[Android] Implement WebSettings APIs for FileURL resource access conrol

BUG=none TEST=none Review URL: https://chromiumcodereview.appspot.com/10827274 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@151025 0039d316-1c4b-4281-b951-d872f2087c98

[Android] Implement WebSettings APIs for FileURL resource access conrol
BUG=none TEST=none Review URL: https://chromiumcodereview.appspot.com/10827274 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@151025 0039d316-1c4b-4281-b951-d872f2087c98
165e7f15 · mnaganov@chromium.org · 69cffc89 · 165e7f15 · 165e7f15 · 165e7f15
Commit 165e7f15 authored Aug 10, 2012 by mnaganov@chromium.org
3 changed files
--- a/content/browser/android/content_settings.cc
+++ b/content/browser/android/content_settings.cc
@@ -66,6 +66,10 @@ struct ContentSettings::FieldIds {
        GetFieldID(env, clazz, "mLoadsImagesAutomatically", "Z");
    java_script_enabled =
        GetFieldID(env, clazz, "mJavaScriptEnabled", "Z");
+    allow_universal_access_from_file_urls =
+        GetFieldID(env, clazz, "mAllowUniversalAccessFromFileURLs", "Z");
+    allow_file_access_from_file_urls =
+        GetFieldID(env, clazz, "mAllowFileAccessFromFileURLs", "Z");
    java_script_can_open_windows_automatically =
        GetFieldID(env, clazz, "mJavaScriptCanOpenWindowsAutomatically", "Z");
    dom_storage_enabled =
@@ -87,6 +91,8 @@ struct ContentSettings::FieldIds {
  jfieldID default_fixed_font_size;
  jfieldID load_images_automatically;
  jfieldID java_script_enabled;
+  jfieldID allow_universal_access_from_file_urls;
+  jfieldID allow_file_access_from_file_urls;
  jfieldID java_script_can_open_windows_automatically;
  jfieldID dom_storage_enabled;
 };
@@ -187,6 +193,18 @@ void ContentSettings::SyncFromNativeImpl() {
      obj, field_ids_->java_script_enabled, prefs.javascript_enabled);
  CheckException(env);

+  env->SetBooleanField(
+      obj,
+      field_ids_->allow_universal_access_from_file_urls,
+      prefs.allow_universal_access_from_file_urls);
+  CheckException(env);
+
+  env->SetBooleanField(
+      obj,
+      field_ids_->allow_file_access_from_file_urls,
+      prefs.allow_file_access_from_file_urls);
+  CheckException(env);
+
  env->SetBooleanField(
      obj,
      field_ids_->java_script_can_open_windows_automatically,
@@ -272,6 +290,12 @@ void ContentSettings::SyncToNativeImpl() {
  prefs.javascript_enabled =
      env->GetBooleanField(obj, field_ids_->java_script_enabled);

+  prefs.allow_universal_access_from_file_urls = env->GetBooleanField(
+      obj, field_ids_->allow_universal_access_from_file_urls);
+
+  prefs.allow_file_access_from_file_urls = env->GetBooleanField(
+      obj, field_ids_->allow_file_access_from_file_urls);
+
  prefs.javascript_can_open_windows_automatically = env->GetBooleanField(
      obj, field_ids_->java_script_can_open_windows_automatically);


--- a/content/public/android/java/src/org/chromium/content/browser/ContentSettings.java
+++ b/content/public/android/java/src/org/chromium/content/browser/ContentSettings.java
@@ -77,6 +77,8 @@ public class ContentSettings {
    private int mDefaultFixedFontSize = 13;
    private boolean mLoadsImagesAutomatically = true;
    private boolean mJavaScriptEnabled = false;
+    private boolean mAllowUniversalAccessFromFileURLs = false;
+    private boolean mAllowFileAccessFromFileURLs = false;
    private boolean mJavaScriptCanOpenWindowsAutomatically = false;
    private PluginState mPluginState = PluginState.OFF;
    private boolean mDomStorageEnabled = false;
@@ -155,7 +157,8 @@ public class ContentSettings {
     * Package constructor to prevent clients from creating a new settings
     * instance. Must be called on the UI thread.
     */
-    ContentSettings(ContentViewCore contentViewCore, int nativeContentView) {
+    ContentSettings(ContentViewCore contentViewCore, int nativeContentView,
+            boolean isAccessFromFileURLsGrantedByDefault) {
        ThreadUtils.assertOnUiThread();
        mContentViewCore = contentViewCore;
        mCanModifySettings = mContentViewCore.isPersonalityView();
@@ -164,6 +167,11 @@ public class ContentSettings {
        mCleanupReference = new CleanupReference(this,
                new DestroyRunnable(mNativeContentSettings));

+        if (isAccessFromFileURLsGrantedByDefault) {
+            mAllowUniversalAccessFromFileURLs = true;
+            mAllowFileAccessFromFileURLs = true;
+        }
+
        mEventHandler = new EventHandler();
        if (mCanModifySettings) {
            // PERSONALITY_VIEW
@@ -522,6 +530,53 @@ public class ContentSettings {
        }
    }

