This change is motivated by the need to implement the Android WebView.loadDataWithBaseURL API[1], which allows access to local file:// resources (depending on AwSettings.getAllowFileAccess) as long as the base URL provided is not "data:".

When AwSettings.getAllowFileAccess returns false, data URIs loaded with a non-data base URL should be able to access file:///android_asset and file:///android_res/, but not the wider filesystem.

We grant the WebView process access to file:// via ChildProcessSecurityPolicy (as WebView is single process we do this on process startup) and add a field to ViewMsg_NavigateParams that indicates if the URL being loaded should have access to local loads. This is bit is checked when the provisional load commits and if set, grants the SecurityOrigin access to local resources. The bit defaults to false and is only set in android_webview when AwContents loads a data URL with a non-data base URL, so there should be no behavior change outside of android_webview.

Once the SecurityOrigin allows local loads, code already present in android_webview controls whether the URL should be able to load either only android_asset and android_res or any file:// URL (see https://codereview.chromium.org/11090003/).

[1]
http://developer.android.com/reference/android/webkit/WebView.html#loadDataWithBaseURL(java.lang.String,
java.lang.String, java.lang.String, java.lang.String, java.lang.String)

BUG=152223

Review URL: https://codereview.chromium.org/10990056

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@161355 0039d316-1c4b-4281-b951-d872f2087c98

0 files changed, 0 insertions, 0 deletions