h b/content/public/renderer/document_state.h
index d9dbb89..a07f113 100644
--- a/content/public/renderer/document_state.h
+++ b/content/public/renderer/document_state.h
@@ -258,6 +258,11 @@ class DocumentState : public WebKit::WebDataSource::ExtraData {
   NavigationState* navigation_state() { return navigation_state_.get(); }
   void set_navigation_state(NavigationState* navigation_state);
 
+  bool can_load_local_resources() const { return can_load_local_resources_; }
+  void set_can_load_local_resources(bool can_load) {
+    can_load_local_resources_ = can_load;
+  }
+
  private:
   base::Time request_time_;
   base::Time start_load_time_;
@@ -300,6 +305,8 @@ class DocumentState : public WebKit::WebDataSource::ExtraData {
   scoped_ptr<webkit_glue::AltErrorPageResourceFetcher> alt_error_page_fetcher_;
 
   scoped_ptr<NavigationState> navigation_state_;
+
+  bool can_load_local_resources_;
 };
 
 #endif  // CONTENT_PUBLIC_RENDERER_DOCUMENT_STATE_H_