+    /**
+     * Sets whether JavaScript running in the context of a file scheme URL
+     * should be allowed to access content from any origin. This includes
+     * access to content from other file scheme URLs. See
+     * {@link #setAllowFileAccessFromFileURLs}. To enable the most restrictive,
+     * and therefore secure policy, this setting should be disabled.
+     * <p>
+     * The default value is true for API level
+     * {@link android.os.Build.VERSION_CODES#ICE_CREAM_SANDWICH_MR1} and below,
+     * and false for API level {@link android.os.Build.VERSION_CODES#JELLY_BEAN}
+     * and above.
+     *
+     * @param flag whether JavaScript running in the context of a file scheme
+     *             URL should be allowed to access content from any origin
+     */
+    public synchronized void setAllowUniversalAccessFromFileURLs(boolean flag) {
+        assert mCanModifySettings;
+        if (mAllowUniversalAccessFromFileURLs != flag) {
+            mAllowUniversalAccessFromFileURLs = flag;
+            sendSyncMessage();
+        }
+    }
+
+    /**
+     * Sets whether JavaScript running in the context of a file scheme URL
+     * should be allowed to access content from other file scheme URLs. To
+     * enable the most restrictive, and therefore secure policy, this setting
+     * should be disabled. Note that the value of this setting is ignored if
+     * the value of {@link #getAllowUniversalAccessFromFileURLs} is true.
+     * <p>
+     * The default value is true for API level
+     * {@link android.os.Build.VERSION_CODES#ICE_CREAM_SANDWICH_MR1} and below,
+     * and false for API level {@link android.os.Build.VERSION_CODES#JELLY_BEAN}
+     * and above.
+     *
+     * @param flag whether JavaScript running in the context of a file scheme
+     *             URL should be allowed to access content from other file
+     *             scheme URLs
+     */
+    public synchronized void setAllowFileAccessFromFileURLs(boolean flag) {
+        assert mCanModifySettings;
+        if (mAllowFileAccessFromFileURLs != flag) {
+            mAllowFileAccessFromFileURLs = flag;
+            sendSyncMessage();
+        }
+    }
+
    /**
     * Tell the WebView to load image resources automatically.
     * @param flag True if the WebView should load images automatically.
@@ -552,6 +607,31 @@ public class ContentSettings {
        return mJavaScriptEnabled;
    }

+    /**
+     * Gets whether JavaScript running in the context of a file scheme URL can
+     * access content from any origin. This includes access to content from
+     * other file scheme URLs.
+     *
+     * @return whether JavaScript running in the context of a file scheme URL
+     *         can access content from any origin
+     * @see #setAllowUniversalAccessFromFileURLs
+     */
+    public synchronized boolean getAllowUniversalAccessFromFileURLs() {
+        return mAllowUniversalAccessFromFileURLs;
+    }
+
+    /**
+     * Gets whether JavaScript running in the context of a file scheme URL can
+     * access content from other file scheme URLs.
+     *
+     * @return whether JavaScript running in the context of a file scheme URL
+     *         can access content from other file scheme URLs
+     * @see #setAllowFileAccessFromFileURLs
+     */
+    public synchronized boolean getAllowFileAccessFromFileURLs() {
+        return mAllowFileAccessFromFileURLs;
+    }
+
    /**
     * Tell the WebView to enable plugins.
     * @param flag True if the WebView should load plugins.

--- a/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java
+++ b/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java
@@ -245,7 +245,7 @@ public class ContentViewCore implements MotionEventDelegate {
        mAccessibilityInjector = AccessibilityInjector.newInstance(this);
        mAccessibilityInjector.addOrRemoveAccessibilityApisIfNecessary();

-        initialize(context, nativeWebContents, personality);
+        initialize(context, nativeWebContents, personality, false);
    }

    /**
@@ -263,12 +263,14 @@ public class ContentViewCore implements MotionEventDelegate {
    }

    // TODO(jrg): incomplete; upstream the rest of this method.
-    private void initialize(Context context, int nativeWebContents, int personality) {
+    private void initialize(Context context, int nativeWebContents, int personality,
+            boolean isAccessFromFileURLsGrantedByDefault) {
        mNativeContentViewCore = nativeInit(nativeWebContents);
        mCleanupReference = new CleanupReference(this, new DestroyRunnable(mNativeContentViewCore));

        mPersonality = personality;
-        mContentSettings = new ContentSettings(this, mNativeContentViewCore);
+        mContentSettings = new ContentSettings(
+            this, mNativeContentViewCore, isAccessFromFileURLsGrantedByDefault);
        mContainerView.setFocusable(true);
        mContainerView.setFocusableInTouchMode(true);
        if (mContainerView.getScrollBarStyle() == View.SCROLLBARS_INSIDE_OVERLAY) {